2-Sep-85 22:06:47-PDT,9175;000000000000 Return-Path: Date: Mon 2 Sep 85 21:57:22-PDT From: Peter G. Neumann Subject: RISKS-1.4, 02 Sep 85 To: RISKS: ; RISKS-FORUM Digest Monday, 2 Sept 1985 Volume 1 : Issue 4 FORUM ON RISKS TO THE PUBLIC IN COMPUTER SYSTEMS Peter G. Neumann, moderator (Contributions to RISKS@SRI-CSL.ARPA) (Requests to RISKS-Request@SRI-CSL.ARPA) (Issue n of vol 1 is in SRI-CSL:RISKS-1.n) Contents: The Case of the Broken Buoy (Matt Bishop) Inaction; Buoys will be buoys; KAL 007; Malpractice (PGN) Health Hazards of CRT Use (Brint Cooper, Robin Cooper, PGN) Medical Software (Brint Cooper) Rolm's Hawk-32 (Doug Bryan) ---------------------------------------------------------------------- Date: 30 Aug 1985 1636-PDT (Friday) From: Matt Bishop Organization: Research Institute for Advanced Computer Science Address: Mail Stop 230-5, NASA Ames Research Center, Moffett Field, CA 94035 Phone: (415) 694-6363 [main office], (415) 694-6921 [my office] Mythological-Animal: Unicorn Pet-Peeve: Complaints about the number of header fields Snack-Food: White-shelled Pistachio Nuts To: risks@sri-csl.ARPA Subject: The Case of the Broken Buoy Dave Curry's right. I remember reading a newspaper report which said, in essence, that the NWS/NOAA lost because it had failed to predict the storm. I didn't believe it, so I read on, and the report said that since they had known of a broken buoy, had failed to repair it (I think it had been broken for several months), and therefore failed to get the information needed to give a warning, they were guilty of negligence and had to pay. Quite a far cry from what the story had begun as! ------------------------------ Date: Mon 2 Sep 85 14:05:15-PDT From: Peter G. Neumann Subject: Inaction; Buoys will be buoys; KAL 007; Malpractice To: RISKS@SRI-CSLA.ARPA The issue of the lobstermen indeed rested on the negligence of not repairing the buoy. (As noted in RISKS-1.2, the weather buoy went unrepaired for three months.) Negligence and inaction in the presence of informed knowledge are likely to be the source of more lawsuits in the future. For example, the NY Times of 1 September 85 had an article by Richard Witkin on KAL 007. Evidence introduced in lawsuits filed in connection with the Soviet downing of the Korean Air Lines Flight 007 suggests that American radar operators knew hours beforehand that the jetliner was off course and heading into Soviet airspace. The words, "We should warn him", presumably referring to the plane's pilot, were heard at the Government's civil air-traffic control station in Alaska as the Boeing 747 strayed off course toward its fatal encounter with a Soviet fighter plane two years ago today, according to the documents. The documents were submitted Friday as evidence in damage suits filed against the United States Government by relatives of the 269 people who died in the incident. Medical malpractice suits have been on the upswing, and doctors are taking extraordinary measures to compensate -- such as higher prices and otherwise unnecessary tests and drugs. But the question of what constitutes computer-related malpractice is likely to emerge as a very sticky one, e.g., faulty computer system design, life-critical application programming, and sloppy computer operation. And what about a debugger or maintainer who notices something fishy but does not carry through? A remarkable case of a casual observer playing a significant role took place on 1 Sept 85 when a passenger on People Express Flight 183 from Dulles to Newark noticed minutes after take-off that a cowling was missing on one of the engines. (The plane returned to Dulles.) Imagine a lawsuit against a company, which in turn sues the programmer. The potential for legal confusion relating to computer systems is really quite awesome, and the confusion has just begun. Suppose the windshear-warning system is finally installed (with the 31 May 84 near-disaster on take-off of a UA 727 and the recent crash providing an impetus), and suppose that program has a bug? Suppose the computer is not working on landing? There are some very serious questions that must be raised. The incidence of high-award law suits elsewhere is likely to provide a strong forcing function. ------------------------------ Date: Fri, 30 Aug 85 21:56:09 EDT From: Brint Cooper To: cooper@WISC-AI.ARPA cc: risks@sri-csl.ARPA Subject: Re: health hazards of CRT use To balance this discussion, we need to include risks to pregnant women and their born and unborn children of television sets that run 18 hours a day in the home. Keep in mind: X-radiation is generally produced by the very high voltages traditionally used in color television sets and composite-video color monitors. Many of the monochrome monitors need no such voltages and, so, produce no such radiation. Since most folks are now buying color TVs for their homes, we need to examine that aspect of safety as well, especially since many of them are used as monitors for home computers and video games. Brint Cooper ------------------------------ Date: Sun, 1 Sep 85 12:13:49 cdt From: cooper@wisc-ai.arpa (Robin Cooper) To: abc@BRL.ARPA Cc: risks@sri-csl.ARPA Subject: Re: health hazards of CRT use Yes, that seems right, though I wonder what the facts are concerning how close one sits to the device. People spend more time a few feet away from their terminals than their TVs. Robin Cooper ------------------------------ Date: Mon 2 Sep 85 21:10:33-PDT From: Peter G. Neumann Subject: Re: health hazards of CRT use To: RISKS@SRI-CSLA.ARPA There is also discussion in the literature on physical and psychological problems resulting from sitting in front of your terminal for hours, most notably back and neck problems, tension, stress, anxiety, and subsequent depression. This forum is not really the place to discuss another relevant aspect of the problem, but let me just mention it anyway and then discourage further commentary on it: the standard American junk-food diet of coffee, colas, and caffeine generally, orange juice, sugar, chocolate (containing both sugar and caffeine), refined white flour, fried foods, and so on, is now being linked with making many of those problems worse. ------------------------------ Date: Fri, 30 Aug 85 22:00:55 EDT From: Brint Cooper To: davy@EE.ARPA cc: risks@SRI-CSL.ARPA Subject: Medical Software Actually, culpability for mistakes caused by medical diagnosis software could be placed with the same person who is responsible for correct interpretation of all diagnosis aids: the physician him/herself. Programmers, like authors of medical texts, are providing tools for the physician, not replacing him or her. What we CAN do as computer scientists, et al., is to educate the medical profession to the limitations of these tools as well as to their benefits. For ourselves, the goals should include error and risk reduction as we continue to discuss. Brint ------------------------------ Date: Sat 31 Aug 85 22:58:00-PDT From: Doug Bryan Subject: Rolm's Hawk-32 To: risks@SRI-CSL.ARPA Speaking of possible hazards due to hardware failure, has anyone out there had any experience with Rolm's 32 bit Mil Spec machine the Hawk-32? Since the Hawk is a Mil Spec machine, I'm sure it will be used in situations where failure could lead loss of life. I would be interested in hearing about the Hawk's environment limitations, mean time between failures and any other experiences people have had with the machine. doug [POSTSCRIPT: A few of you complained that the first issue had too much of a military flavor. It is interesting that except for this last item, this issue and the previous issue had almost none! On the other hand, the problems we are dealing with are universal, and we should be able to learn from all relevant discussions... I had some complaints about the format breaking your dedigestifying programs. I hope this is better, but if it really is, your programs must be pretty stupid. I did not change anything except the trailer. So maybe I don't have it right yet? Others complained that the issues were too big and did not come out often enough. (I explained why -- I wasn't around.) Now you will undoubtably complain that that they are too small and too frequent. But it really depends on what contributions are available. PGN] ------------------------------ End of RISKS-FORUM Digest ************************ -------