The Risks Digest

The RISKS Digest

Forum on Risks to the Public in Computers and Related Systems

ACM Committee on Computers and Public Policy, Peter G. Neumann, moderator

Volume 4 Issue 5

Wednesday, 5 November 1986


o Computer causes chaos in Brazilian Election
Jonathan Bowen
o Risks of FAA Philosophy ?
Robert DiCamillo
o Computers and Medical Charts
Christopher C. Stacy
o Re: Insurgent Squirrel Joins No-Ways Arc
o Micros in Car engines
Peter Stokes
o Info on RISKS (comp.risks)

Computer causes chaos in Brazilian Election

Jonathan Bowen <>
Tue, 4 Nov 86 15:23:54 GMT
  From Daily Telegraph, Monday November 3rd:

  ``Hundreds of thousands of Brazilians may not be able to vote in the
  forthcoming general election because of bureacratic bungles. ... only
  70% of the electorate have been issued with the essential voting card.
  .... queues and frayed tempers are a result of a 30 million pound [c $42
  million] computerisation programme which was designed to streamline
  voting and eliminate fraud. ... Flaws in the system only became evident
  when distribution started three weeks ago. ...  [the computer] has been
  programmed to cancel all duplicate applications in order to weed out
  fraudulent "phantom" voters. ... while it showed that 1,400 dead people
  had voted for the mayor in the north-eastern town of Teresinha last
  year, and 100,000 falsified cards were in circulation in the southern
  state of Santa Catarina, it also cancelled legitimate names.
  Programmers overlooked that twins are born on the same day to the same
  parents. Consequently, the voting rights of an estimated 70,000 twins
  were cancelled. The Federal Electoral Tribunal in Brasilia is currently
  wading through 140,000 appeals, including the case of a certain Jose
  Francisco, who says all his 14 brothers were baptised with identical
  names. ... It is hoped that all those eligible will have their cards by
  the 15th. Those that do not will have to pay a 4 pound [c $5.50] fine
  or brave more queues and bureacracy to prove that they both exist and
  have the right to vote.''

Surely these sorts of problems have occurred before in other
countries.  What methods are available, if any, the avoid such risks
using computers without human intervention? Are such problems a
result of there not being *enough* computerised information on
the population to start with?

Risks of FAA Philosophy ?

Robert DiCamillo <>
Wed, 5 Nov 86 16:18:19 EST
The recent entries in the  Risks  Journal  about  collision  avoidance  systems
reminds me of a comment a professor once made to me about the philosophy of the
FAA. For many years this professor in  the  Engineering  Design  Department  at
Tufts  University  worked  on  a  better  engineered cockpit layout and display
system. This included improvements in human factoring,  multi-function  graphic
displays  to  eliminate the number of indicators needed, and more functionality
in the cockpit to allow the pilot to detect and avoid other aircraft. 

After several years of work, where along the way  many  graduate  students  had
also  contributed, the system was presented to the FAA and turned down for what
the inventors could not fathom as valid  technical  reasons.   The  system  was
better,  easier  to  use,  and  provided  the pilot with more functionality and
autonomy over his aircraft and flight path.

The professor noted that the catch was the  FAA's  "apparent"  philosophy  that
they  don't  want  the pilots to have more autonomy in determining their flight
path and collision avoidance, as this task  is  considered  the  realm  of  the
ground (air traffic) controllers. His opinion was that any system that included
decentralization from ground control would be rejected because the FAA does not
want to threaten the job security of air traffic controllers.

This  political  "unspoken"  philosophy  of  the  FAA would still seem to be in
effect, providing you are willing to believe that technical  reasons  (good  or
bad)  will be used to defend such political objective(s). Perhaps the Honeywell
System is just another casualty.

This of course leads to the question of policy making. Does anyone know if  the
FAA  charter  contains  any  such  implicit  endorsement pro or con relative to
evaluating technology ? Does the FAA even have an  agreed  upon  philosophy  in
this regard that is published and accessible to the public ?  Or does some high
ranking, politically inclined, individual have the absolute veto  power  within
the government (FAA or otherwise) ?

This  seems  like  one  of those issues that will be difficult to substantiate,
most suitable to think about while flying in planes.  Note  that  the  November
1986 issue of the IEEE Spectrum is devoted to "Our Burdened Skies".  Although I
haven't read it yet, I will be interested to see if  there  is  any  reflection
(real or ghost) of such an FAA philosophy.
                            - Robert DiCamillo

Computers and Medical Charts

Christopher C. Stacy <CSTACY@JASPER.Palladian.COM>
Wed, 5 Nov 86 21:33 EST
I talked to an R.R.A. today to get an opinion on PIZZAMAN's story
about taking the medical records information home on his computer.

The hospital sets up regulations to control access to the medical records,
which are carefully guarded as sensitive confidential information. The
physical record is considered to be owned by the hospital, and the
information is considered to be owned by the patient.  Typically, physicians
are allowed to take copies of medical records to their offices or home in
order to perform work directly related to patient care.  Preparing research
reports is generally considered to be within that scope.

People are generally not allowed to remove the original physical record from
the hospital, but copies may be OK.  The administrator I talked to didn't
think that it was significant that the information was copied using a
computer.  Of course, the physician has a serious responsibility to protect
the information from perusal by random persons, including his family,
visitors to his office, people logging in to his computer over the phone, etc.

So, the opinion of one medical records administrator seems to concur with
that of Dr. Tessler; the people at that hospital probably were over-reacting

I don't know how well most medical personnel understand what computers
are; the person I talked to currently works for a company that writes
software for hospital administration.

So, this situation presents the familiar risk of paranoid confusion.
However, I would identify the major risk here as related to computer and
telecommunications security.  This is the same concern as for the hospital
which keeps their actual medical records online.  The two risks can be
related, of course.

If people have other questions or thoughts about this, I would be glad
to forward them along to my friend; she was interested that people
were discussing this sort of thing.

Re: Insurgent Squirrel Joins No-Ways Arc

Wombat <>
Wed, 5 Nov 86 21:31:22 EST
Ross's story reminds me of a similar incident which took place at Purdue
about five years ago; a misplaced rodent [in a power transformer] caused
most of the campus to lose power for about half a day.  The university
physical plant crews actually aggravated the situation while trying to fix
it by mis-diagnosing the trouble, in ways that have never been clear.  One
of the physical plant officials was quoted on the front page of the Exponent
(Purdue's daily) as saying "You've got to understand, with electricity you
never quite know what's going on".  I'm sure he was thrilled when a group of
EE students reprinted that quote on T-shirts and proceeded to sell them at a
brisk pace for the rest of the semester.  [I still wear mine!]

Rich Kulawiec,

Micros in Car engines

Peter Stokes <stokes%cmc.cdn%ubc.csnet@CSNET-RELAY.ARPA>
Wed, 5 Nov 86 11:46:07 pst
My 1986 Ford Mustang has (according to the literature) a micro-processor
controlled engine.  When driving it, you can tell that the engine RPM's
are contolled by something "intelligent" :

 - the high idle when cold to normal idle when warm transition has a
   distinctive change sequence as the engine warms up and this response
   is IDENTICAL every morning as I drive to work.  

 - If you hit the accelerator pedal and let go quickly, the engine
   speed returns to normal in about 3 distinctive steps: 
     1: a sharp drop of several hundred RPM's, 
     2: a smoother drop to very near the idle speed, and finally, 
     3: a small adjustment to the true idle speed.

 - If you disengage the clutch while the car is moving (first step 
   in gearing down), the engine speed drops quickly to a low of 
   200 RPM's (I can sometimes feel it shudder) and then the processor 
   corrects this with a "shot of gas".  If you leave your foot on the 
   clutch and just coast, you can observe the tachometer settle on the 
   idle speed after a small amount of overshoot and undershoot.

 - and finally, if you try to stall the car (starting off in first 
   gear without pushing the gas for example), the processor responds by
   trying to keep the engine speed at idle speed.

My Question... What are the risks in buying and driving an automobile with
               a computer controlled engine?

       Safety:  What are the odds of a malfunction causing acceleration?
  Performance:  Is this a feature?  Will the benefits of the microprocessor
                control continue to serve as the engine grows old and changes?
      Service:  Can a "Saturday Morning Mechanic" still tune his/her car or 
                is specialized equipment now a pre-requisite for the job?
       Safety:  Can the control over the engine be affected by an external 
                source (e.g. radio transmitter)?  I have noticed erratic 
                engine idle while in an automatic car wash....

Peter Stokes                          
Envoy100: cmc.vlsiic                       (...usual disclaimer...)
CDNnet:   stokes@cmc.cdn
BITNET:   stokes@qucdncmc.bitnet

  [...probably not much risk in BUYING one, but DRIVING ONE is another matter.
  Since you probably do not read every line of RISKS, let me remind you of the
  following cases, summarized in RISKS-4.1.  (The Mercedes case was noted in
  RISKS-2.12.)  PGN]

  Mercedes 500SE with graceful-stop no-skid brake computer left 368-foot 
    skid marks; passenger killed (SEN 10 3)
  Sudden auto acceleration due to interference from CB transmitter (SEN 11 1);
  Microprocessors in 1.4M Fords, 100K Audis, 350K Nissans, 400K Alliances/
    Encores, 140K Cressidas under investigation (SEN 10 3)
  El Dorado brake computer bug caused recall of that model [1979] (SEN 4 4)
  Ford Mark VII wiring fires: flaw in computerized air suspension (SEN 10 3)

Please report problems with the web pages to the maintainer