The RISKS Digest
Volume 9 Issue 67

Thursday, 8th February 1990

Forum on Risks to the Public in Computers and Related Systems

ACM Committee on Computers and Public Policy, Peter G. Neumann, moderator

Please try the URL privacy information feature enabled by clicking the flashlight icon above. This will reveal two icons after each link the body of the digest. The shield takes you to a breakdown of Terms of Service for the site - however only a small number of sites are covered at the moment. The flashlight take you to an analysis of the various trackers etc. that the linked site delivers. Please let the website maintainer know if you find this useful or not. As a RISKS reader, you will probably not be surprised by what is revealed…


Shoplifting and Computers
Curtis P. Yeske
New movie Script writer
Olivier Crepin-Leblond
Re: Computers, good and evil
George L Sicherman
The C3 legacy, Part 3: Command-control catches on
Les Earnest
Vincennes' ROEs revisited
Clifford Johnson
SOGS - Hubble Space Telescope software now ready
Rodney Hoffman
AT&T and reentrant code
John A. Pershing Jr
AT&T and error recovery
Jonathan I. Kamens
Dillard's Dept Stores Use SSN as Sales ID - Printed on Receipts
Allen Gwinn
Robert J Woodhead
Info on RISKS (comp.risks)

Shoplifting and Computers

"Curtis P. Yeske" <>
Mon, 5 Feb 90 17:01:18 -0500 (EST)
>From AP:

...And, experts say, cameras programmed to watch for known shoplifters
may someday be used.  "It would be programmed to recognize face patterns
and analyze the customers as they walk in," said Bob McCrie, editor of
New York-based publication Security Letter.

New movie Script writer

Olivier Crepin-Leblond <>
Wed, 7 FEB 90 09:55:52 GMT
    Taken from ORACLE Teletext Service (Channel 4, UK):

    "Surveying what's available at your local multi-screen, does the feeling
    ever creep over you that film scripts must be written by a computer ?

    You may be right. A recent issue of film mag Hollywood Reporter reveals
    that a software programme called 'Collaborator' has become available.

    It's a `story structure and script analysis programme', designed to help
    screenwriters construct their stories.

    Somehow the knowledge that it's based on Aristotle's Six Elements of Drama
    doesn't make me feel any better."

Is big brother now controlling my entertainment ?

Olivier M.J. Crepin-Leblond, Comp. Sys. & Elec. Eng, Electrical & Electronic
Eng, King's College London, UK      BITNET : <>

Re: Computers, good and evil (RISKS-9.66)

George L Sicherman <>
Tue, 6 Feb 90 21:04:22 EST
In _Risks Digest_ 9.66 Phil Agre recommends _The Cultural Dimensions of
Educational Computing: Understanding the Non-Neutrality of Technology_
by C. A. Bowers.  Agre's succinct summary begins:

> It is often said that computers are neutral in that, like pencils and
> hammers, they can be used for either good or evil.  This might be true
> on some possible interpretations, but Bowers argues that it is false on
> a long list of others. ...

Like many scholars who examine our emerging electronic culture, Bowers is
running 25 years behind Marshall McLuhan.  Here is McLuhan on the subject of

        In accepting an honorary degree from the University of
    Notre Dame a few years ago, General David Sarnoff [head of RCA
    --gls] made this statement: "We are too prone to make techno-
    logical instruments the scapegoats for the sins of those who
    wield them.  The products of modern science are not in them-
    selves good or bad; it is the way they are used that determines
    their value." That is the voice of the current somnambulism.
    Suppose we were to say, "Apple pie is in itself neither good nor
    bad; it is the way it is used that determines its value." ...
    There is nothing in the Sarnoff statement that will bear scru-
    tiny, for it ignores the nature of the medium, of any and all
    media, in the true Narcissus style of one hypnotized by the
    amputation and extension of his own being in a new technical
    form. ... It has never occurred to General Sarnoff that any
    technology could do anything but _add_ itself on to what we
    already are.
        _Understanding Media: The Extensions of Man_ (1964)

To be fair to Bowers, he may be aware of McLuhan's work.  I have not yet read
Bowers's book so I cannot say.  I _can_ say that most of the writers I have
read who expound on the unforeseen implications of the electronic age are
thoroughly insensible to the unseen implications of the age of print.  The risk
is that we may regard a necessary consequence of electronic culture as a "risk"
to be prevented by suitable countermeasures, because it offends the
sensibilities we acquired from print culture.

Col. G. L. Sicherman

The C3 legacy, Part 3: Command-control catches on

Les Earnest <LES@SAIL.Stanford.EDU>
05 Feb 90 1523 PST
(Continuing from RISKS 9.65)

As the U.S. Air Force committed itself to the developement of the SAGE air
defense system in the late 1950s, new weapons that did not require centralized
guidance came to be rejected, even though some appeared to be less vulnerable
to countermeasures than those that depended on SAGE.  An example was a very
fast, long range interceptor called the F-109 that was to carry a radar that
would enable it to locate bombers at a considerable distance and attack them.
As such, it did not need an elaborate ground-based computer control system.

My group at MIT Lincoln Lab had been responsible for integrating earlier
interceptors and missles into SAGE.  We subsequently joined Mitre Corporation
when it was formed from Lincoln Lab's rib and were later assigned the
responsibility for examining how the F-109 interceptor might be used.

I had assumed that the Air Force was genuinely interested in seeing how the
F-109 could best function in air defense.  Accordingly, we worked out a plan in
which the interceptors that were in service would be deployed to various
airfields, both civilian and military, so as to make them less vulnerable to
attack.  This dispersal together with their ability to function with minimal
information about the locations of attacking bombers appeared to offer a rather
resiliant air defense capability that could survive even the destruction of the
vulnerable SAGE system.

When we published a utilization plan for the F-109 based on these ideas, The
Air Force made it clear that we had reached the "wrong" conclusion — we were
supposed to prove that it was a bad idea.  We apparently had been chosen to
"study" it because, as designers of SAGE, we were expected to oppose any
defensive weapons that would not need SAGE.

In order to deal with the embarrassing outcome of this study, a Colonel was
commissioned to write a refutation that confirmed the ongoing need for
centralized computer control.  The Air Force insisted that anyone who requested
our report must also get a copy of the refutation.  Mitre necessarily acceded.
In any case, the F-109 was never built in quantity.

            The seductive image

Though the designers of SAGE came to recognize its weaknesses and
vulnerabilities and the Air Force should have been reluctant to build more
systems of the same type, it somehow came to be regarded as the model of what
the next generation of military control systems should be.  Never mind that it
was essentially useless as a defense system — it looked good!

The upper floor of each SAGE command center had a large room with subdued
lighting and dozens of large display terminals, each operated by two people.
Each terminal had a small storage-tube display for tabular reference data, a
large CRT display of geographical and aircraft information (with a flicker
period of just over one second!), and a light gun for pointing at particular
features.  Each terminal also had built-in reading lights, telephone/intercoms,
and electric cigar lighters.  This dramatic environment with flickering
phosphorescent displays clearly looked to the military folks like the right
kind of place to run a war.  Or just to "hang out."

Downstairs was the mighty AN/FSQ-7 computer, designed by MIT using the
latest and greatest technology available and constructed by IBM.  It had:

o  A dual-processor nonstop timesharing system.  The off-line computer was
   usually either undergoing preventive maintenance or was following the
   actions of the online computer so that it would be ready to take over if
   that machine failed.  In this respect it was similar to the commercial
   nonstop systems developed much later by Tandem and its followers.

o  The computer was composed of rows of glimmering vacuum tubes spread over
   an area about the size of a football field, with lots of large magnetic
   drums used both for secondary storage and as communications buffers.
   (Magnetic disks had not yet been perfected.)

o  It used the recently-invented magnetic core memories in the largest
   and fastest configuration yet built: 256K bytes with 6 microsecond
   cycle time.  Each of the two main memories was packed into the volume
   of a shower stall, a remarkable density for that period.

o  A gigantic air conditioning system was required to suck all the heat out
   of the monsterous computer.

Remarkably, all of this new technology worked rather well.  There were some
funny discoveries along the way, though.  For example, in doing preventive
maintenance checks on tubes, a technician found one that was completely dead
that had not been detected by the diagnostics.  Upon further examination it was
discovered that this tube didn't do anything!  This minor blunder no doubt
arose during one of the many redesigns of the machine.

Both the prototype and operational SAGE centers were frequently visited by
military brass, higher level bureaucrats, and members of Congress.  They
generally seemed to be impressed by the image of powerful, central control that
this leading-edge technological marvel had.  Of course, General Lemay and his
Strategic Air Command could not sit by and let another organization develop
advanced computer technology when SAC didn't have any.

In short order the SAC Control System was born.  Never mind that there was not
much for it to do — it had to be at least as fancy as SAGE.  When the full
name was written out, it became Strategic Air Command Control System.  The
chance juxtaposition of "Command" and "Control" in this name somehow conjured
up a deeper meaning in certain military minds.

In short order, Command-Control Systems became a buzz word and a horde of
development projects was started based on this "concept."  The Air Force
Systems Command soon realized that it had discovered a growth industry and
reorganized accordingly.  The specifications for the new C2 systems generally
contained no quantitative measures of performance that were to be met — the
presumption seemed to be that whatever was being done already could be done
faster and better by using computers!  How wrong they were.

(Next segment: Command-control takes off)

    -Les Earnest (

Vincennes' ROEs revisited (Horn, RISKS-9.66)

"Clifford Johnson" <GA.CJJ@Forsythe.Stanford.EDU>
Mon, 5 Feb 90 17:12:48 PST
> By specifications I refer not to the engineering documents used
> in building the shipboard equipment.  I mean the laws and
> treaties governing the behaviour of combatant and non-combatant
> in areas of conflict.  They did and do have direct relevance to
> the computer systems.

I for one specifically complained that the U.S. Rules Of Engagement, as
implemented and acted upon in the Vincennes incident, were in violation of
international law.  In this context, the comment of retiring ex-Chairman of the
Joint Chiefs of Staff *Admiral* Crowe stated in an interview that the biggest
change in the military in his lifetime was the change in ROEs, whereby U.S.
ships now fired first instead of waiting for a confirmed attack.  He stated
that missile technology meant you couldn't risk being hit first any more.

SOGS - Hubble Space Telescope software now ready

Rodney Hoffman <>
7 Feb 90 09:50:33 PST (Wednesday)
In RISKS 8.46, Paul Eggert summarized M. Mitchell Waldrop's article "Will
the Hubble Space Telescope Compute?" which appeared in 'Science' magazine
17 March 1989, pp 1437-1439.

The story said "critical operations software is still a mess  — the victim
of primitive programming methods and chaotic project management."
Supposedly completed in 1986, bugs were still turning up as fast as the
programmers could fix them, and the system, the $70 million Science
Operations Ground System (SOGS),  ran at only one-third optimum speed.
According to the article, the Space Telescope Science Institute, the
program managers, were counting on faster computers plus better algorithms
plus some (unspecified) AI techniques to fix SOGS.  They were confident
that SOGS would be ready when the telescope was launched.

Last week, the 'Los Angeles Times' ran a lengthy story about the Space
Telescope, but the article did not mention the software.  I called the
reporter, and he said that he had been at the Space Telescope Science
Institute along with other reporters including Waldrop.  He says that
Waldrop and others did indeed bring up questions about the software, and
they were simply told that it's all fine now.  We'll soon see.  The Hubble
Space Telescope is to be launched from the shuttle in an upcoming mission.

AT&T (RISKS-9.62) and reentrant code

"John A. Pershing Jr." <PERSHNG@IBM.COM>
Thu, 8 Feb 90 09:55:35 EST
Reading between the lines of the AT&T pronouncements on the Jan-15 failure,
it sounds to me (as a systems programmer) that the "bug" was a reentrancy
problem.  Specifically, the recovery routine was not reentrant.  Under the
old way of handing recovery, a single "I'm OK" message would indicate that
the previously failed switch was back in service; in the new scheme, the
recovery of the failed switch was signalled when new call-setup messages
started flooding in, causing the recovery routine to be reentered.

This is sheer speculation on my part; can anyone out there who is "in the
know" either confirm or deny this speculation?

      John Pershing
      IBM Research, Yorktown Heights

AT&T (RISKS-9.66) and error recovery

Jonathan I. Kamens <jik@pit-manager.MIT.EDU>
Mon, 5 Feb 90 19:35:52 -0500
In a paper entitled "Assuring Quality and Reliability of Complex Electronic
Systems: Hardware and Software", published in the January 1988 Proceedings of
the IEEE, Edwin A. Irland (who has a whole list of past work for Bell Labs and
related companies and whose current position (according to the reprint I have)
is as the Assistant Vice President of Switching Analysis and Reliability
Technology for Bellcore in Red Bank, NJ) writes the following, which I think is
very much apropos:

  ... The subtlety of these methods implies an important source of
  unreliability; unreliable error recovery.  Thus it is important that
  system testing pay meticulous attention to fault simulation to
  uncover weaknesses in the recovery.  Data taken on electronic
  switching systems show that failure to recover from simplex faults
  is usually a significant source of total outage time....

A "significant source" indeed...

Jonathan Kamens, MIT Project Athena, jik@Athena.MIT.EDU   Office: 617-253-8495

Dillard's Dept Stores Use SSN as Sales ID - Printed on Receipts

Allen Gwinn <allen@sulaco.Sigma.COM>
Mon Feb 5 20:29:31 1990
  Newsgroups: misc.consumers,misc.headlines,,dfw.general
  Summary: Sanctions possible against employees who don't comply
  Keywords: publish, social security numbers, invasion of privacy

On February 4, 1990, Dillard's Department Stores (headquartered in Little Rock,
Arkansas) began using employee's personal Social Security numbers for their
employee I.D. and sales associate numbers.  These Social Security numbers are
visible and, for the time-being, NOT "scrambled" enabling any customer to
obtain the Social Security number of any sales associate.

Dillard's plan is to begin "scrambling" the numbers anywhere from two weeks to
a month according to various sources.  After this process, "nobody will be able
to identify [the number] as a Social Security number" according to Ed Auffert,
Assistant to the General Counsel.  Mr. Auffert added that after the scrambling
"gen" has been added to the system, all employees will be required to use their
Social Security numbers.

According to a memorandum distributed to all employees recently, employees
"must" use their "nine-digit sales numbers" in order to "insure credit for
sales rung."  The memorandum states that the "terminals will accept three-digit
sales numbers" in the interim.  In store announcements and other management
sources at the Dillard's Department Store at Northpark Center in Dallas have
indicated that sales data may not be accurate on employees continuing to use
their older three-digit sales codes.  Since this data is used to evaluate
employee performance, this could mean that employees not desiring to divulge
their Social Security numbers to the public could eventually be disciplined or
discharged.  When contacted personally, Northpark store manager Peter Rodriquez
confirmed that employees might be "disciplined" for choosing not to use their
personal Social Security numbers even in the interim period (prior to computer
"scrambling" of the employee's SSN).  After being advised of the intent to use
this information as part of a Usenet article, he refused to comment any further
and referred further contact to W.R. "Bob" Applebee a regional director for
Dillard's in Fort Worth Texas.

Mr. Applebee, when contacted by phone, stated emphatically that the "policy (on
the use of Social Security numbers until the encryption was complete) had been
rescinded."  He stated that at present no employees "anywhere in the Dillard's
store system" were using their Social Security numbers.  Further, Mr. Applebee
stated that these numbers were "not visible on any printed cash register
receipts."  Contrary to Mr. Applebee's claims, a subsequent check of the
Dillard's store in Northpark Center produced several receipts with employee
Social Security numbers clearly visible as the sales I.D.

As to the "encryption" method to be used, Dillards officials were unable to
provide any details.  At least one source familiar with this project feels that
it would be possible to decrypt these numbers if comparisons could be made
against other encrypted Social Security numbers.

For the mean time, Dillards officials maintain that there is "nothing illegal"
about what they are doing.  They agree that there are going to be employees
that disagree with this policy, but seem to convey the feelings that these
people are free to seek employment elsewhere.

More details will be relayed to the appropriate groups as they become

Any comments on the matter may be emailed to '' or
'sulaco!dillard'.  Any comments received are subject to being relayed to
Dillard's headquarters in Little Rock ANONYMOUSLY IF SO INDICATED.

Contacts :

   W.R. Applebee, Regional Director       (817) 831-5428  Ft Worth, TX
   Ed Auffert, Asst to General Counsel    (501) 376-5200  Little Rock, AR
   Peter Rodriquez, Northpark Store Mgr.  (214) 373-7000  Dallas, TX

Others either unable to be contacted or refusing comment:

   William Dillard, II, President         (501) 376-5200  Little Rock, AR
   Gene Baker, Advertising                (817) 831-5111  Ft Worth, TX


Robert J Woodhead <trebor@biar.UUCP>
Tue Feb 6 17:30:00 1990
Fortunately for many of us, after about 40 years of intense debate in the
automotive industry on this complex and challenging "lights on" problem, some
manufacturers are adding a simple device that alerts you if your lights are on
when the ignition is off.  These range from a simple analog "BReeee!"  in my
Chevy Blazer to digital (shudder!) voice synthesis in some upscale foreign

I for one rate this innovation right up there with Post-It Brand Notes,
Microwave Popcorn and VCR's in it's subtle yet sweeping effect on the
whole of Western Society.

Robert J Woodhead, Biar Games, Inc.   !uunet!biar!trebor | trebor@biar.UUCP

Please report problems with the web pages to the maintainer