The RISKS Digest
Volume 9 Issue 22

Wednesday, 6th September 1989

Forum on Risks to the Public in Computers and Related Systems

ACM Committee on Computers and Public Policy, Peter G. Neumann, moderator

Please try the URL privacy information feature enabled by clicking the flashlight icon above. This will reveal two icons after each link the body of the digest. The shield takes you to a breakdown of Terms of Service for the site - however only a small number of sites are covered at the moment. The flashlight take you to an analysis of the various trackers etc. that the linked site delivers. Please let the website maintainer know if you find this useful or not. As a RISKS reader, you will probably not be surprised by what is revealed…

Contents

Paris computer takes law into its own hands
ST4012704 and Sally Jubb
Brian Randell's comment on fault/failure analysis
Ted Lee
Re: US occupational hazards much worse than in Europe
Mats Ohrman
Re: medical systems and RF interference
Brian Kantor
Re: mis-tagging
Olivier Crepin-Leblond
Electronic House Arrest Failure
Martyn Thomas
Re: Lowest-bidder or weak specs?
Henry Spencer
Re: Law == Ethical Consensus
Douglas W. Jones
Victor Yodaiken
Gilbert Harman
Eric Hughes
Bill Murray
Joel M. Halpern
Info on RISKS (comp.risks)

Paris computer takes law into its own hands

<ST4012704@PRIME-A.OXFORD-POLY.AC.UK>
Wed, 06 Sep 89 17:34:18 BST
(From "The Guardian" - National Daily Newspaper) Wed 6-Sep-1989

A crusading computer has taken the law into its own hands and caught 41,000
Parisians on charges of murder, extortion, prostitution, drug trafficking and
other serious crimes.  But the big round-up ended in embarrassment after an
admission by the City Hall yesterday that the electronic Batman could not tell
the difference between a parking offfence and gang warfare.  "The accused
persons will be receiving latters of apology." an official at the City Hall
Treasury department said. "Instead of receiving summonses on criminal charges,
they should have been sent reminders of unpaid motoring fines in April. Somehow
or other the standard codes we use for automatically issued reminders got mixed
up."

The first hint of the avenging computer's self-appointed mission to clean up
the capital came at the weekend.  Hundreds of Parisians received printed
letters accusing them of big crimes, but demanding only petty fines for the
major crimes of between #50 and #150 (pounds - UK equivalent).  "About 41,000
people are involved and some of the charges are quite weird."  the official
admitted.  "One man has complained of being accused of dealing in illegal
vetinary products. Unfortunately, other accusations went much further, like
man-slaughter through the administraion of dangerous drugs."  "There were a lot
of cases of living off immoral earnings, racketeering and murder."  The
official said an inquiry had been started to see if the caped computer had a
human accomplice.  So far, no one has asked the Joker if he was in Paris last
week.

   [Also noted by Sally Jubb <salj@hplb.hpl.hp.com> ]


Brian Randell's comment on fault/failure analysis (RISKS-9.21)

<TMPLee.TIS@DOCKMASTER.NCSC.MIL>
Tue, 5 Sep 89 21:05 EDT
I'd like to add one postscript to Brian Randell's observations about the
difficulty (impossibility?  perhaps) of analyzing the failure modes and latent
defects of complex computer systems.  Fault tree analysis, etc., may well be
valid and useful if all one is doing is estimating the probability of failure
under "normal" (even if stressed to the extreme by incompetent operators or
"acts of God") operation.  One must note, however, that if the system is being
"stressed" by a conscious, knowledgeable, determined, perhaps well-funded,
"enemy" even his pessimistic analysis is too-optimistic: if the system has
exploitable flaws they WILL be found; it's only a question of time and energy.


Re: US occupational hazards much worse than in Europe, report claims

Mats Ohrman <matoh@sssab.se>
Wed, 6 Sep 89 08:14:23 GMT
JON@GAFFER.RAD.WASHINGTON.EDU (Jon Jacky) writes:

>... The National Safe Workplace Institute found that more workers are
>killed on the job in this nation than in most other industrialized
>countries. ... US workers are 36 times more likely to be killed than
>a Swede,

>[ Such a big difference is surprising to me.  Is this for real?  It
>is often noted that European safety regulations are generally more
>stringent than those in the US.

Doesn't surprise me. Swedish safety regulations are VERY strict.
*Any* place with more than five employees has to have a safety ombudsman,
an employee trained to recognize hazardous situation, who has the authority
to stop any work that seems dangerous. Death accidents at work (other
than traffic accidents) are rare enough to usually make it into the national
media (and draw rather large headlines).

On the other hand, there are people comparing living in Sweden to living in a
padded cell. Oh, well...
                                                       _
                                                  Mats Ohrman
Scandinavian System Support AB, Box 535, S-581 06 Linkoping, Sweden


Re: medical systems and RF interference (Ranzenbach, RISKS-9.21)

Brian Kantor <brian@ucsd.edu>
Tue, 5 Sep 89 21:24:24 -0700
If your radio was part of an 800MHz "trunked" radio system, it may have
transmitted even when you were not keying the microphone.

Trunked radio systems work by sharing a pool of channels between many users.
When a user transmits, he briefly interrogates the controller and is
temporarily assigned one of the pool of channels for his use.  After some idle
time, the channel is considered available for use by other members of the
trunked system.  Normally each mobile (which includes portables, etc) is
monitoring a "home" channel, but when any unit in the system transmits, the
repeater controller sends a signal out that directs ALL the units of that
customer to switch to the channel chosen, typically for the duration of the
dispatch.  The mobiles normally do NOT acknowledge this switching, so they
don't transmit for that reason.  In this way they differ from a cellular
telephone.

However, it is possible to equip mobiles with unit status reporting that allows
the base or repeater to poll each unit for its current status and can even be
used (in wide-area multiple-receiver trunked systems) to guess a rough location
of the unit.  If your system were equipped with such an option, it might well
cause your walkie to key up even if you aren't talking on it.

There are, of course, other reasons for radios to key inadvertently.  I recall
a prime example when the local fire department kept getting jammed; it turns
out that water from the fire hoses was spraying into a gap in the external-
microphone plug in their walkies and keying the transmitter.  Of course it only
happened when they needed a clear channel most: at a working fire.

However, NO piece of life-support equipment should be as RF sensitive as you
describe that respirator to be.  There is simply too much RF in the world
around us to allow that kind of shoddy design.
                                                    - Brian


Re: mis-tagging

Olivier Crepin-Leblond <ZDEE699@elm.cc.kcl.ac.uk>
Fri, 1 SEP 89 14:35:29 GMT
The UK experiment with electronic tagging does apply ONLY to remand prisoners
who are not necessarily 'criminals' in the sense of killing/attempting to kill
someone. I referred to them as criminals, since in the English language, you
can call any breach of the law a crime. Speeding on the highway is a 'crime'.
Anything which is punishable by law can be put under a general heading of
'crime'. However don't take my word for this since I am French, so I am sure
that other people are more qualified than me to decide about this. I thank
Geraint Jones for pointing this out. I just didn't think people would get
confused about this.

Olivier Crepin-Leblond, Electrical & Electronic Eng,
Comp. Sys. & Elec., King's College London, UK.


Electronic House Arrest Failure

Martyn Thomas <mct@praxis.UUCP>
Mon, 4 Sep 89 12:15:53 BST
A recent RISKS reported the experiment with electronic "tagging" of a
suspect awaiting trial in the UK. The system seemingly involves a transponder
permanently attached to the suspect's leg, interrogated at random by a
transmitter attached to a phone. If the transponder fails to respond, the
police are alerted that the suspect may have "escaped".

Datalink newspaper (September 4th) reports that "the only person to have
been tagged [ ... ] was woken in the early hours last week when a fault in
the [ ... ] system keeping tabs on him alerted the police to an 'escape'. "

Martyn Thomas, Praxis plc, 20 Manvers Street, Bath BA1 1PX UK.


Re: Lowest-bidder or weak specs? (RISKS-9.18)

<henry@utzoo.UUCP>
Tue, 5 Sep 89 23:11:36 -0400
>2. Discard the highest and lowest bids. (Since all bidders are bidding
>on the same job, if the bids are wildly out of range there's either a
>problem with the spec or the vendor.)

Unfortunately, discarding the low bid *sometimes* disqualifies precisely
the people who are best suited to do the job:  the ones who have found a
new approach that radically simplifies the problem.  The Douglas proposal
for what became the A-4 Skyhawk (1950s carrier-based light bomber) specified
half the weight — and half the price — that everybody else thought
reasonable.  In the beginning, everyone thought Ed Heinemann (the chief
designer at Douglas) was either crazy or trying to pull a scam.  The
Skyhawk arrived on schedule, on spec, on budget, on price, and on weight,
and was built by the thousands in an enormously successful program.

If the bids are wildly out of range, it may be because somebody's got more than
usual insight into what's going on.  This might be either a realistic
assessment of the real cost of the project, leading to a high bid, or a new
approach, leading to a low bid.  Either way, accepting the out-of-line bid
could be the right thing to do.  Unfortunately, it's really hard to tell for
sure.  You can't just look for some radical difference in the proposals,
because there may not be one.  Heinemann didn't coat the Skyhawk with
antigravity paint; he was just unusually firm and thorough about finding ways
to reduce weight.
                                 Henry Spencer at U of Toronto Zoology
                                 uunet!attcan!utzoo!henry henry@zoo.toronto.edu


Re: Law == Ethical Consensus

Douglas W. Jones <jones@pyrite.cs.uiowa.edu>
Wed, 6 Sep 89 09:31:16 CDT
I must take issue with Scott Guthery's piece in RISKS DIGEST 9.21,
dated 4 Apr 88 (no doubt, due to unusual congestion somewhere in UUCP).
He says that
>  The law *IS* the current ethical consensus.
I will not argue that point, leaving that issue to those more versed in
both the law and ethics.

He goes on to conclude that
> A teacher in a institution receiving U.S. taxpayer support is legally
> obliged to state from the front of the classroom that if it isn't illegal
> it is by definition ethically correct.
This is nonsense.

I am an associate professor at the University of Iowa, supported totally by
tax dollars.  Like most publically supported universities, we teach courses
on ethics and on religion, and even in our computer science classes, we
occasionally discuss ethical issues that are not addressed by the law.
Although the public school systems of our country have seemed to have an
incredibly difficult time with doing this, the universities have always done
it.  The key do doing so is fairly obvious.

The University of Iowa College of Liberal Arts Classroom Manual (1983) governs
the conduct of classes in my college.  It states
> No limitation is placed upon the teacher's freedom of expression in the
> exposition of the teacher's own subject in the classroom or in statements
> made outside the classroom, so long as these statements are in good taste.
> However, members of the faculty are morally bound not to take advantage of
> their positions by introducing into the classroom provocative discussions
> of irrelevant subjects that are clearly not within their respective fields
> of study.

Note that we are not bound by any written contract to obey these rules, nor
are these rules legislatively sanctioned.  These rules do not represent the
"moral consensus" of the state.  Rather, they represent the "moral
consensus" of the college.  In a sense, the faculty of the college have
imposed this rule on themselves in order to avoid situations that might
force the state to reach it's own "moral consensus", codified in law, that
might limit our freedom to teach.

If I were to follow the logic Scott Guthery proposes, the fact that the state
has taken no legislative stand on what I can teach would imply that it is
completely moral for me to teach anything I want.

It is pretty obvious that the statement in our classroom manual is not really
restrictive enough, especially for those teaching in the departments of
religion, economics, political science, and philosophy.  In those departments,
our code would suggest that faculty members would be entitled to advocate or
even require adherence to particular religious, economic, political and
philosophical stands, but doing so is clearly dangerous because it could bring
a legislative reaction.  Faculty members in those departments almost always
have personal stands on such issues, and they are allowed to make their
personal views clear, but at the same time, they are expected to tolerate
students who disagree with their personal views and not try to impose those
views.

Fortunately, we have ethical traditions (most of which are not written into
law) which allow us to retain our freedom of expression.  It might almost
be appropriate to state the following rule as an alternative to Guthery's
statement:

  Laws are enacted when people fail to adhere to reasonable self-imposed
  ethical standards.

Peer groups (friends, neighbors, fellow professionals) can all act to
reenforce such standards.  For example, we have an ethical consensus that
stealing is bad, but no laws would have been enacted if it hadn't been for
the fact that, despite this consensus, some people steal.  In the professions,
we have the opportunity to promulgate ethical codes, and in most mature
professions, we can impose these codes on ourselves, providing methods to
discipline our peers who fail to adhere to these codes.  The more we succede
in our efforts at regulating our own behavior, the less need there is for
society as a whole to reach a "moral consensus" about how we should have
behaved, and encode this consensus in law.

Douglas W. Jones, Associate Professor of Computer Science, The University of Iowa

   [I first thought the date might have been a belated April Fool's gag.  I
   suspect I stripped away some of the preceding header that would have indicated
   a REMAILing of an old item that had not previously appeared in RISKS.
   Recycling hits high gear?  PGN]


Re: Law == Ethical Consensus (RISKS-9.21)

victor yodaiken <yodaiken%freal@cs.umass.edu>
Tue, 5 Sep 89 21:07:04 EDT
Scott Guthery  writes in RISKS 9.21 :
>A teacher in a institution
>receiving U.S. taxpayer support is legally obliged to state from the
>front of the classroom that if it isn't illegal it is by definition
>ethically correct.

This is false, and ethically incorrect.


Re: Law == Ethical Consensus (RISKS-9.21)

Gilbert Harman <ghh@clarity.princeton.edu>
5 Sep 89 23:36:47 GMT
Scott Guthery [...] is confused.  (1) The law *IS NOT* the current ethical
consensus.  (2) The current ethical consensus, if there were one, is not the
same thing as what is ethically correct.  (3) What is ethically correct is
distinct from what is required by one or another religion.  (4) A teacher in an
institution receiving U.S. taxpayer support who says that, "if it isn't illegal
it is by definition ethically correct" should be dismissed for incompetence
both in ethics and in knowledge of definitions.

Gilbert Harman, Princeton University Cognitive Science Laboratory
221 Nassau Street, Princeton, NJ 08542      HARMAN@PUCC.BITNET


Re: Law == Ethical Consensus (RISKS-9.21)

<hughes@bosco.Berkeley.EDU>
Tue, 5 Sep 89 17:21:13 PDT
Religion is not the only other source of ethics in the world.  Philosophy, the
largest such source, is not the same as religion nor is it the same as the law.
Do not blur the distinction between ethics and morals.

The ethics as found in the law should be the _minimum_ required.

Eric Hughes    hughes@math.berkeley.edu     ucbvax!math!hughes


Law, religion and ethical norms

<WHMurray.Catwalk@DOCKMASTER.NCSC.MIL>
Tue, 5 Sep 89 21:43 EDT
It is said that in Soviet Russia everthing that is not explicitly permitted
is implicitly restricted.  Mr. Guthery suggests that in the U.S. everything
that is not illegal is implicitly permitted.  He seems to feel, indeed claims
to know, that in public institutions to claim otherwise is to violate the
constitutional ban on state recognition of religion.

Of course, the implication is that law and religion are the only sources of
ethical and moral norms.  If the source is not law, then it must be religion.
For the state to espouse such a norm is to recognize religion.

If indeed state institutions are behaving this way, it would explain a great
deal.  It would explain viruses, drug abuse, a quarter of a million teen
pregnancies, and a million abortions.  It would explain 200,000 deaths per
year from the use of tobacco, and 20,000 deaths a year from driving under
the influence of alchohol.

If state institutions are behaving this way, it would have to fall into the
category that Bob Courtney calls "malicious compliance,"  conforming to the
law only when compliance will make the law appear absurd.

Of course, there are other sources for judging right behavior besides law and
religion.  They include community interest, enlightened self-interest,
legitimate national interest, contract, professional ethics or practice, and
other concepts of fairness, justice or equity.  To that list one can add
tradition and religion.  However, I confess that when I first created the the
list, I forgot tradition and religion; they did not even occur to me until I
read Mr. Guthery's posting.

Now, I confess that I erred grievously.  I suggest that all those that would
suggest that law and religion are the only sources of norms of right conduct,
err even more.  The position is so absurd, that had I not left religion off my
list, equally absurd, I might be tempted to conclude that they were malicious.
That is, they took their position in order to demonstrate that the state must
recognize an establishment of religion.

William Hugh Murray, Fellow, Information System Security, Ernst & Young
2000 National City Center Cleveland, Ohio 44114
21 Locust Avenue, Suite 2D, New Canaan, Connecticut 06840


Re: law == Ethical Consensus

1606 <jmh@ns.network.com>
6 Sep 89 15:22:24 GMT
In his article, Scott Guthery states that a Professor at a tax
supported institution is required to assert that Law == Ethical behavior.

This is not true, and does not reflect either the law or the ethical
guidelines of any of the major professional societies.  I agree that the
proliferation of non-legal guidelines does not provide a good basis for teaching
ethics in computer science.  However, the separation of Church and state does not
prevent the teaching of a course on Ethical behavior of computer scientists.  Nor
does it restrict such a course to an explaanation of the legal constraints.

(Not that there are Religion departments at most major tax supported
institutions.  Also, most philosophy departments have several course on ethics,
including history and modern thoughts.  These courses often deal with the
question of whether certain behaviour is ethical under a certain theory.  Often
this is reflected against the background of the students and professors natural
inclinations and insights into the topic.)

Joel M. Halpern, Network Systems Corporation

Please report problems with the web pages to the maintainer

x
Top