The Risks Digest

The RISKS Digest

Forum on Risks to the Public in Computers and Related Systems

ACM Committee on Computers and Public Policy, Peter G. Neumann, moderator

Volume 4 Issue 79

Saturday, 2 May 1987

Contents

o Risks of RISKS resurgent -- CSL DEAD FOR THREE DAYS, STILL HALF DEAD
o Re: Fidelity Mutual Funds Money Line feature
Amos Shapir
o Wheels up
Martin Minow
o Special Risk Assessment issue of 'Science'
Rodney Hoffman
o Radiation hazards to computers
Wm Brown III
o Neutron beam detection
Richard H. Lathrop
o Computer Database Blackmail by Telephone
Steve Summit
o Liability Law in the UK
Brian Randell
o Info on RISKS (comp.risks)

Risks of RISKS resurgent -- CSL DEAD FOR THREE DAYS, STILL HALF DEAD

Peter G. Neumann <NEUMANN@CSL.SRI.COM>
Sat 2 May 87 10:57:56-PDT
Somewhen on Tuesday afternoon, 28 April, someone plugged some equipment 
into the circuit used by CSL.SRI.COM.  The result was not only blown fuses,
but a physically destroyed disk on CSL.  We currently have a patchwork
system cannibalized from another system, with a very small disk, and thus
I am running without most of my macros, history files, etc. (just the files 
created in the last month).  We will not be back in regular service until the
END OF THE COMING WEEK, so please bear with us.  Mail received by RISKS after 
early Monday evening 27 April, but before the crash, was lost.   Mail sent to
RISKS by you during the outage was either returned undelivered, or else queued 
and eventually received, depending upon mailer whims.  Grumble.


Re: Fidelity Mutual Funds Money Line feature (RISKS 4.78)

Amos Shapir <nsc!nsta!instable.ether!amos@Sun.COM>
Mon, 27 Apr 87 16:43:10+0300
Because of the slowness of mail here, the habit of paying your bills
by a 'permanent order' to your bank have become very popular; many
utilities also give discounts if you choose to pay your bills in that
way, since they are assured of getting their money - no bounced or bad checks.

However, a common experience is that it is very hard to cancel such an order - 
you have to keep badgering the bank until your request gets all the way through
to the data processing center, and even when you think everything's ok someone 
loads an old backup tape, and your stone rolls back to the bottom of the hill.

Sometimes the only way is to close the account, but when you have as many
as 10 such orders, that's also complicated.

    Amos Shapir, National Semiconductor (Israel)
        6 Maskit st. P.O.B. 3007, Herzlia 46104, Israel  Tel. (972)52-522261
        amos%nsta@nsc.com {hplabs,pyramid,sun,decwrl} 


<minow%thundr.DEC@src.DEC.COM>
Mon, 27 Apr 87 06:02:42 PDT
      (Martin Minow THUNDR::MINOW ML3-5/U26 223-9922  27-Apr-1987 0855)
To: "risks@csl.sri.com"@src.DEC.COM
Subject: Wheels up

You may recall the extensive discussion on Risks a few months ago
about computer-controlled airplanes.  It seems, that if the plane was
on the ground and you told the computer to raise the landing wheels,
it did so -- crashing the plane.

I recently bought the "Flight Simulator" computer game for my home
computer.  While parked on the ground, I told it to raise the (simulated)
landing wheels.  It did so, crashing the (simulated) plane.

(If you haven't seen it, "Flight Simulator" is an impressive piece of work.)

Martin Minow    minow%thundr.dec@decwrl.dec.com


Special Risk Assessment issue of 'Science'

Hoffman.es@Xerox.COM <Rodney Hoffman>
29 Apr 87 16:56:20 PDT (Wednesday)
Partial contents of 'Science' magazine for 17 April 1987 (vol 236 no 4799)

  Editorial on "Immortality and Risk Assessment"
  "Risk Assessment and Comparisons:  An Introduction"
  "Ranking Possible Carcinogenic Hazards"
  "Perception of Risk"
  "Risk Assessment in Environmental Policy-Making"
  "Health and Safety Risk Analyses: Information for Better Decisions"
  "The Safety Goals of the U.S. Nuclear Regulatory Commission"

       [Computers are explicitly omitted.  Eugene Miya]
       [But there is still much for us to learn from this issue...  PGN]


Radiation hazards to computers

Wm Brown III <Brown@GODZILLA.SCH.Symbolics.COM>
Thu, 30 Apr 87 17:42 PDT
Paul Stewart's contribution on airport luggage scanners which use slow
neutrons to detect explosives reminded me of a phenomenon which
plagued a company I once worked for.  The product we sold was a
satellite navigation receiver which used the old Transit constellation
of satellites to provide position fixes for commercial ships.  Many of
these systems were sent around the world to be installed wherever a
vessel happened to be at the time.

After a couple of years, we began to notice that our overseas dealers
frequently had systems fail out of the box with invalid EPROM checksums.  
Machines installed within the U.S. virtually never failed in this way, even 
though they were built with parts from the same vendor and datecode lot.  
Spare PROM sets became a standard part of everyone's service kits.

Finally someone collected enough data to correlate these failures with
the distance a system traveled by air freight; the dealers farthest
from home usually saw the most failures.  I seem to remember that
flights over the polar routes did the most damage.

One of our engineers had a background in nuclear physics and
power engineering; the best theory he was able to propose was 
that high energy particles in the upper atmosphere occasionally 
hit heavy metal atoms in the ceramic chip packages and kicked 
out slow secondary emissions which corrupted cells in the EPROMs.

Has anyone else had first-hand experience with this phenomenon?
Can someone with adequate theoretical knowledge offer another
hypothesis?  Do the FAA's new bomb detectors pose a similar threat?


Neutron beam detection [RISKS 4.75]

Richard H. Lathrop <RICKL@OZ.AI.MIT.EDU>
Mon, 27 Apr 87 11:34 EDT
   Date: Mon, 20-Apr-87 00:40:59 PDT
   From: beach!paul@rand-unix.ARPA (Paul Stewart)
   Subject: Radiation risk at airports?
   To: risks@csl.sri.com

   ....a computer-based system that bombards luggage or other cargo with a
   "beam of slowed neutrons" and uses a computer system to analyze the
   signature of the resulting gamma radiation emissions to characterize for the
   potential presence of explosives.

I have been licensed by the US NRC as a nuclear reactor operator (I have
since allowed this to expire), and was once the chief programmer and
statistician on a science project which used this technique to monitor
trace element pollution in tree rings.  The method is known as Neutron
Activation Analysis (NAA).  It is based on the propensity of an atomic
nucleus to absorb a neutron and thereby transition to another isotope of
the same element, but with the next higher atomic weight.  The resulting
isotope is often energetically unstable, and often decays to a stable
state by emitting a gamma ray at a frequency characteristic of the
isotope involved.  (This is a slightly different mechanism from the
propensity of plutonium-239 and uranium-235 to absorb a neutron, become
unstable, and fission.)

The neutron capture coefficient (known as the "cross-section") is a
characteristic property of the elemental isotope, and can be looked up
in tables of physical constants (e.g., the CRC Handbook of Chemistry and
Physics), as can the stability, decay mode, frequency, and half-life of
the resultant isotope(s).  The cross-section varies widely across
isotopes (a spread of ten orders of magnitude!).  As some naturally
occurring isotopes transition to other stable isotopes and some have
miniscule cross-section, activated gamma radiation will result only in
some (this means many) cases.

For short irradiation times the amount of any given isotope created is
the product of the neutron flux (intensity), the time period irradiated,
the amount of the element present, the proportion of the element
occurring as the precursor isotope, and the precursor isotope's capture
cross-section.  (Note that if the flux is extremely low very little of
the radioactive isotope will be created.)  If the resulting isotope is
unstable, it will emit radiation at a characteristic frequency and
half-life, also obtainable from tables.  The shorter the half-life the
more intense the short-term radiation, the longer the half-life the
longer the radioactive isotope persists.  By measuring the radiation at
a particular frequency of interest and subtracting the ambient
background, it is possible to calculate the amount of a given element
present in the original sample.

      The question then, for anyone who understands this technology or knows
   about Science Applications International, is: what will happen to luggage,
   cargo, etc., possibly including foods and other items that can be ingested
   or will be in close proximity to persons for long periods of time, after
   passing through such neutron beam systems once or possibly many times in the
   course of complex or multiple trips?

Almost all of the above will become slightly radioactive, the degree to
which being essentially determined by the neutron flux characteristics,
exposure times, and elemental content of the irradiated matter.  Bodily
damage from radiation results mostly from the accompanying ionization,
in which chemical bonds are disrupted by the high energy levels and
chemically reactive ions are created.  Food is particularly worrisome
because most of the radiation is absorbed internally, and because the
body has mechanisms that produce high local concentrations of certain
elements (e.g., iodine in the thyroid, calcium in the bones, etc.).
Common isotopes in food having high natural abundance, reasonably large
cross-sections, and medium half-lifes (hence, readily made radioactive)
include sodium-23 and chlorine-37.  Common metals with similar
properties include aluminum-27, copper-63 and -65, zinc-64, silver-107
and -109, gold-197, mercury-202, and several of the trace elements used
in making stainless steel.

   Are airline passengers to be subjected to the radioactive luggage
   and cargo simply because the emission levels meet "government standards"?

Well, yes, but this has to be kept in perspective.  For example,
"government standards" are typically less than the ambient background
due to cosmic rays, etc., and also less than the incremental increase
due to living in a brick house (because of trace radioactive elements
and isotopes present in the brick from the earth), living in Denver
instead of New York (because of the greater exposure to cosmic rays from
less atmospheric shielding), or a medical X-ray.  This does *not* mean
that they are harmless --- the effects of low-level radiation are *very*
poorly understood and the health aspects, if any, somewhat
controversial.  Of especial concern is genetic damage due to ionization
and resulting disruption of chromosomes.

   Will the frequent traveler be at greater risk than the occasional traveler?

Yes, given the perspective about ``risk'' above.

   What is the real story about these systems?

I cannot answer this question, only discuss the underlying technology.
The "real story" depends on (1) physical parameters such as exposure
time and neutron flux characteristics which are not provided in the
story, and (2) medical effects of low radiation levels, which are
poorly understood and controversial.

   Date: Tue, 21 Apr 87 11:50:35 edt
   From: Scott Dorsey <kludge%gitpyr%gatech.gatech.edu@RELAY.CS.NET>
   Subject: Neutron beam detection [RISKS 4.75]

       A machine which detects nitrogen chains may also detect things like
   ammonia if it cannot discriminate between long and short chains....

For virtually all purposes nuclear processes are completely decoupled
from chemical ones, and so the technique cannot discriminate between
long and short chains.  It is in fact unlikely that nitrogen is being
detected in this way.  99.63% of natural nitrogen occurs as nitrogen-14,
which on neutron capture transitions to nitrogen-15 which is stable.
0.37% occurs as nitrogen-15, which has an insignificantly miniscule
capture cross-section.  This makes sense when you think about it, as
otherwise the nitrogen in the air would render the technique worthless.
Rather, it is more likely that some readily-activated rare-earth element
associated in trace quantities with explosive manufacture is what is
actually being detected.  This is done, e.g., in studies which wish to
monitor the lead deposition from gasoline even though lead is
essentially inactivable.  These studies look instead for vanadium, which
occurs in gasoline in trace amounts but is readily activated and
detected.

   Date: Thu, 23 Apr 87 16:29:25 CST
   From: marco@ncsc.ARPA (Barbarisi)
   To: risks@csl.sri.com
   Subject: Neutron Beams for Explosives Detection

    I did an experiment with neutron radiation for a physics laboratory
   while I was in college .... a silver dime was placed in a device called a
   "neutron howitzer" and irradiated .... it was very "hot" upon removal

As mentioned above, silver activates rather nicely.  Typically this
experiment measures the two different half-lives associated with the two
different silver isotopes which are activated.

   The latex stick which held the dime in the neutron howitzer showed no sign 
   of radiation at all.

Carbon, hydrogen, nitrogen and oxygen, the basic elements of complex
carbohydrates and many polymers, are all essentially inactive under neutron 
irradiation.  In any case, for a physics experiment the holder would be chosen 
to be inert, so as not to compromise the experiment with spurious radiation.

    Thus, I doubt that there would be any lasting effect on clothing and
   food from low energy neutron radiation.

This is not a justified assumption without additional technical
substantiation.  It depends critically on what elements are irradiated,
for how long, and within how strong a neutron flux.
                                                         -=*=- Rick


Computer Database Blackmail by Telephone

Steve Summit <stevesu%copper.tek.com@RELAY.CS.NET>
Fri, 1 May 87 08:04:44 pdt
The following article was in the (Portland) Oregonian, 1 May 1987.  I'm not 
quite sure what to make of it, except that I can't quite believe it.  This 
looks like the kind of information abuse that people (myself included) would 
say "couldn't happen, because people are more reasonable than that."

  PNB CANCELS 976 NUMBER FOR PERSONAL-DATA COMPANY

  Seattle (AP) -- Pacific Northwest Bell has canceled the 976-prefix toll-call 
  number of a Seattle company that obtains and sells information about 
  individuals.  The company had sent post cards to thousands of Seattle
  residents, offering to delete data about them from company files if they
  called the telephone number--a call that cost $7.50.  After PNB attorneys 
  alleged that the post cards could involve extortion, the phone company 
  canceled Profile Service Corp.'s 976 number Monday, the first time such 
  action had been taken in the Seattle area, said PNB spokesman Bruce Amundson.

  But Jan Sakamoto, Profile's president, said the company did nothing wrong and
  would appeal the phone company's action to the Washington State Utilities and
  Transportation Commission.  "I don't think it's blackmail or fraud," Sakamoto
  said.  Instead, he said, his company was "catching the brunt of people's ire 
  at not being able to control information about themselves."

  Commission spokesman Raymond Day said PNB apparently was within its rights in
  canceling the number.  The commission allows PNB to cut off service "without 
  prior notice, for unlawful use of service or use of service for unlawful 
  purposes," Day said.

  Seattle news media, the state attorney general's office, the Utilities and 
  Transportation Commission, the Postal Service and PNB have received numerous
  complaints about the cards, which were mailed to 20,000 Seattle residents.  
  The card read: "Profile Service Corp. knows some personal things about you  
  that other people might like to know.  Our company's computer files contain 
  names, telephone numbers, complete addresses, credit reports and other 
  important pieces of information about you.  We have purchased this 
  information from a variety of public and private sources."  The card then 
  advised consumers to call its 976 number to have the number deleted from its
  computer files.  The $7.50 charge for the call would be billed to caller's 
  phone numbers, with most of the charge being remitted by PNB to Profile.  
  People who called the number will have the charge deleted from their phone 
  bills, Amundson said.

I think it's interesting that the company is not offering to delete information
because it is incorrect, but simply because people might not want it there, as 
long as they are willing to pay.  It would not surprise me if Profile Service 
Corp. didn't really have any data at all, but was simply out to milk money from
people who are anxious about "not being able to control information about 
themselves."

It's refreshing that Pacific Northwest Bell chose to put a stop to this scam.
I suppose they could have stayed out of it, saying it was Profile's business.

No mention is made of what "use" Profile Service Corp. makes of the data it
keeps.  If their raison d'etre is simply to get rich on people's $7.50 
paranoia calls, they can preserve income, lower expenses and raise profits by 
not maintaining an expensive computer database at all.  It would be interesting
to know how big Profile Service Corp. is: if it's just Jan Sakamoto in his 
garage, and if he's got other income, he can't lose: the only expense is the 
postcard mailing, so once that is recovered, each phone call is pure profit.

                                          Steve Summit


Liability Law in the UK

Brian Randell <brian%kelpie.newcastle.ac.uk@Cs.Ucl.AC.UK>
Wed, 29 Apr 87 11:05:46 bst
From Datalink (UK) March 23 1987:

LAW THREATENS FIRMS WITH COURT OVER FAULTS

A new Bill may leave computer companies wide open to claims for personal
injury says Angus McCrone:


  Software and hardware suppliers are being advised to take careful notice of a
  new law which means they could be sued for damages if their products are
  involved in a user's personal injury.

  The law is a product liability bill which is now on its way through 
  parliament and should be on the statued books by May next year.

  The bill gives individuals the right to sue companies if they can claim that
  they have suffered personal injury as a result of defective products - 
  whether computer products or any other sort.

  This is likely to apply not only where an individual suffers injury from 
  using a computer system, but also where a computer error is alleged to have 
  caused an accident, such as a plane crash.  Computer suppliers could even be 
  sued if their systems have designed a large object, such as a bridge, which 
  has fallen down and caused injury.

  This marks a radical change from the past, when products suppliers were only
  likely to be sued for damages if it could be proved that they were guilty of
  clear negligence.

  The proposed legislation has prompted groups like software's Computing 
  Services Association (CSA) and hardware's Business Equipment Trade 
  Association (Beta) to warn of serious consequences for their members.

  Alan Smith, director of administration at Beta - which represents most of the
  big hardware manufacturers including IBM, ICL, Honeywell and Hewlett Packard 
  - said that his organisation is 'very worried' about the new legislation.

  "It completely reverses 500 years of legal precedents,' Smith said. 'At the
  moment a claimant has to prove negligence by a supplier and that this
  negligence was the cause of injury.

  'In the future, as a result of this legislation, all suppliers will be 
  treated as guilty unless they can prove that their products did not cause 
  the injury.'

  In other words, Smith reckons the difference between a system or program 
  going wrong, and being misused, could be blurred.  'If someone misuses a 
  computer in the machine tool industry or in a hospital, who is to say that 
  the system did not malfunction and cause the injury?'

  He predicts that the product liability legislation would hit hardware vendors
  in two other respects - it will become much more difficult and expensive for
  them to insure products for liability, and they could be hit by a spate of
  'spurious claims' for damages.

  Both factors will present suppliers with increased costs.  Smith said; 'The
  next five to 10 years could be a nasty experience for a lot of companies.'

  But while hardware vendors look certain to be hit by the proposed product
  liability law, it is still not clear whether software will be included in the
  legislation or not.

  Ranald Robertson, legal services manager at CAP and an expert on software and
  the law, commented that the Government has not made clear whether software 
  will be treated as a 'product' and so will be covered by the new legislation.

  Robertson said; 'Until a test case is brought to court, we are unlikely to 
  have a definitive statement as to whether software is included in the
  legislation.  'But any software producer which ignores this legislation and 
  its possible implications does so at its own peril, because there could be 
  situations where a defect is attributable to faulty software and a potential
  liability could exist', Robertson added.

  Doug Eyeions, director general of the CSA, described one example; 'If 
  software is used to make a bridge or a nuclear reactor, and it turns out to 
  have bugs, then this legislation could lead to an enormous liability for the
  software supplier.'

  The CSA is arguing that software, by its very nature, cannot be guaranteed to
  be 100% bug free and cannot be tested in all possible circumstances - 
  therefore it would be unfair to classify software as a 'product' for
  the purposes of the new law.

  Another argument which the software industry is putting forward to the
  Government is the so-called 'development risk defence'.

  This argues that a supplier should escape product liability if it is judged
  that with the benefit of current scientific knowledge, it could not have
  foreseen a particular defect.

  But these sorts of arguments may fall on deaf ears.  One parliamentary
  amendment which had the support of Beta has already been defeated.

  The Government is also under pressure from the EEC which has issued a 
  directive requiring all its member states to have suitable product liability 
  laws in place by May 1988.

  Because the proposed law applies to all products the implications for the
  software and hardware industries have taken some time to sink in.

  But groups like the CSA and Beta are now lobbying very hard to influence what
  Eyeions describes as 'one of the major issues facing the industry'.

Elsewhere in the paper, a brief summary article states:

  According to Praxis chairman Martyn Thomas, who is involved with the Alvey
  formal methods team, this could mean software houses will have to prove they
  used state-of-the-art formal methods in the design stage.

  Rather than companies sorting themselves out in time for the new law, he 
  thinks "what's more likely to happen is that there'll be a court decision 
  that a company wouldn't have been liable if it had used formal methods.

Brian Randell - Computing Laboratory, University of Newcastle upon Tyne

  UUCP  : <UK>!ukc!cheviot!brian
  JANET : brian@uk.ac.newcastle.cheviot

Please report problems with the web pages to the maintainer

Top