Subject: RISKS DIGEST 10.07 REPLY-TO: risks@csl.sri.com RISKS-LIST: RISKS-FORUM Digest Friday 8 June 1990 Volume 10 : Issue 07 FORUM ON RISKS TO THE PUBLIC IN COMPUTERS AND RELATED SYSTEMS ACM Committee on Computers and Public Policy, Peter G. Neumann, moderator Contents: Europarliamentory software protection deadlock? (Herman J. Woltring) Computer Aids May Hurt in Decision Making (Brad Dolan) Re: Another egregious database (Steven Philipson, Pete Mellor, Edwin Wiles) Re: Risks of Caller Identification (Jeff Johnson) Re: Steven Jackson Games (Jerry Leichter) Glass cockpits (A320, etc.) (Steven Philipson) Stonewalling with computers (Simon Turner) The RISKS Forum is moderated. Contributions should be relevant, sound, in good taste, objective, coherent, concise, and nonrepetitious. Diversity is welcome. CONTRIBUTIONS to RISKS@CSL.SRI.COM, with relevant, substantive "Subject:" line (otherwise they may be ignored). REQUESTS to RISKS-Request@CSL.SRI.COM. TO FTP VOL i ISSUE j: ftp CRVAX.sri.comlogin anonymousAnyNonNullPW cd sys$user2:[risks]GET RISKS-i.j ; j is TWO digits. Vol summaries in risks-i.00 (j=0); "dir risks-*.*" gets you directory listing of back issues. ALL CONTRIBUTIONS ARE CONSIDERED AS PERSONAL COMMENTS; USUAL DISCLAIMERS APPLY. ---------------------------------------------------------------------- Date: Thu, 7 Jun 90 11:53 N From: Subject: Europarliamentory software protection deadlock ? Software protection debate in European Parliament in deadlock? "If builders built houses the way programmers write programs, the first woodpecker coming along would destroy civilization" (Anonymous, attributed to Murphy) Following the proposed Community Directive on Software Protection of 1988 to which legislation in all twelve member states of the European Community should adhere, various committees in the European Parliament have occupied themselves with the proposed regulations. Today, June 7, 1990, is a renewed and delayed deadline for submission of amendments to the Committee on Legal Affairs and Citizen's Rights who hope to come to an agreement on 18 and 19 June 1990. If agreement is reached, the final proposal will be submitted to the plenary meeting of the European Parliament in Strasbourg, France, to be voted upon during July 1990. However, there appears to be considerable disagreement on the proposed copyright exemptions under Article 5. In the final report by the parliamentory Committee on Financial and Monetary Affairs and Industrial Policy (Draftsman: Mr K. Pinxten M.E.P., 22 March 1990, PE 134.05/fin.) to the Committee on Legal Affairs, the following copyright exemptions were proposed: Article 5(1). Where a computer program has been made available to the public IN A LEGAL MANNER, the acts enumerated in Article 4(a) and (b) shall not require the authorization of the rightholder, in so far as they are necessary for the use OR SCIENTIFIC ANALYSIS OR TESTING of the program. Article 5(2). Where a computer program has been made available to the public IN A LEGAL MANNER, THE RIGHTHOLDER MAY NOT PREVENT THE NORMAL USE OF THE PROGRAM BY THE PUBLIC IN PUBLIC LIBRARIES. Article 5(3). A LICENCE AGREEMENT OR OTHER WRITTEN AGREEMENT MUST NOT CONTAIN ANY CLAUSES WHICH CONFLICT WITH THE PROVISIONS LAID DOWN IN PARAGRAPHS 1 AND 2. The acts in Article 4 refer to copying, translation (assembling/compiling), viewing and running for normal operation of a `program' in, presumably, source, object, or executable form. Interestingly, the explanatory notes to these amendments dwell extensively on normal use, library exemptions, and the mandatory nature of these conditions, but not at all on the `scientific analysis and testing' provision as proposed for Article 5(1). Under the Berne Author's Rights (`Copyright') Convention upon which the European Community wishes to base its Directive, personal CREATIVITY rather than engineering / corporate EFFORT determines whether a work is protected. It is in this respect that software quality and safety are at stake. Any creative activity is bound to be error prone (and especially so under competition-based time constraints), and it has only been since recently that this is being recognized by legislative and regulating bodies. In a recent U.S. report BUGS IN THE PROGRAM (*), a serious lack of testing norms for safety-critical software is apparent (e.g., aircraft control, medical equip ment), "At the present level of understanding in software engineering, Federal agencies cannot be assured the software they oversee and use is correct; they CAN determine whether the software developer understands good practices that are necessary to produce quality software. Further, review and analysis and test results are useful, though this offers no safety guarantee." If legislative and regulating bodies in a major software producing country like the U.S.A. recognize their limitations to assert software quality, it would seem that new regulations should provide room for such validation and testing by others. One such a regulation might be the proposed amendment on analysis and testing, insofar it cannot be excluded by contract, AND insofar it extends to third parties like consumer societies and other investigating entities, including the right to publish the findings from such (scientific) endeavor. (*) Bugs in the program -- Problems in Federal Government Computer Software Development and Regulation. Subcommittee on Investigations and Oversight to the Committee on Science, Space and Technology, U.S. House of Represen- tatives, August 3, 1989 (submitted by James H. Paul, Staff Member and Gregory C. Simon, Staff Director and Councel). See also Michael Rogers & David L. Gonzalez, Can We Trust Our Software? Newsweek, 29 January 1990, pp. 42-44. [Note: the library exemption does not seem to encompass the custom in many university computer centers that software can be borrowed by staff and students for exclusive use on local PC's] Herman J. Woltring, CAMARC partner (NL) Brussellaan 29, NL-5628 TB Eindhoven The Netherlands, tel & fax +31.40.413744 CAMARC ("Computer Aided Movement Analysis in a Rehabilitation Context") is a project under the Advanced Informatics in Medicine action of the Commission of the European Communities (AIM/DG XIII-F/CEC), with academic, public-health, industrial, and independent partners from Italy, France, U.K. and The Nether- lands. Its scope is pre-competitive. ------------------------------ Date: Mon, 4 Jun 90 12:37:26 GMT From: pine_ridge@oak.span (Brad Dolan) Subject: Computer Aids May Hurt in Decision Making [From the _Wall Street Journal_; June 1, 1990, p. B1.] COMPUTER AIDS MAY HURT IN DECISION MAKING Computer programs designed to assist managers in making decisions don't always help, and sometimes can hamper performance, a team of researchers finds. Jeffrey E Kottemann, assistant professor of computer information systems at the University of Michigan, simulated a manufacturing-production process in a growth industry. He had M.B.A. students decide on output and staffing, given uncertain demand, over 24 mock quarters. One group used a spreadsheet-oriented computer aid that helped members evaluate alternatives. The other group was on its own, relying on intuition and experience. Contrary to Mr. Kottemann's expectations, the computer-assisted people significantly underperformed unaided, in the initial experiment as well as two follow-ups. With the computer aids, he says, people appear to have sought short-term results by understaffing and underproducing. But those decisions, over time, meant lost sales and extra costs. Oddly, the computer-aided group didn't recognize that using the programs led to poor decisions. "They were significantly more confident in their performance than the unaided group," Mr. Kottermann says. He and two colleagues, Fred D. Davis Jr. and William Remus, plan further work to help explain when and how computer aids affect actual and perceived performance. Brad Dolan Science Applications International Corp. ------------------------------ Date: Thu, 7 Jun 90 15:26:06 PDT From: stevenp@decpa.pa.dec.com (Steven Philipson) Subject: Re: Another egregious database (Anacker, RISKS-10.05) Mark Anacker (marka@dsinet.UUCP) writes about "Another egregious database". The database that Mark reported on is not merely "egregious", but is excessively intrusive and constitutes a massive invasion of privacy as well. The inventors of this scheme posit that closely kept records would motivate disadvantaged students to attend classes more regularly and strive harder to perform. There seems to be no basis for these claims. A more effective argument could be made such that such record keeping would discourage students -- any minor slip would be recorded and permanently held against them. The system would appear to be designed to hold them back, thus further alienating them from the school and society as a whole. The data collected in this system could be used as a basis to disqualify or downgrade students for jobs and college acceptance based on their well-documented poor attendance, lack of motivation, and poor performance. Standardized tests provide some objective measure of skills and capabilities of students. This new system seems to provide a mechanism for rejecting students on more subjective grounds. >If the system is successful, says Elford, it would provide an incentive for >apathetic students to do well. This logic is backwards. The success of a tracking/incentive system should be judged on how well it motivates students and effects their learning. A perfectly implemented system that negatively effects the students cannot be considered a success. >Is it just me, or does anyone else have a problem with this? It's not just you. This proposal is offensive, and the article is amazingly blind to its problems. Hopefully the communities involved will do better. If not, perhaps they'll give it an appropriate name and slogan: Long Live Big Brother! Steve Philipson ------------------------------ Date: Thu, 7 Jun 90 21:20:17 PDT From: Pete Mellor Subject: Re: Another egregious database (+ egregious student assessments) In RISKS-10.05, from the June 3rd 1990 Seattle Times, courtesy of Mark Anacker: > Imagine if an employer could find out how many times a prospective employee > had been late for school, or if a business could tap into a pool of high > school graduates and find the model employee. (Article about "Worklink, the program designed to connect education and business") Who *wants* to employ these paragons? An article in New Society many years ago carried an article about how research grants were awarded. The discussions of an imaginary committee were reported, considering the following two cases: Student A had hypochondriac tendencies, and a noted aversion to serious work. A completely undistinguished undergraduate career at Cambridge had been spent mainly indulging in drink and sport, apart from his hobby of collecting insects. He now wanted to go on a round-the-world cruise on some research ship with no well-defined research objectives whatsoever in mind. Student B was rather withdrawn and given to boughts of introspection on obscure and irrelevant topics understood only by himself. His medical records reveal that he did not speak until the age of four. His habits were eccentric: he sometimes wore no socks, and had been caught wearing his landlady's tablecloth as a scarf. This general neurotic impression was confirmed by the fact that examinations reduced him to a state of nervous collapse for several months before and after. Since graduation, he had been employed as a clerk in a patents office. Needless to say, the committee did consider either student worthy of an grant. Unfortunately, the first was Charles Darwin, and the second was Albert Einstein. Still, we can't all be eccentric geniuses. If you want a reliable guy to serve on a burger stand, try Worklink! :-) Pete Mellor ------------------------------ Date: Thu, 7 Jun 90 19:36:44 EDT From: ewiles@iad-nxe.global-mis.dhl.com (Edwin Wiles) Subject: Re: Another egregious database (RISKS 10.05) Yes, I too had a problem with this, until I ran across the following paragraph... >Under the voluntary program, everything from prose reading and document ^^^^^^^^^^^^^^^^^ >reading to punctuality would be assessed and, subject to student approval, ^^^^^^^^^^^^^^^^^^^^^^^^^^^ >entered into the student's record. Since the program is voluntary, and the information in it is "subject to student approval", I have fewer problems with the database itself. Yes, unscrupulous school administrations could indeed enter data that the student had not aproved, but discovering this should be as easy as getting a copy of your school transcript is now. (It's VERY easy for me.) However, all it has done is moved the 'disadvantage' from the "post-school" period (i.e. writing impressive resumes), to the "in-school" period (i.e. getting sufficient counseling to have 'impressive' data in your records). At my high school, this would have been something of a lost cause. There were only two counselors for the entire school. Fortunately, I was well motivated and already knew what I wanted, so I didn't need much counseling. Youth has such an ability to disregard unpleasant consequences.... Edwin Wiles, NetExpress, Inc., 1953 Gallows Rd. Suite 300, Vienna, VA 22182 ------------------------------ Date: Thu, 07 Jun 90 12:59:12 PDT From: Jeff Johnson Subject: Re: Risks of Caller Identification (Re: desJardins, RISKS 10.05) David desJardins writes: > If you walk up to my door and knock, I can find out who you are (by taking a > photograph through my peephole). So logically police informants don't expect > to be able to walk up to doors anonymously. Neither should they expect to be > able to enter homes via telephone anonymously. Let us be clear about who Caller ID benefits and who it does not benefit. As far as residential phone users are concerned, Caller ID is not much better than receiving anonymous calls. That is, having the number of the calling phone is *not* sufficient information to decide how to handle the call, since the vast majority of calls will be from unrecognized numbers, which could just as easily be from a spouse stranded with a broken-down car as from a stranger. A real name -- a simple ascii string -- typed by the caller at call time or sent from a card that the caller placed in the calling phone, would be be far more useful to the callee for call screening purposes. For businesses on the other hand, Caller ID is *much* better than receiving anonymous calls. That is because businesses want the number for a *different* reason than residential customers do: they aren't trying to screen calls; they are trying to collect marketing information. Thus, they need an ID that can serve as a link back to the caller. Phone numbers -- via reverse directories that are readilly accessible -- serve this purpose. For businesses, a simple string like "John" or even "Mergatroyd D. Fitzsimmons" wouldn't be useful because it can't serve as a unique link back to the caller. My preference would be to hold out for a solution that provides real benefits for residential users, and that does *not* provide benefits for businesses. JJ ------------------------------ Date: Thu, 7 Jun 90 09:43:30 EDT From: Jerry Leichter Subject: Re: Steven Jackson Games (RISKS-10.04) In a recent RISKS, Jim Harkins (correctly) writes that we consider books con- taining all sorts of details about how to commit crimes to be legal. He then says: I [haven't] done anything wrong by offering a suggestion on improving your monthly income [by holding up gas stations] :-) Of course, if I suspect that you did use my suggestion then by not finking on you I am breaking the law. This last sentence is FALSE. You have, in general, no positive duty to report your knowledge of a crime, much less your suspicions. There are some special cases, mainly having to do with "officers of the court" or police; if you fall into one of these special categories, you should know. In fact, under some conditions your reports, if false, MIGHT be actionable as libel or slander. (There's a fine balance of interests here - society's interest in seeing crimes punished and, if possible prevented; and individuals' interest in seeing their privacy and "good name" protected. As an analogy - one where the "damage" is considered more severe - anyone has the right to make a "citizen's arrest" of the committer of a felony. But beware: If you exercise this right, you MUST be right in your claims! If the person you "arrest" did not in fact commit the felony you "arrested" him for, he can successfully sue you (probably for battery). That you BELIEVED he had committed a felony, even had very good reason for such a belief, is insufficient. This is one place where police officers have much, much broader lattitude than the average person.) On the other side, one thing you have to watch out for in this context is conspiracy laws. These were great favorites for going after people unpopular with the authorities back during the anti-Vietnam-war protests of the '60's, since they are so broadly drafted. As I recall, if 2 (3?) or more people discuss an illegal act, and at least one of them then goes out and performs any concrete action in furtherance of that act, all can be found guilty of conspiracy, a crime for which the penalty can be more severe than that for the underlying act. (In fact, I believe conspiracy to commit a misdemeanor can be a felony!) The example a lawyer friend of mine came up with was: He says to two of us "Why don't we get together and monopolize sales of used cars in this state." One of us later goes to a used-car dealership and looks around. The- oretically, all three of us are guilty of conspiracy. Fortunately, conspiracy laws are used mainly as "add-ons" to provide bargaining chips for plea bargin- ing in cases where crimes really have occurred. If they were abused, they might very well be tossed out as unconstitutional - though given the tenor of the times and today's court system, even that is hard to be sure of. And you thought programming hard real-time systems was hairy! Disclaimer: I'm not a lawyer, though I sometimes talk a bit like one. :-) The above is what I've gleaned from many discussions with lawyers over the years. (My wife's a lawyer. Many of her friends are lawyers. Many of MY friends are lawyers. A consulting contract I had not long ago was reviewed by no less than 5 lawyers on my side; had they all been charging me at their full rates, I would likely have gotten nothing out of the contract. Arrgh....) It is based on American law, and probably applies in more or less the same way under any system based on the Common Law - but who can tell. -- Jerry ------------------------------ Date: Thu, 7 Jun 90 19:49:48 PDT From: stevenp@decpa.pa.dec.com (Steven Philipson) Subject: Glass cockpits (A320, etc.) In RISKS 10.04 Henry Spencer (henry@zoo.toronto.edu) reports on an article in the April 30 issue of Aviation Week. In commenting on the article, Henry writes: >(for example, NASA Ames, a major center of work on such things, >has no simulator representative of modern cockpits). This is not quite what appeared in the article. Hart A. Langer (United Airlines VP flight operations) was reported to have said that "the center has no research simulator based on the glass cockpits that are in use today". [The quote is of Aviation Week paraphrasing Langer]. This is in fact true, however the Center does have a simulator on which the glass cockpits of today are based. This is the Advanced Concepts Flight Simulator (ACFS) at the Man-Vehicle Systems Research Facility (MVSRF) at NASA Ames. This simulator had its origins about 10 years ago. It's display technology had definitely fallen behind the times, but was upgraded about a year ago with current technology computer graphics workstations which drive its displays. The displays are "representative of modern cockpits". My knowledge of this is first hand -- I designed and implemented the displays and software that drive the primary flight displays in the ACFS. They were intended to model prototype displays that Boeing was working on for the 747-400. NASA has now upgraded all of the displays and is actively performing human factors research on electronic flight instrumentation systems. The general point of the article is correct however -- the technology is moving very fast, and it is difficult for the research institutions to keep up, let alone forge ahead. Thus new technologies are being fielded before their impact can be adequately assessed. Steve Philipson ------------------------------ Date: Fri, 8 Jun 90 18:47:18 BST From: Simon Turner Subject: Stonewalling with computers Back in March (shortly before the "Poll Tax" was introduced in England) I was having a little trouble persuading my local district council that I am a student, and as such need only pay 20 percent of the charge. During one of my many telephone calls to their offices, I was informed that their computer system (with all the data storage) was being upgraded, and I would therefore have to wait a long time while they tried to find my "real" file. I was given the distinct impression that it would be better if I rang back once the upgrade was finished, in a few weeks! Since this was only 4 weeks from the introduction of the Tax and I had no desire to pay 400 percent too much, I was quite prepared to wait and did so. My student status was eventually sorted out. I don't believe for a second that my district council was trying anything clever, or that the situation was in any way other than as stated. However, it now seems to me that this would be an effective stalling measure for someone who wished to deny clients access to their records -- imagine a company in financial trouble stalling enquiries about outstanding orders with tales of an unavailable computer system (and hence unavailable records), while they quietly fled the country with the bank balance. This is something new (to me), and while it is not all *that* chilling in its implications, it's a thought. Simon Turner, Robotics Research Group, University of Oxford, Dept. of Engineering Science, 19 Parks Road, Oxford OX1 3PJ, UK ------------------------------ End of RISKS-FORUM Digest 10.07 ************************