The Risks Digest

The RISKS Digest

Forum on Risks to the Public in Computers and Related Systems

ACM Committee on Computers and Public Policy, Peter G. Neumann, moderator

Volume 3 Issue 16

Monday, 30 June 1986


o Chernobyl (a suprise to the Soviets)
Martin Minow
o Airwaves & Security (2 Subjects)
Richard S. D'Ippolito via dhm
o Interesting Technical Questions (originally SDI)
Martin Moore
o Info on RISKS (comp.risks)

Chernobyl (a suprise to the Soviets)

Martin Minow, DECtalk Engineering ML3-1/U47 223-9922 <minow%pauper.DEC@decwrl.DEC.COM>
30-Jun-1986 1510
From the Danish newspaper Information, May 31, 1986.

Soviet Union
    Ove Nathan: Chernobyl Totally Choked the Leaders

The Danish atomic physicist and rector for Copenhagen University, Ove
Nathan, who is currently attending a conference on atomic weapons in Moscow,
said Friday [May 30] in an interview with Swedish Broadcasting that an
intensive discussion is going on behind the scenes in the Soviet Academy of

According to Ove Nathan, the accident at Chernobyl totally choked the
politicians in charge of the Soviet Union.  They had never imagined that
something similar could have occurred.

Ove Nathan has spoken with several members of the Soviet Academy of Sciences
who said that the mathematical calculations they used in their probability
computations were completely incorrect.  These must be revised, and possibly
also the decision to locate nuclear reactors in or near densely populated

"The new thing is that they openly admit that they do not know how they will
handle the situation after the accident.  They say that is extremely
complicated, nothing can be taken for granted, and there are no sure factors
one can rely on.  Every day brings a new surprise."

Professor Nathan suggests that this is a situation that is completely
un-Sovietic.  This is the first time in the Soviet history that the elite in
the Soviet Academy of Sciences admit that they don't have firm ground under
their feet.

Ove Nathan believes, that the most serious consequence of the Chernobyl
catastrophe will be an increased demand in the Soviet society for
open information from the government.

Translated by Martin Minow

[The Danish original of the text that I translated as "the mathematical
calculations they used in their probability computations were completely
incorrect" is "den matematiske kalkyle, man har anvendt i sine
sandsynlighedsberegninger, var helt fejlagtige" — I don't have a dictionary
so I'm not quite certain my translation was completely correct.]

Airwaves & Security (2 Subjects)

30 Jun 1986 15:20-EDT
[This message is being forwarded for Richard S. D'Ippolito (
whose machine does not yet have ARPAnet access; replies temporarily to]


It seems to me that what's been missing in the debate on Airwaves/Privacy is
that 'public' ownership is being erroneously equated with 'free access'. We
certainly pay camping fees at public parks and tolls on some public roads.
Public ownership of the airwaves (essentially nothing real) means simply
equal access under the same set of government (public) rules and regulations
so that no group is denied access for discriminatory (in the constitutional
sense) reasons. Now then, why should a business expect to have its product
stolen, which is essentially what is happening? And why can't they protect
their normal interests, i.e., proprietary information, with whatever
security deemed necessary and have the government back them up (with laws
and penalties) just as they do with communications through the mails --
another 'publically owned' and equally accessible enterprise? And by the
way, your rights in this state (PA) in public parks are considerably
restricted from what they are on your own property — no firearms, alcohol,
pets, or explosives. I can't feel sorry for those who want to steal a


Mr. Richard Cowan has presented what I think to be a commonly held but
misconceived argument on security, locks, and crime. It is not the proper
duty or function of business to reduce the causes of crime by paying
unrealistic wages or creating unnecessary jobs. Some people are thieves,
period, not because they are poor or unemployed. And, as long as there is
one left, all prudent people will want locks. Please, let's skip the
sociological arguments in the discussions of SDI. [Disclaimer: For those who
do not know (most of Pittsburgh doesn't yet) the SEI is not involved with
SDI, nor do we write war (or any) software here — no flames, please.]

The SDI should be evaluated on several, I believe, criteria. Please let me
try to be brief and state several assumptions (which not all of us may hold):

() We have a defense need (implicit function of the government).
() The perfect defense is one that is never tried.
() The Soviet Union is our strongest enemy.

Given these, we can view the SDI in several ways (sorry to condense):

() If the Soviets are against it, it must be good for us, i.e., it's a
political diversion and keeps them from spending more time on sorry ventures
like Afghanistan.
() It doesn't have to work — it's successful if no enemy tests it.
() If it causes our enemies to spend a lot of time and resources to match
it, then the diversion of their resources from their people can de-stabilize
the government through the rise of dissent and unrest.

Now, don't we need to include issues like that in the evaluation of any
defense? I'm certainly as unhappy as anybody about wasted tax dollars, as I
pay to many of them now. Also, I would like to live in a peaceful world
(read risk-free), too, but it just isn't going to happen. I would like all
engineers (I'm one) and scientists to take the high side of the debate to
the public — that we work our butts off to make things as risk-free as
possible and that we are willing to discuss and quantify (where possible)
the magnitude and probabilities of the risks.

In Great Britain, they talk about these things to the public all the time.
Here, only the insurance companies know. For example, in building a chemical
plant, the calculations of the magnitudes and probabilities of a life-
injuring or -destroying accident and the resulting cost (yes, they put cold
numbers on them — your medical insurance company already has the value of
your arm listed) is factored in along with all the other costs to determine
the proper design and location of the plant in economic terms.

It is totally unrealistic for us to put infinite values on human lives (I
didn't say life) because that's when we conclude that everything must be
perfect and risk free. A perfect example of this kind of reasoning can be
seen in the FDA's treatment of hazardous substances. Have you notice that
the allowable limits of these substances always decreases to the limits of
measurability as new measuring instruments are devised, even in the absence
of direct risk at those levels which are now orders of magnitude below the
levels accepted as harmful? Where do we stop? In more concrete terms, I was
unable to attend a lecture on this subject: Is a program with a known and 
predictable error rate of one wrong answer in 10,000 executions useless?,
but the subject did intrigue me.

                --- Richard S. D'Ippolito (
                    Software Engineering Institute
                    Carnegie-Mellon University

Interesting Technical Questions (originally SDI)

0 0 00:00:00 CDT
> Looking at the question from another side, all technical analysts
> agree that it is possible to build SOMETHING that sometimes does some
> fraction of what you want it to do, and the interesting technical
> questions are what is the nature of this something, what will it be
> able to do, and how often can it do it.

...and how much will it COST?  Not only in money, but in people, raw 
materials, other resources, etc.  This is a fundamental question in
ANY engineering effort.

            Martin Moore (

Please report problems with the web pages to the maintainer