The RISKS Digest
Volume 9 Issue 43

Wednesday, 15th November 1989

Forum on Risks to the Public in Computers and Related Systems

ACM Committee on Computers and Public Policy, Peter G. Neumann, moderator

Please try the URL privacy information feature enabled by clicking the flashlight icon above. This will reveal two icons after each link the body of the digest. The shield takes you to a breakdown of Terms of Service for the site - however only a small number of sites are covered at the moment. The flashlight take you to an analysis of the various trackers etc. that the linked site delivers. Please let the website maintainer know if you find this useful or not. As a RISKS reader, you will probably not be surprised by what is revealed…

Contents

L.A. Times Computer Foulup
Jerry Hollombe
Altered bits in Risks 9.39
John M. Sullivan and Henk Langeveld
Re: Apollo 12 (Artificial lightning)
Henry Spencer
Re: Equinox TV programme on A320
Alan Marcum
Failure of Systems After Earthquake
Jon von Zelowitz
Article about "Paperless Office"
Alan Marcum
Are you sure you declared ALL your dividends?
Peter Jones
Re: Another intrusive database ...
Jim Horning
Re: Computer errors and computer risks
David Smith
John Locke
Info on RISKS (comp.risks)

L.A. Times Computer Foulup

The Polymath <hollombe@ttidca.TTI.COM>
14 Nov 89 02:21:45 GMT
Here's a first-hand experience, for a change:

Some months ago my SO subscribed to the L.A.  Times newspaper.  She made
it very clear she wanted the Sunday edition only.  A week later papers
began arriving — every day.  We called the Times and complained.  The
person who answered looked us up in their data base.  Sure enough, we're
listed there as Sunday edition only.  She said not to worry about it, we
would only be billed for the Sunday papers.

Time goes on.  Daily papers continue to arrive.  We complain again. (We
don't _want_ daily papers.  Not even for free).  Same story.  The computer
has us listed as Sunday only, so we shouldn't worry about it.

More time.  More daily papers.  Recycling them is becoming a major
nuisance.  On our third, most recent call the Times operator asked "What
is it you want?" We answered "Sunday delivery only." "Well, the computer
says that's what you're getting." End of conversation.

We're still getting daily papers. )-:

The Polymath (aka: Jerry Hollombe), Citicorp(+)TTI, 3100 Ocean Park Blvd.,
Santa Monica, CA  90405              {csun|philabs|psivax}!ttidca!hollombe


Altered bits in Risks 9.39

<sullivan@math.Princeton.EDU>
Wed, 15 Nov 89 19:36:25 -0500
I get my news from phoenix.princeton.edu, and on that machine, RISKS-9.39
arrived AFTER 9.40 and 9.41.  Furthermore, many characters had been altered,
having their 2^2 bit set.  The most common changes were ' ' -> '$' (happened 30
times) and 'h -> l' (there were many instances of the word "tle").  I also
noticed y->}, s->w, i->m, p->t, b->f, r->v.  Note that in all of these cases,
the letter substituted has ascii value exactly 4 greater than the original (one
extra bit set).

John M. Sullivan    Princeton Univ. Math Dept.  sullivan@math.princeton.edu

    [Similar behavior was reported by several other recipients, including
    henk@cs.eur.nl (Henk Langeveld) in Rotterdam, whose return path to me was
      "euraiv1!eurtrx!hp4nl!mcsun!uunet!seismo!ukma!tut.cis.ohio-state.edu!
      gem.mps.ohio-state.edu!usc!ucsd!ames!lll-lcc!unisoft!mtxinu!
      ucbvax!CSL.SRI.COM!risks".  His copy had an interesting FROM: field --
      "From: rmsks@CSL.SRI.COM (RISKS Forum)".

    We have reported previously on compression screwups making systematic
    substitutions in software.  This one looks like a transient hardware bit
    error in the 4's bit, somewhere along the line.  I hope someone can track
    down its origin.  This is the kind of thing that simply shouldn't happen
    anymore.  Reliable protocols?  Bah, humbug.  PGN]


Re: Apollo 12 (Artificial lightning, RISKS-9.42)

<henry@utzoo.UUCP>
Wed, 15 Nov 89 13:35:23 EST
An interesting sidelight is *why* Apollo 12 survived the lightning strikes.
The Apollo spacecraft's electronics got scrambled quite thoroughly, but the
independent computers running the Saturn V booster were unaffected.  They were
in a much less exposed position, on top of the booster proper, underneath the
Apollo spacecraft assembly.  (They may also perhaps have been better protected
against electrical upsets, although I don't know that for sure.)

Early in the Saturn program, there had been some discussion of the idea of
saving weight by having the spacecraft computers run the booster as well;
Wernher von Braun vetoed the idea and insisted on the booster having its own
control system.  This was probably more because of potential problems with
changing payloads — the Saturn V was meant to be NASA's heavy booster well
into the 1980s, launching much more than just Apollo — but I seem to recall
that better protection for the electronics was mentioned as well.

                                     Henry Spencer at U of Toronto Zoology


Re: Equinox TV programme on A320 (from 9.42)

<Alan_Marcum@NeXT.COM>
Tue, 14 Nov 89 09:36:34 PST
Truth stranger than fiction?  Several months ago, I stumbled on a novel,
_Passengers_, copyright 1983, by Thoms G. Foxworth & Michael J.
Laurence.  It tells the story of a brand new airliner with active fly-by-wire
controls and inherent aerodynamic instability.  The book does have some
technical flaws.  However, it happens to cover not just the active fly-by-
wire issue, but also whistle-blowing and different international safety
standards and evaluations.

Again, not one's most technically accurate source, but an enjoyable read
nonetheless, especially in light of many of the discussions on RISKS.

Alan M. Marcum,    NeXT Technical Support      (415)780-3753


Failure of Systems After Earthquake

Jon von Zelowitz <vonzelow@adobe.com>
Mon, 13 Nov 89 23:12:05 PST
An article in the San Francisco Bay Guardian of November 9, 1989 entitled
"We Almost Lost San Francisco", and an accompanying sidebar "Water, Water
Everywhere..." investigate some of the failures and near-failures of major
systems during the October 17th earthquake.  Most failures were made up for
by individuals' dedication and heroism.

According to the article, years of budget cuts and neglect had left the City
unprepared for such a disaster. Here is a summary of some of the points in
the article.

The telephone system held up pretty well, but the 911 system (not intended
for a disaster) was overloaded. There are only a few 911 trunk lines from
each exchange, and only 15 lines go into the 911 operators.

With 911 flooded, the primary way for citizens to contact the fire
department was the Street Telegraph System, which was first built in 1875,
and reconstructed after the 1906 earthquake. The Fire Department had
defended the system from former Mayor Feinstein's budget axe. The telegraph
system is triggered by pulling alarm boxes along city streets, sending a
coded signal to a teletype at the Central Fire Alarm Station. Because the
alarm boxes contain spring-driven works, and the telegraph lines are
battery-powered, the boxes worked fine after the quake.

Unfortunately, the success story of the street boxes ends there. The
telegraph messages are decoded by a 16-year-old DEC computer. It has a
history of crashing under heavy load, and went down almost immediately after
the quake. Dispatchers ended up using an antiquated 1940's-era card system
called "the tubs" to identify the locations of alarms and assign units. A
department chaplain used a pegboard to keep track of assignments.

Fire Commissioner Sharon Bretz told the Bay Guardian that no computer could
have handled the flood of calls into the Central Fire Alarm System.

The City's police, fire, and ambulance radio works through a repeater on
Twin Peaks, the highest point in town. When electrical power failed,
emergency generators kicked in. They are so old that mechanics can no longer
obtain spare parts for them. Both had trouble with their water pumps. The
first one overheated and failed; luckily, a dedicated engineer kept the
second unit (an identical machine with identical failure mode) running.

A large fire broke out in the Marina district. Water was eventually supplied
by the Phoenix, an aging fireboat. There is a special high-pressure water
system specifically designed to supply water for firefighters after an
earthquake, but no one ordered it turned on.  Even if the order had been
given, some of the pump stations are unmanned and automated, and have no
generators; the electrically-operated valves would not have worked. And some
of the dozen workers who know how to operate the system live out of town.

[I was lucky — no damage to my home, and no nearby fires. I headed for the
neighborhood bar for some warm beer, and returned home when power came back
on (around midnight). -jvz]

   ...sun!adobe!vonzelow    vonzelow@adobe.com  Jon von Zelowitz


Article about "Paperless Office"

<Alan_Marcum@NeXT.COM>
Tue, 14 Nov 89 14:06:00 PST
Here's an article someone at work sent to me.  I find the perspective of the
author, um, interesting, and offer it to the group for their perusal,
amusement, and comment.

                   No more John Hancock
         Businesses start to sign off on paperless deals
          By Tom Steinert-Threlkeld Dallas Morning News

DALLAS. Until now, the operative phrase for sealing a contract has been, "Put
your 'John Hancock' on the line."  Soon, that may change. The operative phrase
could well become, "Send your personal identification code over the line."

Such is going to be the impact of the paperless contract. Unlike much of the
rest of the "paperless office," electronic purchase orders, invoices and
payments are taking off.

The process is called electronic data interchange. EDI involves a variety of
protocols and standards for paperless communications allowing companies to buy
and sell goods and services to each other simply by sitting at a screen on a
desk.  EDI is growing rapidly. Dallas attorney Benjamin Wright, author of a new
book called "EDI and American Law: A Practical Guide," estimates that as many
as 7,000 firms and agencies worldwide now use electronic means for conducting
basic business transactions.

Market Intelligence Research Co. estimates that only $11.3 million of business
was conducted through such means in 1985. That will have grown to $144.7
million of EDI business this year, the Mountain View research firm estimates.
By 1993, use will grow to $1.1 billion, the company says. Two years later? $1.8
billion. EDI is here to stay.

But the John Hancock problem remains. How do you prove that an electronic
document is for real? As computer malfeasance has proved, electronic
information can come from anywhere and go to anywhere.  No fingerprints get
left. No signatures are affixed. Heck, for that matter, make the wrong move and
the whole blasted thing gets erased in a blink. And there are no carbons.  It's
not quite as bad as all that. As Wright notes, electronic documents frequently
can be more secure than paper documents. Electronic systems provide a multitude
of options for automatically securing and authenticating documents or data:
passwords, security codes, encryption, and the like.

In addition, the information is less susceptible to damage. With electronic
transactions, basic information on a transaction need only be typed one time.
Let's say your company sends a quote to a customer. The customer gets the
quote. Electronically, the customer can reuse the data when it sends back an
acknowledgment of receiving the quote. From then on, through purchase order,
invoice, statement and payment, the data remains the same. No errors get added
at each step, from separate data entry operators.

Even if there is an error, it gets identified and fixed more rapidly, by
electronic means.

The systems can even automatically generate an electronic trail to follow
complex transactions and ongoing business. Acknowledgments, tracking numbers,
audit logs, network transmission reports there's a wealth of information that
can be logged by electrons, instead of by hand.

This is no small matter when you're trying to prove a transaction took place.
You can't haul electrons into court. You still will have to take paper, even if
it is a printout of the transaction that actually was stored magnetically on
tape.

And you won't be able to show that you signed off on the deal.  Paperless
transactions also mean signatureless transactions. The basic means of sealing
deals for centuries is giving way in a matter of years.

Alan M. Marcum,    NeXT Technical Support      (415)780-3753


Are you sure you declared ALL your dividends?

Peter Jones <MAINT@UQAM.bitnet>
Tue, 14 Nov 89 18:43:49 EST
On CBC radio this morning, during the Daybreak program, there was an interview
with a tax expert by the name of Benoit Lasalle. Mr. Lasalle was warning
taxpayers that some people were getting letters from the income tax department
alleging that they had failed to declare dividend income. According to Mr.
Lasalle, these demands for payment, (allowing  a very short time to reply), were
often in error. For example, one taxpayer was being assessed for dividends paid
into his tax-sheltered Registered Retirement Savings Plan!.
The scary part is that the tax department is unable to produce a paper copy of
the T5 form, which is normally sent to the taxpayer by his financial
institution. Missed dividend declarations are determined on the basis of
information transferred from the financial institution to the tax department. If
a taxpayer has failed to keep records of previous taxation years (at least 3),
he could end up paying more tax than he should to avoid trouble.
Peter Jones     MAINT@UQAM     (514)-987-3542


Re: Another intrusive database ... (RISKS-9.42)

Jim Horning <horning@src.dec.com>
14 Nov 1989 1514-PST (Tuesday)
I'm surprised that people find this surprising.  I moved from Toronto, Ontario
to Palo Alto, California in 1977, and a couple of years later received a letter
from the IRS asking me to account for income that appeared on my Canadian
income tax return that they couldn't identify on my US return.  (Fortunately, I
was able to show that I had properly reported it).  Ever since, I've assumed
that transnational exchange of income tax data was routine.
                                                                  Jim H.


Re: Computer errors and computer risks (Davis, RISKS-9.40)

David Smith <dsmith@dcsc.dla.mil>
Wed, 15 Nov 89 09:55:12 -0500
Randall Davis suggests that using the terms "computer errors" and "computer
risks" when speaking of social risks not arising uniquely from but only
amplified by the use of computers leads to discussing these matters in the
wrong forums — computer technology instead of social morality.  He says that,
for example, if the misuse of computer databases and telecommunications to
implement policies that impinge drastically on individual privacy rights were
truly a "computer risks" problem, all that would be needed to solve it would be
the elimination of the computer.

It isn't quite that simple.  The motivation to establish and implement a policy
may be exist, but if there's no tool to implement it adequately, the motivation
will likely remain dormant, the policy unpursued.  Only when a tool becomes
available that makes implementation feasible will the policy be elaborated and
implemented.  It's possible to maintain large, irresponsibly constructed paper
databases on suspected child molesters, but not feasible; with computers, it's
not only feasible but easy — the technology empowers the idea.

The existence of the motivation is a social moral concern.  That the pursuance
of policy based upon the motivation has been made feasible by the existence of
a powerful and compliant technology is both a social moral concern and a
technology concern.  The distinction is important, but it shouldn't prevent
discussion of the issue in both forums.


Re: Computer errors and computer risks (King, RISKS-9.42)

John Locke <jxxl@cs.nps.navy.mil>
15 Nov 89 21:53:05 GMT
In the incipient stages of their White House investigation, Woodward and
Bernstein finagled access to a large quantity of Library of Congress records on
books checked out by White House offices. The distillation of their findings
was that E. Howard Hunt had done a massive amount of research on Senator Ted
Kennedy, presumably to aid in smearing him should he decide to run for the
presidency. The findings became part of a larger pattern of shady campaign
practices.

This invasion of privacy seems palatable since, in the light of history, it can
be deemed a "good cause." I could trivialize my next point by saying that a
good laptop PC would have saved Woodward and Bernstein a couple of long
evenings. But the fact is this, in the information age the widespread use of
PC's serves as a kind of "people's revolution." Previous to PC's, computerized
information processing was centralized and primarily accessible to a managerial
elite. With the advent of PC's information processing capability has been
decentralized to some extent. The possibilities for using computers to monitor
government and business should not be overlooked.


Altered bit position in Risks 9.39

<sullivan@math.Princeton.EDU>
Wed, 15 Nov 89 19:36:25 -0500
I get my news from phoenix.princeton.edu, and on that machine, RISKS-9.39
arrived after 9.40 and 9.41.  Furthermore, many characters had been altered,
having their 2^2 bit set.  The most common changes were ' ' -> '$' (happened 30
times) and 'h -> l' (there were many instances of the word "tle").  I also
noticed y->}, s->w, i->m, p->t, b->f, r->v.  Note that in all of these cases,
the letter substituted has ascii value exactly 4 greater than the original (one
extra bit set).

John M. Sullivan    Princeton Univ. Math Dept.  sullivan@math.princeton.edu

    [Similar behavior was reported by several other recipients, including
    henk@cs.eur.nl (Henk Langeveld) in Rotterdam, whose return path to me was
      "euraiv1!eurtrx!hp4nl!mcsun!uunet!seismo!ukma!tut.cis.ohio-state.edu!
      gem.mps.ohio-state.edu!usc!ucsd!ames!lll-lcc!unisoft!mtxinu!
      ucbvax!CSL.SRI.COM!risks".  But his copy had an interesting FROM: field
      — "From: rmsks@CSL.SRI.COM (RISKS Forum)".

    We have reported previously on compression screwups making systematic
    substitutions.  This one looks like a transient hardware bit error in the
    4's bit, somewhere along the line.  Before u4ia sets in, I hope someone can
    track down its origin.  PGN]

Please report problems with the web pages to the maintainer

x
Top