The Risks Digest

The RISKS Digest

Forum on Risks to the Public in Computers and Related Systems

ACM Committee on Computers and Public Policy, Peter G. Neumann, moderator

Volume 4 Issue 55

Tuesday, 3 March 1987


o Air Cargo system in chaos
Lindsay F. Marshall
o ATM Cards Devoured (again!); Royal Shakedowne for Tickets
Robert Stroud
o Re: Risks in the NSC computer archives
Carlton Hommel
o Re: A Scary Tale--Sperry Avionics ...
Kevin Driscoll
o Re: Altitude encoders: $1500 for Mode C? No, $750.
Jordan Brown
o One more on fly/steer-by-wire
Jonathan Clark
o Steer-by-wire cars
Doug Rudoff
o Software Safety in ACM Computing Surveys
Daniel S. Conde
o Computerized `people meters' for TV audience ratings
Niall Mansfield
o More on Dallas Phone outage
Mark Linnig
o Soliciting suggestions for 1988 CSC panel on liability
Gene Spofford
o Conference on computing and society in Seattle -- REMINDER
Jon Jacky
o Info on RISKS (comp.risks)

Air Cargo system in chaos (from The Times)

"Lindsay F. Marshall" <>
Tue, 3 Mar 87 16:31:57 GMT
A computer system, installed at airports to help to speed cargo deliveries, has
been withdrawn from service after it collapsed as soon as it was switched on
(Our Air Correspondent writes).

Now cargo agents are considering taking the airlines which own the computer to
court because, they claim, they have lost up to 5million pounds as a result of
the failure.

The computer was installed by travicom, a company jointly owned by British
Airways and British Caledonian.

After a meeting of more than 100 freight forwarding agents yesterday Mr. Chris
Quintin of the cargo company LEP said: "The system was simply unable to cope
with the requirements we put on it.  As a result cargo and freight was held up
all over the country, diverted from one airport to another and couldn't clear
Customs because they were plugged into it too."

Travicom has offered 500,000 pounds.

ATM Cards Devoured (again!); Royal Shakedowne for Tickets

Robert Stroud <>
Tue, 3 Mar 87 17:18:24 GMT
(1) Yesterday (2nd March) the bank machine swallowed my card when I asked
for some money, claiming that it had expired. Not having checked the date
beforehand I didn't know if this was true or not, but I hadn't received
a replacement card in the post in advance which usually happens.

When I cashed a cheque today in my branch and complained about this, I was
told that I was not alone. All the cards for customers of the branch which
were due to expire in June had expired in February instead although the
computer wasn't planning to send out the replacements until June. I assume
that there was a discrepancy between what was printed on the front of the
card and what was encoded in the magnetic strip on the back.

(I got the impression from the cashier that all the cards issued
by the branch expired on the same date {June} so that the problem
was actually quite serious. However, there didn't seem to be many
irate customers about, and people were using the machine outside
{although possibly with cards issued by different branches}, so
maybe I was mistaken in this impression.)

(2) Every year the Royal Shakespeare Company brings their current
productions to Newcastle before taking them to London. This year the Theatre
Royal has acquired a nice new computerised booking system that prints your
name on the ticket and lets you choose where you want to sit on the screen.
       [I hate sitting on screens.  The electrostatic effect is annoying.  PGN]

When I went in about a week ago to try and get some tickets for one of the
productions, I was told that although there were plenty of seats available,
I couldn't buy any tickets because the computer was down.  (However, I was
able to get a couple of returns for Midsummer Night's Dream the old
fashioned manual way). Apparently the machine was still broken several days
later so they can't have been able to sell any tickets in the meantime - it
is perhaps just as well that the Shakespeare productions are usually sold
out months in advance.

Robert Stroud, Computing Laboratory, University of Newcastle upon Tyne.
ARPA robert%cheviot.newcastle@ucl-cs.ARPA   UUCP ...!ukc!cheviot!robert

           [They won't be sold out months in advance if that keeps up!  PGN]

Re: Risks in the NSC computer archives

Carlton Hommel <carlton@masscomp.UUCP>
2-Mar-1987 09:16-EST (Monday)
The columnists Evans & Novak were interviewing Gen. Brent Scowcroft on their
CNN show Sunday.  They asked him if the information retrieved from the NSC
computer archives provided data that was not found anywhere else.  He
replied no -- they would have been able to track it down from other sources.
However, it was instrumental in showing that North was not working in a
vacuum -- there were on-line copies of memos that he wrote to higher-ups,
keeping them informed of his activities.
                                                  Carl Hommel
{allegra, bellcore, cbosgd, decvax, gatech, seismo, tektronix}!masscomp!carlton

Re: A Scary Tale--Sperry Avionics ...

Kevin Driscoll <ames!rutgers!mmm!SRCSIP!kevin@cad.Berkeley.EDU>
Tue, 3 Mar 87 02:15:13 CST
You know that I am not a fan of N-version programming.  However, I must say
that the tale is not as scary as might have been implied by the "man at the
FAA".  Sperry Avionics was recently purchased by Honeywell and I have been
working with the people who are advocating this N-version approach.  The
following is my own opinion and not that of my employer ... etc.

What Sperry wants to do is use N-version software in place of "white box"
(structural) tests.  The "black box" (functional) tests would be still be
performed.  Specifically, Sperry has asked the FAA for concurrence on using
the N-version techniques described in Larry Yount's 1984 AIAA paper 84-2603
and Level 2 software V&V {referring to RTCA/DO-178A, which uses 3 levels of
software (depending on criticality):  Level 1 (Critical), Level 2 (Essential),
Level 3 (Non-Essential)}.

In its letter to Sperry, the FAA says that this method "appears to be
satisfactory" with the following constraints:

a. Level 1 must used for paragraphs 6.2.2 (Requirements Development and
   Verification) and 6.2.3 (Design).
b. Formal configuration control must used and, if common errors are found,
   structural testing may be required for some or all of the modules.
c. Formal review and comparison of source code must be used to verify
   dissimilarity.  Where this is not feasible, Level 1 structural test and
   analysis must be used.
d. Functional tests of the system must be performed.  It must be shown that
   the system will not have false alarms.

It seems to me that c. is the same as doing structural analysis.  Therefore,
this method is not any less rigorous than "full" DO-178A Level 1.  However,
how one complies with c. and d. I do not know.

Kevin R. Driscoll, Senior Research Scientist      (612) 782-7263
Honeywell, 3660 Technology Drive, M/S MN65-2500,  Mpls, MN 55418
UUCP: {ihnp4,philabs,umn-cs,mmm}!srcsip!kevin

Re: Altitude encoders: $1500 for Mode C? No, $750.

Jordan Brown <jbrown@jplpub1.uucp>
3 Mar 87 06:10:40 GMT
We just had an altitude encoder installed in our airplane for $750...
I strongly recommend that any A/C owners out there get one.

One more on fly/steer-by-wire

2 Mar 87 22:58:55 EST (Mon)
I think that it is relevant to point out that pilots of military jets
have a very good record of steering a broken plane so that it crashes
in a safe area, sometimes at the cost of their own lives. How many of
us would do the same in a car? Also, all the rear-wheel steer-by-wire
systems which I have heard about have been designed to be fail-safe, by
locking the rear wheels in the straight-ahead position, which makes
them the same as current-day cars. Should they fail in a locked-over
position then the driver would feel some steering drag, but nothing
uncontrollable. Some show vehicles have had full steer-by-wire, but
this is at no more than the experimental stage.

Jonathan Clark

Steer-by-wire cars (Re: RISKS DIGEST 4.53)

Doug Rudoff <doug@wiley.UUCP>
4 Mar 87 00:56:12 GMT
Concerning steer-by-wire cars, why would you want one in the first place ?
I can understand the use on a large airplane where it would be almost
impossible to fly without some sort of power system. But with a car, where
it seems that it easy to have direct mechanical linkage for steering as well
as a power system, why bother ? It's also probably safer that way too.
Mechanical linkage steering does not have a very high incidence of failure.

Doug Rudoff    TRW Inc., Redondo Beach, CA    !{trwrb,cit-vax}!wiley!doug

Software Safety in ACM Computing Surveys, June 1986

Daniel S. Conde <conde@granite.DEC.COM>
Tue, 03 Mar 87 16:19:25 -0800
The June 1986 (that's right, 1986) issue of the ACM Computing Surveys just
came out, and has an article by Nancy Leveson titled

    "Software Safety: Why, What, and How". 

It should be of interest to all RISKS readers.  Dan Conde

Computerized `people meters' for TV audience ratings

Niall Mansfield <>
Tue 3 Mar 87 11:54:57 N
As far as  my sketchy  knowledge goes, the  audience ratings
here in  Germany  are collected  (or soon will be)  by  true
'people meters'.  A box with phone line  access is hardwired
into the TV, and it detects and records what channel is being viewed when.
The central data collection office dials up each viewers' meter overnight,
and the data are sucked up for processing.  The one thing the box can't do
is know who is actually looking at the TV; for this a hand-held thingummy
(rather like a TV remote control) is supplied, which has a button for each
member of the family (and and extra one for visitors - isn't that very
hospitable of them!).  People are supposed to 'clock in' and out their
personal viewing with the buttons.

Personally I wouldn't be caught dead with such a thing.  Big Brother would
have to do almost nothing to monitor an awful lot of your life, almost in
real time.

More on Dallas phone outage

Mike Linnig <LINNIG%ti-eg.csnet@RELAY.CS.NET>
Tue, 3 Mar 87 08:55 CDT
          (Ft. Worth Star Telegram -- STARTEXT (c) 26-feb-87)

AT&T computer failure stalls area 214 calls

  DALLAS (AP) -- Long distance telephone service was back to normal Thursday
in Dallas and across a vast area of North Texas after thousands of calls
were blocked for hours because of a computer problem, an AT&T spokesman
says.  "Our number four electronic switching system, which is essentially a
large computer that switches long-distance clals into and out of the 214
Area Code, failed," Diane Schwilling, media relations manager for AT&T, said
Wednesday.  "The machine handles between 500,000 and 600,000 in its busiest
hours. It's capable of handling more than that," she said.
  The problem began about 9 a.m. Wednesday and by 2 p.m. the company had
begun processing calls through the switch again.  "From about 3 to about 4
it was handling calls real well," Ms. Schwilling said. Then, there were more
problems.  At 6 p.m., she said service was near normal and that no other
work on the computer was planned for Wednesday night.  The malfunction
affected long-distance calls primarily into and out of the 214 area, so
anyone calling into or out of the area could have been affected, she said.
  "Other parts of Texas may have gotten more busy signals than normal simply
because during the busy hours of the days, the Dallas switch acts as a backup
and would pick up overflow traffic from other parts of the state," Ms.
Schwilling said. 

Soliciting suggestions for 1988 CSC panel on liability

Gene Spafford <spaf%gatech.csnet@RELAY.CS.NET>
2 Mar 87 13:59:41 GMT
For the program committee for the 1988 ACM CSC to be held in Atlanta, I'm
organizing a panel session on liability issues in software.  The intent is
to have the panel address issues more related to the legal aspects rather
than methods of software engineering methods or ethical considerations of
using computers, although those also may be fair game.

I'd appreciate suggestions from Risks readers as to people you'd like to see
on the panel.  Please include some reasons why you think the people you are
nominating would be interesting, and provide me with a contact address, if
possible.  You can nominate yourself if you believe you have something to

I already have some ideas of people to invite, but I'd like to get more
input before issuing formal invitations.   Thanks.

Gene Spafford
Software Engineering Research Center (SERC), Georgia Tech, Atlanta GA 30332
CSNet:  Spaf @ GATech       ARPA:   Spaf@gatech.EDU
uucp:   ...!{akgua,decvax,hplabs,ihnp4,linus,seismo,ulysses}!gatech!spaf

                            [Aha!  RELIABILITY must be when you have 
                            LIABILITY and so you do it AGAIN.  PGN]

Conference on computing and society in Seattle, preceding AAAI

Jon Jacky <>
Tue, 03 Mar 87 08:59:31 PST
(Excerpts from call for papers in RISKS-4.28.  Due date 4/1 is approaching.)

            Seattle, Washington                 July 12, 1987

The adoption of current computing technology, and of technologies that 
seem likely to emerge in the near future, will have a significant impact 
on the military, on financial affairs, on privacy and civil liberty, on 
the medical and educational professions, and on commerce and business.

The aim of the symposium is to consider these influences in a social and
political context as well as a technical one.  The social implications of
current computing technology, particularly in artificial intelligence, are
such that attempts to separate science and policy are unrealistic.  We
therefore solicit papers that directly address the wide range of ethical
and moral questions that lie at the junction of science and policy.

[Submit papers to be refereed on ] RESEARCH FUNDING, DEFENSE APPLICATIONS,
relevant topics.  The program committee includes Andrew Black (U. WA), Alan
Borning (U. WA), Jonathan Jacky (U. WA), Nancy Leveson (UCI), Abbe
Mowshowitz (CCNY), Herb Simon (CMU) and Terry Winograd (Stanford).

Complete papers, not exceeding 6000 words, should include an abstract, 
and a heading indicating to which topic it relates.  Papers related to 
AI and/or in-progress work will be favored.  Submissions will be judged 
on clarity, insight, significance, and originality.  Papers (3 copies) 
are due by April 1, 1987.  Notices of acceptance or rejection will be 
mailed by May 1, 1987.  Camera ready copy will be due by June 1, 1987.
Proceedings will be distributed at the Symposium, and will be on sale
during the 1987 AAAI conference.

For further information contact Jonathan Jacky (206-548-4117) or Doug
Schuler (206-783-0145).  Sponsored by Computer Professionals for Social
Responsibility, P.O. Box 85481, Seattle, WA 98105.

Please report problems with the web pages to the maintainer