The RISKS Digest
Volume 9 Issue 85

Friday, 27th April 1990

Forum on Risks to the Public in Computers and Related Systems

ACM Committee on Computers and Public Policy, Peter G. Neumann, moderator

Please try the URL privacy information feature enabled by clicking the flashlight icon above. This will reveal two icons after each link the body of the digest. The shield takes you to a breakdown of Terms of Service for the site - however only a small number of sites are covered at the moment. The flashlight take you to an analysis of the various trackers etc. that the linked site delivers. Please let the website maintainer know if you find this useful or not. As a RISKS reader, you will probably not be surprised by what is revealed…

Contents

Computer error parks hundreds illegally
Dave Harding
Computers may be fattening?
Gary Tom
Unattended Plane Take-off
Andrew Duane
Aircraft electronics problems: A pilot's report
Peter Ilieve
1099 forms, risks, and technology
Gregg TeHennepe
Re: "It's a Computer Error"
Pete Mellor
Re: Risks of engine computers and EMP
David Paul Hoyt
Security Breach--cc:Mail Inc.
Chris McDonald
Queues and Servers
Anthony E. Siegman
Computers and names with special characters
Lance Hoffman
Computer Jammming of 911 LInes
Gary McClelland
Info on RISKS (comp.risks)

"Computer error parks hundreds illegally"

Dave Harding <HARDING@MDTF08.FNAL.GOV>
Fri, 27 Apr 1990 12:16:24 CDT
>From the Chicago Tribune, 25 April 1990

COMPUTER ERROR PARKS HUNDREDS ILLEGALLY

    At least 1,000 Illinois residents outside the metropolitan Chicago area
were flabbergasted Tuesday when they received dunning letters from the City of
Chicago for parking violations they didn't commit, according to police in
several of the towns.
    The Chicago Revenue Department mailed about 36,000 overdue
parking notices, said John Holden, a Revenue Department spokesman.  He
said up to 10 percent of them could go to people who did not commit
parking violations, most of them in the Quad Cities area.
    Holden said the problem occurred because workers failed to
differentiate the types of license plate numbers that are fed into the city's
computerized system.  The city contracts with Cumputil Inc, a New Jersey-based
company, to feed license-plate numbers of overdue tickets into the computer,
which automatically sends out notices to parking violators.


Computers may be fattening?

garyt@cup.portal.com <Gary Tom>
Thu, 26-Apr-90 01:53:45 PDT
>From the Health column of the April 25th San Jose Mercury News evening edition:

"Such modern conveniences as personal computers and extension phones could
cause you to gain weight.  Psychologist Thomas Wadden of the University of
Pennsylvania attributes as much as seven pounds per year to using a computer
rather than a typewriter.  Keeping files stored in the computer means you don't
burn calories getting up to fetch them.  Ditto for extension phones, which save
about 70 miles of walking a year, thus adding two pounds annually."


Unattended Plane Take-off (Clive, RISKS.9.83)

Andrew Duane <duane@samsung.com>
Wed, 25 Apr 90 15:27:48 -0400
This happened at a local (Lawrence, MA) municipal airport about 4 years ago. It
seems that a pilot was prop-starting a small 4-passenger plane. The propeller
spun, and the engine caught.  The throttle must have been set, and the plane
quickly took off, sans pilot. Luckily, it was also sans passengers. It got
about 250 yards, then crashed into a nearby store.

On the evening news, the airport manager expressed his surprise,
saying "this sort of thing rarely happens here."

I know, no computer risks, but it was relevant to the article.

Andrew L. Duane (JOT-7), Samsung Software America, 1 Corporate Drive
Andover, MA.   01810                             (508)-685-7200 X122


Aircraft electronics problems: A pilot's report (from CHIRP in the UK)

Peter Ilieve <peter@memex.co.uk>
Fri, 27 Apr 90 09:18:30 BST
This was reported in the Independent (a London paper) on 26 April.
It is the pilot's account (abridged at one point) of the end of
a flight from the Mediterranean to London. It was submitted to CHIRP,
which is a reporting system run by the RAF Institute of Aviation Medicine
to allow pilots to report anonymously on things that worry them.

    "As we slowly descended through the stack, winds aloft were 70-80
knots with little or no turbulence. The Met continued to report strong
surface winds but gave no warning of any exceptional turbulence.
    "As we descended into the clouds, the situation deteriorated rapidly.
The wind and turbulence quickly increased. At 3,000 feet inbound on the
Instrument Landing System localiser we were experiencing westerly winds of
188 knots and we were encountering severe turbulence.
    "When the first officer reported the wind to Air Traffic Control
the reply was, `Roger, understand Westerly 88 knots.'
    "First officer: `Negative, ONE-eigthy-eight knots.'
    "ATC: `Good grief.'
    "At about this time, the aircraft's automatics started running for
cover. Both Flight Management Systems were repeatedly failing and recovering
and at various times both autopilot and the captain's Flight Director
(electronic artificiat horizon) were out of action. The first officer was
doing a great job in trying to round up the wayward systems while
simultaneously monitoring my approach and handling.
    "The ride down the Instrument Landing System was very wild with the
wind indicating 150-180 knots. At 700 feet, with violent turbulence and an
apparent 130 knots negative wind shear between that altitude and the ground
we commenced a go-around.
    "During the go-around virtually all the automatics failed again
and the turbulence became extreme.
    "Levelling at 3,000 feet, flaps and gear up but still in severe
turbulence we were now confronted with further problems. Our `bolt-holes'
(diversion airports) began to look suspect. We determined only one diversion
airfield was still just about okay, but now on the limit of our fuel reserves.
We elected to go, and ATC started vectoring us through the traffic, at low
level in heavy turbulence.
    "At last we were cleared up out of the cloud and back into clear and
relatively calm air. The automatics now started creeping out of the
woodwork but we were still extemely busy, the two-crew operation really
stretched to the limit.
    "En route to the diversion, [we had to cope] with a combination
of failed automatics, unfamiliar ATC clearances, monitoring the weather,
to say nothing of liaison with the cabin crew, and the very frightened
passengers. We had about 30 minutes fuel available and we *had* to make it
in, and with the weather deteriorating literally by the minute it had
to be the first time."

The Independent piece goes on to link this with the completed but as yet
unpublished report on the 737 crash at Kegworth, which is believed to
be critical of the design of electronic cockpits, and also reports from
British Airways of 6 incidents with their new 747-400s. In each of these,
the automatic systems closed all 4 throttles while the aircraft were
climbing. A previous report in the paper had suggested some sort of sensor
problem, I think concerning the flaps, as a cause of this problem

    Peter Ilieve        peter@memex.co.uk


1099 forms, risks, and technology (Karn, RISKS-9.81)

<gateh@CONNCOLL.BITNET>
Thu, 19 Apr 90 12:05:49 EDT
Phil R. Karn (karn@thumper.bellcore.com) writes:

> One wonders if there may be a fundamental limit on the degree to which
> institutions that must be open to many sources of public input can rely
> on a high degree of computerization to achieve cost-effectiveness,
> especially when the institution or its policies are unpopular.

While sociologists/psychologists might argue that, based on certain predictable
human traits, there will but such a limit, I am inclined to disagree.  It seems
to me there are two basic approaches for dealing with risks:

        - modify/control the surrounding environment via automated systems,
          etc. in such a way as to reduce the risk posed to humans

        - modify/improve human skill and intelligence such that the
          surrounding environment poses as little risk as possible

If one takes the first approach and assumes a basic level of human carelessness
(both in the sense of error and in the sense of maleficence, as in the case of
the 1099 forms), and tries to compensate for or insulate from risk via external
controls, there will be such a limit, and it will be governed by the integrity
of those controls.  If on the other hand one attempts to reduce error and
maleficence via internal control (human education/training/self-discipline),
the limit will be governed by the human potential.

It seems to me that ideally what is needed is a combination of these two
approaches.  My fear is that presently many if not most systems are designed
with the assumption that the human operator is a worst case, and so these
systems provide little if any motivation/reinforcement for improving the human.
To approach the problem of the limit of the utility of a particular technology
by saying, Well, I guess we need to refine, we need bigger, better, faster is
IMHO a mistake in that it is in some sense self-destructive.  It tends to
remove responsibility from the human, and as such allows and possibly
encourages the atrophy of human skill and intelligence.

For me, this is what I think life is all about: impeccability is the task of
living, and should begin with the person.  From there it will move to the
things created or maintained by the person.  Unfortunately I don't think it
works in reverse (ie. an impeccable system begets a better user).  As a result
I am somewhat leery of any system which takes control away from me, especially
in light of the fact that I often have no way of knowing the integrity of
either the system or its designer, not to mention that it is likely the system
was designed with an idiot in mind.

Gregg TeHennepe, Minicomputer Specialist, Connecticut College, New London, CT


Re: "It's a Computer Error" (RISKS-9.82)

Pete Mellor <pm@cs.city.ac.uk>
Wed, 25 Apr 90 22:48:55 PDT
> I have noticed a recent upsurge in UK news reports of "Computer Errors".
> Not of the major catastrophe kind, but of the "bill for $0.00" sort
> This seems to be intimately related to the introduction of the Poll tax.

Note for non-UK readers: What is euphemistically described by the government as
the "Community Charge", and by everyone else is called the "poll tax" ("poll"
as in "head": the idea that paying the tax is connected with the right to vote
is a popular misconception) came into force in England and Wales in April this
year.  (Like many other things, it was tried out in Scotland first.)

In a nutshell, the previous system of "rates", an annual charge which was
geared to the value of an individual's real estate, and which provided part of
the funding for local government services (drains, emptying dustbins {sorry!
garbage collection :-}, etc.) has been replaced with an annual per capita
charge. Under the previous system, Lord Muck in his castle paid through the
nose, while Joe Public in his two-up/two-down paid comparatively little.  Under
the new scheme, Lord Muck and Joe Public pay the same. Joe Public is not too
pleased about it. So unpleased about it, in fact, that on 31st March a
demonstration in central London against the poll tax turned into a very ugly
riot.

> I wonder if any other RISKS subscribers have noticed this phenomenon
> (not the poll tax, the computer errors) ?

Try this one (Andrew Moncur's Diary column, Guardian, 4th April). I quote:

  "If any rioting breaks out in Tunbridge Wells you shouldn't be too surprised
   to see Amy Mercer somewhere in the background, making a great deal of noise.
   She's just received her poll tax demand (&322-odd to pay). All very well.
   Except that Amy is eight months old - and, I would guess, fairly militant."

It will not surprise RISKS subscribers to learn that the changeover involves
a *massive* bureacratic exercise, registering, and sending demands to, every
person in the country over a certain age. Hardly surprising that someone
thought it might be a good idea to use computers to help with the work.

Presumably, these same computers will also be used to record people who do not
pay, and trigger the various steps taken to recover payment. (Not *registering*
is a criminal offence. Not *paying* is a civil matter between the individual
and the local authority, who must take each individual case through a procedure
of which the final step is the magistrates' court.)

Huge and well-organised campaigns of non-payment are under way.

Peter Mellor, Centre for Software Reliability, City University,
Northampton Square, London EC1V 0HB   Tel.: +44 (0)1-253-4399 Ext. 4162/3/1


Re: Risks of engine computers and EMP (Grant, RISKS-9.83)

david paul hoyt <YZE6041@vx.acs.umn.edu>
Thu, 26 Apr 90 09:18 CDT
> ... it would also kill the engine computers in every late model car.

 Actually it will stop and probably distroy all old cars too.  An EMP will arc
the points and fuse the alternator.  Everything looks like an antenna to an EMP
blast.


Security Breach--cc:Mail Inc

Chris McDonald ASQNC-TWS-RA <cmcdonal@wsmr-emh10.army.mil>
Wed, 25 Apr 90 12:20:26 MDT
>From "MacWEEK", 24 April 1990:

"In respoonse to a breach of its E-mail system's security, cc:Mail Inc. this
month will ship a new version of cc:Mail free to all users.  The upgrade offers
enhanced security to combat an unauthorized utility that lets users access
other users' mail.

Posted on a Hayes Microcomputer Products bulletin board by an unknown source,
the utility lets a user gain access to all cc:Mail passwords and messages on a
LAN.

cc:Mail has notified all it customers by phone or e-mail about the security
breach and has set up aspecial tool-free hot line at (800)338-9012.

Previously unregistered cc:Mail customers are also eligible to receive the free
upgrade."


Queues and Servers (Re: RISKS DIGEST 9.82)

Anthony E. Siegman <siegman@sierra.Stanford.EDU>
Wed, 25 Apr 90 13:13:24 PDT
Careful.  Didn't Scientific American have a fascinating story on task
scheduling a few years ago pointing out that there are nonpathological
situations involving a single queue of variable-length tasks and multiple
servers, IN WHICH ADDING AN ADDITIONAL SERVER CAN ACTUALLY MAKE IT TAKE LONGER
TO FINISH THE QUEUE?

  [Yes, VERY OLD RESULTS, originally from Ron Graham and Vic Benes (when I
  was at Bell Labs in the 60s, if I recall correctly), for nonstochastic
  queues.  See Coffmann and Denning, Operating Systems Theory, Prentice-Hall,
  1973, in which some of Ron Graham's examples reappear...  A wonderful
  family of cases in multiple dimensions, where apparent simplifications in
  any one dimension can actually make things worse.  PGN]


Computers and names with special characters

lance hoffman <hoffman@gwusun.gwu.edu>
Wed, 25 Apr 90 14:08:12 EDT
Following up on the contribution regarding hyphenated last names at the Social
Security Administration, when I did some consulting there years ago, we were
told of the incident where one person who was receiving checks insisted on
changing his surname to something like "*N" (not his real name).  You can
imagine the havoc this caused until the agency went and implemented something
like 25 patches in 25 different systems, which they did, on the humane grounds
that you can call yourself whatever you damn well please.

Professor Lance J. Hoffman, Department of Electrical Engineering and Computer
Science, The George Washington University Washington, D. C. 20052 (202)994-4955

    [It really opens up some possibilities, including VictorBorge-style
    pronunciations of nonalphabetic characters.  PGN]


Computer Jammming of 911 Lines

"Gary McClelland" <gmcclella@clipr.colorado.edu>
26 Apr 90 10:37:00 MDT
The Boulder [CO] Daily Camera (25 April 1990) reported that local police have
arrested a suspect in the jamming of police communications and the 911 system.
According to the article,  he used radio devices to jam the police radio
frequencies and a computer to interfere with the 911 lines.  The newspaper
article gave no details on how he used the computer to jam 911 system.  Since
the local 911 system has ANI and it took the police a while to find the guy, he
presumably was doing something more sophisticated than just making multiple
calls to 911 with his modem.  No reports of any emergencies that received
delayed attention because of the jamming.

The motive:  The University of Colorado campus police issued this guy a warning
citation (no fine) for failing to leave the physics building during a fire
alarm test.  He then started messing with the campus police communications and
then moved on to harass the city police and jam 911.  Makes you worry about
what he will do now that they have arrested him and made him really mad!

    Gary McClelland,  Univ of Colorado

Please report problems with the web pages to the maintainer

x
Top