The Risks Digest

The RISKS Digest

Forum on Risks to the Public in Computers and Related Systems

ACM Committee on Computers and Public Policy, Peter G. Neumann, moderator

Volume 25 Issue 44

Saturday 8 November 2008


U.K. NHS computer system "grinds to a halt"
Richard Cook
Risk of repairing Hubble too soon
Ted Blank
New GPS satellite may crash some receivers
William P.N. Smith
Risks of unilingual vacation-reply messages
Mark Brader
US court throws out most software patents
John Oram via Monty Solomon
Beware: T-Mobile's Voicemail Paging Trap
Lauren Weinstein
Re: BBC Domesday Project
Mike Tibbetts
Re: Treasury Office Faults IRS Computer Security
Paul Robinson
Computers Freedom & Privacy Conference 2009 - Request For Proposals
Bruce R Koball
REVIEW: "Handbook of Research on Technoethics", Luppicini/Adell
Rob Slade
Info on RISKS (comp.risks)

U.K. NHS computer system "grinds to a halt"

<Richard Cook <>>
Mon, 03 Nov 2008 11:11:07 -0600

The Financial Times reports that implementation of the National Health
Service's enormous healthcare information technology (HIT) system has been
halted after incapacitating difficulties with a few installed sites.  The
12.8 billion-pound (~US$21 billion) system has been plagued by difficulties
including the withdrawal of one chief supplier, Accenture, in 2006 and the
dismissal of a second, Fujitsu, in May of this year.  The FT's report was
denied in a carefully worded statement from Ms.

Christine Connelly, the U.K.'s CIO for Health, who has been in her present
position for just one month. She noted that the system was still be tested
and that its deployment needed to be delayed it was possible to "fix
technical issues but also to manage the impact on working practices".  The
government side of the project has been remarkable for senior staff changes.

The Tory opposition has been quick to point out the project's shortcomings.
Mr. Stephen O'Brien, shadow minister for health, is described the program as
"hugely expensive" and "desperately behind schedule".  MP Nick Clegg
questioned PM Gordon Brown about "an NHS computer system that doesn't work"
in the House of Commons but Mr. Brown's reply included only a lukewarm
defense of the system. The government's Department of Health referred
questions to "Connecting for Health" (previously identified as *NPfIT* for
The National Programme for IT) which reportedly claimed that "things are
moving, but slowly".

According to the FT, the National Audit Office has said that the program is
four years late. More importantly, key portions of the system have not been
field tested and only a few hospitals are actually using the system for
patient care. Only one "big acute care hospital has turned on a version of
the new system since May." An internal NHS document reportedly titled
"Lessons Learnt from the Royal Free Hospital Emergency Department" reveals
many, unaddressed problems with the clinical system intended to support
emergency services.

In 2005, Fujitsu and Cerner were contracted to supply key portions of the
system, replacing software vendor IDX because of poor performance.  Fujitsu
was fired in May of this year, a move which may have cost the company as
much as 300 million pounds of its 896 million pound contract. Cerner's
software was "bred in the US market... as a billing system that was being
turned into a Patient Administration System" according to one critic quoted
in the Inquirer.

Another key element of the system is the Lorenzo Patient Management System,
developed by iSoft. Problems with Lorenzo have delayed its go live in
U.K. hospitals. The software is being built mainly in India for Computer
Sciences Corporation (CSC) and its subcontractor IBA Health which acquired
iSoft. According to, NHS Connecting for Health staff said
in June that "Lorenzo is being rigorously tested at early adopter sites with
differing care settings and geographies to ensure it meets the necessary
quality criteria and is relevant to the needs of diverse healthcare
communities prior to going live within a working healthcare environment."
According to The Guardian, Lorenzo was at the time of the statement "mired
in development glitches and is still struggling to get out of the technical
design phase".

A major point of contention has been the tough contracts that prevent
suppliers from being paid until the systems are working. Major suppliers,
including BT, CSC, Fujitsu, Cerner, iSoft and others had earned only 1.29
billion pounds despite a business plan that expected them to have been paid
2.819 billion pounds by March.

Perhaps not surprisingly, despite the widely acknowledged failure of the
system itself the main suppliers and Connecting for Health continue to tout
the benefits of IT.  On October 22nd, Connecting for Health announced that
standardized, electronic records will improve patient safety.  According to
the CSC website "NPfIT will improve the NHS and benefit all those who work
in it and who use it by ensuring that the right information about a patient
is available to the right people at the right time. It will improve the
quality of time spent with patients by significantly reducing the
administrative burden on clinicians and healthcare professionals."

Risk of repairing Hubble too soon

<"Ted Blank" <>>
Thu, 30 Oct 2008 18:47:16 -0400

Perhaps the operators on the Hubble should roll the dice and engage in some
maneuvers which stress the vehicle slightly outside of normal limits to see
what else is close to breaking so it can also be fixed on the repair
mission.  Of course if this goes too far, the only choice for Hubble repair
might be long tow to the ISS (International Service Station) for its
tune-up.  Who has their AAA card?

New GPS satellite may crash some receivers

<"William P.N. Smith" <>>
Sat, 01 Nov 2008 10:03:15 -0400

In the November 2008 issue of *BoatU.S.* magazine, there's a reference to a
new GPS satellite being switched on.  It uses the identifier "PRN 32", which
causes some [...] Northstar GPS units to "become confused" and "shut down".

Fortunately, there are firmware updates available, though in some cases they
cost money.  Unfortunately, most boaters wouldn't know a firmware update if
they hooked one, so there will undoubtedly be accidents and other problems,
and GPS units "acting flakey" (they only crash when that particular
satellite is in view) that will be replaced unnecessarily.


Risks of unilingual vacation-reply messages

< (Mark Brader)>
Fri, 31 Oct 2008 15:45:44 -0400 (EDT)

The council of Swansea, Wales, decided to have a certain road posted "No
entry for heavy goods vehicles. Residential site only".  Official road signs
in Wales today must be in Welsh as well as English, so the English text was
emailed to the council's translation office.

And in due course a sign was erected with text in Welsh -- whose meaning
was: "I am not in the office at the moment.  Please send any work to be

See <>.

(Note incidentally the comment in the article to the effect that they should
have consulted an expert.  Well, that's what they *were* doing -- the real
problem was that a person who translates things into a certain language has
no business having a vacation notice that's only in that language.  In other
words, the failure notice failed to be identifiable as out-of-band.)

This all reminds me of the restaurant in Beijing whose name in English is
apparently signposted as "Translate Server Error".  (Pictures of it have
been circulating on the Internet for a while, but I don't know if they
are genuine.)

  [Also noted by Peter Zilahy Ingerman.  PGN]

US court throws out most software patents, John Oram

<Monty Solomon <>>
Fri, 31 Oct 2008 22:29:43 -0400

John Oram, Microsoft has a problem, *IT Examiner*, 31 Oct 2008

Much of the patent portfolio of some of the world's biggest software
companies has become worthless overnight, thanks to a ruling yesterday by
the US patent court.

The US Court of Appeals for the Federal Circuit (CAFC) in Washington DC has
decided that in the future, instead of automatically granting a patent for a
business practice, there will be a specific testing procedure to determine
how patentable is that process.

The decision is a nearly complete reversal of the court's controversial
State Street Bank judgment of 1998, which started the stampede for patenting
business practices.

Beware: T-Mobile's Voicemail Paging Trap

<Lauren Weinstein <>>
Sun, 26 Oct 2008 11:18:33 -0700

                  Beware: T-Mobile's Voicemail Paging Trap

Greetings.  Longtime users of T-Mobile may already be familiar with this
issue that I'm about to describe, but with many persons now moving to
T-Mobile from AT&T to get hold of the Google Android G1 phone, lots of these
new subscribers may be in for a disappointing surprise, especially if you
use your phone for business purposes and rely on a clear and concise
outgoing voicemail announcement.

One of the basic rules of human interface design is that you don't want to
ever offer callers options that don't actually work as described.  T-Mobile
violates this concept big time for the overwhelming majority of calls into
their voicemail system, and in a manner that could have potentially very
serious results.

The problem is essentially simple.  All callers who hear your personalized
voicemail outgoing message are then offered the opportunity to send a
numeric page ("press 5").  Unfortunately, this paging prompt is presented to
everyone hearing your voicemail message, *even when you have paging turned
off* -- which is in fact the default state.

This is more than an annoyance to callers who sit through additional
verbiage waiting for a beep, it can result in misunderstandings and worse:

  "I entered my number for a page -- I needed to reach you right away!  Why
   the blazes didn't you call back?"

  "Oh, I have paging turned off."

  "Then why the hell did the system offer me a page and have me waste my
   time entering my call back number?  Who designed that blasted thing?  The
   Three Stooges?"

Actually, that's unfair to Larry, Moe, and Curly -- I'm sure they could have
done a better job of voicemail system design than T-Mobile's vendor.

This isn't rocket science.  Don't jerk callers around telling them that they
can page and then put them through the motions of entering call back numbers
in a useless exercise reminiscent of the Mad Tea Party from "Alice in
Wonderland," especially since we can be sure that only a tiny percentage of
subscribers ever actually want to use paging at all.

It's notable that AT&T Mobility does this right.  You can always configure
an AT&T cellular line so that if paging is off, there is no prompting for
paging call backs.  In fact, AT&T's cellular voicemail system can be
configured just to play your outgoing message and beep without any prompting
verbiage at all being added onto the end -- which is the ideal situation in
most cases.

It's incredible for T-Mobile to operate a voicemail system that makes it
impossible for them to avoid confusing callers with false prompting options
and actions that are at best ineffectual -- and can easily lead to serious
problems indeed when assumed paging actions never actually take place.

Achtung T-Mobile!  You pride yourself on your customer service.  But this
behavior of your voicemail is sloppy, consumer-unfriendly, and in some
situations perhaps even dangerous.  You can do much better.

Lauren Weinstein, +1 (818) 225-2800
Co-Founder People For Internet Responsibility -
Co-Founder NNSquad Network Neutrality Squad - or

Re: BBC Domesday Project (Leeson, RISKS-21.93)

<"Mike Tibbetts" <>>
Tue, 4 Nov 2008 12:44:47 -0000

By chance I came across PGN's list of risks "Illustrative Risks to the
Public in the Use of Computer Systems and Related Technology"
( on the Internet and found
a reference to the BBC Domesday Project and the public reports that the
Laservision discs produced in the 1980s were no longer readable and so the
data is lost.  As have other commentators, Nick Leeson cites this as another
example of the risks to the public interest in the use of computer

I'd like to put the record straight - about the BBC Domesday Project, at

I was one of the two people who conceived the BBC Domesday Project which
began in 1984 and completed in the Autumn of 1986.  I was in overall charge
of its practical realisation.  I do not intend any criticism of you or any
of the other academics who have highlighted our project as an example of
lack of foresight but I have been repeatedly stung by such criticisms
because, in fact, nothing could be further from the truth.  However, it is
not my personal pique which is the important issue here but the fact that
dismissing us as unthinking technocrats with no forward vision or sense of
national heritage actually masks what I believe to be the real problem about
data preservation and of which I think the BBC Domesday Project is indeed a
good exemplar, but not as currently presented.

At the time we put the Domesday Project together in 1984, we in the BBC did
our utmost to ensure that what we were doing could be preserved for the
future, irrespective of technological evolutions.  From the very first we
worked in close collaboration with the UK National Data Archive which was
funded by the UK's Economic and Social Research Council and housed at the
University of Essex in East Anglia.  The Director of the National Data
Archive at that time was Professor Howard Newby, now Vice-Chancellor of
Liverpool University.  From day one, Professor Newby was one of four senior
academics we invited to be on a steering committee which was the main source
of guidance on policy and academic rigour for the project.

As you probably know, the BBC Domesday Project successfully completed the
compilation and publication of two twelve-inch Laservision discs.  In a
world which still awaited the introduction of usable Wintel PCs, CD-ROM, MP3
audio, M/JPEG video or Internet technology, we had to innovate much of the
technology which made our venture possible.  We collaborated with Philips to
adapt their Laservision technology to allow digital data to be encoded in
the stereo soundtrack of their analogue videodisks.  We used the BBC
Microcomputer which, as a previous collaboration between BBC TV engineers
and Acorn Computers, had a 625-line video output and was therefore uniquely
conformable with an analogue PAL TV signal.  The material on the disks
contains a massive collection of material to portray every aspect of the UK
in the early 1980s,including 10,000 Ordnance Survey maps, 200,000
photographs, local descriptions and survey returns from an estimated 1
million members of the UK population, hundreds of video clips from the BBC
and other media archives, newspaper and magazine front pages, commissioned
essays from key experts, the contents of virtually every government
department's computer archive statistically re-structured into datasets to
provide maximum intercomparability, surrogate journeys through a whole range
of environments from council flats to rural farms.  All this was catalogued
and indexed by a massive system designed and implemented by the
then-chairman of the UK Society of Indexers.

Enough, already.  I could bore for Britain about those two years in the

In sharp contrast to the way we are portrayed now by some commentators, we
were always acutely aware of the volatility of the hardware and software we
had used to implement the Domesday Project and the need to preserve this
unique archive for the future.  Knowing that our project was coming to an
end we transferred the master tapes and server files for everything we had
compiled, including all our working documents and enabling software to
... the National Data Archive under the supervision of Professor Newby.

Following the completion of the Domesday Project the BBC attempted to
continue the work on interactive media by converting our team into a new
unit to be called the Interactive Television Unit and I was offered the
position of being its first Editor.  However, in common with others, I had
come to realise how far ahead of our general time the Domesday Project was
and therefore likely to be marginalised within a traditional broadcasting
organisation.  I moved on from the BBC and a couple of years later the ITU
was disbanded.

Eighteen or so years later I began to hear about a project instigated by a
Northern UK university to "rescue" the Domesday Project data because, as we
had always known, our idiosyncratic Philips "LV-ROM" player (of which only
about a thousand were ever sold thanks to Philips' exorbitant end-user
price) had virtually ceased to exist and copies of the plastic disks were
approaching unreadability.  I immediately went to the National Data Archive
website to assure myself that our original masters had been preserved, only
to find no record of them!  Although I was not personally involved in the
"Camileon" rescue project, I understand that those people also failed to
find any trace of the original material in the National Archive and work
began to try and re-create methods to retrieve the data from remaining
copies of the disks and bits and pieces of resource in personal collections.

The rescue in conjunction with the UK National Archives (the old UK Public
Records Office and different to the National Data Archive) was partially
successful and a reconstruction of the material on one of the two Domesday
disks was completed and made available as an online resource.  This was the
part of the Domesday Project where a large number of local volunteers
(including 50% of ALL the primary and secondary schools in the country)
collaborated to survey, comment on and photograph their local communities
and compile entries for the "Community Disk".  This material covered over
100,000 square kilometers of the UK land surface and accounted for over 60%
of the populated areas of the UK.  I assumed that this web-based
reconstruction of the Community Disk would be carefully preserved by the
National Archives at Kew in London who had part-funded the reconstruction.

But no.

I hear that the instigator of the Community Disk rescue project has sadly
died and his web-page which used to link through to the web-enabled
reconstruction no longer functions.  I have asked other members of the
original team and no-one seems to know where, if anywhere, this can now be

Neither of the websites of the National Data Archive nor the National
Archives contain any reference to substantial holdings of the Domesday
Project material, either in its original or reconstructed form.  The
National Archives only refer to some digi-beta tapes holding some of the
imagery from the Community Disks.

So, after this extended diatribe, what's my point?

Basically that the fault in all this lies not in the lack of vision or
foresight by the technologists but that, at least in the UK, the national
systems of data preservation and heritage archiving simply don't work
reliably or consistently.  We lodged our original material with the official
national conservators and, so far as I can tell, they seem to have lost it!
More importantly the fruits of a major national effort to retrieve some of
the material also seems to have disappeared from the public radar after only
a year or two, even though relevant national bodies were involved in the

Referring to the risks in the title of PGN's list, I respectfully suggest
that, for the Domesday Project at least, the risks do not really trace to
the use of computers but in the inadequate procedures for effective national
curation and conservation of information assets.  More importantly, blaming
the technocrats shifts the focus away from where, in my opinion, probing
questions from authoritative people like yourself might more properly be

This e-mail has extended far longer than I intended and I apologise for
taking up your time (if you have persisted to the end!).  If you care to
respond I would be very interested in your thoughts.

Mike Tibbetts, 62 Prestonfield, Milngavie, Glasgow G62 7PZ
+44 (0)141 570 1782

Re: Treasury Office Faults IRS Computer Security (PGN, RISKS-25.40)

<Paul Robinson <>>
Sun, 2 Nov 2008 11:35:16 -0800 (PST)

> Both systems are gradually being put into use. CADE, expected to cost more
> than $1 billion through 2012 to develop and operate, this year processed
> about 20 percent of the 142 billion returns filed.

142 Billion pages, would mean a tax return averaging 473 pages each for every man, woman, and child in the U.S. (300 million people).
142 Billion returns, about 20 times the entire world population!
142 Million returns, completely believable.

Computers Freedom & Privacy Conference 2009 - Request For Proposals

<Bruce R Koball <>>
Sun, 2 Nov 2008 19:08:23 -0800 (PST)

Request For Proposals, Washington, DC, June 1-4, 2009

The 19th annual Computers, Freedom, and Privacy conference is now accepting
proposals for panels, workshop sessions, and other events.

CFP is the leading policy conference exploring the impact of the Internet,
computers and communications technologies on society.  It will be taking
place in June 2009, just months into a brand new U.S. administration - an
exciting moment in history, as we look into the future and ask, "Where do we
go from here?"  For more than a decade, CFP has anticipated policy trends
and issues and has shaped the public debate on the future of privacy and
freedom in an ever more technology-filled world.  CFP focuses on topics such
as freedom of speech, privacy, intellectual property, cybersecurity,
telecommunications, electronic democracy, digital rights and
responsibilities, and the future of technologies and their implications.

We are requesting proposals and ideas for panels, plenaries, debates,
keynote speakers, and other sessions that will address these and related
topics and how we can shape public policy and the public debate on these
topics as we create the future.

We especially encourage proposals that:

   * Take advantage of our Washington, DC location
   * Shed light on what we can expect from the new administration
   * Incorporate a global and international perspective
   * Focus on the future and what we can expect in the years to come in
     technology and policy
   * Include debates or otherwise present challenging points of view
   * Inform attendees about cutting-edge technologies and issues

However, we encourage proposals in all areas.  The more complete and fleshed
out a proposal, the more likely it will be accepted - but we welcome the
submission of all good ideas.

To submit a proposal or idea for CFP 2009, please go to

Many thanks and we look forward to your ideas and your participation!

CFP 2009 co-chairs, Jay Stanley and Cindy Southworth

REVIEW: "Handbook of Research on Technoethics", Luppicini/Adell

<Rob Slade <>>
Mon, 3 Nov 2008 11:08:37 -0800

BKHRTCET.RVW   20081002

"Handbook of Research on Technoethics", Rocci Luppicini/Rebecca Adell,
2009, 978-160566022-6, U$495.00
%E   Rocci Luppicini
%E   Rebecca Adell
%C   Suite 200 701 E. Chocolate Ave., Hershey, PA   17033-1117
%D   2009
%G   978-160566022-6
%I   IRM Press/Idea Group/IGI Global
%O   U$495.00 800-345-432 717-533-8845
%O   Audience n Tech 1 Writing 1 (see revfaq.htm for explanation)
%P   1028 p. (2 volumes)
%T   "Handbook of Research on Technoethics"

The (very brief) preface states that the work is for students, instructors,
researchers, ethicists, technology scholars, and just about everybody.
Unfortunately, all it has to say about the topic is that it is broad.
Ultimately, this is a compendium of papers related to ethics related to
technology (sometimes).

Even in the more detailed attempt to define technoethics, in the first
article, the authors have to admit that there is little agreement on the
term: that some see it as the special responsibility of technologists and
engineers, while others extend it to behavioural standards for the new
global community.  A "conceptual map" of the topic is presented at one
point.  In some attempt to be cute the topics are overlaid on a map of
Europe, but the specific subjects are laid out in almost random fashion,
primarily covering computer ethics and related ideas, but extending somewhat
into biomedical areas.  (One of the more interesting papers examines the
ethics of performance enhancement technologies in sports.)

The essays are divided into broad categories: theoretical frameworks, areas
of research, case studies, emerging trends, and further reading.  The titles
of the sections do little to differentiate the contents of the pieces.  In
the section on theoretical frameworks, for example, one paper describes
Lawrence Kohlberg's theory of moral development, while another briefly notes
John Rawls' theory of social justice: the other five essays are generic
introductions to ethics in technical arenas.  (The article looking at
Kohlberg is merely an overview of his philosophy, without any real relation
to technology.  Similarly, a later treatise is simply an explanation of
podcasting, without any relevance to ethics at all.)  There does not appear
to have been any attempt to structure topics in advance, but rather to
attempt to arbitrarily impose some kind of organization after the fact.
Therefore, while some of the treatises are detailed and well written, most
are vague and simplistic.  There are different examples and focus in various
papers, but there is an enormous amount of duplicate content, particularly
in terms of basic concepts.

The range of examples might be interesting or useful for broad discussions
of ethics in a technical environment.  However, it is hard to imagine an
audience that would benefit from this work, rather than a number of others
that would be more valuable at less cost (even when considered in total).
Deborah Johnson's "Computer Ethics" (cf.  BKCMPETH.RVW) is limited to
information technology, true, but it is more complete in that field.  Herman
Tavani's "Ethics and Technology" (cf. BKETHTCH.RVW) is more structured and
foundational.  The addition of a decent text on bioethics would equal or
exceed the content of these volumes, and be easier on the pocketbook.  (Or
is it immoral to contemplate such base considerations?)

copyright Robert M. Slade, 2008   BKHRTCET.RVW   20081002

Please report problems with the web pages to the maintainer