Forum on Risks to the Public in Computers and Related Systems
ACM Committee on Computers and Public Policy, Peter G. Neumann, moderator
Volume 3: Issue 17
Thursday, 3 July 1986
Contents
How Much Computer Literacy Is Enough?- JAN Lee
- Working within the system
- Rich Cowan
- Re: [Airwaves &] Security -- SDI
- Herb Lin
- Complex issues, complex answers
- Bob Estell
- Politics and Engineering Practice
- Seifert
- Multiple copies of RISKS-3.16
- Kenneth Sloan
- GTE Sprint billing problems
- Chuck Weinstock/Lee Breisacher
- Info on RISKS (comp.risks)
How Much Computer Literacy Is Enough?
<JANLEE%VTCS1.BITNET@WISCVM.ARPA>
Wed, 2-JUL-1986 11:46 EDT
I would like to open a new area for discussion, that I hope can involve three elements of the audience: educators, workers, and philosophers, but hitting at what I believe to be a fundamental element of the "Risks to the Public" concept. It is the area of teaching programming. Over the past several years there has been a salutory movement in the presentation of first course material away from a course in the syntax of BASIC (etc.) to a course which is now entitled "Computer Literacy". There are numerous textbooks available (25 as of my count published since last Fall alone!) and the topics seems to fall into four basic areas: (1) An overview of what a computer is -- including hardware and software, (2) An excursion into the applications of computers in various fields (which can be tailored to specific student's interests), (3) The social impacts of computers on the world (hopefully including something about risks), and (4) Exposure to some elementary activities such as Word Processing, Spreadsheets, Graphics and/or Data Bases. This organization I support strongly for those for whom this is likely to be the only course they will ever take in this area, and it's not bad also for those who might go on and take a programming course later -- at least they get the background needed for a better understanding of the issues. NOW FOR MY PROBLEM: We have taught such a course for about four years (since the advent of the PC) and have been pleased with the results, one of which is to strip these students who merely need an exposure to the field out of the later programming courses. HOWEVER, in the normal review for a new course, we were refused approval to continue offering this course unless we included "real" programming. Many departments on campus want to have their students only take one CS course and to be able to program (mostly in BASIC) problems in application areas afterwards. To do a plausible job of teaching programming (to my way of thinking) requires preparation in the methods of problem solving first and a good grounding in the development process afterwards. Without cutting out the guts of a literacy course, I estimate we have 3-4 weeks (9-12 class periods) to do all this. These students are going to go out and write programs which put people at risk -- dieticians, agriculturalists, etc. I am refusing to offer this course since I do not believe that I can cast out into the field a group of students whose grasp of the problems of programming are insufficient to protect themselves (and others) against errors. So someone else will teach it! NOW FOR MY QUESTION: How little can we get away with in preparing students to use the computer for problem solving and not put their eventual clients at risk? JAN
Re: Working within the system
Richard A. Cowan <COWAN@XX.LCS.MIT.EDU>
Thu 3 Jul 86 21:07:12-EDT
As Herb Lin pointed out, my statement about working within vs. working outside the system had problems. First of all, I unfortunately implied (but did not mean) that "people should give up on the whole thing <lin@xx>"; in fact, I believe that it is almost always possible to work within the system to change it! I think most people can have a significant, visible effect! The problem is that many people define "working within the system" in a narrow, technical or traditional sense which may blunt or negate the impact they COULD have. Since the nature of our work and the prevailing modes of communication are set up in a compartmentalized fashion to reinforce "the system," one must sometimes circumvent those normal channels to produce change. People are deluded only if they think change will occur through "business as usual." Although "working outside the system" (and I did not mean violence, as Mr. Jong of Honeywell assumed) sometimes is necessary, organizing a peaceful, but active protest towards a goal may divide people over the goal, alienate those who disagree, produce an institutionally funded backlash, and discourage supporters if it is unsuccessful. Instead of demonstrating, individuals can try to change the CLIMATE in which group positions are formed FROM WITHIN THE SYSTEM, just by banding together in small groups to develop arguments that challenge the standard corporate line. STRATEGY: One possible strategy for changing the climate from within is to try to MAKE IT ACCEPTABLE for the head of your company/institution to publicly air your concerns. Although some business leaders may already have strong contrary views, and be impossible to convince, a surprising number may already agree with you -- but remain silent for they lack a support group to give them evidence and confidence. EXAMPLE: The president of MIT recently criticized federal research priorities -- 75% military funding of R&D -- in a public speech (Science June 13, 1986, p. 1333). Two things had to happen for him to do this: a) students gave him information documenting these trends and b) people within the upper eschelons of MIT began talking about the issue after it was raised by faculty and students. This may not seem very significant, but such criticisms are rarely voiced by the heads of US institutions highly dependent on military funding. This sends a signal to all kinds of observers, including policymakers, that the "establishment" is changing course. It also sends a signal to management/professors and workers/students (when the position is reported in the company paper, for example) that makes it easier for them to discuss the same issues. If 100 additional university and corporate executives were to each be persuaded by the actions of a few people in each institution to make statements on topics generally excluded from public debate, I believe a significant portion of the "consensus" for US domestic and foreign policy would erode. (i.e. imagine what would happen if several corporate executives felt free to voice opinions such as "a foreign policy which makes friends of thousands and enemies of millions does not seem to make good long-term sense" or "certain fields get more research funding than can be efficiently spent.") WHERE YOU CAN DO IT: Certainly professional societies and conferences provide a perfect medium for high tech people to raise such issues, thereby making it "acceptable" for others in the profession to have the same concerns. Even a lowly 23-year-old student like myself can have an enormous impact merely by clipping articles for professors or administrators whom I know are concerned but lack the time to get in touch with activist groups or track down references. Given a few good references, these people won't hesitate to incorporate such ideas into their conversations or speeches, or to express them to people higher in the chain of command. When leaders are concerned, the mainstream press will be more inclined to investigate the issue. When they do, the non-activist public follows. Since economics necessitates that most people must remain within the system, those people may as well try to make people within existing institutions more open to change. The political role of institutions (especially the leaders) in setting the tone for debate must be held accountable to someone -- why not the employees? Think globally, act locally. People must insist that the meaning of "service to one's institution" be redefined so that duties besides "maximizing its profit in the short term" are included. Otherwise solutions embodying these concerns (i.e. economic conversion) will always appear radical and be immediately dismissed before they reach the public eye. -rich
Re: [Airwaves &] Security -- SDI
<LIN@XX.LCS.MIT.EDU>
Thu, 3 Jul 1986 10:39 EDT
From: dhm at sei.cmu.edu
The SDI should be evaluated on several, I believe, criteria. Please let me
try to be brief and state several assumptions.
() We have a defense need (implicit function of the government).
() The perfect defense is one that is never tried.
() The Soviet Union is our strongest enemy.
These assumptions follow from another, and in my mind, more basic premise:
we want to maintain our way of life free from external coercion. This more
basic premise can lead to your set of assumptions, or to different sets of
assumptions. For example, it could lead to the assumption that a reduction
in tensions is a sensible thing to do, which is not mentioned in your set.
Of course, I don't think you intended your list to be complete, so I am just
adding to it.
Given these, we can view the SDI in several ways: (condensed)
() If the Soviets are against it, it must be good for us, i.e., it's a
political diversion and keeps them from spending more time on
sorry ventures like Afghanistan.
Maybe true and maybe false. If you are my enemy, and you start
drilling a hole in your side of the boat, I'm sure going to start
complaining. I'd think you'd be well advised to listen to me under
those circumstances.
() It doesn't have to work -- it's successful if no enemy tests it.
But what keeps them from testing it? The threat of retaliation.
That's what we have now! That means you have to make an evaluation of
why SDI is a better thing to do given all of the other options if you
say SDI is the way to go.
() If it causes our enemies to spend a lot of time and resources to match
it, then the diversion of their resources from their people can
de-stabilize the government through the rise of dissent and unrest.
Maybe this is good, and maybe this isn't. A time-honored way of
rallying the people behind you in time of internal crisis is to
provoke a war. Do you really want to push the Soviets into that kind
of corner?
...Is a program with a known and
predictable error rate of one wrong answer in 10,000 executions useless?
It depends on what you use the program for and how often you run it. For
some things, a 1/10,000 chance of failure is quite acceptable. For others,
it is quite intolerable. It depends on what depends on that wrong answer.
Herb Lin
Complex issues, complex answers
"143C::ESTELL" <estell%143c.decnet@nwc-143b.ARPA>
3 Jul 86 11:14:00 PST
There is a risk - however small - that we, like the machines we use, can
begin thinking in "ones and zeros" so that everything is either "true" or
"false." I believe that much of the power of computers comes from the
aggregation of those "on" and "off" states to represent complex variables,
text files, program logic, etc. Further, it helps to recognize sometimes
that a third value of even a "logical" variable is "not initialized."
I greatly appreciate Harlan Mills' words that a good decision will come of
the collective wisdom of our 535 Congressmen; they will of course be influ-
enced by literally thousands of citizens(*), hopefully including many with
expert technical qualifications. Moreover, I see the "official" policy at
any moment as being only one "delta" of a long vector, subject to "mid
course correction."
[* Note: On the other hand, congress seems heavily
influenced by one citizen in particular. PGN]
Thus I assert MY OPINION that SDI should not equate to ICBM defense,
even while acknowledging The President's original definition. Mr. Reagan
also promised to balance the budget, in his 1980 campaign speeches. That
goal has proved elusive - if not "illusive." The nation pursues updated
versions of it. Similarly, President Kennedy chartered the "man on the
moon" project; but that did not later deter the "grand tour of the planets"
which is still going on.
It follows that I agree that working "within" the system is NOT the only
way; it just happens to be my way, since I am inside. I applaud efforts
of others to work outside the system, but not against it destructively.
As for "opportunity lost" costs, they are always hard to measure; but we
must attempt that, because it's vital. What else can we do with the SDI
billions? Find the cure to the common cold? explore Mars? cut crime in
half? teach Johnny to read? reduce the deficit? ALL good options. But
I think we can't expect those alternatives until after '89. In the interim
if we can begin a DEFENSIVE system that can be shared with allies and others
as well, maybe after '90 we can re-direct many more billions towards these
other worthwhile causes.
Finally, my "epsilon" in the SDI vector is to argue that the billions that
DOD probably WILL spend in this decade be dedicated to concepts and objects
that are feasible, and do have at least potentially useful side effects.
If a major policy shift overtakes that viewpoint, I'll be very grateful.
But meantime, I'd like my professional time, and my tax dollars, to go for
something that I can be proud of - even after the Millennium.
Bob
[The last paragraph was a little vague and ambiguous, but if you
read between the lines in this and Bob's previous messages, the
intended meaning is presumably clear. However, let's all try to
sharpen our thoughts and our prose on this issue in the future.
And keep an eye on the computer relevancy. PGN]
Politics and Engineering Practice
Snoopy <seifert%hammer.tek.csnet@CSNET-RELAY.ARPA>
Wed, 2 Jul 86 08:51:56 PDT
In RISKS-3.13, the sad fact that politics overrules sound engineering practices is pointed out once more. Later, our fearless moderator comments on e-mail bouncing. Well, guess what? Part of the e-mail bouncing problem is political! Here at Tektronix, the mail system was suddenly changed without notice, thus either bouncing or dropping mail for days or weeks until every machine changes software, and the "new improved" addresses can be distributed throughout the world. The old addresses do not work. (Real good design there, guys!) Advance notice would have helped substantially, but politics dictated otherwise. -sigh- Snoopy tektronix!doghouse.GWD.TEK!snoopy (address du jour)
Multiple copies of RISKS-3.16
Kenneth Sloan <sloan@uw-tanga.arpa>
1 Jul 1986 10:16-PDT
I received (at least) two copies of RISKS-3.16. Ken Sloan ++++++++++++++++++++++++++++++++++++++++ >From NEUMANN@SRI-CSL.arpa Tue Jul 1 01:09:38 1986 >Date: Mon 30 Jun 86 23:23:56-PDT >From: RISKS FORUM (Peter G. Neumann, Coordinator) <RISKS@SRI-CSL.arpa> >Subject: RISKS-3.16 ++++++++++++++++++++++++++++++++++++++++ >From NEUMANN@CSL.SRI.COM Tue Jul 1 03:05:47 1986 >Date: Mon 30 Jun 86 23:23:56-PDT >From: RISKS FORUM (Peter G. Neumann, Coordinator) <RISKS@CSL.SRI.COM> >Subject: RISKS-3.16 ++++++++++++++++++++++++++++++++++++++++ [The clue of course is the different FROM Fields. SRI-CSL went down during the wee hours of the morning in order to be reborn under its new name of CSL.SRI.COM. The mailer did its usual trick when the system bombs in the middle of a mailing -- it retries certain addresses to which it had already sent successfully. Sorry. But PLEASE NOTE THE NEW HOST NAME for RISKS and RISKS-Request: @CSL.SRI.COM. Thanks. PGN]
GTE Sprint billing problems
<Chuck.Weinstock@sei.cmu.edu [and From: Breisacher.OsbuSouth@Xerox.COM]>
2 Jul 1986 11:31-EDT
Sprint just enclosed the following notice in its latest billing: We have recently discovered an error in our billing system related to the changeover to daylight savings time. The error may have caused some calls made in the period April 27, 1986 - May 1, 1986 to be billed incorrectly. The error has been corrected, and we are in the process of determining whether your bill was affected. If so, an appropriate adjustment, including applicable taxes and interest, will appear on a future bill... [...although this one does not appear to have been too costly... PGN]
Report problems with the web pages to the maintainer