The Risks Digest

The RISKS Digest

Forum on Risks to the Public in Computers and Related Systems

ACM Committee on Computers and Public Policy, Peter G. Neumann, moderator

Volume 8 Issue 87

Thursday 29 June 1989

Contents

o ``Student plan marred by computer mistake''
Matthew Wall
o Immigration Chief Proposes National Computer Screen
Christopher T. Jewell
o Big Brother is Hallucinating
Elizabeth D Zwicky
o Study finds ``pedal misapplication'' to blame for Audi surges
Jon Jacky
o Computer Crime and Social Risks
Pete McVay
o Reducing risks of cost overruns/project failures
Pete Lucas
o Re: New Yorker Article on radiation risks
David Chase
o Computerized Translations
Will Martin
o Info on RISKS (comp.risks)

``Student plan marred by computer mistake''

Matthew Wall <WALL%BRANDEIS.BITNET@mitvma.mit.edu>
Fri, 23 Jun 89 09:45 EDT
The complete text of an article in the Boston Globe, 6/23/89. pp. 13,83
(reproduced without permission)

Student plan marred by computer mistake

by Diego Ribadeneira, Globe Staff

  In a major glitch in the new Boston school student assignment plan, a
computer tape containing the names of nearly 900 students entering
kindergarten this fall was lost, leaving parents unsure if their children will
be able to attend their preferred schools.
  The snafu, discovered earlier this week, also hurts the credibility of the
plan, which some critics had said was being implemented too rapidly.
  Some students who have already received their assignments for next year may
not have gotten their top choices had the tape with the 900 applicants been
properly processed, school officials said.
  Superintendent Laval S. Wilson said the department has not yet determined how
it will remedy the problem. He said it may conduct the assignment process for
kindergarten students all over again. The error occurred, according to school
officials, because the lost tape had been used to test the accuracy of a
program developed to assign schools to students under the new plan.  The tape
was not returned to be used in the computer run to assign students to schools.
  ``Inadvertently this tape was not merged with the other tapes...,'' said
Catherine Ellison, senior officer for implementation for the Boston School
Department.  The lost tape contained the names of 887 children, the majority of
whom will be entering kindergarten.
  Since the mistake was discovered, school officials have manually been able
to match 344 of the children on the misplaced tape with one of their school
choices.
  Under the plan, called controlled choice, the city is divided into three
geographic zones. Parents were asked to list five choices for schools within
their zone.  The plan will being this fall for students entering kindergarten,
first grade and sixth grade.  All remaining grades would fall under the new
plan in the fall of 1990.
  School officials had advised parents affected by the new plan to submit their
applications by May 18, the first deadline for choosing a school, to have a
better chance of getting their top choices.
  The officials acknowledged yesterday that the remaining 543 students on the
misplaced tape may not get one of their preferred schools, partly as a result
of the mistake.
  ``We will be looking at the remaining applicants to determine how well we can
honor the requests,'' Ellison said. ``We will do as much as we can with the
best interests of the parents in mind. I won't sit here and promise something I
cannot deliver. We hope to attempt to honor one of the parents choices.''
  Kathy Satut listed the New Agassiz School in Jamaica Plain as her first
choice.
 ``I called up Wednesday and that's when they told me they had lost the tape.''
Satut said. ``I couldn't believe they had done that. Now I don't know what's
going to happen. Am I going to be penalized for their mistake? What was the
point of trying to get the application in on time. I think they should all be
fired. I'm very, very upset.''
  School officials said they are trying to insure that the percentage of
students from the misplaced tape who get their first choice will be about the
same as that for the students assigned schools from the first computer run.
They said they hope to complete assignments for kindergarten students by the
weekend.
  News of the error angered some school observers who said it comes at a time
when various reforms are being undertaken in an effort to lure new students to
the system.
  ``It's pretty outrageous,'' said Paula Georges, executive director of the
Citywide Education Coalition. ``It undermines the credibility of the plan.''

[End of Text]

[The most obvious implication of this incident is the importance of having a
backup. And why oh why weren't they using a *copy* of the data to do their
testing?!? The article merely hints at some intriguing characteristics of the
Boston Schools' DP department.

What disturbs me about this is that the plan is an important step in the
troubled recent history of the Boston schools towards equitable access to
various resources within the schools, by allowing parents to make an informed
choice for their child as to which school to attend. This ``snafu'' has created
the perception of arbitrary school assignments. Further, I suspect the
complicated nature of giving the maximum number of students one of five top
choices involves so many permutations that computer processing is essential to
proceeding with the plan; as the article reveals, the ``credibility'' of both
the plan, and most likely the role of computer processing, has now been called
into serious doubt.]


Immigration Chief Proposes National Computer Screen

<chrisj@cup.portal.com>
Fri, 23-Jun-89 15:14:14 PDT
Friday June 23 N Y Times, p. A10:
By Roberto Suro, special to the NYT

LA JOLLA, CA, June 22 -- The Commissioner of Immigration and Naturalization,
Alan C. Nelson, today proposed a nationwide computer system to verify the
identities of all job applicants in order to halt the widspread use of
fraudulent documents by illegal aliens seeking jobs.
    Mr Nelson also suggested standardized identity cards for immigrants
so as to get fuller compliance with a 1986 law prohibiting employment of
illegal aliens.
    Creating a national identity card and other ways of checking legal
status or identity have been repeatedly suggested in Congress as tools in
fighting unlawful immigration, but have also been consistently rejected
as potential infringements on civil liberties.
            [15 column-inches deleted]

The national computerized database on everybody is one bad idea that
simply refuses to stay dead, no matter how many times we drive a stake
through its heart---if the INS ("Search warrants?  We don't need no
stinking search warrants!") didn't resurrect it, the drug czar or the
FBI would.  "Eternal vigilance ...".  On the other hand, it appears to
me that most informed citizens by now understand the risks involved:
computer professionals no longer have to fight this battle alone.

The identity-card stuff I suppose belongs in talk.politics.misc: I won't
go into it here.

Chris           chrisj@cup.portal.com   sun!cup.portal.com!chrisj
(Christopher T. Jewell) chrisj@netcom.uucp  apple!netcom!chrisj


Big Brother is Hallucinating

Elizabeth D Zwicky <zwicky@cis.ohio-state.edu>
Thu, 22 Jun 89 10:49:32 EDT
I've seen a fair number of articles in the press lately warning people about
how sophisticated advertisers are getting in keeping databases and targetting
particular groups. I wonder if any of their authors has been getting the
targetted junk mail I have.

Oh sure, I get junk mail targetted towards Mazda owners, because I bought one
recently - but I get equally large amounts of junk mail for Camry owners, that
being the car I sold when I bought the Mazda. Some of my junk mail is targetted
to childless single mid-twenties women; then again, the same week brought me
mail that confidently announced that the coupons inside were specifically
targetted towards "growing families like mine, with young children" and mail
that confidently announced that I had now reached "an interesting age" (from
context, they meant I was over 40) and my children were all grown! Not to
mention the advertisements that begin "Men like you..."

I understand why they think I own a Toyota; I have a vague concept that my
growing family was a guess based on the date of my marriage certificate, which
definitely made its way into databases. I am at a loss to explain how anybody
became certain that I was over 40, or that I was male. I also wonder why (and
how) people manage to keep such careful track of car purchases but not sales,
marriage but not divorce... My mother, who has been dead nearly 5 years, has
reached retirement age in the databases that are preserving her memory for the
advertisers of America.

All in all, I don't think I'll worry about Big Brother watching me in order to
sell things to me.
                                    Elizabeth Zwicky


Study finds ``pedal misapplication'' to blame for Audi surges

<JON.JACKY@GAFFER.RAD.WASHINGTON.EDU>
23 Jun 1989 11:44:31 EST
Here are excerpts from IEEE INSTITUTE, July 1989, p. 8:

``Study finds `pedal misapplication' to blame for Audi surges''
by Karen Fitzgerald

The Audi 5000 has largely been vindicated in claims over the last four years of
sudden, out-of-control acceleration, but a U.S. National Highway Traffic Safety
Administration (NHTSA) study released in March also cautioned that pedal design
and minor engine acceleration may have caused drivers to apply their foot to
the accelerator instead of the brake.  ... 

The study, ``An Examination of Sudden Acceleration,'' explored ...
electromagnetic and radio frequency interference and malfunctions in cruise
control, electronic idle-speed control systems, computer-controlled fuel
injection systems, transmissions, and brakes.  The investigators could find no
mechanism --- besides actuation of the gas pedal --- that would open the
throttle sufficiently to accelerate any of the cars studied at full power.

However, there was evidence of minor surges of about three-tenths of the
Earth's gravity for 2 seconds caused by electronic faults in the idle
stabilizer systems of the Audi 5000 ... the surge could startle a driver enough
to accidentally push the accelerator instead of the brake, the study found ...
Moreover, the travel of the pedals and their height off the floor make it
possible for engine torque to overtake brake torque when the pedals are applied
simultaneously ...  [ more about this, including a graph indicating unusually
problematic placement of pedals in the Audi ].

The NHTSA took pains to call the problem ``pedal misapplication'' rather than
``driver error,'' as Audi first characterized the problem. ... ``Driver error
may imply carelessness or wilfulness in failing to operate a car properly,''
said an NHTSA press release announcing the study.  ``...(sudden acceleration)
could happen to even the most attentive driver who inadvertantly selects the
wrong pedal and continues to do so unwittingly.''

- Jon Jacky, University of Washington


Computer Crime and Social Risks

Pete McVay, TAY2-2/F14, 227-3598 <pmcvay%comcad.DEC@src.dec.com>
Thu, 29 Jun 89 05:42:19 PDT
Social Comment: Are computer criminals, and is computer crime, treated
differently than other crimes?

 RISKS DIGEST 8.85 (28 June) carried two separate stories on hackers, their
motives, and the results of their "activities".

 In one case, a teenager managed to crack the code of an Air Force
satellite and was able to read confidential information of at least 200
companies: "He hoped to use his know-how to persuade the companies to hire
him as a computer security consultant, police said."

 The second article reported that "Firms in the City of London are buying
the silence of hackers who  break into their computers and steal millions
of pounds."

 I have personal knowledge of similar incidents of both types:

 o One hacker, very notorious to telecommunications security people, was
   finally apprehended, and some of the on-line evidence in his personal
   accounts showed that he had planned to use his cracking expertise to get
   a job in the computer industry.

 o I have never heard of any payoffs, such as are reported in the second
   article--but it is well known among security and legal consultants that
   companies will often drop a hacker case because of fear of publicity.
   In fact, some of the security experts have been "turned to the dark side
   of hacking": frustrated by their own company's refusal to crack down on
   lawbreaking, they have become phone phreaks and crackers themselves.

 There is a persistent piece of folklore that criminals in nonviolent
crimes are often hired as consultants by the industries or governments they
victimized.  I can't remember the source exactly--but I remember a report a
few years back from some U.S. Government enforcement agency that such
things are very rare; in fact, the incidents of such hiring are all well
documented as special cases.  But in computer crime it appears to be a norm
that criminal activity will go unpunished, and might even be rewarded.

 If the social controls aren't in step with legal controls, then the best
laws and enforcement systems are worthless.  Companies and governments
publicly decry cracking of all types: they often state that the public
should be educated that breaking into telecommunications circuits
(computers or otherwise) is a crime.  Yet these same companies/agencies
refuse to enforce existing laws--and some crackers have been hired as
consultants or paid off.

 I don't pretend to have a good answer to this problem.  Perhaps the "social"
definition of computer crime needs to be changed; maybe we're dealing with a
new and different kind of social behavior and the rules must be examined.
Personally I favor more enforcement of existing laws, perhaps backed up with a
new law that would not allow companies/agencies to drop charges once an arrest
was made (a frequent occurrence).  However, something needs to be done: as long
as this social/legal dichotomy exists, no progress (or protection) exists for
the socially responsible hacker and computer user.


<"Pete Lucas, NERC Swindon UK.">
Wed, 21 Jun 89 16:02:32 BST
      <PJML%ibma.nerc-wallingford.ac.uk@NSFnet-Relay.AC.UK>
Subject: Reducing risks of cost overruns/project failures

Much of recent discussions have been relating to products which have no
guarantee of working (missile systems). From a purely technical point of view
this reflects badly on the procurement process.  Would you buy a
dishwasher/TV/microwave/automobile/aircraft if you couldn't see a working model
(and what's more, try it for yourself) first?  Wouldn't you expect it to come
with a warranty against faulty design or workmanship?  Surely when DoD pays
billions of dollars for a weapons system, the taxpayer is entitled to expect
that the supplier will provide a meaningful warranty, and that any failures
will be pursued in a rigorous and thorough manner (i.e. through the courts)..
There appear, to my way of thinking, two areas of conflict::

1) In a large project, involving many thousands of man-years effort, it
   is (almost) impossible to, at some point, admit that there's been a
   mistake made previously - this leads to embarassment and red faces all
   round.  Hence, previous mistakes, misunderstandings etc. get fossilised
   into the system at an early stage and are never undone.  There is no
   easy way of avoiding these sorts of problems when the coverup may only
   come to light when the article/project is completed (by which time it's
   too late to do anything about it as the money has all been spent.....)

2) It is difficult to test all the way through the development cycle - with
   many projects you don't know if it's all going to work together until 
   someone turns both keys at the same time........
   If nothing happens at that point, it's too late to consult your lawyer.
   Modularisation, structured methods etc. can go some way towards making
   sure that the obvious incompatibilities are avoided, but there's no
   substitute for live testing in a real-world situation.

Solutions - well i am a confirmed minimalist when it comes to these areas,
'Keep-it-simple-Stupid' (KISS) technology can avoid a number of possible
failure modes (and save money too - why buy one very sophisticated system
when you can have more less complex (and hence probably more reliable!)
ones?  The `if it isn't there it won't go wrong' argument against complexity
is a powerful one - minimising component count by eliminating unnecessarily
complex functionality means that the thing will be more likely to work when
you need it to.  It also keeps the human-count down (and as we all know,
people are the most error-prone and irrational parts of any system!).
Remember that the number of failure modes increases dramatically with the
number of points of failure.

If a large company intended to sell me some device, i would insist on a
test-drive, on MY chosen patch (so the supplier couldn't present his device
under the most satisfactory conditions) and if the supplier couldn't
deliver, then he sure wouldn't get the cash! It's amazing how withholding
payment will concentrate the minds of people.  `Cost-plus' contracts are a
mistake too, as you don't know what the final cost will be.  The classic
example here is the British 'Nimrod' project - a plan to produce a
radar-plane functionally equivalent to AWACS - after ten years and nearly a
billion pounds of funding, it was scrapped (and AWACS bought...).

If I had been the UK government, someone somewhere wouldn't be in business any
more.... After all, we all pay TAXES (don't we?) and so it's OUR money and i
think we should EXPECT things to WORK when the time comes..!!!
                                                                  Pete Lucas

  [This contribution covers ground that will be familiar to many RISKS readers,
  and is somewhat OVERsimplified, but nevertheless makes some good points. PGN]


Re: New Yorker Article on radiation risks (RISKS 8.82)

<chase@orc.olivetti.com>
Tue, 27 Jun 89 13:37:01 -0700
The third part in the series is on radiation and alleged health problems
associated with VDTs.  It is worth reading -- it was sufficiently detailed to
give a former "they should have accounted for job stress" skeptic (me) reason
to wonder.

Several points taken from the series (as recalled and interpreted by me):

1) consider *magnetic* fields, not just *electrical* fields
   (easier to shield against electrical fields)

2) The strength and range of magnetic
   fields depends on geometry and current -- the low-voltage
   distribution lines in your back yard may emit just as
   strong a magnetic field as the high voltage lines through
   some farmer's fields.  Though magnetic fields fall off
   rapidly with distance, fields from large "coils" extend
   farther than fields from small "coils" (that is, house-
   hold appliances are much smaller than power distribution
   systems, and thus their magnetic fields are of different
   shape and size).

3) consider not just VDT operators, but also people sitting
   around the VDT operators (there's the horizontal deflection
   coil which emits a 10s of KHz sawtooth, and the vertical
   deflection which emits a 50-100 Hz sawtooth.  The strong
   portions of those fields may not extend directly to the front
   of the VDT).

4) be careful, in general, when people quote "average" figures
   at you; the repetitive peak power is also an important figure.
   The frequency spectrum is also interesting -- harmonic effects
   have been observed.

5) There have been studies (on magnetic fields in general).
   Effects have been observed, both statistically (leukemia stats)
   and experimentally (abnormal development of fetal chickens and
   mice).  The mechanism, if any, is unknown.

   *Interactions with the ambient (i.e., earth's) magnetic field
   have been observed* -- this affects repeatability of experiments
   if not controlled for.
                                                  David


Computerized Translations

Will Martin <wmartin@ST-LOUIS-EMH2.ARMY.MIL>
Thu, 22 Jun 89 15:54:04 CDT
Thanks to Bhota San for the posting on the Canadian computer-translation
item. This reminded me of something I had just seen in a recent paper,
and which struck me as odd at the time. However, since I didn't know
what the curent state-of-the-art was in computerized translation, I
didn't realize at the time that this precis of a US Army Request for
Proposal represented some really pie-in-the-sky hopes for a fantastic
level of AI in automated translation! Here is the item, from the
"CBD Watch" column [CBD = Commerce Business Daily] on page 24 in the
June 5, 1989 issue of Federal Computer Week:

Army. Software for language translation. Software must be capable of
translating from English to German, Spanish, French, Italian, Japanese, Korean,
Chinese and Portugese. It must provide idiomatic, verbatim translation of such
documents as military specs, international legal agreements, correspondence,
reports, studies and military briefings on doctrine, combat developments,
training and materials. It must be MS-DOS compatible and capable of translating
military terms and syntax. Contact Barbara Smith, TRADOC Contracting Activity,
Building 1748, Fort Eustis, VA 23604-5538, (804) 878-4053.  ***End of item***

Hmmm... So these people expect this to run on a PC, too... (note the "MS-DOS"
reference...) "TRADOC" is the Training and Doctrine Command, by the way. I can
see why they would want to be able to translate stuff for the training of
allied personnel. However, based on the info in the previous posting, it sure
seems unlikely they are going to get what they want! Also, the RISKS
implications of this are rather stupendous. To expect software to translate
both military jargon, circumlocution, and tortured governmentese prose, and at
the same time handle the diplomatic nuances of "international legal agreements"
is a bit much, I think...  Most multi-lingual humans would have difficulty
doing that.

Will Martin

Please report problems with the web pages to the maintainer