The Risks Digest

The RISKS Digest

Forum on Risks to the Public in Computers and Related Systems

ACM Committee on Computers and Public Policy, Peter G. Neumann, moderator

Volume 25 Issue 46

Weds 26 November 2008


E-prescription for IT disaster
Tom Yager via Gene Wirchenko
Computer virus shuts down three London hospitals
Patrick O'Beirne
The Blackberry, the President, and Reality
Fred Cohen
Steve Wildstrom
Choose too large a sample interval and look like an idiot
Max Power
The Great RoHS/Tin Whisker Fiasco of 20??
Jay R. Ashworth
ACMS helps recover lost Moon data
David Shaw
Re: Vintage IBM tape drive in Apollo moon dust rescue
David Brunberg
Re: BBC Domesday Project
Kees Huyser
Amos Shapir
Re: NASA's Mars Lander dies in the dark
John Levine
Excel user awareness
Patrick O'Beirne
Info on RISKS (comp.risks)

E-prescription for IT disaster (Tom Yager)

<Gene Wirchenko <>>
Sat, 22 Nov 2008 16:28:04 -0800

Tom Yager, E-prescription for IT disaster, *Infoworld* Blog, 19 Nov 2008

The federal paperless prescription mandate is a model for pathetic planning
that will leave users and IT blamed for failures

Researchers just finished mapping a patient's leukemia tumor genome, finding
only eight differences between her tumor cells and normal ones taken from
her skin. This breakthrough in medical technology was somehow accomplished
while the American Medical Association and U.S. government health agencies
are doing a rip and replace of the nation's medication distribution
system. Taking the prescription system paperless has been on the national
road map since timeshared mainframes were the rage, but up to now, those
delivering, managing, regulating, and receiving health care always found
wiser uses for the time and money required for a prescription system

Now, in the final seconds before an administration sworn to reform health
care takes office, e-prescribing is being lofted as a Hail Mary pass by
interests with a mix of honorable and questionable intentions. It has not
remotely begun to gel, but now it is poor planning made law, and it falls to
practitioners, pharmacies, and IT to make it work. Make it work now, or the
government will dock already inadequate reimbursement for treatment under
Medicare and Medicaid. Company-paid insurance can't be handled any other

It probably seems that I'm casting too jaundiced an eye on the issue. Who
could oppose the modernization of a paper system whose flaws exact tolls in
lives and taxpayer dollars lost to fraud? Trouble is, e-prescribing is
loaded with agendas, with conduits for control and work-arounds for
potential future regulation and reformation (whatever those may be). It is
being executed under the rubric of urgent social necessity, but the health
care system has far more pressing issues to deal with. Doctors have less
time to see patients, new reasons to refuse to treat patients on government
assistance, and new levels of complication that tacitly discourage certain
types of prescriptions.

Ain't broke

E-prescribing is sold as an essential modernization of a creaky,
error-prone, inefficient, and costly paper system that cannot keep pace with
the explosive growth of prescriptions. If you didn't know better, you might
say they're right. This archaic system has its roots in simpler times when
small-town pharmacists knew small-town doctors and their office staff
personally. Pharmacists' experience and face-to-face dealings with patients
red-flagged erroneous or suspicious prescriptions. [...]

Computer virus shuts down three London hospitals

<Patrick O'Beirne <>>
Tue, 18 Nov 2008 16:13:25 +0000

A computer virus infection has forced a number of London hospitals to shut
down their IT systems, and revert to manual operation.

  [Searching on this turned up many reports, naming St Bartholomew's, the
  Royal London Hospital, and the London Chest Hospital, all part of the
  Barts and London NHS Trusts.  The URL Patrick gave me did not seem to
  work.  PGN]

The Blackberry, the President, and Reality (Re: Solomon, RISKS-25.45)

<Fred Cohen <>>
Mon, 17 Nov 2008 17:55:00 -0800

The Records Act does not prevent the use of a Blackberry - all you have to
do is record what you send (and receive) - a relatively simple matter. The
fact that sending classified over a blackberry is a problem is, of course, a
limitation, but hardly a surprise. The other challenge relates to the
traceability of the blackberry to a location and the ability to use this
information to deliver smart weapons on target. And then there is the use of
the voice part for recording conversations when it appears to be off. And of
course the list goes on. But isn't this a good thing for computer security?
After all, we can secure things like this if we want to, and the fact that
so public an official has to deal with these sorts of issues should be an
eye-opener for lots of folks. It's a good thing that it is being brought up,
but it should not force him to stop using the device. Assuming it is
properly managed.

That brings us to the real issue. The security of Federal systems and the
measures taken to protect (and not protect) them are problematic, they tend
to get low scores on relatively simple tests of security, and of course the
White House computer systems have been broken into recently (according to
the news stories) and emails revealed - blackberry not even involved. At the
dawn of the information age, as it enters the highest parts of our
government, we may actually see an executive who has to deal with these
issues and a serious effect on notional policy and operational
decisions. Change is coming, but will that change be change we can rely on?

Fred Cohen & Associates, 572 Leona Drive, Livermore, CA 94550

The Blackberry, the President, and Reality (Re: Solomon, RISKS-25.45)

<Steve Wildstrom <>>
Tue, 18 Nov 2008 13:25:35 -0500

Most of what has been written about the President-elect and his BlackBerry
is nonsense. As President, he may not have time for as big a time-suck as a
BlackBerry, but neither the Presidential Records Act nor security concerns
(for unclassified material) should be an issue. A BlackBerry certainly meets
all the retention requirements of the PRA (actually, these would be met by
the underlying mail system-Exchange, Lotus Domino, or GroupWise.) With
respect to security, the BlackBerry has picked up a long list of approvals,
including certification under FIPS for "sensitive but unclassified"
information. BlackBerrys are widely used within the government, including by
law enforcement agencies, as is a similar technology for Windows Mobile and
Palm from Motorola Good Mobile Messaging.

Steve Wildstrom, Technology & You columnist, BusinessWeek, 1200 G St NW
Suite 1100, Washington, DC 20005

Choose too large a sample interval and look like an idiot

<Max Power <>>
Wed, 19 Nov 2008 13:35:49 -0800

... Risks of using poorly customized map software ...

The BBC Box uses GPS based satellite transponder technology.
The Box pings its location every 24 hours. The Box should ping its
location every 11 hours, or some oddball number smaller than 24.
Sadly, the sample ping sample interval is too small -- and the mapping
software is not bright enough to use arcs between sample points to avoid
clearly wrong map displays.

In this case The Box's trip around Taiwan looks totally wrong (19/10/2008 &
20/10/2008).  The ship did not plow thru the Taiwanese mountains!

Also, the trip around Indonesia, and Malaya to Singapore looks totally wrong
as well.  And the trip skirting around Sri Lanka does not look right either.
And Yemen, eeesh!

* These nation's EEZ's are somewhat unsafe due to piracy, but that issue
  needs to be tackled by the UN.
* I don't believe that a smaller ping interval is any less safe, if the
  new data point is delayed from being displayed by 120 minutes.

What other visual mapping gaffes will we have to tolerate for the next year?
The Box project will last a year at least.

I actually hope the BBC inserts interpolated data points, or even better --
get a GPS log of the container ship's route.

The GPS unit in use here probably stores a data point every 15 minutes, and
can probably send trip logs autonomously.

Max Power, CEO, Power Broadcasting,

The Great RoHS/Tin Whisker Fiasco of 20??

<"Jay R. Ashworth" <>>
Thu, 20 Nov 2008 11:03:14 -0500 (EST)

Slashdot just ran a story about a lead substitute based on bisumth.

As I had expected, some of the commenters (me among them) noted that the
removal of lead from solder to meet European RoHS requirements is causing
problems with the formation of tin whiskers.

So, now, the question you have to ask yourselves is: what happens when one
of those tin whiskers shorts out a critical piece of avionics in the plane
you're flying in?

And, more importantly... has that thought already occurred to people who
build avionics, and make RoHS laws... and if so, why does Google have so
much trouble finding evidence thereof?

Everybody seems to be trying to *fix* this potential problem, but the whole
point of RoHS was, as I understand it, keeping lead out of landfills.

How many avionics and other such life-critical items end up in landfills in
the first place?

Jay R. Ashworth, Ashworth & Associates, St Petersburg FL +1 727 647 1274

ACMS helps recover lost Moon data

<"David Shaw" <>>
Thu, 20 Nov 2008 17:13:10 +1100

The risk of not being able to read aging storing media / formats is no doubt
familiar to many RISKS readers, but this particular story seems like a
textbook example.

"Scientists hope to recover lost data from the Apollo moon missions using a
40-year-old tape drive borrowed from the Australian Computer Museum Society
(ACMS). NASA lost its original tapes - containing data from studies of lunar
dust but thankfully back-ups were stored at Sydney University. Work is now
underway to restore a 1960s-era IBM 729 Mark V tape drive so the tapes can
be read."

More info at:

The real irony here is that the ACMS's valuable, historical collection of
computers has been evicted twice and struggles for funding. I suspect we
went awfully close to never being able to retrieve NASA's lost data.

Re: Vintage IBM tape drive in Apollo moon dust rescue (RISKS-25.45)

<"David Brunberg" <>>
Mon, 17 Nov 2008 22:03:05 -0500

While the problem (loss of data due to obsolete formats/equipment) is real,
consider this: the moon dust/rock samples have been carefully preserved and
are available for analysis by qualified scientists.  It would probably be
cheaper to re-run the chemical and isotopic analyses.  The analytic
technology has progressed to be able to use much smaller masses and would
probably offer more precision and flexibility.

It's been discussed thoroughly before, but a more significant problem, in my
opinion, is the loss of data due to aging of storage media, and specifically
the loss of time sensitive data.  For instance, 30-year-old photographs
that, when compared against current images, might lead to major astronomical
findings by showing long-term changes in positions or conditions of
celestial objects.

Re: BBC Domesday Project (Tibbetts, RISKS-25.44)

<Kees Huyser <>>
Tue, 18 Nov 2008 09:31:20 +0100

Jeffrey Darlington of the Digital Preservation Department of the The
National Archives wrote in 2003 about the rescue in an article in Ariadne, a
magazine for information professionals in archives, libraries and museums:

Re: BBC Domesday Project (Tibbetts, RISKS-25.44)

<Amos Shapir <>>
Wed, 19 Nov 2008 17:45:31 +0200

In other words, they have bound the data format from the start to specific
hardware implementations, which were rare even then.  This put an extra
burden on the archivers who would necessarily have to convert it later.
(Maybe this reflects the general attitude in a country where power is still
measured by horses, and people are weighed by stones :-)) Once data is
digitized, it would certainly fare much better if it was kept in the most
simple form; I suspect it would have been easier to rescue even if it was
all put on punched cards!

Re: NASA's Mars Lander dies in the dark (RISKS-25.45)

<John Levine <>>
18 Nov 2008 13:02:19 -0000

In fairness, that was always the plan.  The original schedule when Phoenix
landed in May was to operate for three months during the Martian summer, but
it worked well enough that they extended the mission twice until it ran out
of sunlight.

I wonder why they didn't design it to go to sleep and try waking it up when
the days get longer.  Perhaps they figure that by then there will be so much
dust on it that it won't get enough sunlight to restart.

John Levine,,
Primary Perpetrator of "The Internet for Dummies",

Excel user awareness (Re: Magda, RISKS-25.45)

<Patrick O'Beirne <>>
Tue, 18 Nov 2008 08:47:06 +0000

It's not Excel auto-formatting. It's a breakdown in the communication of
significance between those who know what something means and those who just
manipulate spreadsheets without knowing what they mean; compounded by
last-minute rush and pressure and lack of supervision.  see

Some of my comments are:

"A maximum of one minute checking time, then. If you delegate work, you have
the responsibility to check it. Spotting 179 differences in 1000 rows is not
that hard. Lawyers always work with paper evidence, so a simple check would
have been to print the excel sheet as received, print the PDF, and visually
compare the pagination. If they had had to do it by midnight, then at least
the largest numbers could be checked in 15-20 mins. After all, even with the
late submission by the client, counsel had nearly four hours just to look at
it and convert it to PDF.  If the check had been done on Sept 18, much
embarrassment would have been spared."

"Let's look at the interface between client and lawyer.  Clients should be
able to expect well-paid lawyers to exercise vigilance and help protect the
clients against themselves. As well as their first job which is to review
the substantive content of documents, it should be standard practice in to
review all received files for metadata and hidden data.  It could be hidden
text in a Word document, blacked-out text in a PDF, or file properties in an
Office document that reveal identities.  However, lawyers are rather
expensive IT reviewers, so for one's own protection, one should review
documents both in content and form before release. Form includes not just
hidden data, but anything that is not manifestly clear to the parties
involved and could be a source of confusion. Is "Y/N" in column Z a
sufficient indicator, and was its significance made plain?"

I have not read about the judgment yet on the case which was due Nov. 5

Patrick O'Beirne, Systems Modelling Ltd.  (+353)(0) 5394 22294

Please report problems with the web pages to the maintainer