The RISKS Digest
Volume 25 Issue 86

Monday, 14th December 2009

Forum on Risks to the Public in Computers and Related Systems

ACM Committee on Computers and Public Policy, Peter G. Neumann, moderator

Please try the URL privacy information feature enabled by clicking the flashlight icon above. This will reveal two icons after each link the body of the digest. The shield takes you to a breakdown of Terms of Service for the site - however only a small number of sites are covered at the moment. The flashlight take you to an analysis of the various trackers etc. that the linked site delivers. Please let the website maintainer know if you find this useful or not. As a RISKS reader, you will probably not be surprised by what is revealed…


Stryker Operating Room System II Surgical Navigation System recall
Richard Cook
Northwest Flight 188
Curt Sampson
Chase Quicken and MS Money bill pay broken for 2 weeks, no fix ETA
John Rivard
UK Digital Economy Bill — Blocking Illegal Downloaders
Chris D.
Massive New UK Internet Wiretapping Plan Announced
Lauren Weinstein
Public servant fired over leak of private info of 14,000
Gene Wirchenko
Farmer claims GPS led him to breed clams in the wrong place
Rob McCool
My mother regarding LED traffic lights and Wisconsin winters
Richard Cook
Were you talkin' to me?
Jerry Leichter
All the best efforts gone to naught...
Jeremy Epstein
Various Internet Issues, Succinctly Put
Peter Ladkin
Re: The Joy of satellite navigation failures
Jerry Leichter
Info on RISKS (comp.risks)

Stryker Operating Room System II Surgical Navigation System recall

Richard Cook <>
Sun, 29 Nov 2009 20:09:05 -0600

MedWatch - Stryker Operating Room System II Surgical Navigation System:
Recall due to potential for the navigation PC SPC-1 component to stop
working which could result in potential harms associated with this failure

First known recall of a computer-based surgical positioning system.

Most surgical intervention takes place under direct observation. In these
"open" procedures, the surgeon sees the anatomy and moves an instrument
(e.g. scissors) under direct vision. The product line involved in this
recall includes a positioning product that allows procedures to be performed
under indirect observation. These instruments allow the surgeon to operate
on deep, hidden structures in close proximity to critical points, e.g. in
the sinuses close to the thin bone that separates them from the brain.

The principle of operation is straightforward. Prior to the surgical
procedure, a computed scan (e.g. spiral CT) is obtained while the patient
wears a locater fiduciary, typically a headpiece that incorporates several
easy to identify points. The patient wears the same device during
surgery. The scan is imported into an operating room system that includes an
array of sensors capable of detecting and triangulating the location of the
fiduciary, special instruments that register with the sensors, and a high
quality display that shows patient anatomy and instrument
location. Depending on the application, the representation may be multiple
"flat" cross-sections or a 3D reconstruction. The system displays the
patient anatomy along with the location of the instruments in realtime&nbsp;
The display is updated frequently to track the location of the instrument as
it moves through the patient. This allows the surgeon to move the tip of the
instrument and accomplish the surgical intervention by watching a
representation rather than under direct observation.

There are a variety of such instruments available for different
applications. For neurovascular procedures, the system can use a contrast
enhanced computed tomogram to map the arterial vascular tree in the head and
then by digital subtraction to remove the non-vascular structures to allow
realtime 3D display so that aneurysms can be embolized. The advantage of
such an approach is that it entirely eliminates the need for a surgical
craniotomy with its attendant risks, allowing the procedure to be
accomplished from "the inside".

The failure of this type of instrument would certainly get attention.
The "Dear Doctor" letter (
notes that the system failure could result in:

  ``delay in surgery, reschedule of the procedure resulting in an additional
  surgery, risk of infection, increased morbidity, potential neurological
  deficits, or injury due to the surgeon operating in an area where they did
  not intend to operate. Depending on the type of surgery, these failures
  could potentially lead to serious adverse health consequences, including
  death. There have been no reports of injury.''

Based on the description of the failure and the specific serial numbers
of instruments included in the recall, it is possible that the sensors
are not detecting reliably the fiduciary or the instruments being used.
Software faults are also possible, of course; the application, while
simple in theory, is complicated in implementation.

The FDA recall notice:
MedWatch - The FDA Safety Information and Adverse Event Reporting Program
Stryker Operating Room System II Surgical Navigation System: Recall due to
potential for the navigation PC SPC-1 component to stop working...

*Audience:* Hospital risk managers, surgical service managers

Stryker and FDA notified healthcare professionals of a recall of 23
Operating Room System II Surgical Navigation Systems because there is a
potential for the navigation PC SPC-1 component to stop working which
could result in the screen freezing, the system updating at a slow
rate, or not responding at all. The Navigation System II is a computer
aided surgery platform that surgeons can use to perform Hip, Knee,
Spine, Neuro and ENT surgical procedures and contains a computer
workstation with the navigation System II software and various
components necessary to run the system.The potential harms associated
with this failure are: delay in surgery, reschedule of the procedure
resulting in an additional surgery, risk of infection, increased
morbidity, potential neurological deficits, or injury due to the
surgeon operating in an area where they did not intend to operate.
Depending on the type of surgery, these failures could potentially lead
to serious adverse health consequences, including death. Hospitals that
have product that corresponds to the catalog numbers above should
immediately quarantine the product, label it as a recalled product and
stop using the product.

Read the complete MedWatch 2009 Safety summary including a link to the
firm press release, at:
<a class="moz-txt-link-freetext" href=""></a>

Richard I. Cook, MD, Associate Professor, Department of Anesthesia and
Critical Care, University of Chicago, <href="">

Northwest Flight 188

Curt Sampson <>
Tue, 8 Dec 2009 02:24:07 +0900

A blogger has posted what he says are "excerpts of an e-mail I received from
a fellow airline pilot. It is a summary of another pilot's conversation with
Tim Cheney, the Captain of NW Flight 188, that overflew MSP."

It's hard to tell the veracity of this report, given that it's a friend of a
friend thing, but it sounds quite plausible. Here's a summary.

The flight had a 100 knot tailwind that appears to have shortened travel
time considerably. (Though they left San Diego 35 minutes late due to an ATC
flow restriction, even after overflying their destination, they arrived only
15 minutes late.)

After passing Denver, the captain left the cockpit to go to the toilet.
While he was out, the first officer (FO) received ATC instructions to move
to a new frequency. However, for whatever reason, the FO changed to Winnipeg
ATC rather than the correct frequency for Denver Center.  Normally this
would be caught quickly, but the FO apparently did not confirm
communications on the new frequency. (Had he done so, and realized that he
was talking to the wrong ATC, the standard procedure would be to go back to
the previous frequency and confirm the new frequency he was being directed
to use.)

When the captain returned, the FO neglected to inform the captain of this
change. Because there was chatter on the frequency, the captain didn't
realize that they were not talking to the ATC that was supposed to be
controlling them. When Denver Center couldn't contact the flight, they did
have the airline send an ACARS message to the flight, but on the Airbus 320
apparently there's no audible signal upon receipt of an ACARS message, just
a light that turns on for thirty seconds and turns off again.

During this time, the captain mentioned that he was unhappy with the
scheduling software, which was new to him, being Delta's software and he
being a Northwest pilot. The FO offered to help, and they spent perhaps five
minutes with laptops out dealing with this.


  The F/As called the cockpit on the interphone...and asked when they will
  get there. They looked at their nav screens and were directly over MSP
  [the Minneapolis-Saint Paul International Airport].

  Because they had their screens set on the max 320 nm setting, when the F/O
  called on the frequency, which of course was Winnipeg Center, he saw Eau
  Claire and Duluth on his screen. They asked where they were and the F/O
  told them over Eau Claire, which was not even close, but MSP had
  disappeared from the screen even though they were right over the city. ...

  They were, as you all know, vectored all over the sky to determine if they
  had control of the a/c and Tim kept telling the F/O to tell them they have
  control, they want to land at MSP, etc. They landed with 11,000 pounds of
  fuel (no, they did not come in on fumes, but had 2 hours in an A320)....

Chase Quicken and MS Money bill pay broken for 2 weeks, no fix ETA

John Rivard <>
Mon, 30 Nov 2009 10:10:00 -0500

I just got off the phone with a customer service agent at Chase online

I was attempting to discover why electronic payments sent via the Quicken
desktop application are failing with an error code. The error message
recommends trying again later, and contacting your financial institution if
the problem does not go away.

The phone agent I spoke to said that since an upgrade to their system two
weeks ago, both Quicken and Microsoft Money payments have been failing. Yes,
you read that correctly, Chase is aware that this problem has been occurring
for two weeks, but instead of notifying users of this by phone or e-mail (or
even snail mail, since it has been two weeks), they have been waiting for
them to call in, navigate the phone tree, and wait on hold to talk to an

Perhaps they have delayed informing users directly because they have no idea
how to fix the problem. The agent also stated that there was no estimate
available for when this problem. I was fairly incredulous, and pressed if
there was any order-of-magnitude estimate available: would it be fixed in
hours, days, another two weeks? There is no estimate available at all.

UK Digital Economy Bill — Blocking Illegal Downloaders

"Chris D." <>
Sat, 28 Nov 2009 19:51:49 +0000

There have been reports in the news this week (late Nov 2009) about the UK
Government's Digital Economy Bill which has started its course through
Parliament.  The main concern for RISKS readers is most likely the
requirement for ISPs to throttle or suspend broadband connections for
"persistent" illegal file-sharers and pass details over to copyright
holders.  I haven't seen anything about how such criminals are supposed to
be identified or who arbitrates in the event of a dispute, but obviously it
will all have to be paid for, and news reports comment that if ISPs have to
start up whole departments to monitor traffic and handle violation claims
then this may well increase Internet service bills.  That's apart from the
more-fundamental issue of ISPs moving away from just giving access to
cyberspace, of course; looks like yet another case of governments
legislating for the desired results.  Talking of costs, the UK Government
has pledged to offer everyone in the whole country (i.e. including remote
rural areas) at least 2MBit/s broadband by 2012, funded by a proposed 6
pounds ($10) a year levy on fixed-line telephone rental, so another good
reason to give up the landline and just use a cellphone.

Chris Drewe, Essex County, UK, still on dial-up.

Massive New UK Internet Wiretapping Plan Announced

Lauren Weinstein <>
Fri, 4 Dec 2009 18:43:18 -0800


Greetings.  Remember the controversy over the UK's "Phorm" - "ISPs Spy on
Users" Internet ad system? ( [Lauren Weinstein's Blog])

Phorm was eventually beaten back, but it was small potatoes compared to what
the surveillance-happy folks in Jolly Old England have got up their sleeves

Britain's Virgin Media ISP has announced a stunning plan to actually spy on
the data content of Internet users — using law enforcement grade equipment
-- in search of illegal file sharing ( [ZDNet] ).

The scope of the plan is breathtaking.  File sharing protocol packets will
be opened and the contents run through music fingerprinting systems to try
determine if files are licensed or not.  At this stage of the plan, any
positive "hits" will be anonymous, but one can imagine how long that aspect
will remain in force.  And of course, if this sort of system can be
justified to "protect" the music and film industries, it's a small step to
arguing that all traffic should be monitored for *any* Internet content
considered to be suspicious, illicit, or inappropriate by Her Majesty's
government — it's basically just a matter of how much communications and
processing power you're willing to throw at the task.

There is no opt-out or opt-in.  All files carried by any of the three
primary file-sharing protocols are subject to inspection, with initially
about 40% of subscribers being included in the "lucky" test group.  And
remember, these are *private* user-to-user Internet connections being
monitored — not postings on public Web sites where license fingerprinting
can be reasonably justified.

What Virgin has announced is essentially the same concept as monitoring
telephone calls in hopes of overhearing something illegal being discussed.

The question here isn't whether or not people should inappropriately trade
licensed materials — they shouldn't.  The issue is Internet users --
including innocent, law-abiding subscribers — being subjected to having
their data content searched by whim of their ISPs, when such behavior would
not (we assume!) be tolerated on conventional telephone calls (but what of
VoIP phone calls traversing the Internet?  A fascinating question of ever
increasing importance ...)

Notably, the answer to these dilemmas is contained in a single word, which
you've seen me use many times before: *encrypt*!  As far as I'm concerned,
all Internet traffic should be routinely and pervasively encrypted, not just
to protect civil rights, but to protect economic and business security as

In fact, a spokesman related to the new Virgin ISP spying project
notes that, "encryption of the data packet would defeat us."

Sounds like good advice to me.

Lauren Weinstein +1 (818) 225-2800
People For Internet Responsibility -
Network Neutrality Squad -

Public servant fired over leak of private info of 14,000

Gene Wirchenko <>
Sun, 29 Nov 2009 11:52:12 -0800

This appeared in the 2009-11-27 issue of "The Daily News" of
Kamloops, British Columbia, Canada on page A7:

Second B.C. public servant fired over leak of private info on 14,000[1] people

The B.C. government says two public servants have now been fired following a
leak of the private information of 1,400 [1] welfare recipients.  The NDP
[2] claims the first person sacked was a man and the second was his wife,
but Citizen Services Minister Ben Stewart would not confirm that, saying it
was a personnel issue.

The leak came to light after the personal information was found in the hands
of a public servant under investigation by the RCMP's [3] commercial crime
unit and the Insurance Corporation of B.C. on an unrelated matter.  The NDP
says that information included birth dates, social insurance numbers and
other data.

The controversy came up for the second day in question period in the
legislature on Thursday, where the NDP once again demanded to know why it
took seven months to warn the people affected and why Stewart wasn't told
earlier about the breach.  Stewart promised a full investigation into the
issue, adding that the RCMP doesn't believe people's information was

1. The headline is apparently the error.  All other coverage that I
   have seen has the number as being 1,400.
2. New Democratic Party.  In B.C., they are currently the official
   opposition party.
3. Royal Canadian Mounted Police: Canada's national police force

Farmer claims GPS led him to breed clams in the wrong place

Rob McCool <>
Thu, 10 Dec 2009 19:10:42 -0800 (PST)

An oyster farm in Marin County, California was fined recently for farming
clams in an area designated as protected for the harbor seal. The owner of
the operation claimed that a faulty GPS device led his employees to place
the clam farm in the wrong place.

My mother regarding LED traffic lights and Wisconsin winters

Richard Cook <>
Fri, 11 Dec 2009 11:20:07 -0600

Mom wrote:

  "Interesting, some of the new traffic lights are LEDs and since they
  don't give off much heat, the snow sticks to the lights and drivers
  can't see the light.  I was yelling at someone who drove through a red
  and scared me but when I came home, realized that I couldn't see the
  light.  Now what?

Richard I. Cook, MD, Assoc.Prof., Department of Anesthesia and Critical
Care, U. Chicago, 5841 S. Maryland Ave MC4028, Chicago, IL 60637 773-702-4890

Were you talkin' to me?

Jerry Leichter <>
Sun, 29 Nov 2009 12:29:14 -0500

Early last spring I received mail containing a textual date and time for an
appointment.  Apple's mail client implements "data detectors," which spot
certain patterns in the text of messages and provide you with a pull-down to
implement various natural operations.  For example, the date and time in
this message gave me the opportunity to either go to that date and time in
iCal, the Mac calendar; or directly create a new event at that date and
time.  I chose the latter, and it worked as desired - even naming the
appointment from the subject of the mail message.

Except that ... the sender had specified the time zone with the date and
time.  And he specified it as EST.  But this was on a date shortly after we
switched over to EDT.  iCal faithfully converted the time to EDT, and made
the appointment an hour too late!  (There is a setting in iCal - which I
don't have enabled right now - in which the originating time zone is
preserved.  That might well have been even *more* confusing, as I suspect
the numeric time in the calendar would have agreed with the numeric time I
remembered from the mail message, keeping me from spotting the problem
quickly - but the alarm would still have gone off an hour too late!)

The risk: Increasingly, you really can't be sure when what you type (and,
soon, say) will be interpreted by a human being or by a machine.  Machines
are getting better, but they remain much more literal in their
interpretations than we expect humans to be.  We'll need to be very careful
in our use of language - as when we speak to someone from another culture -
or misunderstandings will multiply.

All the best efforts gone to naught...

Jeremy Epstein <>
Mon, 30 Nov 2009 21:54:39 -0500

For one of my volunteer activities (anyone wanna buy Girl Scout cookies?), I
have a logon to a web site.  Every year we have to get renewed, which is
reasonable considering that the assignment changes annually.  There's always
gripes about setting a password for your account.

Here's an excerpt from an e-mail I received today on using the site: "They
will also have to change their password.  If they want to go back to their
original password, the next time they sign in they should complete the login
and password but click the 3rd green bullet below the login and go back to
that contact page for another password edit.  This a little tricky - most
people would like to keep their old password so here is what they can do -
when they go to the 3rd bullet it will ask for a new password - just put in
any kind of word - get out of that and go back to the login to the 3rd
bullet and go through that procedure for the new password , put old password
in and that way you will have your same password."

In summary, people will go to far more effort to keep the old password than
to set a new one....

But I guess it beats the message we got from my daughter's school telling us
that all the kids were instructed to change their password from the default
of "dragon" to the new password "dragons" - kids aren't allowed to pick
their own passwords, because then the teachers can't give them access, I
guess.  Sounds like a system that's poorly designed if the teacher can't
reset the students' passwords, so they ensure that all students have the
same password...

And we wonder why there are so many web account compromises?!?!?!

Various Internet Issues, Succinctly Put

"Prof. Dr. Peter Bernard Ladkin" <>
Sun, 29 Nov 2009 08:20:24 +0100

Jeremy Clarkson is long-time host of the BBC's car-review program Top Gear,
which (I find out from the link below) is the most illegally- downloaded
television program from some unspecified sample.

Clarkson is known for his biting wit, the Oscar Wilde of the Morris
Mini. Like Garrison Keillor, he has crossed over from broadcast to print
journalism and writes entertaining pieces for The Times/Sunday Times
(Murdoch's News International), amongst others.

Here is his take on a number of Internet problems. I only wish I could write
so well:

Peter Bernard Ladkin, University of Bielefeld, 33594 Bielefeld, Germany

Re: The Joy of satellite navigation failures

Jerry Leichter <>
Sun, 29 Nov 2009 13:14:06 -0500

In RISKS-25.85, Steve Loughran complains specifically about an ad in which a
car will use GPS "to get you home" - and more generally about over-reliance
on GPS.

I find myself increasingly an old curmudgeon myself, and I'm bothered by the
young whippersnappers who couldn't read a map to find their way down a
midwestern plains highway - dead straight and level as far as the eye can
see in both directions.

But ... let's be a bit objective here.  How accurate were paper maps?  The
period in which, even in the US and Western Europe, you could rely on maps
to be more than approximations doesn't date back much more then 50 years or
so.  In most of the world, there have never been accurate road maps.  I
drove around Puerto Rico in the late 1970's.  Hardly an undeveloped part of
the world.  And yet the maps were ...  fanciful in places.  Roads shown that
were planned but not yet built.  Roads that existed on the ground but
somehow didn't make it onto the maps.  Drive based just on the map - which
in one spot showed a 4-lane highway - and find yourself in the middle of a
sugar cane field.

Are GPS maps up to date?  How about the paper maps that used to fill glove

Accurate road markers are of roughly the same vintage - and for historical
reasons are often difficult to use for navigation.  When I drove in England
about 20 years ago, most road signs except on the largest roads (a) did
*not* show you the compass direction; (b) named the next town down the road,
not some larger city you might have heard of beyond that.  One wrong turn
and you could go many miles the wrong way without knowing it.  (I did!)

Were there complaints from experienced users of compasses and rough maps
showing topographical features when people stopped learning how to use them
and relied on street signs?  When maps were introduced and people stopped
observing what was around them?  When compasses disconnected people from
navigation by the sun and stars?  Of course.  And did this lead to some
people getting lost because they had an old map, when someone of a previous
era would have had no problem noticing that we couldn't possibly turn
*there*, the topo maps shows that we should be going uphill?  Sure.

The fact is, GPS's get it right most of the time.  They are much easier to
use, much more reliable (when you consider the entire system, including the
inexperienced map reader), much more accurate than any system we had before.
People aren't going back, short of some kind of collapse that renders the
systems inoperable.  There's not much point in complaining.

Do *inappropriately used* or *badly designed* GPS's cause problems?  Sure,
but just how new are those?  People blindly followed maps, too - sometimes
because the maps were wrong or simply omitted some information like "low
bridge" (frankly, I've never seen a *consumer* road map with that piece of
information on it, any more than consumer GPS's inappropriately used by
truckers show this information), sometimes because most people never learned
how to read more than the basic information from a map.

We can certainly make the current systems better - and we are.  But
consider: Suppose you were driving somewhere unfamiliar, in a heavy
thunderstorm, using your GPS - and I suddenly took it away from you and
handed you some 4-year-old ratty, disintegrating map out of the glove box.
Would you think I'd improved things for you?

Please report problems with the web pages to the maintainer