The RISKS Digest
Volume 8 Issue 04

Wednesday, 11th January 1989

Forum on Risks to the Public in Computers and Related Systems

ACM Committee on Computers and Public Policy, Peter G. Neumann, moderator

Please try the URL privacy information feature enabled by clicking the flashlight icon above. This will reveal two icons after each link the body of the digest. The shield takes you to a breakdown of Terms of Service for the site - however only a small number of sites are covered at the moment. The flashlight take you to an analysis of the various trackers etc. that the linked site delivers. Please let the website maintainer know if you find this useful or not. As a RISKS reader, you will probably not be surprised by what is revealed…

Contents

M1 Plane crash
Nigel Roberts
$4.5 M Child Support Computer to be Scrapped in VA
Dave Davis
Eelskin wallets erase mag strips?
Jane D. Smith
Firearms Arrive in the Electronics Age
Allen
Unused city computer system set aside after 4 years, $4M
Stephen W. Thompson
Re: Hackers' Conference versus CBS
John Gilmore
Info on RISKS (comp.risks)

M1 Plane crash

Nigel <roberts%untadh.DEC@decwrl.dec.com>
Wed, 11 Jan 89 03:02:40 PST
"DISASTER BECOMES A MATTER OF ROUTINE

There is no pattern to the proliferation of disasters. Lockerbie was a 
bomb on a middle-aged jet, blown to pieces high over a Scottish town.
Flight BD-92 was a spanking new jet which somehow (inevitable speculation)
seems to have contrived to lose both engines limping in to land at 
Castle Donington. No suggestion of a bomb, though the flight was Belfast-
bound; and --- compared to the carnage of Lockerbie --- enormous strokes of
good fortune. You cannot, surveying the debris strewn across the M1 (freeway),
quite visualise how so many passengers survived, nor calcualte the odds
against the doomed Boeing ploughing into a string of cars and lorries;
nor those against fire engulfing the scene.

In a way, the horror of BD-92, like Clapham Junction, like King's Cross
even, is easier to come to terms with. It was justone of those things: 
mechanical (or, possibly, human error.) Inquiries may be conducted, 
reports published. There are things that can be done. Engines to be checked.
Software to be scrutinised. Training to be tightened. And, beyond such 
simple reactions, of course, there will be more political questions. 
How rigorous and independent are Civil Aviation Authority checks? Do 
they take too much for granted, because the FAA has already pronounced
an aircraft safe? Have all the lessons of Manchester been learned and
acted upon? What are the risks for two engined planes? We have been
constantly informaed that the chances of both engines failing are 
millions to one, so that such airliners now cross the Atlantic as a
matter of routine. But the odds may have shortened somewhat over 
Kegworth on Sunday night.

There is a broader sense, though, in which the M1 disaster brings no
comfort at all. It was a failure of technology; or maybe some element
of human incapacity to deal with technology. There is supposed reassurance
in hi-tech. The machines take over, to blind-land a jumbo, or put man
into space. Eliminate human error. Leave it to the computers. But that
is too blithe. Week after week, month after month, hi-tech planes
fall out of the sky. Because they are military jets, and fall usually
into the sea or on some deserted hillside, they do not command the 
headlines. (Though when, as a few weeks ago, they plough into the centre
of a West German town, all that changes). They are not safer because of
their extreme sophistication; on the contrary, they are dangerous because
human beings, no matter how relentlessly trained, are not sophisticated
enough to command their infinite complexity. And so, in civil aviation too,
the new, replacing the middle aged, does not automatically spell greater safety.

We must, in short, begin to budget for disaster. Watch the jets stacked 
over Heathrow or Gatwick and there is a feeling of living dangerously, of
disasters waiting to happen. As they occur, they will not necessarily
alter the basic calculations. It will still, statistically, be safer to 
take a flight to New York, than your car for a Sunday spin. The growth
in air traffic cannot be checked; nor can the demand for new, more
complex planes. There is, here, a sense of challenge. Airports within 
a few hundred yards of motorways; jets wheeling to land over cities.
Lockerbie and Castle Donington are very different cases, united only
by their fear and pity. The odds against them happening with a handful
of days, like the odds against two engines failing, were millions to
one. But disaster, it seems, has a way of rendering odds meaningless."

    --- 'The View from Britain', leader article in _The Guardian_
         newspaper, Tuesday January 10 1989

    [Several of this evening's news programs report the possibility of a
    computer problem or cross-wiring error that might imply it was not
    pilot error...  PGN]


$4.5 M Child Support Computer to be Scrapped in VA

dave davis <davis@community-chest.mitre.org>
Wed, 11 Jan 89 07:54:07 -0500
From the 24 Dec 88 issue of the Washington Post comes an article about yet
another failed software development project. 

The system was to disburse child support payments for the State Dept. of
Social Services...The state paid $4.5 M for the system in 1985...  problems
with the system caused delays up to six months in issuing payments...

The state is now seeking a completely new system [now that it has figured
out its requirements, apparently] for $10M, to be installed in two years.

The article further states: "the state bought Unisys' proposed package outside
of normal competive bidding practices, a move a state auditors' report later
found was made in an 'atmosphere of panic and haste'...welfare officials never
checked to see if the system would do what the company promised."

It appears that the state officials involved didn't exercize the kind of
management care that a more routine non-technical procurement would have
received.

Dave Davis, McLean, VA


eelskin wallets erase mag strips?

Jane D. Smith <jds@uncecs.edu>
10 Jan 89 15:44:03 GMT
From a report on NPR's All Things Considered program 1/9/89:

A spokesperson for a distributor of eelskin wallets responded to the apparently
widespreading rumor [SEE RISKS-6.25] that eelskin wallets erase the magnetic
strip information on credit cards and ATM cards of their owners. Sales of
eelskin wallets have dropped as wary consumers boycott the alleged mag strip
eaters. The magnets used as closures for the wallets are the real culprits,
however, and the spokesperson said the manufacturers were now using smaller
magnets as closures or using conventional snap closures. Caveat emptor! 
-- Jane Dunlap Smith UNC-ECS Information Services


Firearms Arrive in the Electronics Age

<ALLEN@s56.prime.com>
10 Jan 89 11:30:27 EST
This item appeared in Business Week Nov 28, 1988:

                                Electronic Gun

  Colt industries Inc has filed for US and European patents on a handgun with
  an electronic firing system.  Pulling the trigger would move a magnet past
  the solid state switch, triggering a circuit that releases the hammer.  It
  would be more reliable and cheaper than mechanical systems, says the company.
  In addition, putting chips in pistols would make it possible to add a digital
  display that warns when the gun is loaded and shows how many shots are left.
  And that could just be the beginning of new "user friendly" features for
  tomorrow's firearms.

Now, I'm not a "hardware type" (maybe they're thinking of microcoding the gun
:-)?), but after reading recent RISKS articles that discuss such things as
electromagnetic interference with army helicopters, etc., it seems that the
risks attendant with the device described above should be prohibitive.  This
firearm design seems just plain absurd!

Other points: whatever happened to the tried-and-true engineering philosophy
of "simplest best"?  An electronic firing system in a handgun seems, say,
Rube Goldberg-ish, yes?  Furthermore, with your little digital display, all
the excitement of playing Russian Roulette would disappear.

 ------------------------------

Date: Mon, 09 Jan 89 15:07:47 -0500
From: "Stephen W. Thompson" <thompson@a1.quaker.upenn.edu>
Subject: Unused city computer system set aside after 4 years, $4 million
Organization: Institute for Research on Higher Education, Univ. of Pennsylvania

The following article comes from the 6 January 1989 (Friday) Philadelphia
Inquirer, front page.  In this city where the government is widely criticized
on every front, it raises questions of incompetence and poor management.  It
also, however, raises questions about whether cities out to be involved in
software development.

   Unused city computer system set aside after 4 years, $4 million
   By Dan Meyers, Inquirer Staff Writer

   After at least $4 million in expenses and more than four years of
frustration, the City of Philadelphia has shelved a computer system it bought
-- but never used.  Officials in the Finance Department had pitched the system
in the early 1980s as an efficient way to track information on payroll,
pensions and personnel.
   "Has it worked?" City Councilman John F. Street asked at a hearing this
week.
   "No it has not," said Deputy Finance Director Peter A. Certo, the latest
supervisor of the project.  Certo said the total cost has been at least $4
million.  Street put it at $5 million.  The system now is in storage.
   For the current fiscal year, which began in July, the Finance
Department had budgeted more than $400,000 for a 13-member team to work
on the computer system.

* In May, however, with Mayor [Wilson] Goode facing a $79 million budget
deficit and calling for a cut of 2,000 people in the city workforce, Finance
director Betsy C. Reveal decided to put the program on hold indefinitely.  She
did not respond to requests for comment.
   "We didn't really scrap it," said Certo.  "We put it on the back burner."
   Records in the city controller's office show the project was scuttled by
mid-September.  The failure of the system was mentioned Wednesday in a hearing
on another matter of the Appropriations Committee, which Street chairs.
"Council members really though we'd been burned" on the Finance Department
project, Street said.

* [Overall problems with city funding finally brought the computer
system's development to a halt.]

   The computer tapes, programs and consultant reports have been put in storage
and could be "resurrected" when the city can afford to pursue them, Certo said.
Certo said the problem was that it was difficult to adapt a computer system to
the myriad peculiarities of the city.  And he said it would have taken
additional staff and money to get the computer system working.  According to
Certo, the project was underfunded from the start.  When it was mothballed, the
computer program was at least six months away from working, Certo said.
   Others were skeptical of the ability of such departments as Finance to
oversee complicated computer projects.  "Systems like this are difficult to
install and should be left to professionals to do," said Eugene L. Cliett Jr.,
director of the Philadelphia Computing Center, an office created by Goode to
oversee city computer projects.
   The computer project was under discussion at least as early as 1982, under
the administration of Mayor William J. Green, according to controller records.
   The plan was to take a software package — computer programs already
designed by a company — and modify it to the city's particular needs.  The
city chose not to order a custom-designed computer system because the cost
would have been double or triple, Certo said.
   By early 1984, the city had entered into a $1.4 million contract with
American Management Systems to develop a computer system that would combine, in
easily digestible form, data on city employees.
   "Time is of the essence," the contract said.
   Numerous consulting contracts followed, totalling at least $214,000,
according to controller records.  Much of the rest of the cost was for
city staff assigned to the project.
   The system initially was to include information on three areas --
payroll, pensions and personnel.  All had, and still have, separate
computer systems.  The pension board pulled out of the project shortly
after it began.
   "We have a system now that is 30 years old and it pays people every week but
doesn't give us a lot of management information we'd like to have," Certo said.
The computer system that was supposed to cure that problem was slow in taking
shape, however.  "We spent two years modifying the package and in the course of
that period found things we felt wer not addressed adequately by AMS," Certo
said.  At one point, he said, the list of problems was at least 85 items long.
   AMS consultants began to phase out of the work and the city Finance
Department took it over.  But one department or another objected to the
results, Certo said.  "We were constantly changing things," he recalled.  "We
tried to accommodate everyone."
   Finally, in the city budget crunch, Reveal decided to abandon the
long-standing project, at least for the moment.
   So at a time when the city could most use precise information that
could help the city run more efficiently, the Goode administration has
determined that it cannot afford to pay for it.
   "You're damned if you do and damned if you don't," Certo said.  "We
decided not to do it."


Re: Hackers' Conference versus CBS

John Gilmore <gnu@toad.com>
Mon, 9 Jan 89 18:13:34 PST
I was at the Hackers' Conference whose blatantly slanted news coverage was
recently reported in The Institute and Risks.  I created a transcript of the
CBS news segment the evening it was aired; it is below.  Reading it is
interesting; while CBS never lied, they juxtaposed material from different
sources to make a strong impression that we were criminals.  Note in particular
what was happening on the screen while various things were said (e.g. showing a
"combat" video game while talking about us as revolutionaries, showing Cliff
Stoll giggling about mice and playing with a Yo-Yo).  BTW, there *was* the
obligatory shot of tape drives, I seem to recall.

CBS was given special access in order to film the conference; the rest of the
press was only allowed there on Sunday.  Needless to say they will NOT be
invited back (and I will personally escort them off the property even if they
show up on Sunday).  Unfortunately, that's not enough. The producer of the show
guaranteed that the attendees' image of hacking, rather than the distorted,
media-generated image of hacking, would be presented.  He broke that promise,
with a vengence, but boycotting CBS won't help.  (Fred Peabody produced the
Hackers coverage.  He went to ABC, working on 20/20, according to Glenn Tenney,
who ran the Hackers Conference.  Be sure you don't let him *near* anything you
are doing — if you want fair and unbiased coverage.)
                                                            John Gilmore

    Transcript of CBS News segment on the Hackers Conference
        filmed 7 Oct 88, aired 8 Oct 88.

Anchorman ("High Technology" logo and drawing of chip):  An unusual
conference is under way near San Francisco.  The people attending it
are experts on a technology that intimidates most of us, but has changed
the way we live.  John Blackstone reports.

Narrator (trees and outdoor scenes at conference):  A small revolutionary
army is meeting in the hills above California's Silicon Valley this
weekend, plotting their next attacks on the valley below, the heart
of the nation's computer industry.  They call themselves computer hackers.

Jonathan Post:  "The people who are gathered here changed the world
once; if we can agree on where to go next, we're gonna change it again."

Narr (conference scenes, blinking lights):  What hackers have learned
to do with computers has changed the world, for both good and bad. 
They're the people who dreamed of and built the personal computer industry.
But the same kind of talent is creating never before dreamed-of crime.
Because for a computer, the only difference between a hundred and a
million is a few zeros.

Donn Parker, (SRI International, in office):  "And so, in fact, criminals
today I think have a new problem to deal with: and that is how much
should I take.  They can take any amount they want."

Narr  (phone central office):  Telephone companies are the most victimized
because those who break into phone company computers can link up for
free to computers around the world.

Richard Fitzmaurice (Pacific Bell, in office):  "You'll hear the term
computer hacker, computer cracker; we call them computer criminals."

Narr (blinking lights):  But much more frightening are the hackers
who crack American military computers.  Earlier this year in a lab that
does some classified research, astronomer Clifford Stoll discovered
someone had broken into his computer.  He says it was like finding a
mouse running across the floor.

Stoll (in office):   "You watch and you see, he's going in that hole
over there, and you say, ooh, he's going in that hole; that connects
to a network that goes to a military computer, in Okinawa."

Narr (Stoll playing with a yo-yo in a machine room):   The breakins
to American military computers went on for several months.  Eventually
Stoll traced them to a hacker in West Germany.

Donn (in office):  "A hacker today is an extremely potentially dangerous
person.  He can do almost anything he wants to do in your computer."

Narr (at conference, video games, stabbing and fighting on screen):  But at
the hackers' camp in the hills, there's recognition that in any
revolutionary army there will be a few rogues and criminals.  But that's no
reason, they say, to slow down the revolution.  

``John Blackstone, CBS News, in the hills above Silicon Valley.''

Please report problems with the web pages to the maintainer

x
Top