Please try the URL privacy information feature enabled by clicking the flashlight icon above. This will reveal two icons after each link the body of the digest. The shield takes you to a breakdown of Terms of Service for the site - however only a small number of sites are covered at the moment. The flashlight take you to an analysis of the various trackers etc. that the linked site delivers. Please let the website maintainer know if you find this useful or not. As a RISKS reader, you will probably not be surprised by what is revealed…
Chicago (UPI) 2 Dec 1986
Two passenger jetliners on their landing approaches nearly collided with
small planes in separate incidents here yesterday, the Federal Aviation
Administration said. The near-collisions, which occurred within 29 minutes
of each other, involved a Midway Airlines DC-9 with 90 people aboard,
arriving from Philadelphia, and a United Airlines Boeing 727 with 128 people,
en route from Baltimore. FAA spokesman Mort Edelstein said that the United
pilot reported passing within 500 feet laterally of a twin-engine Beechcraft
90 about 28 miles southeast of O'Hare International Airport at 7:41 a.m.
The pilot made a sharp left turn to avoid the smaller aircraft, he said.
According to Edelstein, a preliminary inquiry found that the smaller plane
had a defective transponder that was transmitting inaccurate data on the
plane's altitude to air traffic controllers in Aurora, west of Chicago.
[The second incident was less close, and no explanation was given.]
The problem of an accidentally malfunctioning transponder is in many ways
equivalent to that of an intentionally malfunctioning transponder — either
one that has been purposely sabotaged in an attempt to jeopardize the plane
or one that has been altered "constructively" in an attempt to hide the true
altitude of the plane. In all of these cases, the ATC system implicitly
trusts the authenticity and accuracy of the transponders with which it
communicates — if such a transponder exists at all in a private plane.
About a month ago, Richard Wexelblat reported to RISKS that satellite
delivery of the Headline News Network to his location was disrupted for a
short time by an interfering signal whose picture wasn't intelligible but
whose sound seemed to be advertising satellite decoders. In contrast with
the Captain Midnight attack on HBO, no big follow-up story appeared in
Newsweek and Time magazines.
My contact at the F.C.C. tells me that there are typically a couple of
incidents like this every day. The primary problem is not malicious attacks
by a Captain Midnight. It is simple screwups by uplink operators who forget
to throw switches, who set wrong channel numbers in their transmitters, who
aim their dishes at the wrong satellite, or who run automatically programmed
switching sequences that were intended for yesterday or tomorrow rather than
today.
The reported audio content sounds suspicious, but it turns out that a
scrambled video service usually has an unscrambled audio channel
accompanying it that explains how to obtain a decoder and subscribe to the
service. The audio that goes with the picture is buried somewhere else in
the channel.
F.C.C. technicians have proposed to tackle the operator screwup problem by
requiring that uplink transmitters place encoded call letters in the
vertical retrace interval of their transmitted waveforms. Then at least
someone who is being interfered with can quickly figure out which of the
1200 licensed uplink transmitters is muddled up and get the operator there
on the phone quickly. That solution doesn't eliminate intentional attacks
by someone who knows how to forge the unique id, but from the F.C.C.'s point
of view it will solve 99.9% of the problem they face. As for malicious
cases, detective work and $10,000 fines may help keep things under control.
Although the technology is different, don't the problem and the proposed
solution both sound quite familiar to the regular reader of RISKS?
Jerry
At a local chapter meeting of the Information Systems Security Association, a representative of VM Software Inc. told a story about a Massachusetts financial institution that had attempted to prosecute a hacker who had penetrated their system. The defense lawyer argued that the system had a greeting that welcomed people to the system and that was tantamount to welcoming someone into your home (Goodbye, Welcome mats?). The judge threw out the case accepting the arguments of the defense. I have attempted to track down the authenticity of the story through the VM Software rep but he will not divulge the name of the company. Attempts to track it down through the law firm of Gaston Snow & Ely Bartlett in Boston revealed no records of such a case. Obviously, if there was such a case it has implications to the wording of the Welcome banner on any system. Can anyone provide a better lead or lend credence to the story?
I have had a long-term concern with replicability of scientific experiments. It does not appear that this concern is shared outside of certain physical sciences. When I was a grad student, I published an article in the American Economic Review (the economic equivalent of CACM). In order to allow replicability, I included the actual data, together with the details on how I had adjusted the raw data series (something which has to be done because the agencies change definitions every few years). The data was small compared to the size of the article. It was cut for space reasons. My article itself was a replication of an empirical study done some years ago. It covered a period when the economy had behaved very differently. It came to the same conclusions. The original study had been very careful about econometric validity. It is possible to do valid work in econometrics. It is also possible to duplicate carefully done work. [I think these comments are important because they show that econometrics is not necessarily voodoo. What we need are professional standards to help us separate the good work from the bad.] Similar problems occur in computer science. Several years ago, one of our grad students attempted to duplicate the results of researchers in one area of AI. He was trying to do research into what actually causes success in rule-based systems. He ran into serious problems with another research group, which went beyond simply refusing to give data. I think our department would prefer for me not to give any more details. But he concluded that such work was impossible in the particular area with which he was involved. In my opinion, anyone who publishes empirical claims in a scientific journal should be required to give people access to the data needed to replicate it or do further analysis of its model. I have been unable figure out what to do to try to make that happen. By the way, I have a related Risk to describe. As I mentioned above, in econometrics one normally has to twiddle with the basic data series in order to get useful numbers. I am now a computing manager. I find that our users expect to have access to various commercially-prepared econometric data series. As far as I can see, all that is there is a bunch of numbers and a one-line description of what it is. When I was doing work in the area, I would have wanted to know a lot more about how the numbers had been prepared. I'm hoping there is some sort of hardcopy document available to users of the databases, but I'd bet even if there is, a lot of our users never see it.
> Is the problem restricted to econometrics, or is the abuse of computer > modeling widespread? It is widespread. One friend of mine has done extensive work in "decision analysis" systems, with clients in the military, Bell System, etc. I did some programming on such a system for him while he was at SRI. When looked at from the inside, it is obvious that such a system will give you back exactly the answers that you fed it as input, since most of the input data is "How important is this? How important is that?". But people will believe it because a computer model said so, while if *you* told them that the widget acceptance ratio was 33% if priced at this level, they would ask you why. They didn't get to ask when you typed it in. Another friend works for the World Bank in Washington, DC. She has done a lot of proposals and evaluations around funding of transportation projects in third world countries. I remember helping her get some of her modeling programs right. Her approach was always to figure out what the data "means", in other words, what result she wanted, and then juggle the numbers and equations until she could "prove" it. I don't think that abuse of modeling is restricted to computer models, or even that it is more prevalent with computer models. In all disciplines, experienced people with a feel for things figure out what is going on and proceed from there. If somebody wants better justification, they have to cook one up, but don't mistake the source of the estimate: the human mind, not the later model. Cf. ``How to Lie with Figures''. Don't have the citation but it's a standard work. Maybe it needs an update to deal with new techniques.
About weather models: they are one of the few accurate forecasting models possible; the only trouble is that the required answers, e.g. 'will it rain on the game tomorrow?' are much more detailed than the base data (typically a 3-6 hourly surface report from stations 50 miles apart). Besides, until Crays came along, it was almost impossible to do it in real time. Amos Shapir, National Semiconductor (Israel) 6 Maskit st. P.O.B. 3007, Herzlia 46104, Israel (011-972) 52-522261 amos%nsta@nsc 34.48'E 32.10'N
> Date: Wed, 26 Nov 86 13:32:05 EST > From: "Kim P. Collins" <kpc%duke.csnet@RELAY.CS.NET> > To: RISKS@CSL.SRI.COM > Subject: Very Brief Comments on the Current Issues > > New subject > Any comments on active vs. passive control structures? For instance, > having a skyscraper that has flexible material so that in high winds > it bends and does not fail, VS having a skyscraper that has guy wires > connected to winches that are controlled by a computer that tests wind > velocities, etc. There already exist active control systems for skyscrapers that use a huge mass, that is "pushed around" by computer controlled equipment to stabilise the building. I'm afraid I have no reference to this. I saw it on TV. Warwick Bolam UUCP: seismo!munnari!goanna.oz!wjb ARPA: munnari!goanna.oz!wjb@SEISMO.ARPA
There is an interesting article in the November/December 1986 issue of
Technology Review that I though may be of interest to RISKS readers.
The title is "Monitoring on the Job: How to Protect Privacy as Well as
Property." The authors are Gary T. Marx and Sanford Sherizen.
The article discusses how surveillance technology is used in the modern
office environment. Everything from video cameras in the parking lot to
private data on corporate machines is discussed. Although much of the
technology is not computer related, some of it is.
I thought the article was interesting overview of some of the issues
involved with technology and privacy. It was not as in-depth as I
would have liked, but good anyhow.
pZ
Paul Czarnecki — Eikonix, Corp. — Bedford, MA
{{harvard,ll-xn}!adelie,{decvax,allegra,talcott}!encore}!munsell!pz
The following is shamelessly stolen from the 2 Dec 1986 edition of the
WEEKLY WORLD NEWS. (You couldn't have missed that issue while shopping:
it had the banner headlines about the five-week long pregnancy [Bulgarian
natch] and a recipe for cooking Thanksgiving turkeys in the dishwasher.)
- - - - - - - - - - - - - - - - - - - - - - - -
<< Lame-brained Russians try to fix computer — with a hammer <>
!!! Kremlin is purging dimwitted scientists !!!
Soviet official launched a massive investigation into the training
of technical personnel after a repairman tried to fix a sophisticated
missile guidance system with a hammer, a screwdriver and an oil can.
A recent East German defector, Dr. Hermann Franz, blew the lid off
the shameful state of Soviet technical know-how in a scathing letter
to top science journals upon his arrival in the West.
The computer scientist, who is now living in France, claims there
is a very real danger that a poorly-trained Russian technician might
accidently start World War 3.
``The repairman with the oil can is a glaring example of their in-
eptitude,'' said the expert. ``He was assigned to one of the most
sensitive missile bases in the U.S.S.R.
``And yet, when he was called on to repair a circuit problem in a
computer console, he showed up with carpenter's tools.
``First he walked over and kicked it. Then he said, `Something is
stuck.' I thought he was joking until he started squirting oil and
blew every circuit in the control center.
``It took six weeks to repair the damage — six weeks to do a job
that qualified technicians could have done in a matter of days.''
Horrifyingly, the missile base near the foot of Ural Mountains is
armed with some of the Soviet Union's most powerful intercontinental
missiles and nuclear warheads, Dr. Franz said.
A Soviet Air Force spokesman angrily denied the allegations, call-
ing Soviet technicians ``the finest in the world.''
One highly-placed military source conceded that Soviet training
programs are being investigated. But he insisted that the investi-
gation was routine.
Meanwhile, Dr. Franz has called on Western politicians and scien-
tists to pressure the Soviets into monitoring the work of their tech-
nicians more closely.
``The specter of nuclear holocaust is frightening enough,'' he
said, ``without having to worry about some dimwit starting the war
that would kill us all.''
— Derek Clontz
- - - - - - - - - - - - - - - - - - - - - - - -
I don't quite follow the logic of that last quotation. Personally I'm
more worried about some of the "dimwits" at the other end of the nuclear
chain of command.
I have two questions:
Q1) Can anyone identify a quote top science journal unquote that is pub-
lishing Dr Franz' letter? (Heck, while we're on a roll, can anyone con-
firm the "Clark Gable's our god, says lost island tribe" story?)
Q2) What is known/believed about Soviet failsafe mechanisms?
ucbvax!brahms!weemba Matthew P Wiener/UCB Math Dept/Berkeley CA 94720
Please report problems with the web pages to the maintainer