According to Flight International (29 Aug-4 Sept, page 13), Northwest Airlines is suing CAE Electronics over a fatal aircraft crash in 1987 which Northwest claim was partly caused by inaccuracies in a CAE flight training simulator. The crash occurred when the crew attempted to take off without deploying flaps and slats; according to the NTSB report, the crew failed to carry out the checklist, and an unexplained electrical failure caused the take-off warning system to fail to warn them. Northwest claim that the simulator shows a warning system failure if the power fails to the warning system, whereas the aircraft system fails silently. They also claim that the crew selected go-around on the flight director, from take-off, and the result was an additional pitch-up command of 6 degrees, whereas the simulator effectively inhibits go-around from take-off. CAE says the claim is frivolous and without merit. This claim seems to me to suggest (a) that once again, aircrew do not understand the side-effects (pitch-up, in this case) of flight-director commands (which I believe means that the systems are too complex). I also believe that the claim demonstrates the importance of formal specifications for critical systems such as simulators - on this evidence, a simulator used for crew training in emergency procedures is *itself* a safety-critical system. (Presumably it should therefore require certification in the same way as an in-flight system of equivalent criticality. Does anyone know the certification requirements for simulators?) Martyn Thomas, Praxis plc, 20 Manvers Street, Bath BA1 1PX UK. Tel: +44-225-444700. Email: email@example.com
The Computer Misuse Act came into force on Wed. 29th August 1990. It introduces three new offences: - 'Unauthorised access': a basic offence committed by anyone who seeks to enter a computer system knowing that the entry is unauthorised. Punishable by up to six months imprisonment. - 'Unauthorised access' in furtherance of a more serious crime. Punishable by up to five years imprisonment. - 'Unauthorised modification of computer material': Introducing viruses, Trojan horses, etc., or malicious damage to computer files. Punishable by up to five years imprisonment. The act was the result of a private member's bill introduced by Michael Colvin MP (Conservative), which was supported by the government. Extract from the Guardian, 29.08.90, p.2 [PM's comments in brackets]: Headline: New hacking law 'too hard to enforce' By-line: Owen Boycott Peter Sommer [in true Grauniad style, they mis-spelt his name "Summer"], author of the Hacker's Handbook [under the nom-de-plume "Hugo Cornwall"], who opposed the need for new legislation, said yesterday he feared that doing away with the criminal damage law [??? !!! See *1 below] would make it more difficult to prosecute malevolent hackers. "They are creating more difficulties for this offence than before," he said. The new and untried legislation might be open to challenges on the definitions of the wording of the act. Scotland Yard's four-strong [!! *2] computer crime squad will be enlarged to cope with the extra work expected. But yesterday, one member said: "It will depend on people being aware a new crime exists, and reporting offences to us. Previously they were not certain what was a crime and what wasn't. [*3]" During the passage of the bill, the police argued for greater powers to tap computer lines and force telecommunications companies to pursue hackers. They were resisted by the bill's author, the Tory MP, Michael Colvin, who believes the act will prevent damage by computer hacking. [*4] He said: "Information technology is so much a part of a company's business, that a hacker in the computer system is as bad as someone sabotaging the production line. "It is vital companies become far more computer security conscious. Over the last five years the Department of Trade and Industry has recorded 270 computer crime cases. Only five were brought to court. "Some have said the offence (in the act) does not go far enough, but it gives the police powers to enter and search premises...once they have gone to a judge for a warrant." Although the estimates of the annual cost of computer crime have ranged up to [Pounds sterling] 1 billion, most is fraud committed by employees using computers for crimes that would otherwise have involved paper forgeries. There are a few cases of hackers breaking in from systems outside companies and extracting large sums. But cases of hackers breaking into systems and damaging computer files are increasingly common. Fears that there will be a sudden round-up of young computer enthusiasts who have been hacking are unlikely to materialise. Like almost all legislation [almost??], the Computer Misuse Act is not retrospective. The DTI [Department of Trade and Industry] has welcomed the act, and hopes it will encourage companies to take more care over systems' security. [*5] End of extract Notes:- *1 Criminal damage is an offence that has nothing to do with computing, and it has certainly not been 'done away with'. Since Peter Sommer is acutely aware of this, I suspect that the Grauniad has garbled his words. I can envisage a future prosecution involving both the offences created by the new act *and* the old offence of criminal damage (which was the charge under which Nicholas Whiteley was sent down for four months a short while ago: see RISKS-10.03, 10.09, 10.10). A police spokesman was quoted at the time as saying that the new act would not have made it any easier to convict Whitely. Peter Sommer has always argued that this existing offence is adequate for prosecuting a hacker who has caused actual damage. *2 Wow! Those guys are really taking this problem *seriously*! *3 [Censored, even though disemvoweled (as in *br*dg*d or s*n*t*z*d). PGN] *4 Nice to meet an optimist! The plea for increased police power to intercept communications was supported by Emma Nicholson, MP, whose earlier bill failed for lack of parliamentary time - See RISKS-10.03. It is a fact of human psychology that people are *not* deterred by a stiff penalty from indulging in a profitable or enjoyable (but illegal) activity which has a low probability of being detected. See, for example, H.J. Eysenck: "Sense and Nonsense in Psychology". Eysenck cites the cases of sheep stealing in 18th century England, which persisted at a high rate though punishable by hanging, and of his own family's flight from Nazi Germany *with* the family jewels, when removing assets (but not fleeing in its own right) was punishable by death. If you want to stop hacking, make it certain that hackers will be caught. So why do I not support Nicholson? Because I'm a pinko liberal and prefer my communications untampered with even if it slightly increases the opportunity for undetected crime. 5* Fat chance! If anything, it will make them more complacent. To his credit, Colvin does criticise system owners who are lax about security, and regards their slackness as a dereliction of their duty to their users (RISKS-10.03). BTW, we await the test case with baited breath. As for the future of hacking? Well, as someone said when prostitution was made illegal in New Orleans (or was it Paris?): "They may make it illegal, but they'll never make it unpopular!" Peter Mellor, Centre for Software Reliability, City University, Northampton Sq. London EC1V 0HB +44(0)71-253-4399 Ext. 4162/3/1 firstname.lastname@example.org (JANET)
The following is the press release approved on August 20, 1990 by the National Security Agency: The National Security Agency (NSA) has announced that the National Computer Security Center (NCSC) will be functionally realigned to enhance its capability to respond to network and system information challenges. The NCSC was created by the Department of Defense in 1981 to provide needed emphasis on computer security and serve as a center of technical expertise. The restructuring, which has been under consideration for some time, will serve to facilitate the integration of the Agency's communications security technical expertise and the computer security development and evaluation process to better assure systems oriented solutions to system security problems. The restructuring was prompted by increasing recognition that current user applications virtually eliminate traditional distinctions between telecommunications and information systems such that a functional merger of the communication security and computer security disciplines was necessary to effectively address network and system security issues. The NCSC will continue to operate as a separate reporting element of NSA's Information Systems Security Directorate. Patrick Gallagher, a senior NSA official and Director of the NCSC, will be responsible for assuring that the integration of communications security and computer security technical expertise strengthens the NCSC's effectiveness in the development of criteria for and the evaluation of information systems. Agency officials emphasized that all NCSC activities will continue and that this convergence of resources and skills from the two disciplines is intended to enhance the NCSC's ability to fulfill its responsibilities and effectively meet new challenges. These responsibilities include providing technical support to activities of the National Institute of Standards and Technology under the Computer Security Act of 1987 (P.L. 100-235). NCSC remains committed to providing this support and to fostering the availability of secure products to protect U.S. Government classified information as well as unclassified and sensitive information, to the extent such technology has application, is economically advantageous, and is consistent with the Public Law. All of the NCSC's commitments to its industry partners regarding product and system evaluation will continue to be met.
As the silly season draws to a close, it is time to note that the reporter quoted in the RISKS item beginning (From The Lewiston Morning Tribune, June 30, 1990) Associated Press SEATTLE--The Orcas Island ferry dock, badly damaged when a state ferry rammed it, ... was wrong regarding the following sentence: Ferry operations superintendent Don Schwartzman said it appeared the ship's computerized power supply control system failed to respond to commands. Followup stories confirmed what every ferry lover already knows: There are no computers on Washington State ferries. All were removed several years ago. [Or else the superintendent did not know that the computers had been removed, as reported was going to happen way back in RISKS volume 4. PGN]
I tried to respond to "Brian M. Clapper <clapper@chekov>" by mail, but can't find a host named "chekov" anywhere in the NIC host tables, when trying to make the address given into something replyable-to. [He has a decidedly noncompliant mailer. That is what his mail said. Try email@example.com . PGN] His comments on the Discover Card didn't ring a bell with me, so I dug around my own Discover Card paperwork. First off, Mr. Clapper said there was no PIN associated with the card, but not only did I receive a PIN with mine, but there was a form to fill out and send in to get another form (!) to request a specific PIN. You need the PIN to use the card in certain ATM networks to get cash. (I've never done that, by the way.) Secondly, he said the 800 number was written on the back of the card. There is no number on the back of my Discover Card. The Discover literature I have is full of the number 1-800-858-5588 (to call to report a lost/stolen card, etc.). I called that number just now to see if I'd get the automated interface he described, and, lo and behold, I instead get an intercept recording that says, "The 800 number you have dialled has been disconnected. No further information is available about this number." [!] I find that rather astounding — even if Discover switched numbers, they still should have a cross-reference to the new number. The only thing that comes to mind is that Discover changed 800 carriers, and the one that has 858 doesn't want to give any business to whatever firm took over the Discover account. I do consider it a "RISK" that the number cited in the cardholder's literature as the one to call about a lost or stolen card does not work and has no forwarding or cross-referencing to the current correct number. I didn't bring a recent bill with me, so I don't have their current 800 number to compare with this. I found a different "customer service" number in the paperwork, too (1-800-451-4451), but it gets the same intercept recording. Glad I found this out now, rather than when I had an urgent need to call them! I'll see if I can locate a current number and update this info in case I need it sometime. Since I couldn't try out the automated response system for Discover, I took a chance and called the number on the back of my AT&T "Universal" Card (MC version). They have one, also. I waded thru the menus and found out that they, too, do not ask for a PIN but they *do* ask for the "ZIP code of your billing address" as verification. I think that is a good compromise. I never carry the card PINs with me, nor have them memorized, since I never use the functions that require them. So this is something I *do* know and that would be at least some deterrent to a thief who has someone else's card. If he has the whole wallet, with ID and cards, though, he'll have that ZIP (probably). Will firstname.lastname@example.org OR email@example.com
While I am certainly not in favor of letting your typical computer program/ system be given full control (with no chance for override or other intervention) of safety-critical situations, I am bit disturbed by a blanket call for banning computers from being used in such environments at all. It strikes me as a little odd that no one has seemed to mention the drawbacks of such a ban. For example, I throw out the following questions without knowledge of the answers, but hoping that those who have called for this ban have carefully thought through all of them: (1) suppose that computers are banned from intensive care units? How many extra people are going to be needed? What is the chance of a human error occurring, with people instead of machines? Furthermore, what equipment will be used in place of certain computerized monitors? (This one hits close to home, folks. A computerized heart monitor notified Intensive Care nurses and cardiologists that my father was having a heart attack, resulting in his living five more years instead of diying then and there. The cardiologists on duty both commented that it was lucky the hospital had installed the monitors the previous week, as there was (to their knowledge) no other equipment that would have alerted them in time to save his life.) 2. If you ban computers from early warning systems (assuming that you need such beasts), what are you going to use? Do you have any idea how many extra people it would take? Or what the chance would be of an error caused by the sheer boredom of these people? Or what the chance would be that no response would be taken when needed, because of an inability to collate data in time? While I believe that letting a computer be in total charge is RISKy, to say the least, I believe that taking computers totally out of the loop would be far more RISKy. 3. If you ban computers from flight control systems, what do you do about the increased wear and tear of the electromechanical parts that replace them? What do you do about the increased strain on the pilots? Again I am not advocating letting computers have complete control of the aircraft (as I pilot myself, I certainly don't wnant that). However, I think that the tradeoffs need to be carefully considered before one advocates such an extreme measure as a total ban. In summary, while I do NOT believe that computer hardware/software is of sufficient quality as to be trusted with the sole stewardship of human life, I DO believe that the decision as to whether or not to automate should be made after a careful analysis of the RISKS of both potential decisions, not just the RISKs of automating. Al Arsenault Visting Professor, Computer Science U.S. Air Force Academy [***Visiting?*** Or a Chair endowed by Col. R.Visting? PGN]
Please report problems with the web pages to the maintainer