Please try the URL privacy information feature enabled by clicking the flashlight icon above. This will reveal two icons after each link the body of the digest. The shield takes you to a breakdown of Terms of Service for the site - however only a small number of sites are covered at the moment. The flashlight take you to an analysis of the various trackers etc. that the linked site delivers. Please let the website maintainer know if you find this useful or not. As a RISKS reader, you will probably not be surprised by what is revealed…
The following story appeared in today's WINNIPEG SUN (reprinted without permission) Life must certainly be unpleasant in an "occupied land". COMPUTER NETWORK NABS ARABS RAMALLAH (AP) Israel is using computers as weapon in the struggle to suppress the Palestinian uprising in Israeli occupied Arab lands. A computer linkup of the military administration, police and civil and security service offices allows Israel to monitor almost every aspect of life in the West Bank and Gaza. Arab merchants who obey the calls of the uprising's underground leaders and refuse to pay taxes are often nabbed in a network of computerized roadblocks. On the road between Jerusalem and the West Bank town of Bethelem, an AP reporter saw checkpoints where portable computers were used to track down tax evaders. Names are taken from identity cards Arabs are required to carry. When the names are entered in the computer, it identifies those who owe taxes. The military government demands tax payment in exchange for a registration of a newborn child or marriage, Palestinians told told the AP. "We are scared. The tax officials catch you and seize your car or impose a huge fine." A military government official said about 400 vehicles belonging to deliquent Arab taxpayers have been seized in the West Bank. The computer "is indeed the ultimate instrument of population control, a carrot-and-stick operation", researcher Meron Benvenisti wrote in his annual study of the occupied territories. Benveniti said Israel started to develop a computerized occupied lands data bank in August, 1985. The five-year, $8.5-million project was undertaken by TIM, an Israeli representative of the U.S. computer company Data General.
From Air Line Pilot, May 1982.
"Several of ALPA's technical committees and the Assocation's New Aircraft
Evaluation-Certification Committee are studying improvements that might
be made to the stretched DC-9 to address such pilot concerns as the
following:
Computer Malfunctions
Unexpected mode changes, complete loss of data, and other anomalies of
the flight guidance system have been reported during all phases of flight
in Super 80s; cold soaking of the computer or electrical transients or
both are believed to have been partial causes. Reports of flight guidance
system malfunctions include unexpected switching from the takeoff mode to
another mode during the takeoff roll and from the desired approach mode to
the heading mode near decision height (DH). Autopilot and autothrottle
disconnects during turbulence have been reported, and switching from takeoff
mode to climb mode has caused the autothrottle thrust computer to retard
one throttle to idle.
Under certain deicing-engine auti-icing bleed configurations and flight
conditions — for example, on coupled approaches and when climbing through
cirrus clouds — problems with computer system logic for digital thrust
rating have caused autothrottle disconnects."
[It continues with a listing of problems in non-computer parts of the design.]
The recent humorous (I presume) recommendation for a universal "smart card" on one's thumbnail prompts me to call attention to something a little more serious. I was recently a reviewer for an OTA draft report on computerizing the entire Federal welfare benefits system--food stamps, Medicare, welfare, etc. As one official put it to me recently, people at OTA thought this was sort of a joke when it first came down, but Congress is serious. The draft report, which may get elevated to a full panel study, considers the issuance of "smart cards" to all Federal welfare beneficiaries, with ATM-like machines at all places where Federal benefits are exchanged for goods and services. If you just stop and think a minute about how many sites this involves--every "Mom and Pop" grocery store, every Seven-Eleven, any place that takes food stamps--you get an impression of the expense. This is a multi-billion dollar proposal just to get the system set up and into place. Beyond that, say some experts, looms a national identity card for all U.S. citizens. Serious proposals for this may not be far off. So far there has been no real rationale for Congress to consider this, but the recent immigration law, which imposes fines on employers for hiring undocumented workers, will create a nation-wide consitituency pressing for some reliable form of citizenship identification. If there is a trend toward "smart card" disbursement of Federal benefits, this will add to the INS rationale for a national identity card. What's disturbing about all this is that Congress gradually gets used to ideas like these, opposition seems to fade, and the momentum can appear irresistable. Gary Chapman, Executive Director, CPSR
Date: Wed, 25 May 88 16:07 EDT
From: Michael Travers <mt@media-lab.media.mit.edu>
Subject: Mark O' the Beast update
Subject: Cash on the Nail
DAEDALUS
David Jones
For years now, we have been told that the cashless society is
just around the corner. Every shop will have a computer terminal;
simply enter the transaction, validate it with your personal card, and
the central computer will transfer the sum specified from your bank
account to that of the shop. Wonderful! The reason why it doesn't
happen is that fraud would be so easy. Card fraud is so widespread
already that the banks daren't risk anything worse. But Daedalus has
the answer. His new cash-card is unstealable: the user's own
thumbnail.
A nail has a smooth and uniform surface, and is transparent
enough to let through the light from a laser. A small laser could
bring a brief light pulse to a focus in the body of the nail, burning
a tiny white mark that could easily be read, but would be protected
from chance abrasion. A dot-matrix pattern of such marks could easily
encode a financial transaction. A nail has no nerves so the process
would be quite painless. Accordingly, the new Dreadco financial
terminal has, besides a keyboard for entering the transaction, a
thumb-port to admit the user's thumb.
Every day a nail grows about a tenth of a millimetre. With laser
dots about the size of those on a compact disc , this would give space
for about ten new transactions. Over time the user will accumulate on
his thumbnail a running financial statement showing all his
transactions for the past few months. Each time he inserts his thumb
into a terminal, the sytem will check that statement against its file.
If everything matches, his identification is secure; the terminal
accepts the new transaction and prints it below the previous ones.
But if there is a discrepancy, it sounds an alarm and clamps down on
the suspect thumb, trapping the fraudster until the police arrive!
But suppose a bent manicurist manages to photograph a client's
thumbnail, and uses it to construct a forged thumb? Even then, the
fraud is risky. By the time the forged thumb is ready, the victim
will probably have used the system again. The forgery will not carry
this latest transaction: it will be detected and trapped by the
terminal, for the police to study later as evidence.
Daedalus' new thumbcard will impose financial prudence on its
users. The spendthrift who fills his thumb up with wild transactions
will soon be choked off by sheer lack of space. On the other hand,
should he go down with mumps or measles (which arrests nail growth)
bankruptcy would rapidly threaten. And secrecy is not really assured.
Gigolos with magnifiers may shrewdly revive the old gallantry of
hand-kissing: gypsy palmists will read both sides with great care;
shady financial operators of both sexes may take to wearing opaque
nail varnish. And a death in the family will have the sorrowing
relatives hastily erasing the deceased's thumbs with a
laser-scrambler, before some unscrupuous undertaker or body-snatcher
can detach or copy them to filch their encoded legacy.
The Guardian, 24 May l988
On the topic of corporate rules requiring formal documention for each
procedure in a program, Dick Dunn (uucp: {ncar,cbosgd,nbires}!ico!rcd)
posted the following in comp.lang.misc:
People may not realize just how much trouble it can cause. A few years
back, I saw a procedure-heading standard which was so large and ornate that
it was actually causing people to *avoid* writing procedures! They were
working on a project which had deadlines (as opposed to lines-of-code-per-
day goals:-), but they were absolutely required to build one of these giant
headers for each function. As a result, it was often easier to write code
in-line to perform the identical function in several different places than
to split it out into a separate procedure.
Write your own moral--something about programmers taking the easiest path
so style rules should encourage the easiest path to be the same as the
right one.
Forwarded to Risks by Mark Brader
John Haller of AT&T Labs (Risks 6.90) discusses the sequence of events which led to the disasterous fire at Hinsdale on May 8. He quotes from a television show (Chicago Tonight) which on more than one occassion has been derelict in getting all its facts straight. First: The fire alarm and power outage alarm were NOT simultaneous. The fire alarm was first noted in Springfield, IL at 3:50 PM that Sunday afternoon. The fire alarm signal continued for nine minutes. It was ignored by an employee who thought it was going off due to other conditions at the time. The alarm stopped about 3:59 PM, then started again a few minutes later, and on its second warning, *then the alarm for loss of power made itself known*. There was nine minutes wasted, plus the several minutes until it began again. Second: When the technician finally was moved intellectually to consider that a fire alarm might actually refer to a fire, a call was made to a weekend duty supervisor. Not the Hinsdale Fire Department; not the Police Department, but a person who had to put down what they were doing, go out to their car and drive to 120 South Lincoln from wherever they were, through Sunday traffic, the whole bit. Had the tech immediatly called the Hinsdale Fire Department and the weekend supervisor, and coordinated as best as possible the arrival of firemen with telco personnel on location, the damages would have been much less. Third: The cost of staffing for that office, or any central office on weekends or off hours is no where near the estimate given by correspondent. He assumes a full compliment of people on each shift, Sundays, nights, holidays, etc... and assumes holiday pay, night premiums, etc. None of this is required. One or two persons *maximum* per office would be fine. A clerk at a terminal with work to do — they surely could input work orders, make record corrections, etc — and the express duty of touring the building once every hour or so and immediatly upon reciept of an alarm would be sufficient. Fourth: A good, comprehensive Halon network, via overhead plumbing just as in conventional water sprinkler systems, would cost only about a quarter million dollars per office to install, and much less than that annually to refresh the holding tanks each year. Hand held halon extinquishers mounted in strategic locations around the building would cost even less. Imagine if you will, a clerk on the premises Sunday afternoon. He is only paid $30,000 a year or so, and an alarm is noted on his console or terminal. He picks up a hand held cellular phone, walks into the room down the hall, sees smoke and grabs the Halon cannister from the wall. On the phone he dials 911 to tell them. He starts spraying the Halon, and likely gets the fire out before the firemen arrive. Then he calls a couple other numbers on the phone to key employees to get the word out: get over here fast. He goes out, meets the firemen and escorts them inside. If the fire is still going, they also have Halon, and are better trained at this sort of thing than the $30,000 per year clerk. Within minutes a couple of other employees are there, and the limited damage is assessed and repairs begin immediatly. Now how much would this very *non* labor intensive scenario cost in a year? We would need three such persons per office — or four perhaps — allowing for one at night, one evenings, one weekends and days off for the other two. Would $200,000 per year per office cover salaries? If there were 10 very important central offices in the Chicago area, would $2,000,000 per year cover salaries? That's quite a bit lower than the $12,000,000 correspondent suggests would be required. And if the watch-persons had other duties to do, could their salaries at least in part be charged off in the budgets of other departments? In my figures here, I've actually over-budgeted to include two or three additional watch-persons-at-large, who would travel from office to office during the night to relieve for lunch breaks, fill in for sick or vacationing watch-persons, etc. Correspondent shudders at the idea of $12,000,000 (his figures), and says its not economical....but the actual damage to date from Hinsdale has exceeded $50,000,000 and the cash register is still ringing! Talk about false economies.... I'm sorry, but I think Jim Eibel, Illinois Bell VP of Operations, and designer of the plans which led to this tragedy was expecting an awful lot for his money if he figured a person downstate would see the alarm, know what it was, get help and control a serious problem as well as someone right on location babysitting the switch would do it. Finally, they have weekend duty supervisors all over the area anyway. They are already being paid a salary, so in figuring the cost of staffing an office at night you have to consider you already have several of the needed employees in place. Arrange them differently and hire a few more. I rest my case. Patrick Townson
John Haller writes about economics of protecting telco switches: > At a typical salary of a >craft person, that would be ~$120,000 per year per office. To >staff 100 offices, at $12,000,000 per year, it is easy to see >the decision not to staff compared to the cost of a new switch. Okay, so I'm not an 'econ' major, and it isn't very easy for me to see this. It does NOT take a craft person to watch a switch, it takes a security guard (and I would guess they would not be paid as well!). The CRAFTperson, if provided, could be doing otherwise-useful work while guarding the switch. Such work could not be fully billable as 'protection', and the TelCo would benefit materially. Ten minutes out of an hour to do 'rounds' leaves 3/4 time 'working.' Add this to the demonstrably fallible alarms already installed and they are made much better since a person on-site can EASILY go LOOK, let alone COPE with a problem immediately. Why not just reduce daily staffing so as to normally have productive work to do during off-hours. Even paying an EXTRA 1/4, or $30,000 per year per office, exclusively for added protection, is pretty cheap for guaranteed insurance. We must also not forget the other costs beyond the actual switch. [From Patrick Townson's May 14 posting to RISKS:] > And twenty five million is a *very >low estimate* of the cost of the fiasco. The new switch alone is estimated >to cost about sixteen million dollars. ... That does >not of course include peripheral equipment, overtime salaries to workers, >the cost of repairing the building or the month of lost revenue from the >thousands of subscribers without service. I'll bet someone with the ACTUAL number of similar offices, over all the years they've been installed, given the ACTUAL distribution and cost of preventable disasters during those years, could come up with a good business case for continued protection. Belt and suspenders, anyone? Barry C. Nelson
Please report problems with the web pages to the maintainer