The Risks Digest

The RISKS Digest

Forum on Risks to the Public in Computers and Related Systems

ACM Committee on Computers and Public Policy, Peter G. Neumann, moderator

Volume 9 Issue 19

Wednesday 30 August 1989


o NEW INSTRUCTIONS TO FTP VOL i ISSUE j, effective immediately
o Reg. of Motor Vehicles computer slows down
Adam Gaffin
o British nuclear reactor software safety disputed
Jon Jacky
o South German hackers hack TV German Post
Klaus Brunnstein
o Ethics
Donald J. Weinshank via Tom Thomson
o sci.aeronautics, a new newsgroup
Robert Dorsett
o What's a stamp? (postal service problems)
David Elliott
o Info on RISKS (comp.risks)

NEW INSTRUCTIONS TO FTP VOL i ISSUE j, effective immediately

Peter Neumann <>
Thu, 24 Aug 1989 10:44:34 PDT

Reg. of Motor Vehicles computer slows down

Adam Gaffin <adamg@well.UUCP>
Wed, 30 Aug 89 10:54:54 pdt
From the Middlesex News, Framingham, Mass, Aug. 29, 1989
By Michael Sereda

MetroWest police, more accustomed to battling crime, are battling a broken
Registry of Motor Vehicles computer that hasn't spit out information since
Sunday.  So far, 6,000 inquiries on licenses and registrations have backed up,
handcuffing police and leaving Registry officials to crank out renewals on

``It's a real pain in the neck, particularly on a busy night and there's so
much going on,'' said Medfield Police Dispatcher Shirley Rossi.  ``You're able
to check the status of someone on a warrant ...  but you can't check the status
if they have a suspended or revoked license, and you can't check the status of
a vehicle, if it's unregistered, registered. It just basically makes it
difficult if they want to write a ticket.''  ``This is an ongoing thing with
(the Registry),'' Rossi said.

Trouble began, spokesman Kathi Connelly said, on Sunday morning when the
Registry shut down the electronic brain for four hours of scheduled
maintenance. After the maintenance was performed, the computer came back on
line for about an hour and then started acting up, she said.  The 4-year-old
computer, which stores information on the state's 3 million drivers and 6
million vehicles, was operating off and on throughout Sunday, before
``crashing'' late that night or early Monday morning, she said.

The glitch meant that police throughout the state could not check on a person's
driving record or the validity of a registration.  ``It gets very difficult,''
said Framingham Lt. Wayne McCarthy. ``There've been several times that it's
down, and later it comes up (after a suspect is let go) and it comes back that
someone's license is revoked or suspended.  ``They may have had a license on
them and we couldn't check on it,'' McCarthy said.

``It kind of stops the checking process out on the road,'' said State Police
Sgt. Joseph Parmakian.

While the computer was down Sunday and Monday, the system automatically stored
the inquiries and answered them when operation resumed between 4 p.m. and 6
p.m. Monday, Connelly said.

At the Registry, customers who wanted to renew their licenses went away with
temporary paper renewals and without the laminated photo license, which is
computer-generated, Connelly said. Those drivers can return for the photo
license, she said. She said she could not estimate how many customers might
have been inconvenienced. Other Registry transactions involving the public were
done on paper, she said.  ``To be frank, we were kind of worried that something
like this would happen,'' Connelly said. ``The computer has been operating at
100 percent capacity for more than a year. Generally, computer systems are
supposed to operate at no more than 85 percent of capacity.''

The computer's maker, Amdahl Co. of Sunnyvale, Calif., flew parts and repair
technicians to Boston to help out, she said. The repairs did not cost the
Registry additional money because they were covered under a maintenance
agreement, she said.

Permanent help is on the way for the Registry in the form of a new computer
with an expanded memory, Connelly said. The new computer will have the ability
to handle 40 million instructions per second - in computer lingo, that means
it's real fast. The Registry will be going out to bid in 10 to 12 weeks for the
$7 million machine. The money for the computer, Connelly noted, has already
been budgeted and will be paid over a five-year period.

Connelly said that David Lewis, the Registry's computer boss, ``feels secure
the problem has been taken care of.''  ``We'll be happy when it's replaced,''
she added.

British nuclear reactor software safety disputed

Tue, 29 Aug 1989 14:06:30 PDT
The following article appears in NEW SCIENTIST, 5 August 1989, p. 24:

CEGB Rebuffs Critics of Safety Software by Susan Watts

The Central Electricity Generating Board has responded to critics who doubt the
reliability of the software that will protect Britain's latest nuclear power
stations from accidents.  Specialists in computer safety systems fear that this
software does not meet current standards for such "safety-critical" software,
published recently by the Ministry of Defence (MoD).  The CEGB has been
reluctant to publish details of the protective system.

At a special session of the Hinkley Point inquiry in Bristol, Martyn Thomas,
the chairman of the committee on safety software at the British Computer
Society (BCS), urged the CEGB to allow an expert committee to make an
independent assessment of the software.  This software, which the board ordered
from Westinghouse in the US, might one day be solely responsible for shutting
down pressurized-water reactors should something go seriously wrong.

The MoD's draft standard, Def Stan 0055, stipulates that all software for
systems which protect human life must be analyzed mathematically, rather than
simply relying on estimates of the probability that such software will not

Thomas fears that the systems could not meet the requirements of MoD's new
standard (THIS WEEK [a section in NEW SCIENTIST] 1 April 1989).  The only way
to allay concern about the protection system among computer experts would be
for the CEGB to publish details of the system and to allow the expert committee
to scrutinize it, he says.

The board rejects charges that the emergence of the new standards invalidates
or renders inadequate its designs, which have been under development for some
time.  The board points out that it has its own independent assessment team,
which includes a member of the safety systems group of the BCS.

But Thomas says that this "Independent Design Team", although independent of
Westinghouse, is made up of employees of the CEGB.  This is not good enough,
says Thomas, who wants the inquiry to open an extra session on the safety
aspects and reliability of the software which will control the reactor.

In Bristol, Thomas said that the Health and Safety Executive, whose team at the
Nuclear Installations Inspectorate (NII) has to approve the system before it is
allowed to operate, is severely short of skilled resources for assessing
programmable electronic systems of any sort.  He also has serious reservations
about whether the NII has the staff and skills to evaluate safety of the
protection system.

He says that the CEGB has not answered the substantive point of his evidence;
that this important area of the design, where opinions within the computer
community have been maturing quite rapidly over the past six months, ought to
be examined by public inquiry.  He says that he asked the CEGB several months
ago for information about the design of the system.

The Health and Safety Executive (HSE) has responded to the evidence submitted
by Thomas, and says that it has adequate expertise and resources to do its job.
The HSE says that it has addressed the potential problems with software
identified at the time of the Sizewell inquiry, and that the NII expects the
CEGB to make use of new checking techniques as they become available.

- Jonathan Jacky, University of Washington

South German hackers hack TV German Post

Klaus Brunnstein <>
29 Aug 89 14:16 GMT+0100
Last Saturday (August 26, 1989), ZDF (=2nd German TV, one of the 2 nationwide
TV channels) asked there spectators whether smoking should be banned in the
public. The spectatores could answer by telephone, dialing for "yes" a
telephone number nnnnnn1, or nnnnnn2 for "no". Within a time slot of 14
minutes, 52.942 telephone calls came in, with a quota of 54:46 in favor of a
smoking prohibition. That means, that 29.669 voted in favor of a prohibition,
and 25.273 opposed.

On Monday (August 28, 1989), a group of South German hackers said that they
manipulated the quota by dialing the "yes" number with from 83 PCs at a rate of
4 times a minute; virtually all of their calls came through so that about the
maximum of 4.648 Yes-votes came from their computers.  The result was thus
significantly changed: without the computer votes, the result would be:
Yes=25.021; No=25.273, which is a small majority of the opposition.

German news media (only) now start a debate about the "security" (not
about the quality!) of the German Post Office's "TED" =TEleDialog system
used for this TV transmission. The system was developped in 1979 (and
used several times, mainly for entertainment purposes, e.g. vote on
the Saturday movie). TED consists of 11 regional computers which count
how often a specific number is dialed; the count is transferred to the
TV station which rented this service, after a given time limit is reached.
The maximum capacity for a nationwide counting procedure is 350.000
"votes" per hour. On Saturday, only slightly over 50% of the capacity
was used, probably due to vacation time and missing interest in the
corresponding TV show.

The system can easily be hacked; probably, some more hackers tried and
practicised such hacks earlier. There have been some discussions before
when, at a local election in the Federal State of Hamburg, some strange
results about political themes came up. But only now, as leisure time
themes and activities of hackers are involved (and other catastrophy
themes are not visible), a discussion is started about the "security". My
prognosis:the essential question about the quality of the results
produced by such a tool and  procedure will only be discussed when
questions of common (national?) interest are asked, such as: shall we
replay Steffi's or Boris's last winning game.

Klaus Brunnstein           Hamburg, FR Germany


Tom Thomson <>
Tue, 29 Aug 89 12:57:36 bst
I thought this article from humanist was worth posting to risks and to security.
What risks do we suffer if our engineers/scientists are unethical, or are taught
to subscribe to conflicting sets of ethical principles? Is it likely that
societies like ACM, BCS, IEEE, etc will have incompatible ethical codes, each of
course incompatible with whatever is taught in the computer science schools?
Forwarded article:-

   Reply-To: Willard McCarty <MCCARTY@CA.UTORONTO.EPAS.VM>
   Humanist Discussion Group, Vol. 3, No. 402. Monday, 28 Aug 1989.

   Date:   Mon, 28 Aug 89 17:14:47 EDT
   >From: (Dr Donald J. Weinshank)

   If I may, I would like to reopen the question of "computer ethics." Let me
try to formulate the question this way: "Is there a rational and consensual
basis for computer ethics?"

   The older I get, the more I feel the poignancy of this exchange in The
Brothers Karamazov:

      "Is that really your conviction as to the consequences of the
      disappearance of the faith in immortality?" the elder asked Ivan

      "Yes. That was my contention. There is no virtue if there is no

Absent a consensual reality, on what basis can we construct a system of
computer ethics for our students?

   Do we reduce ethical questions to the merely legal ones? If it ain't
illegal, is it OK?

   Do we point to a series of mini-consensuses? The ACM says ...., and the MLA
says ...., and the Department of Redundancy Department has published yet
another statement of computer ethics. Are students to choose one ethics
position from Column A and one from Column B as they see fit?

   Are computer ethics merely negative ("Thou shalt not..."), or are they also
positive? Are there ethical statements which are unique to (or apply with
special force to) the field of computing, or are they the general ones of
"intellectual honesty, curiosity, an eye for detail, a respect for theory, and
delight at discovery" (Miller quoting Ryle on 20 June, 1989).

   If computer ethics can be taught, then I have these questions:
      * Who is doing the teaching? People in the Humanities? Engineers?
        Computer Scientists?
      * What are the people who are teaching computer/engineering/scientific
        ethics teaching?
      * What texts?
      * What contexts: part of many courses or a separate required/elective

sci.aeronautics, a new newsgroup

Robert Dorsett <rdd@rascal.ics.UTEXAS.EDU>
Wed, 30 Aug 89 19:41:02 CDT
The sci.aeronautics newsgroup has been formed on usenet.  It will be dedicated
to discussions of various aspects of aviation, such as human factors, airliner
oprations, avionics, and aeronynamics.  It is intended to complement the
existing rec.aviation newsgroup, not replace it.

There is also a mailing list.  Submissions should be mailed to
Administrative details (requests to subscribe, unsubscribe, questions) should
be addressed to:

The "aeronautics" mailing list will be a moderated version of the
sci.aeronautics newsgroup.  It will be a one-way feed (sci.aeronautics ->
mailing list), unless sufficient demand requires that it go in the opposite

Robert Dorsett                            Internet:

What's a stamp? (postal service problems)

David Elliott <dce@Solbourne.COM>
Tue, 29 Aug 89 10:05:35 -0600
Recent articles and letters in "Linn's", a weekly philatelic newspaper,
give an interesting view of problems in the US Postal Service.

A recent scam has people paying as much as $40 to find out about a
"little-known regulation" that allows people to send first-class mail for $.02
instead of $.25.  There is no such regulation, at least not specifically.

Nowadays, stamps are printed with phosphorescent inks (sometimes the colored
ink contains phosphor and sometimes a clear overcoating is applied).  Automatic
cancelling machines detect the phosphor, rejecting envelopes that have none.

The result is that any stamp with the phosphor will trigger the cancelling
machine: a $.25 stamp, a $.02 stamp, a $.01 stamp, a piece of selvage (stamp
sheet edge), some used stamps, and some foreign stamps.  In fact, one political
candidate's secretary used this trick to "save money".  No charges were made
("It's a simple mistake").

On the other side of the coin (as it were), overzealous postal
clerks refuse valid stamps:

 * The 1987 Stamp Collecting issue, which shows a 100-year old
   cancel as part of the design ("We don't accept cancelled stamps").

 * The 1947 100th anniversary souvenier sheet contains stamps with the same
   designs as the US 1847 issues (5 and 10 cent values).  The 1847 stamps were
   invalidated during the Civil War.

 * The 1989 souvenier sheet showing a reprint of the 90 cent Lincoln stamp
   of the 1880's is expected to have similar problems.

 * Any postal customer with the proper permit is allowed to use precancelled
   and fractional-valued stamps, but obtaining and using the permit is not
   always possible with some clerks and postmasters.

David Elliott

Please report problems with the web pages to the maintainer