The Risks Digest

The RISKS Digest

Forum on Risks to the Public in Computers and Related Systems

ACM Committee on Computers and Public Policy, Peter G. Neumann, moderator

Volume 3 Issue 01

Wednesday, 4 June 1986

Contents

o Unshakeable Faith in Technology
Richard A. Cowan
o Unshakeable Faith in Technology: Shuttles & Nuclear Power
Peter G. Neumann
o Basis for SDI Assumptions?
Doug Schuler
o Technical vs. Political in SDI
Herb Lin
o Computer Crime Laws
Peter G. Neumann
o Backups for micros
Evan Dresel
o The Clock Lies Again
PGN
Jagan Jagannathan
o Info on RISKS (comp.risks)

Unshakeable Faith in Technology

Richard A. Cowan <COWAN@XX.LCS.MIT.EDU>
Tue 3 Jun 86 21:07:28-EDT
The following passage from a 6-part "editorial" in the San Francisco
magazine "Processed World" argues that the Space Shuttle disaster will
not (as Proxmire claimed) shake people's faith in technology.  Instead,
it may strengthen their resolve to pursue technology regardless of risks.
(Fortunately, the same argument can not be applied to the Chernobyl accident;
people don't have the same love affair with Soviet nuclear power that they
had with the Shuttle.)

Send me mail if you want more info about the magazine; this is from the
recently published Number 16.


         "Braking Star Wars, or a New Standard of Patriotism"
                          by Marcy Darnovsky

  "If the fireball that consumed Space Shuttle Challenger slows down the
  development of Star Wars, the seven people that perished in it will
  not have died in vain.

  "To millions of space enthusiasts, the shuttle and the space program
  are tributes to curiosity, imagination, courage, and the quest for
  knowledge and adventure.  These are among the worthy impulses of the
  human spacies.  But what most space boosters don't see through the
  glitter of the stars (leaving aside the problem of how to divide the
  purse between cross-town buses and interplanetary travel) is how
  these impulses are being used and perverted.

  "Whatever its origins, there can be no doubt about what master the
  Shuttle now serves.  Starting in 1987, the Pentagon had planned to use
  half of the spacecraft's cargo bay at least twice a year for Star Wars
  experiments alone.  It had claimed a third of the available shuttle
  launches over the next ten years.  Under the National Space Policy
  adopted by Reagan, the Pentagon is not only NASA's largest customer,
  but also its preferred customer, and as such is entitled to bump
  civilian, commercial, and scientific payloads off Shuttle flights.

  "For a short time, the suspension of Shuttle missions and the loss of
  one of the four orbiters will slow the military's invasion of space.
  But before long, the space arms race will be back in harmony with the
  spheres.  The scientific and commercial aspects of the space program
  will probably come out the losers, with NASA dancing to the Pentagon's
  tune even more slavishly than before.

  "A month after the explosion, some of the astronauts voiced dissatisfactions
  with NASA safety procedures and secrecy.  It's too soon to tell whether
  their criticisms will crack the unnerving unaniminity of popular support for
  more space spectaculars.

  "Remarkably, instead of planting doubts about the reliability of complex
  technologies and the push into space, the destruction of the Challenger
  seems to have convinced most Americans that no sacrifice is too great for
  the technology that will conquer the stars.  NASA reports it received 90,000
  letters in the two weeks following the explosion, 99% of them supporting the
  space program.  "Something like this brings the nation together," said
  Daniel Boorstin in the New York Times.  "The space program in general has
  done that; people understand the grandeur even if not the technology, and to
  share that grandeur is what makes a great nation."  Boorstin is right: the
  majestic lift-off of a rocket with human beings perched atop it raises
  modern Americans out of their everyday lives into an epiphany of
  technological awe intertwined with chauvinistic pride.

  "The Shuttle catastrophe has constructed a new standard of patriotism:
  giving your life for your country's technology.  Instead of making it
  acceptable to question the military takeover of space, the Shuttle
  disaster may make the space program more sacred than ever.  If the
  explosion of the Challenger and the seven dead astronauts have
  transformed protest into heresy, it was more of a tragedy than we've
  yet realized."


Date: Wed 4 Jun 86 22:01:31-PDT
From: Peter G. Neumann <Neumann@SRI-CSL.ARPA>
Subject: Re: Unshakeable Faith in Technology: Shuttles & Nuclear Power
To: COWAN@XX.LCS.MIT.EDU
cc: RISKS@SRI-CSL.ARPA

  *** Shuttle ***

Today's SF Chron contains a Los Angeles Times story by Maura Dolan:

             Shuttle Program Was Doomed, Panelists Say

  The space shuttle prgram was so plagued by a lack of spare parts and
  mission softwre and inadequate crew training that flights would have been
  substantially slowed or halted by now even if the Challenger disaster had
  not occurred, members of the presidential commission that investigated the
  accident said yesterday.  ``There was no management of this program," a
  commissioner said.  ``Even without the accident, the program would have 
  ground to a halt by this point.'' 

The article goes on to quote other commissioners anonymously on inadequate
planning, having to steal spare parts from other shuttles, lack of training
time, one or two of the two simulators being down often, last-minute
reprograming without testing, and so on.  It also outlines some of the 
recommendations of the forthcoming report.

  There are about four or five other ... safety things that NASA has been
  playing the same game with as the O-rings -- the main engine, the brakes,
  the flapper valves (that control fuel flow), the automatic landing
  system," one panelist said.


  *** Nuclear Power ***

Jack Anderson's column in the same paper returned to Chernobyl and the
nuclear power situation in the United States:

  We have learned that, since the hideous accident in the Ukraine, the
  Nuclear Regulatory Commission staff called in the inspectors and informed
  them that new, more lenient interpretations of the fire-safety regulations
  had been approved by the commissioners over the inspectors' vehement
  protests...  Incredibly, the new guidelines let nuclear plant operators
  sidestep the protection of redundant control systems by planing fire
  safety for the first set of controls only.  The guidelines permit 
  partial fire barriers between the first control system and the backup
  system, which can be in the same room.  This means that a fire could
  short-circuit both systems.


Basis for SDI Assumptions?

bcsaic!douglas@uw-june <Doug Schuler>
Tue, 3 Jun 86 07:56:46 pdt
I have to question two statements that were made by Bob Estell in relation
to SDI software.  The first one, "A missile defense is worth having if it is
good enough to save only 5% of the USA population in an all-out nuclear
attack" is oft-heard.  The phrase "worth having" could be applied to a
number of things that aren't being had by many people (things like food,
shelter, medical care, or safer cars).  The question of whether something is
"worth having" irrespective of costs, as if one could snap his fingers and
have that thing is fine for idle conversation but of little use
realistically.  The question of what is worth pursuing and to what degree
must be taken up by society at large.  The magnitude of SDI costs as well as
admitted technical dubiousness must be compared with alternatives.  We can't
have everything that anybody says is "worth having."

The second quote, "That shield might save 75% of the population in a
terrorist attack, launched by an irresponsible source" deserves some
comment.  The "terrorist" argument is used fairly often also to garner
support for SDI, as terrorism is a popular topic on television, etc.  I am
prompted to ask from what quarter this terrorist attack would arise.
England? France?  Also, I would expect that SDI would fail miserably in the
event of anything less than the full-scale attack that it was billed as
deflecting.

How does this apply to Risks?  The rationale and the requirements are
the basis for a system.  If these are invalid, the system will probably
be invalid.  As Herb Lin said, "Politics are just requirements at the
top level."


POSTING NUMBER 2:

[Re Bob Estell's posting]  

I am not sure of the facts on this but I think it is pertinent to RISKS.
What is the story on the software for the Sargent York gun?  Was a "high
level" language used.  If so, and the complexity still defeated the project,
it bodes ill for SDI which consists of [the logical equivalent of?]
thousands (hundreds?) of Sargent York guns launched into space.  If a
high-level language was used, there is still life in the "historical"
argument described by Bob Estell.

   ** MY VIEWS MAY NOT BE IDENTICAL TO THOSE OF THE BOEING COMPANY **

    Doug Schuler     (206) 865-3228
    {allegra,ihnp4,decvax}uw-beaver!uw-june!bcsaic!douglas
    bcsaic!douglas@uw-june.arpa

     [The use of a high-level programming language is only part of the
      problem.  In many cases, deep flaws exist in the design, and
      the implementation makes things only a little bit worse.  In those
      rare cases where the design is actually sound, the programming 
      language -- whether high-level or low-level --  introduces the
      possibility of additional flaws, such as loss of encapsulation,
      lack of strong typing, lack of consistent exception handling,
      improper sequencing or atomic actions particularly in distributed
      systems, lack of adequate control transfers and domain changes, 
      and so on.  But such problems exist in ALL of the commonly used
      programming languages.  PGN]


Technical vs. Political in SDI

<LIN@XX.LCS.MIT.EDU>
Thu, 5 Jun 1986 00:32 EDT
I subscribe to RISKS, and I moderate ARMS-D.  I will forward to ARMS-D
any SDI messages that appear on RISKS, unless specifically told not to
do so by the subscriber.

Peter -- Is this OK?  
                 [SURE.  FINE BY ME.  Remember, I don't believe in the 
                  alleged sharp partition between RISKS and ARMS-D.  PGN]


Computer Crime Laws

Peter G. Neumann <Neumann@SRI-CSL.ARPA>
Wed 4 Jun 86 22:18:21-PDT
From the SF Chron, 4 June 1986, Washington Report, p. 13:

  The house approved and sent to the Senate yesterday a bill that would
expand coverage of federal laws against computer crime.
  The legislation, passed by voice vote, would make it a felony knowingly to
trespass into a "federal interest" computer -- one operated by a federal
agency, a federally insured financial institution or by stockbrokers
registered with the Securities and Exchange Commission -- to obtain anything
of value.
  It also would apply to entry into private computer systems located in more
than one state.  The top penalty would be five years in prison and a
$250,000 fine.
  The measure also would establish a new category of misdemeanor for
"hackers" who use computer bulletin boards to display passwords to computer
systems.  The top penalty would be a year in prison and a $100,000 fine.

   [I note that "to obtain anything of value" does not cover denials of 
    service, mass deletions of data, insertion of nonbenevolent Trojan
    horses, and so on.  The multistate basing clause may lead some 
    organizations into distributed system and network operations just for
    the legal coverage!  PGN]


Backups for micros

<E8D%PSUVM.BITNET@WISCVM.WISC.EDU>
Wed, 4 Jun 86 09:43 EDT
    There probably isn't a lot more to be said about backing-up data that is
new.  Since someone else brought up the subject, I'll recount a very recent
case of incorrect back-up procedures from here in central PA, and then make
a suggestion or two.  [OK. I STILL ACCEPT A MESSAGE OR TWO ON THIS TOPIC. PGN]
    A small local firm was burglarized and their micro-computers stolen.
All their diskettes were also taken -- yes, including all those carefully
made back-ups.  I don't have exact values for the worth of the data but the
loss was enough to have significant impact on a small group.
    I guess this comes under the heading of improperly defining the risk.
Everyone knows that computers can "eat" data and that's why one makes
copies.  How many of your typical users think about flood or fire, which are
problems common to all data storage systems, much less theft which is a
threat peculiar to micro-computer use where the diskettes are worth
something -- even if they don't contain expensive programs.
    I could just say, "Boy, what a dumb mistake.  They should have had
hard-copy of as much stuff as practical, and protected those back-up
diskettes."  That's not very productive, though.  The answer lies in
education and perhaps in program developers meeting the real needs of the
users.  Computer users need to know how to protect their data and why.  A
couple of horror-stories go a long way.  Either practical back-up schemes
described step-by-step (such as how to copy only files created after a
certain date) or else menu type software should be generally available.
This information should be easily accessible to people who don't know a
whole lot about programming or even about their system. (If I were a
diskette manufacturer I'd give away back-up program-packages.)  And don't
forget the worst part of using your archive-copies -- figuring out which
version of what you are working with.

  Evan Dresel
  Dept. of Geochemistry                             E8D @ PSUVM (bitnet)
  228 Deike Bldg.               ...!psuvax1!psuvm.bitnet!e8d (uucp <-->
  Penn State University                                 bitnet gateway)
  University Park, PA  16802        e8d%psuvm.bitnet@wiscvm.arpa  (arpa)
  (814) 863-0672


The Clock Lies Again

Peter G. Neumann <Neumann@SRI-CSL.ARPA>
Fri 30 May 86 23:36:19-PDT
It is after midnight, but not by SRI-CSL's time.  We have another clock
problem.  PGN  [An homily anomaly?]

  [This one was quite different from the one I previously reported.]


Re: The Clock Lies Again

Jagan <JAGAN@SRI-CSL.ARPA>
Sat 31 May 86 01:21:49-PDT
You are absolutely right .... However, I think the problem this time is
not with the algorithm to compute the most reasonable time but the fact that
the machine was unavailable (but not down!) for about half-hour this
afternoon.  (The clock had stopped even though the machine didn't think
the clock had.)  Jagan [Jagannathan]

Please report problems with the web pages to the maintainer