Please try the URL privacy information feature enabled by clicking the flashlight icon above. This will reveal two icons after each link the body of the digest. The shield takes you to a breakdown of Terms of Service for the site - however only a small number of sites are covered at the moment. The flashlight take you to an analysis of the various trackers etc. that the linked site delivers. Please let the website maintainer know if you find this useful or not. As a RISKS reader, you will probably not be surprised by what is revealed…
I came across an article in Computing which gives more details about the way in which computer systems are influencing the stock market. It suggests that dealers are forced to rely on the "intuition" of their system, even against their better judgement, for fear of being caught out. Personally I find this trend very alarming, but perhaps the fluctuations on the stock market are just "noise" with no lasting influence on the real economy. Unfortunately, the "noise" can be heard around the world. Robert Stroud, Computing Laboratory, University of Newcastle upon Tyne. ARPA robert%cheviot.newcastle@cs.ucl.ac.uk (or ucl-cs.ARPA) UUCP ...!ukc!cheviot!robert
"Technology led Wall Street to drop prices" by Alex Garrett The crash in prices which wiped a record amount off the value of shares on Wall Street last week was largely the result of computerised dealing systems failing to read the market. Computer generated selling of shares was estimated to account for almost 50% of the transactions that caused a record volume of 240 million shares to change hands last Friday. But it is believed that the effect of the computers was to exaggerate the underlying movement in the market, so that many shares were sold unnecessarily. The problem has arisen as a number of factors conspired to make the US stock markets subject to increasing fluctuations, which in turn has caused stockbrokers to rely far more heavily upon the split-second advice of their computer systems. In particular, many systems are triggered by a drop in share price to instruct a dealer to sell, and he will often do so, even against his better nature, for fear of being caught out. .... this kind of feature has yet to be adopted in the UK. Ian Reid ... said that although shares will often recover their price within a short time, some of the computer systems in the US do not have the intuition to see this.
Belated Report from the Symposium on Security and Reliability of
Computers in the Electoral Process — August 14th & 15th, 1986
The participants came from many backgrounds, computer people, writers,
attorneys, and even one Secretary of State. Some of the highlights
emphasized by one or more speakers were:
o Lever voting machines are still the fastest way to count
votes. The computerized vote counting machines are slower
than lever machines, but faster than paper ballots.
o Lever voting machines still appear to be the safest way to
count votes.
o The State of Illinois tested its computerized voting
equipment and found numerous instances of errors in vote
counting, primarily in undervotes, overvotes, and straight
party crossovers.
NOTE: An undervote is voting for fewer candidates than the
maximum allowed for an office. An overvote is voting for
more candidates than allowed for an office. A straight party
crossover is casting a vote to be applied to all members of a
party and then switching one or more votes to candidates from
another party.
o A group of Computer Science students at Notre Dame (South
Bend, IN) tested a punch card voting system with a group of
test ballots. By altering only the control cards they were
able to manage the vote totals to predictable incorrect
totals.
Some of the recommendations made by one or more speakers were:
o Five percent of all votes cast should be recounted by
different method than the original count.
o Security standards for computerized voting are needed
immediately. The expanding use of computerized vote counting
equipment may preclude an effective implementation of such a
standard.
o Punch card ballots should be redesigned to make the punch
card into a ballot that is readable by the voter as well as
by the computer.
o Internal procedures of computerized voting equipment must be
open to the public in order to let the public be in control
and to assure public confidence in the electoral process.
o Computerized voting equipment must have the capability of
allowing the voter to monitor the ballots cast by the
computer to be sure it has voted as instructed.
o There should be public domain vote counting software in order
that companies not have to keep their programs for
proprietary ownership reasons.
NOTE: Does anyone know of a Computer Science student looking
for a project? I'm willing to share my notes.
Is there anyone with the resources to build prototypes that
have security features, such as voter-readable punch cards or
a computer-generated, recountable ballot?
Bill Gardner, New Hampshire's Secretary of State, informed us that New
York City is planning to purchase new voting equipment. This is
likely to become a de facto standard for New York State and, possibly,
for whole the nation. Risks Forum people who'd like to contact the
New York City Task Force should contact:
David Moscovitz
New York City Elections Project
2 Lafayette Street, 6th Floor
New York, NY 10007
(212) 566-2952
The results of my informal poll on trusting a computerized voting
system:
Trust Not Trust Undecided
(1) Internal Procedures secret 2/40 38/40 0
Results not monitored by voter
(2) Internal Procedures Revealed 6/40 34/40 0
Results not monitored by voter
(3) Internal Procedures secret 10/40 28/40 2/40
Results can be monitored by voter
(4) Internal Procedures Revealed 24/40 11/40 5/40
Results can be monitored by voter
The NRC does require testing and certification of the software used in the design of nuclear power plants: this includes the software used for seismic simulations, fueling studies, and simulations of coolant behavior (which can get quite complex in BWR designs). The reactors themselves are designed to be stable, so they do not require a complex control system for safe operation (unlike military aircraft with negative aerodynamic stability). Incidentally, the feedback mechanisms used to produce stability in US reactor designs are missing from graphite moderated, water damped designs like Chernobyl; this lack of stability contributed to the initial explosion at Chernobyl. Professional licensing is state-regulated; I'm not aware of any states with a professional engineer exam for software engineers. I don't believe that professional licensing is all that useful; I'm more interested in quality assurance for safety-related software (and hardware) than in ensuring that some fraction of the people developing the software passed an examination. It would be fairly amusing if PE registration became popular with software engineers, since it would mean they would all need to learn a fair chunk of civil engineering (the Engineer In Training exam requires it). --Martin Harriman <martin%srucad@sc.intel.com>
risks%Phobos.Caltech.Edu@DEImos.Caltech.Edu
How can we even dream of SDI or fly-by-wire aircraft when I just received
12 nearly identical copies of the last ARMS-D mailing, at 33 KB a crack?
Seriously, this is an example of failsafe: if some transmission error
occurs before a message transmission is complete, send it again, and again,
and again... And no one is even shooting at the net, as far as I know.
Martin Ewing
One current advantage of mechanical interlocks is that they can (usually) be
bypassed or modified in the field. If I went on a special toss-bombing
mission, I'd be much happier hearing "the mechanical upside-down
bomb-release interlock has been removed" than "we just patched out that
section of the code and burned a new prom".
-andy
[The New York Times, September 13, 1986]
BALTIMORE - The Senate should avoid repeating the mistake made by the
House when it unanimously passed the Electronic Communications Privacy
Act. Purportedly a benign updating of the 1968 Federal wiretap law
designed to guarantee privacy in the electronic age, the bill actually
promotes the cellular telephone industry at the expense of the public
good.
True enough, obsolete language in the existing wiretap law fails to
address digital, video, and other new forms of communications. The
proposed law would fix that. But it would also declare certain
communications legally private regardless of the electronic medium
employed to transport them. The mere act of receiving radio signals,
except for certain enumerated services like commercial broadcasts, would
become a federal crime.
To disregard the medium is to ignore the essence of the privacy issue.
Some media, such as wire, are inherently private. That is, they are
hard to get at except by physical intrusion into a residence or up a
telephone pole. Others media, notably radio signals, are inherently
accessible to the public. Commercial radio and television broadcasts,
cellular car telephone transmissions and other "two-way" radio
communications enter our homes and pass through our bodies. Cellular
phone calls, in fact, can be received by most TV sets in America on UHF
channels 80 through 83.
If radio is public by the laws of physics, how can a law of Congress
say that cellular communications and other forms of radio are private?
The unhappy answer is that the proposed law appears to be a product of
technological ignorance or wishful thinking. A similar edict applied to
print media would declare newspapers, or portions of them, to be as
private as first class mail. The result is plainly absurd and contrary
to decades of reasonable legislative and judicial precedent.
In contrast, present Federal statute prescribes a sensible policy for
oral communications, protecting only those "uttered by a person
exhibiting an expectation that such communication is not subject to
interception under circumstances justifying such expectation." To
illustrate, a quiet chat in one's parlor would likely be protected.
Substitute for the parlor a crowded restaurant or the stage of a packed
auditorium, the expectation of privacy is no longer justified. The law
would not grant it.
Congress should apply this same logic to electronic communications.
The broadcasting of an unencrypted radio telephone call, or anything
else, is an inherently public act, whether so intended or not. Thus it
violates the "justifiable expectation" doctrine, and warrants no Federal
privacy protection.
Protection or no, people will not be stopped from receiving radio
signals. Even Representative Robert W. Kastenmeier, Democrat of
Wisconsin, who championed the bill in the House, confesses that its
radio provisions are essentially unenforceable. They will have no
deterrent effect, and they will not increase the privacy of cellular
phone calls or other broadcasts. Worse, the act would lull the public
into a false presumption of privacy.
On further examination, it appears that the legislation is really more
a sham than an honest, if puerile, attempt by Congress to deal with new
technology. Its sponsors say they aim to protect all electronic
communications equally. Yet the bill sets out at least four categories
of phone calls, with varying penalties for interception. Cellular radio
calls are guarded by threat of prison, but there is no interdiction
whatsoever against eavesdropping on "cordless" telephones of the sort
carried around the apartment backyard.
So Congress is about to give the cellular telephone industry ammunition
for advertising and bamboozling, promising privacy that does not
actually exist. Cellular service companies thereby hope to avoid losing
revenue from customers who might use the service less if they understood
its vulnerability.
If Congress were serious about privacy in the communications age, it
would scrap the Electronic Communications Privacy Act and begin anew.
Legislators and the public must first grasp the true properties of new
technologies. Are those properties inadequate or unsavory? If so,
relief will only come from research and more technology not wishful
legislation.
------------
Robert Jesse is a technology consultant. [known to us all as rnj@brl]
Please report problems with the web pages to the maintainer