The RISKS Digest
Volume 2 Issue 33

Sunday, 23rd March 1986

Forum on Risks to the Public in Computers and Related Systems

ACM Committee on Computers and Public Policy, Peter G. Neumann, moderator

Please try the URL privacy information feature enabled by clicking the flashlight icon above. This will reveal two icons after each link the body of the digest. The shield takes you to a breakdown of Terms of Service for the site - however only a small number of sites are covered at the moment. The flashlight take you to an analysis of the various trackers etc. that the linked site delivers. Please let the website maintainer know if you find this useful or not. As a RISKS reader, you will probably not be surprised by what is revealed…


o RSO's and IIP's - Martin Moore's response
Dave Curry
o Omissions/commissions and missile destructs
Chris McDonald
o Blind and Paper Money
o Two Cases of Computer Burglary
NY Times
o Info on RISKS (comp.risks)

RSO's and IIP's - Martin Moore's response

Dave Curry <>
Fri, 21 Mar 86 08:00:21 EST
This is Martin Moore's response to my questions about RSO's and IIP's
which appeared in RISKS-2.32.  It is forwarded with his permission.  Dave

------- Forwarded Message

Good question...I guess I forget that not all of the audience is familiar with
space launch details and orbital mechanics.  I'll try to explain the IIP's
relation to the world and how it is used...

Simply stated, the IIP of an object is the intersection of its ballistic
trajectory (or "orbit") with the surface of the Earth.  An object is in a
ballistic trajectory when it is not accelerating under its own power; its
acceleration is due only to gravitational effects (in short, it's falling.)
The trajectory can be determined almost entirely from the object's position
(mostly altitude) and velocity vector relative to the Earth (there are minor
effects due to aerodynmaics and various anomalies but these can be ignored for
this type of calculation — they take a great deal of computation to yield a
relatively small correction.)  An object which is resting on the Earth's
surface is located at its IIP.  An object in free orbit does not have an IIP;
its orbit does not intersect the Earth's surface.  For an object falling
through the atmosphere (which is what our missile would do if its thrust
terminated) the IIP becomes interesting.

Since the IIP is the end result of an object's ballistic trajectory, the IIP
does not change when the object is not accelerating; conversely, while the
missile is accelerating, the IIP moves downrange *FAST*.  (Consider that the
Challenger explosion occurred 8 miles or so downrange, but most of the pieces
impacted 20-40 miles downrange.)  So on a normal missile launch the IIP starts
on the launch pad; as the missile launches the IIP moves downrange very fast
until it eventually moves off the planet (if an orbital launch) or to the
target area (for a weapons test) or something is wrong.  On a shuttle launch,
the IIP has moved off the planet by MECO (about +520 seconds); the shuttle's
engines cut off even though it has not yet achieved orbit — it "coasts" on up
to orbit based on the velocity vector it has achieved through powered flight.

Now, to answer your question, missiles launched at the Cape NEVER fly over
land intentionally except at the very first seconds (unavoidable) or during a
shuttle landing (when the Orbiter is flying by itself and the dangerous parts
have been dropped.)  This is why the launch facility at Vandenberg was built;
shuttles cannot be launched into polar orbits from the Cape because there is
land both due north and due south.  On *any* launch, violation of the destruct
lines means something is wrong (they are drawn with the missile's nominal
trajectory in mind) and the population is endangered.  Missiles can be
obviously bad *without* crossing the destruct line; if a second stage, say,
fails to ignite, the IIP stops halfway downrange and the missile falls into
the drink.  It is generally wise to blow it up in this case as if it falls
intact the fuel is not very good for the environment.  Unmanned missiles are
pretty easy: something goes wrong, you blow it up.  Obviously, this has to
modified with the Shuttle; if it's performing an abort you don't blow it up
(the tanks and solids are already gone; the Orbiter is no threat.)  If it goes
awry and curves back over land *but* the crew is still in control (which is at
least theoretically possible) you let it go as long as they are in control --
they may be able to recover for a landing or at least get it back over the
ocean, drop the tank (you don't want to blow it over land — would shatter
every window in Brevard County), and try to ditch and have at least a chance
of surviving.

Whew.  I hope this has answered your question.  Feel free to follow up if it
hasn't or if you have other questions.

- ------

------- End of Forwarded Message

Omissions/commissions and missile destructs

Chris McDonald SD <>
Fri, 21 Mar 86 13:09:06 MST
Regarding Dave Curry's musings about his never having heard about a "missile
going back over the US", in fact missiles go over the US on a daily basis at
White Sands Missile Range.  As a 4,000 square mile DoD test facility the
Range has been an inland range for missile and rocket firings for over 40
years.  This fact has some bearing on the discussion of
omissions/commissions in flight safety computers because major cities
surround the Range resulting in legitimate safety concerns.  During the last
40 years not every flight has range boundaries and in one well-publicized
incident a rocket landed in a Juarez, Mexico cemetery.  While redundancy in
flights safety computers has so far precluded an accident or incident
attributable to a computer, there was one incident in which a missile was
destroyed by computer because of a breakdown in trajectory tracking data
transmissions.  The computer was programmed to automatically destroy the
missile if it did not have tracking data from a specified number of radars.
The rationale behind this was that, if one lost radar track given the manner
in which the test was structured, the missile was well off course and should
be destroyed.  Even though there was redundancy in radars, a situation
occurred in which radar problems precluded the flight safety computer from
receiving the anticipated tracking data.  Launch occurred and from all
personnel accounts appeared to be nominal.  But in fact the computer was not
receiving the tracking data immediately after launch to predict what another
contributor referred to as IIP or Instantaneous Impact [that] destroyed the
missile.  All readers can well understand that the project manager for the
missile system involved was extremely upset over the destruction of his test

Blind and Paper Money

Sat, 22 Mar 86 14:35:40 pst
One solution I have heard proposed to the problem of the blind being unable
to read the denomination of paper currency is to cut off the corners of the
    The $1   bill would have 4 corners cut off.
    The $5   bill would have 3 corners cut off.
    The $10  bill would have 2 corners cut off.
    The $20  bill would have 1 corners cut off.
    The $100 bill would have 0 corners cut off.

Forgery would be limited since cutting of a corner of a bill would
decrease its value.

    This is much simpler and less costly than "talking money".

             [This may seem unrelated to Computer RISKS.  However, in
              some cases — believe it or not — the best solution may
              not involve technology.  However, this solution still begs
              fraud by copy machine.  It is easy to cut corners off of a
              copy...  But, let's blow the whistle on this topic for now.  PGN]

It would take someone really sophisticated, with a Ph.D in math or CS.

22 Mar 1986 12:50-PST
This story made the front page of the Palo Alto TimesTribune:

a775 21-Mar-86  12:32  ny  BCBURGLARY
Two Cases of Computer Burglary
(WashPage)   c.1986 N.Y. Times News Service

    WASHINGTON - Jennifer Kuiper was working late at her computer terminal
in the office of Rep. Ed Zschau of California on March 7 when she heard
a beep that told her someone had entered the computer system from an
outside telephone line.
    Twenty minutes later, her computer screen went blank. When service was
restored, copies of more than 200 letters sent to constituents and
iformation on mailing addresses had disappeared.
    Four days later, staff workers for Rep. John McCain of Arizona told
the police they had discovered that someone outside their office had
reached into McCain's computer and destroyed hundreds of letters and
mailing addresses over the lunch hour.
    Why the computers were entered from the outside, and by whom, is now
the subject of a criminal investigation by the Capitol police and the
United States attorney for the District of Columbia. They say the have
ruled out the possibility of staff error in destruction of the records
and have some leads. But they refuse to discuss possible motives.
    Both Zschau and McCain are Republicans, neither yet a House leader but
both increasingly visible on Capitol Hill. Both are seeking Senate
seats in the November elections.
    These were apparently the first computer break-ins on Capitol Hill,
where computers are increasingly being used, especially for recordkeeping
and answering mail.
    ''This is definitely a concern,'' said Inspector Robert R. Howe of the
Capitol police. ''We're looking into better controls to prevent it from
ever happening in the future.''
    Zschau, who taught computer courses at Stanford Business School, and
founded and for 13 years was president of System Industries, a computer
software company, said the illegal entering of his office computer was
''tantamount to someone breaking into my office, taking my files and
burning them.''
    ''I am very concerned,'' he added, ''and the police would be more
concerned if this were a physical break-in.
    ''Because people don't see the files overturned or a pile of ashes
outside the door, it doesn't seem as bad,'' he continued. ''But it is
equally as devastating. We rely on computers a lot for correspondence,
writing articles and keeping a record of the history of the letters and
responses sent to our constituents.
    ''Every office on Capitol Hill can be broken into in this way and the
files deleted. It can bring the work that a member of Congress does to
a complete halt.''
    After both break-ins, the copies of most of the lost records were
regained from duplicate files. ''We were lucky,'' said James M.
LeMunyon, administrative aide to Zschau. ''We had back-up computer
tapes that restored all but 30 of the 200 letters. My greatest concern
was that they might have destroyed our lists of constituents' names.''
    Stephen A. Armstrong, vice president of Micro Research, the company
that provides computers and related equipment to more than 150 members
of Congress, including both Zschau and McCain, said that whoever broke
into the computers ''would have to have a password and two security
codes to get in.''
    In a congressional office that has computers, the system operates
independently of systems in other offices, and each staff member has a
personal password to gain access to computer files.
    For someone to enter the system by telephone from outside the office,
a special switch in the office must be on.
    ''It is possible to break into a system if all physical and software
security measures are ignored,'' Armstrong said.
    ''But it would take someone really sophisticated, with a Ph.D. in math
or computer science.''

nyt-03-21-86 1532est

Please report problems with the web pages to the maintainer