Date: Fri 13 Sep 85 14:28:03-PDT From: RISKS FORUM (Peter G. Neumann, Coordinator) Subject: RISKS-1.12 To: RISKS-LIST@SRI-CSLA.ARPA RISKS-FORUM Digest Friday the 13 Sep 1985 Volume 1 : Issue 12 FORUM ON RISKS TO THE PUBLIC IN COMPUTER SYSTEMS Peter G. Neumann, moderator Contents: Wire-Transfer Risks; Risk of Non-application of Technology (Jerry Saltzer) Date-Time stamps (and errors therein) (Ted M P Lee) JMC's remarks (Joseph Weizenbaum) Subjective Factors in Risk Assessment (Lynne C. Moore) Moral vs. Technological Progress (Charlie Crummer) [*** MODERATOR'S NOTE. SOME OF THE SDI-RELATED DISCUSSION MAY BE DEGENERATING INTO A NONCONVERGENT ITERATIVE LOOP. LET'S TRY TO STICK A LITTLE MORE TO COMPUTER-RELATED ISSUES, ALTHOUGH I RECOGNIZE THAT THE TECHNICAL ISSUES MAY BE OVERWHELMED BY NONTECHNICAL ISSUES. BUT PLEASE DO NOT INTERPRET THIS AS AN ATTEMPT TO SQUELCH MEANINGFUL DISCUSSION. PGN ***] (Contributions to RISKS@SRI-CSL.ARPA, Requests to RISKS-Request@SRI-CSL.ARPA) (FTP Vol 1 : Issue n from SRI-CSL:RISKS-1.n) ---------------------------------------------------------------------- Date: Fri, 13 Sep 85 10:51 EDT From: Saltzer@MIT-MULTICS.ARPA Subject: Wire-Transfer Risks; Risk of Non-application of Technology To: RISKS FORUM (Peter G. Neumann, Coordinator) Re: Wire-Transfer Risks 1) The current (September, 1985) issue of IEEE Communications magazine on page 23 suggests that it may be typical in the wholesale financial business to carry transactions in thousands of dollars rather than in (ones of) dollars. If so, you would think that the people responsible for software in that business would check and recheck their specs and the human engineering across those interfaces where dividing or multiplying by 1000 is a possibility, wouldn't you? 2) The comment that current money prices lead to losses of about $350 per day for each mislaid million dollars seems to have been intended to suggest that such mistakes are unacceptable. The people in the wholesale money movement business draw an opposite conclusion: since they can quantify their exposure so precisely, they can decide rationally when the loss rate has become unacceptable and it is thus worth paying someone to develop a more error-free system. (For the price of a contract to SRI to develop a verified 1000-line program one could probably afford to mislay IBM's entire revenue stream for a week.) Re: Risk of Non-application of Technology For another economically quantifiable example, the early reports on the creation of the SABRE airline reservation system by American Airlines explicitly mentioned a business decision, with two alternatives: invest in two more Boeing 707's, or in developing SABRE. The first approach provided more spare seat-mile capacity that could thus be managed with less precision; the second offered the hope of better management of available seat-mile capacity. Two other considerations that were explicitly mentioned were the cost of customer disatisfaction when reservations were dishonored (accidental overbooking, as contrasted with intentional overbooking, was a rampant problem at the time) and the cost to the company in lost revenue if the prospective computer were to go down for several hours or if the entire contents of the disks were lost. The decision to develop SABRE thus represents an example of up-front assessment of the risk of non-application of technology, compared with the risk of applying it. ------------------------------ Date: Fri, 13 Sep 85 12:15 EDT From: TMPLee@MIT-MULTICS.ARPA Subject: Date-Time stamps (and errors therein) To: Risks@SRI-CSL.ARPA It was an interesting coincidence that the latest Risks_Forum had a piece related to the correctness of the time-stamp on messages. About two days ago I logged on late (about half-past midnight, Central time) and started going through my electronic in-basket. One of the messages struck me: its header was time-stamped 03:56 EDT -- how could I possibly be reading it two and a half-hours before it was sent? (yes, the dates were right -- it wasn't from the previous night/early-AM.) Eventually got a copy of the original from its author. The key to the mystery is that Multics does a time-zone conversion on most (but not all) time fields in incoming message headers. The original message's time-zone was clearly marked as PDT, so multics dutifully added three hours and gave me the time in EDT. When we (I and a multics guru) first looked at just the multics version we speculated that perhaps multics had taken the message's time-zone as GMT, which I think would have given the same result. I also thought perhaps since the original was before midnight and the result after, that might have been the cause. In the process of writing this entry for the Risks forum I looked at the original message one more time, and it struck me: for some reason the ISI clock had been set to run on Eastern Time (00:56) but the ISI mailer software (or something else there) thought it was keeping Pacific, hence the PDT tag. What was further confusing was the fact that I looked at several other messages from ISI from about the same period (two to four days ago) and some came out right and some not. Sounds like a good ingredient for a mystery story, at least. ------------------------------ Date: Fri 13 Sep 85 12:57:15-EDT From: Joseph Weizenbaum Subject: JMC's remarks To: risks@SRI-CSL.ARPA Contrary to John McCarthy's inference that I hold to the "general proposition, 'Don't do it if there's a way around it'", I think that proposition to be (even purely logically) absurd. The "way around it" would be another "it" to which the rule would apply, and so on. Another instance of John putting words in my mouth I didn't (and wouldn't) utter is his "Joe Weizenbaum says that [SDI] attempts a technological solution to a problem that should be solved morally". He makes it easy for himself to score a point by pointing to the slowness of "moral progress" and so on. I believe I wrote that SDI is a technological fix for a problem that is primarily political, cultural, economic, and so on, and that it has to be attacked in these contexts, that we must actually confront the problem of how peoples who organize their societies differently from one another can peacefully share the same globe. That is considerably different from saying the problem should be "solved morally". The trouble with technological fixes is often, and I think in this case, that they give the impression the problem has been dealt with and that no further efforts to deal with it are necessary. In the present instance the spread of such an impression with respect to the peaceful coexistence of the Western and the Eastern block nations could be fatal to the whole world. ------------------------------ Date: Fri, 13 Sep 85 13:48:04 CDT From: moorel@EGLIN-VAX Subject: Subjective Factors in Risk Assessment To: RISKS@SRI-CSL.ARPA There is a very interesting article about various types of risks and the way that people perceive them in the October issue of _Science_85_. In particular, it makes a couple of points that I feel are quite relevant to this forum's discussions. First, that people respond to risks differently depending on whether the risk is presented as a positive or a negative risk. "Because losses loom larger than gains, we are more willing to gamble to avoid them." Second, it points out that most people are less concerned and aware of the risksof things over which they feel that they have some control. "If we can't be certain about the risks we face, we at least want to have some control over the technologies and activities that produce them." When we look for examples of the risks of using computer technology vs. the risks of not using computer technology, we ought to keep these two ideas in mind, and ask ourselves whether we are being truly objective about the risks involved or are we letting other, subjective factors influence our judgement. I recommend this article for your reading. Lynne C. Moore (MOOREL AT EGLIN-VAX.ARPA) ------------------------------ Date: Fri, 13 Sep 85 10:56:21 PDT From: Charlie Crummer To: risks@sri-csl Subject: Moral vs. Technological Progress > From: McNelly.OsbuSouth@Xerox.ARPA > In-Reply-to: NEUMANN%SRI-CSLA:ARPA's message of 13 Sep 85 01:19:23 PDT > (Friday) >>>Alas, >>>moral progress has been so slow that almost the only moral problems to be >>>even partially solved are those that can at least partially been turned into >>>technological problems. >>Not true, viz. cannibalism and slavery. > Actually, it's my understanding that the demise of slavery was due to > technological advances which made slavery economically unfeasible. The > invention of the cotton gin, for example, made it only a matter of time > here in the US before slavery died out. As far as cannibalism goes, I'd > say that was more caused by Western culture steam-rolling over the > cannibals. > -- John -- Actually McCarthy's original comment presupposes that moral and technological progress are comparable. It is that assumption that I disagree with. Ethics and the attendant morality provide the context within which all activity, and in particular technological progress, exists. Morality and technology are not substitutes for one another and moral progress is not dependent on technology nor vice versa. There is always technological progress attendant to moral progress just because there is always technological progress. --Charlie ------------------------------ End of RISKS-FORUM Digest ************************ -------