Please try the URL privacy information feature enabled by clicking the flashlight icon above. This will reveal two icons after each link the body of the digest. The shield takes you to a breakdown of Terms of Service for the site - however only a small number of sites are covered at the moment. The flashlight take you to an analysis of the various trackers etc. that the linked site delivers. Please let the website maintainer know if you find this useful or not. As a RISKS reader, you will probably not be surprised by what is revealed…
PGN's calling for RISKS readers to "play a stronger role in ensuring that our
R&D and our educational offerings are suitably concerned with realistic
stringent requirements" is appreciated [Letter From the Editor, ACM Software
Engineering Notes, vol. 14, no. 6, October 1989, p. 2]. I often use RISKS
examples in class (to demonstrate that the instructor is in touch with the
world). In fact the current issue of SEN arrived in time to illustrate to a
class the need for stringent requirements and testing. As if to underline the
point, the following appeared on page A3 of the 1 December 1989 Asbury Park
Press:
Computer Error Slashes JUA Surcharges: by Coleen Dee Berry
"Some 18,000 people who get their JUA automobile insurance policies through
Computer Sciences Corporation may have thought their premiums were
surprisingly less expensive this year.
"They were right.
"Due to computer error, CSC did not assess bad driver surcharges against
about 18,000 of their policyholders. CSC is one of the four new computer
companies hired to handle New Jersey Joint Underwriting Association policies.
"As a result, CSC has had to advance $3.6 million to the JUA to cover the
delayed payments, and last week began notifying those customers to expect a
bill for the surcharges. ...
"The delayed surcharges were due to a glitch in the CSC's computer system
during April and May, when the company was first taking over the JUA account.
...
"The move to computer companies was undertaken because it was thought to be
cheaper and more efficient, according to state insurance officials."
I wonder if this "glitch" is any relation to the fellow who once stole
Christmas? ...
Barry Kolb, Computer Science Dept., Ocean County College Toms River, NJ 08753
(201) 255 - 0357
The 3-Dec-89 "Los Angeles Times" carried a story by Paul Houston headlined COMPUTERIZED VOTE TALLIES HAVE TOO MANY GLITCHES, EXPERTS CHARGE. The bulk of the story was a review of criticisms of these systems, pegged to last month's close gubernatorial election in Virginia. The article cited Mae Churchill of Los Angeles-based Election Watch, Computer Professionals for Social Responsibility, Roy Saltman (NIST) and Robert Naegele, a San Jose computer consultant. The final paragraphs of the article related a miserable demo: ... one of Fairfax County's (VA) 600 Shouptronic machines fouled up in a demonstration for Los Angeles Times reporter William Trombley last May. "The machines have worked very well," Jane G. Vitray, secretary of the county board of elections, said as she prepared to demonstrate one of the machines to Trombley. But the machine that prints out the names of candidates and issues -- the information that appears on the face of each machine — printed everything in Italian. The ballot plotter also prints in French, German, and Spanish, as well as in English. "We didn't know it did that," Vitray said with some annoyance. "We didn't want that feature." While an aide was left to deal with the language problem, Vitray and the reporter moved on to the voting booth, where bells were chiming and red lights were blinking and an inviting green button at the bottom right corner of the machine said "vote." "Don't push that," Vitray warned. "Once you push that, you can't vote for anything else. You only push that button when you're finished." In a previous election, a number of voters had pushed the green button too soon and then "called to tell us we were depriving them of their constitutional right," Vitray noted. After Trombley finished voting, another red light came on to indicate that the result had been printed on a tape at the back of the machine. But when he and Vitray checked the tape, it was empty. Vitray was exasperated. "I can't understand it," she said. "Everything worked so well last week, when the Girl Scouts were here."
Some 15 years ago I worked the graveyard shift as a computer operator at a local service bureau. On two occasions we audited the city/county punched card tallies. Two (or more) members of the election commission brought the cards along with a tape containing the auditing/tallying software. The tape was IPL-ready for any generic IBM 360 to run standalone. It stacker-selected any multipunched cards as well as "spurious" punches which should be blank. Any cards munged by the reader were recreated and verified by the election officials. Of course this does not solve the issue of missing/extra cards, write-ins, and other issues previously mentioned, but it does show that there was very little chance of our [the service bureau] tampering with or altering the results. The audit was done completely without interaction of the host site's software, operating system, or any other typical "hacking" paths. Jeffrey R Kell, Dir Tech Services, Admin Computing, 117 Hunter Hall Univ of Tennessee at Chattanooga, Chattanooga, TN 37403
Last night on "Market Place", a nightly half-hour program which is broadcast on one of the National Public Radio stations here, I heard a story reported by Joyce Miller about an Electronic Toll Collection (ETC) trial program in San Diego, California. ETC is intended to speed cars along crowded highways and still continue to collect tolls. The idea apparently involves placing a small (credit-card sized?) device on the car, which is then electronically sensed by ETC equipment that then automatically bills the owner's account. As I understood the explanation, the driver doesn't need to stop (and maybe doesn't even have to slow down(?)). Drivers would pay a fee in exchange for the convenience, and traditional systems would never be phased out entirely. Someone spoke saying that the system saves 15 seconds per car over traditional toll collection systems, which adds up when the roadways are crowded. There are 1000 cars in the trial program, which has been ongoing for several months (?). One participant was very pleased with the system. The story included views by critics, who oppose the system because it is collecting information about drivers' driving habits, which they say could infringe drivers' privacy. One speaker said that ETC is particularly dangerous because the system is a government-controlled one. I may have misunderstood that part, but it seemed that the critic wouldn't be as worried if the database of drivers' tolls were in the hands of a private company. I assume he was concerned with a greater opportunity for merging unrelated databases. (But a private company could misuse such data too, couldn't it?) The reporter did not mention what authentication efforts are made. I don't know the method of sensing the ETC device (radio? optical? mag stripe?), but I wonder if there's any method of checking if device belongs to a particular car. If there is not, the devices might be very tempting to theives. Anybody know anything more on this? Stephen W. Thompson, 215-898-4585 Institute for Research on Higher Education, University of Pennsylvania 4200 Pine Street 5A, Philadelphia, PA 19104-4090
[McDonald's toaster voltage controls introduced zero-crossing transients, which fouled up clocks that count zero-crossings] I'm surprised that this hasn't occurred somewhere else. The same technology that causes spikes in the toaster power regulator (triac or SCR switching) is also used in dimmers and other AC power regulators — some of these available for home use. We used triacs in a home-made theater lighting controller some years ago, and it put some hellacious transients on the line. For the circuit-phobic, an SCR is a three-terminal semiconductor device that has two states — (1) don't conduct and (2) conduct (from positive terminal to negative terminal) until the current stops flowing on its own. The SCR is made to conduct by placing a small voltage on its trigger terminal while there is a forward voltage across its two main terminals. (A triac conducts in either direction, and is what we used, because it cuts the number of parts). These devices regulate power very efficiently — the triacs we used were rated to conduct up to 40 amps (RMS) with a maximum power dissipation of 40 watts (regulating "house current", that comes to 4600 watts). In triac-based AC power controllers, the power is regulated by varying that amount of time that current flows. The triac will stop conducting each time the current passes through zero (120 times a second in this country), so what is actually controlled is how long to wait after a zero-crossing to turn on the power. For full power, you wait not at all; for little power, you wait almost 1/120 second; for 1/2 power you wait 1/240 second. When the power switches on (120 times per second), it tends to put a voltage spike on the line — for large loads, and/or appropriate amounts of power, we found that it was pretty easy for the transient spike to cross all the way through zero (which, it happens, screwed up *our* zero-crossing detectors and made the lights flicker). David
An excerpt from an article entitled "Cellular Goes Digital" in the January
1990 issue of Popular Science, which discusses Digital Cellular, a new scheme
using digital encoding and TDMA to allow three calls on one frequency:
Digital phones could also be used for what Sodha calls locational services.
"With the time-division multiple-access system, you have the ability to
measure the time it takes for a signal to go to a vehicle and back. That
enables you to measure how far you are from the antenna tower," he says.
What for? "You could pinpoint fairly accurately the location of a
vehicle." The information could be used for navigation, or even to catch
car thieves. "Your insurance might be cheaper if you subscribed to the
service," Sodha suggests.
While I have no doubt that the information gained by such a system would be
put to good use in combating crime, I do have my doubts as to how responsibly
the government would use such information.
The article also mentions the fact that eavesdropping will be much more
difficult since the transmissions will be digitally encoded and separated into
discrete time slices. Although transmissions wouldn't be encrypted, special
hardware would be required to listen in.
Is the trade-off worth it? Not to me. I'll trade the possibility of someone
listening in on my boring phone conversations over the government possibly
having ongoing information of my whereabouts any day.
Tim Russell Univ. Of Nebr. at Omaha russell@{zeus.unl.edu | unoma1.bitnet}
Please report problems with the web pages to the maintainer