Please try the URL privacy information feature enabled by clicking the flashlight icon above. This will reveal two icons after each link the body of the digest. The shield takes you to a breakdown of Terms of Service for the site - however only a small number of sites are covered at the moment. The flashlight take you to an analysis of the various trackers etc. that the linked site delivers. Please let the website maintainer know if you find this useful or not. As a RISKS reader, you will probably not be surprised by what is revealed…
Today's Independent newspaper contains an advert by BMW which provides yet further evidence of the automative industry's flagrant disregard for the possible risks associated with new computer-based technology. The main text of the advert is reprinted below, in its entirety, followed by a brief note of some of what I regard as the more obvious risks. BEFORE A BMW WILL START IT WEIGHS UP WHO'S DRIVING First BMW brought you ABS, for safer braking in the wet. Then came ASC, to help counter wheelspin during acceleration. Today, they can unveil DWS: probably the most significant advance in anti-theft technology to occur in recent years. DWS stands for Driver's Weight Sensor. A unique system that compares the driver's weight with a pre-programmed value stored in the sensor's computer memory. If the two values do not match, the car simply refuses to start. Clearly, this represents a whole new level of anti-theft sophistication. But one that has only be made possible thanks to recent advances in space satellite PHAT technology. This remarkable new material - Poly Halide Anodal Tritium - exhibits a highly predictable change in electrical conductivity according to the pressure exerted upon it. By harnessing these properties, BMW's engineers have devised a wafer-thin pressure pad that, when incorporated into the driver's seat, can electronically assess the occupant's weight to within 10 grams accuracy. Such is the system's intelligence, it will take account of bodyweight variations that occur according to the time of day, or even the time of year. This it achieves by interlocking with the car's on-board 365-day digital clock. Accurate allowance can then be made for weight increases that may be expected immediately after meal times, and those that are caused by multi-layer clothing during the winter months. Despite its space age technology, the operation of DWS is simplicity itself. On entering the car, the driver inserts the ignition key, at which point the words `Code Enter' flash up on the dashboard LED display. Up to five of these codes can be stored for five different drivers. The driver now enters his personal code on the key pad and his weight appears on the light-up display, expressed in either pounds or kilos. (Lady drivers who would prefer this visible display switched off should consult their BMW dealer, who will carry out the small necessary adjustment free of charge.) The sensor weight reading is then compared to the programmed weight in the memory, and providing this falls to within +-5%, the car will start normally. If, however, the figure exceeds these tolerances, then a discreet gong sounds, and the entire ignition system shuts down. Should persistent attempts be made to restart the car, an alarm system is triggered, and the headlights flash alternately until the unauthorised person vacates the seat and re-closes the door. At the same time a pre-recorded message is transmitted on the standard police radio frequency, notifying all walkie-talkie equipped police officers within 350 metres of the car's registration number. If you'd like to know whether the Driver's Weight Sensor anti-theft system can be fitted to your car, contact your local BMW dealer, or post off the coupon below [to Hugh Phelfrett, BMW Information Service, PO Box 46, Hounslow, Middlesex, TW4 6NF]. Some likely risks: Just when you have arrived back from a week-end backpacking, and are desperate to get to MacDonald's before they close, the car is likely to refuse to recognise you. (The opposite problem is perhaps not so bad - for example, it would be good for you to be occasionally forced to walk or jog to WeightWatcher's class.) Suppose the car does consent to take you to MacDonald's, the weight display, which I assume is dynamically updated, will be an additional and dangerous distraction while you drive home eating your Big Mac. (A head-up display would reduce this risk.) A person's weight variations over the year are strongly correlated to cultural, racial, and religious factors. Almost certainly, therefore, this system will provide another example of "computerized discrimination". There is even a security-related risk. By periodically dieting, a spy could use the occasional transmissions of the pre-recorded message as a covert signalling channel to a near-by embassy, say. Brian Randell, Computing Laboratory, University of Newcastle upon Tyne JANET=Brian.Randell@uk.ac.newcastle UUCP =...!ukc!newcastle.ac.uk!Brian.Randell PHONE = +44 91 222 7923
From The Wall Street Journal, Thursday, March 30, 1989, p. A1:
"DIAL-A-SNORE: People having difficulty sleeping can dial the Lenox Hill
Hospital Sleepline in New York. An answering machine plays an eight-minute
tape that includes a message designed to help insomniacs doze off while
listening."
Pity the poor insomniac who does fall asleep in the middle of such a call:
- After eight minutes, the Lenox Hill Hospital answering machine will hang
up and a loud, synthesized telephone company voice will say, "If you'd like
to make a call, please hang up and try again."
- If our insomniac manages to sleep through that, his or her phone might
well remain off-hook all night, blocking incoming (possibly emergency) calls.
— Roger Goun
There has been mention of a high incidence of miscarriages at the headquarters of _USA Today_ in Rosslyn, Virginia. The cause was suspected to be VDT usage. The Washington DC _City Paper_ of March 31 states that the cause has since been determined to be lead in the buildings pipes.
This is quoted from memory from a Wall Street Journal article on the event: The
manufacturer's "minimum equipment list" for the 767 includes two electronic
fuel guages. Thus, technically, the pilot took the plane off with inadequate
equipment. I can understand why both the pilots and the airline would consider
manually measuring the fuel level with a dipstick to be fully equivalent to the
electronic fuel guage, but this event shows that one should probably fly by the
book; infrequently performed manual backup activities have a high likelihood of
error.
Dale Worley, Compass, Inc.
This morning's Washington _Post_ has a near-full-page article on fly-by-wire
aircraft and the safety issues involved. It's a rather well-written piece
which (unlike too many of the so-called "news" reports) is not written to
prove that the FBW systems ("are absolutely safe"|"are not at all safe").
Choose your favorite ending; both types of "news" are available.
(The article is on page C-3; issue date is Sunday, 2 April)
The article cites the Airbus crash in France last 26 June. That crash has been
the subject of numerous RISKS submissions which have explored many of the
issues, but the _Post_ article cites other Airbus problems I haven't seen
detailed. They include "...engines unexpectedly throttling up on final
approach; inaccurate altimeter readings; sudden power loss prior to landing;
steering problems while taxiing."
The reports are credited to "the European press". Can anyone elaborate
on the reports?
[Nancy Leveson is in DC this week, and picked up a copy. If no one else comes
up with a fuller report, Nancy has promised one for Tuesday night. PGN]
I found this on one of the systems I use (not the one I'm mailing from.) The
times involved match exactly with those from previous time changes, so I begin
to suspect they're serious about how long it takes.
Walter Roberson
VM/CMS downtime
---------------
NEWS DOWNTIME provides information about scheduled and unscheduled shutdowns
as well as extended crashes. [...]
----- 89.03.02 0800 - 89.03.02 1300
On Sunday April 2 1989 VM/HPO will be down from 0800 to 1300 hours and TSS
and MVS/XA will be down from 0800 to 1000 hours for the change to Daylight
Saving Time.
The following was extracted from The Ottawa Citizen, Sunday April 2, 1989, pg A1 + A2: Elevator accident kills 13-year-old refugee (By Dennis Foley, Citizen staff writer) A 13-year-old girl [...] was crushed to death Saturday in an Ottawa apartment elevator that residents say has a history of malfunctioning. Segal Samanter jumped on the elevator and was caught between the closing door and the door frame [...] She was crushed against the upper door frame. Several residents said all three elevators continually malfunction and passengers are often jarred by their quick-closing doors. [...] "If they break down, they're repaired immediately," he said. "There was an elevator repairman here today." [building manager, Cliff Gray] He didn't know which of the three elevators had been repaired Saturday. [...] "There is always something wrong with these elevators. They move when they're not supposed to, and they stop between floors." [Afshin Adill] Ababdihakim Ali, 19, said that earlier in the day the door of the elevator in which Samanter was killed would close only halfway. It continued to operate this way, he said. [...] Witnesses said the elevator had stopped several centimetres above the floor level before Samater (sic) got on. Awleker Ahmed, 16, said he had been standing alongside Samanter in the elevator lobby and had warned her against trying to jump on to the elevator, which already contained several passangers. She ignored his warning, he said. [...] Pat Baerg, the building's secretary, said problems with the elevators are the result of tenant abuse. "If children didn't play on them and tenants didn't jam the doors open with cardboard, we wouldn't have problems," she said. She also said many tenants didn't know how to properly use them. "It's a tenant problem, not an elevator problem," she said. [...]'
>(2) A "dipstick" procedure for measuring fuel supply by hand was done
> incorrectly, leading the mechanics to conclude that the plane had
> more fuel than was in fact the case (and, thus, that it was safe to
> fly the plane without working fuel gauges!)...
Does the book (or the condensed version) address the question of whether
this "safe" procedure violated regulations? My recollection of what was
said at the time is that it's okay to fly a 767 with both fuel gauges
operating, and it's okay to fly with one gauge operating plus the
dipstick check, but if both gauges are out [as in the 1983 case], the
plane is supposed to stay on the ground, period.
Whether my memory is correct or not, taking off with no fuel gauges strikes
me as a dangerous and foolhardy action. Quite apart from reducing a
redundant system to a single failure point (the manual calculation), the
decision to take off without gauges also quietly assumed that nothing
would go wrong in such a way as to quietly reduce available fuel (e.g.
a leak). The real problem here was not unit conversion, but the old
"it can't happen to me" syndrome. Bet that pilot never takes off without
gauges again, ever, dipstick tests or no dipstick tests.
Henry Spencer at U of Toronto Zoology
Some newspapers in the area are trying to obtain magtape copies of public
records that already available on paper, such as driver licenses, criminal
convictions, and land ownership. They want to perform statistical tests and
cross-database matching. This would seem to have all the dangers of
governmental database matching, e.g. that when a coincidence is found, the
victim is assumed guilty and must prove his innocence.
However, the newspapers might be harder on an innocent victim than the
government since they can publish anything, however false, if they can't be
proved to have been malicious. Finding and printing an interesting
coincidence, perhaps that you own property next to someone accused of organized
crime, and also sold your previous car to another organized crime suspect,
wouldn't be malicious, just sensationalistic.
Wm. Randolph Franklin, RPI
From an informational notice entitled "Important Answers about PROPERTY
REVALUATION" hung on my doorknob by a representative of the Montgomery County
Auditor's Department (Dana A. Stamps, County Auditor):
... [previous Important Answers, to questions like {\bf What is
the purpose of a revaluation program}]
{\bf How is my property value determined}
In the first phase, data collectors — who are not appraisers --
verify and update the County property data file by making an on-site
visit to your property. Using the information gathered by the data
collector and sales data from the local market, the appraiser uses a
computer to perform statistical analysis and mathematical calculations
necessary in arriving at two basic approaches to value for residential
property — the Cost Approach and the Market Approach — to compare
your property to the current market trends and assist him in his final
conclusion of value.
The computer then produces an appraisal review card, from which a
professional appraiser will determine the actual value in a final
field review of each parcel. All final value conclusions are made by
an experienced appraiser during this review. With the laborious tasks
of statistical analysis and calculations being done by computer, the
appraisers are now free to concentrate their talents on evaluating the
results. Through integration of the electronic efficiency and
accuracy of the computer with the experience and sound judgement of
professional appraisers, the auditor's office will save the taxpayers
of this county many thousands of dollars on future revaluations and
enhance the quality of the appraisal process. ...
[more Important Answers follow]
No news yet on any systems acquisition fiascos in the Auditor's
Office, but the tone of the letter shows that the Auditor expects
county property owners to sleep easy knowing that their tax bills are
being set with the help of "the electronic efficiency and accuracy of
the computer." There is an appeal and review process for individuals,
but no mention of how the statistical model itself is validated.
{\em Quis custodiet ipsos custodes}?
Lt John S. Karabaic (fuzzy%aruba.dnet@wpafb-avlab.arpa) WPAFB, OH 45433-6543
Regarding Mike Trout's query: >But on a more important topic, is there any empirical >evidence to suggest that credit card fraud could be significantly reduced by >facial images, either true photographs or digitized images? Several years ago I was told by the late Charles Read, who at the time was Director of the Inter-Bank Research Organisation, here in the UK, that they had run an experiment on the use of photographs on credit cards, as an aid to reducing fraud. He told me that: "We sent out a dozen people, each with a credit card bearing the same photograph of the same gorilla, and on average they succeeded in passing the card eight times!" (I found the phrase "the same photograph of the same gorilla" particularly memorable, and have often wondered what the results would have been if they had used different gorillas!) Brian Randell, Computing Laboratory, University of Newcastle upon Tyne
April's IEEE Spectrum contains an article about the design of the Intel i860 (aka "N10") RISC processor. In a section called "Unauthorized Initiative" [p 26] the author (T. S. Perry) includes the following story: One of the designers heard from a friend in Intel's CAD department about a tool that would take a design from the logic-simulation level, optimize the circuit design, and generate an optimized layout. The tool eliminated the time taken up by circuit schematics, as well as the checking for schematic errors. It was still under development, however, and while it was even then being tested and debugged by the 486 team (who had several more months before deadline than did the N10 team), it was not considered ready for use. The N10 designer accessed the CAD department's mainframe through the in-house computer network and copied the program. It worked, and the bus-control bottleneck was solved. Said CAD manager Nave guardedly, "A tool at that stage definately has problems. The specific engineer who took it was competent to overcome most of the problems himself, so it didn't have any negative impact, which it could have. It may have worked well in the case of the N10, but we don't condone that as general practice." A number of classic RISKs are apparent, but what stands out to me is the lucidity in the last paragraph and the importance of engineers' *understanding* their tools, not just *using* them. (This also reminds me of how some mathematicians get upset when they perceive engineers using mathematical tools without a good understanding of their basis, e.g., using integration without studying measure theory first...) Of course, it is not just electrical engineers but social `engineers' and other planners, controllers, etc. that need to understand their tools functions and limits.
Same problems in Silicon Valley. I rear-ended a car in stop/go traffic in December (my first ever collision). I gave the guy I hit my insurance details, and reported the matter to my insurance, who agreed to pay, no problems. A month later I got a notice that my license would be suspended in two weeks for being in an accident and not having insurance. I was informed that after that date I would be automatically jailed if any officer caught me driving. How did the State hear of the accident, and how did it conclude I was uninsured? I've no idea. The telephone number they gave was *permanently* busy, I tried many times, but I *immediately* had sent them documentation which proved I had been insured. Two months later I got a notice informing me that my suspension had been cancelled, after it had been in place for some weeks. I'm glad I wasn't stopped during that time is all I can say.
I noted with interest the article on the erasure of floppy disks placed vertically behind a child's car seat in an automobile equipped with seat heaters. I wonder if the data was made unreadable by the magnetic field of the heater, or if the disk was raised to above the Curie temperature (the point where a substance loses its magnetism because of thermal agitation.) Today, there was a bulletin on the radio in which the Montreal Urban Community Transportation Commission (MUCTC), the authority that operates the buses and subway (Metro) in Montreal, announced a problem with the magnetic stripe at the bottom of its monthly passes when used in automatic turnstiles. They claim that some six hundred of the five hundred thousand issued monthly (0.12%) are damaged by proximity to magnetic latches in purses and wallets. Does anyone know if credit cards are subject to this problem? Peter Jones MAINT@UQAM.BITNET (514)-282-3542
Please report problems with the web pages to the maintainer