Subject: RISKS DIGEST 11.88 REPLY-TO: risks@csl.sri.com RISKS-LIST: RISKS-FORUM Digest Wednesday 12 June 1991 Volume 11 : Issue 88 FORUM ON RISKS TO THE PUBLIC IN COMPUTERS AND RELATED SYSTEMS ACM Committee on Computers and Public Policy, Peter G. Neumann, moderator Contents: Massive war resistance movement? 1.7 million defective resistors (PGN) Computers and Exporting (Ralph Moonen) Re: Formalism versus Experimentation (Eric Postpischil, Jerry Leichter, Martin Minow, Geraint Jones, Timothy Shimeall, Eric Florack, Jean-Francois Rit) Caller ID -- The Risks are already here! (Lauren Weinstein) The RISKS Forum is moderated. Contributions should be relevant, sound, in good taste, objective, coherent, concise, and nonrepetitious. Diversity is welcome. CONTRIBUTIONS to RISKS@CSL.SRI.COM, with relevant, substantive "Subject:" line. Others ignored! REQUESTS to RISKS-Request@CSL.SRI.COM. For vol i issue j, type "FTP CRVAX.SRI.COMlogin anonymousAnyNonNullPW CD RISKS:GET RISKS-i.j" (where i=1 to 11, j always TWO digits). Vol i summaries in j=00; "dir risks-*.*" gives directory; "bye" logs out. The COLON in "CD RISKS:" is essential. "CRVAX.SRI.COM" = "128.18.10.1". =CarriageReturn; FTPs may differ; UNIX prompts for username, password. ALL CONTRIBUTIONS CONSIDERED AS PERSONAL COMMENTS; USUAL DISCLAIMERS APPLY. Relevant contributions may appear in the RISKS section of regular issues of ACM SIGSOFT's SOFTWARE ENGINEERING NOTES, unless you state otherwise. ---------------------------------------------------------------------- Date: Tue, 11 Jun 91 17:02:24 PDT From: "Peter G. Neumann" Subject: Massive war resistance movement? 1.7 million defective resistors 1.7 million resistors used in F-15s, Patriots, radars, and other systems are being recalled and checked for flaws. Some were shipped back in 1989, others more recently. The resistors were made by Philips Components of West Palm Beach, which is aware of only three failures. The defense contractor Eldec is facing "financial losses because the military is not accepting its shipments of electronic equipment while it searches for the defective resistors." "Philips officials said the resistors also were sold to civilian customers, including commercial aircraft manufacturers." [Stark abstracting of an AP item from the San Francisco Chronicle, 8 June, p. A15] [Instead of resisting defectors, we have defecting resistors.] [The risk that a systematically reproduced fabrication flaw could be perpetuated though many systems using the flawed component type is truly a frightening one. The notion of a universal Trojan horse circuit that would fail at roughly the same time throughout the world is even more frightening. (You know how accurately appliances can be made so that they work until just after the warranty expires? Well, that technology could be applied to age-specific fail-certain components. But then, beware of Byzantine systems using multiple sources of separate and supposedly independent sets of circuits where it turns out that one component always comes from the same vendor...!] ------------------------------ Date: Tue, 11 Jun 91 21:20 MDT From: rmoonen@hvlpa.att.com Subject: Computers and Exporting In a recent discussion with colleague's of mine, we came up with another difficult point in the information frontier. Legal definition of 'export' does not cover all methods of transport and representation. Take for instance the DES export restriction. Sources for des have been posted on Usenet. Granted, it was with distribution USA. However, with modems being cheap, and telephone lines readily available, there is nothing to stop someone logging in on a USA Usenet supporting site. Who has now breached the anti-export regulation? The site for being accesible from abroad? The user who downloads the sources? The poster? What's more, what gets restricted. Sources? Binaries? What if the sources are crypted? They are no longer useable as a program. Not in executable form, not after compilation. (Even if the compiler doesn't blow up :-). Are crypted binaries export resticted? The problem becomes more complex when you take Patent laws (PKP RSA Patent) and copyright laws into account also. This discussion started, when I mentioned that our Usenet servers get USA distribution news, while I live and work in The Netherlands. Does this mean that anyone posting export resticted sources that, because of network structure also get distributed outside of the USA, is commiting a crime? I hardly think so. Could someone with more legal experience comment on this? --Ralph Moonen --rmoonen@hvlpa.att.com ------------------------------ Date: Wed, 12 Jun 91 06:01:04 PDT From: "Eric Postpischil" Subject: Re: Formalism versus Experimentation In regard to the question of formalism versus experimentation in the education of computer science, let us assume, for the sake of argument, that we are interested primarily in women's achievement and that women prefer experimentation and teamwork to solitary abstraction. Even granting these assumptions, is not the proper question to ask "Which method of teaching women is best for their learning?" rather than "Which method of teaching women most addresses women's preferences?". That is, even if we assume experimentation and teamwork is best for women, this does not necessarily mean teaching with experimentation and teamwork will produce better women computer scientists than would teaching with formalism. ------------------------------ Date: Wed, 12 Jun 91 08:56:24 EDT From: Jerry Leichter Subject: Sexism, programming, and social goals Hal Pomeranz is "dismayed" by Ed Nilges' attack on comments in a CACM article that claim Dijkstra is "sexist" for calling for more formalism in computer science education, since it is observed fact that women are discouraged by subjects based on formal mathematics and logic. He claims that "Ed's analysis of the situation appears to have some huge holes in its logic." I am dismayed by Pomeranz's apparent new definition of "logic." What's really going on here has nothing to do with "logic"; it is a disagree- ment on basic goals. Dijkstra and Nilges have the following as their goal for computer science education: Goal EFF: Computer science curricula should be constructed to educate students in the techniques that have been found to be most effective in producing working, usable, safe, programs. Pomeranz, Nye and Bernstein (whose CACM comments Nilges was responding to) have the following goal: Goal EQL: Computer science curricula should be constructed so that women have an fair chance to enter the field of computer science. We determine that this goal has been attained when the percentage of women in the field matches that in the general population. Having chosen a goal, one can apply logic or empirical investigation to determine whether particular steps are appropriate to it. One can attack Dijkstra by pointing out that few real systems are amenable to the level of formalization he used. One can attack a program attempting to encourage women to take logic courses so that they will be prepared for a Dijkstra- style computer science curriculum by showing that women don't wish to take such courses, or do poorly in them. However, the choice between the goals (if indeed a choice is necessary) has nothing whatsoever to do with computer science. It touches on fundamental polical and social policies that apply equally well in all fields. Change the references to computer science curricula in the goals to "corporate management structures" and you get a pair of goals that are equally being debated. Change "women" to "blacks" and you get another pair of currently debated goals. At one time, there was broad agreement that Goal EFF was the only important one. Then Goal EQL was proposed. Those supporting this goal have gone through three distinct phases: 1. The goals are compatible: Men and women are fundamentally equal. The only reason we haven't attain them is because of current (later, past) dis- crimination. If we eliminate the discrimination (and through special compen- satory efforts make up for the past discrimination) we will soon attain both goals simultaneously. 2. Men and women are essentially different and have different and complemen- tary perspectives on problems. By striking out on their own, women will find new approaches to computer science problems, thus enriching the field. (This particular phase wasn't very visible in computer science, but was universal for several years in such fields as history and psychology.) By working to attain Goal EQL, we will simultaneously attain Goal EFF. 3. Men and women are fundamentally different, and it is inherently unfair to require women to adjust to the male way of doing things. This unfairness is basic, and Goal EQL is essential. Goal EFF is a minor thing in comparison, and any conflict between the two goals must be decided in favor of Goal EQL. (Before all this, of course, there was a Phase 0: Goal EFF is central, Goal EQL is "nonsense", because "the gal's just don't have a head for logic". Isn't it amazing how far we've come in 30 years?) My own view is essentially compatible with Phase 1, though I certainly have no objection to those who believe in Phase 2 and are willing to try to create new perspectives: It's hard work, but any such effort has the chance of re- ceiving a major payoff. Debate with those who espouse Phase 3 is impossible: They have decided that such things as logic and evidence are in and of themselves sexist or racist or whatever. Without such things, debate and reasoned discussion are impossible; all that is left is resort to emotion, rabblerousing, and force (fortunately, usually manifested as laws and regulations). As long as they remain marginal and without influence, they can simply be ignored. When they begin to attain influence, they can be answered only in the same terms. -- Jerry ------------------------------ Date: Wed, 12 Jun 91 07:15:20 PDT From: Martin Minow 12-Jun-1991 0950 Subject: re: Politically correct computer programming Regarding the discussion of the impact of formalism on Computer Science education, may I point out that "Computer Science" is more than the craft/profession of Computer Programming. It is certainly reasonable to teach computer programming by example, and with very limited exposure to queuing theory, statistical analysis, and the theory of finite-state automata -- after all, we do not introduce accountants to their profession by forcing them to *prove* that 1+1=2. On the other hand, once one enters the real world, it is indeed necessary to "prove," in some rigorous manner, that the stack will not overflow, that the iteration will converge to a solution, that the ring-buffer will work both when it is empty and when it is full, that the compiler will parse all legal programs and reject all incorrect programs, that the stop light will never show green in both directions, that the database can respond to 200 queries per minute, and so on. For these problems, an understanding of formal methods is essential. Whether one should learn theory before, during, or after practice is, of course, an open question and one related to university traditions and the use one plans to make of the education. Both, however, are essential and I must respectfully disagree with Hal Pomeranz's claim that people "turned off by formal training" will become excellent programmers. I also disagree with the implicit claim that women are, as a class, less able to absorb formal methods and, consequently, excluded from the profession. Martin Minow minow@ranger.enet.dec.com ------------------------------ Date: Wed, 12 Jun 91 11:06:40 BST From: Geraint Jones Subject: Re: The impact of formalism on Computer Science education The mild altercation between Ed Nilges (RISKS-11.86) and Hal Pomeranz (RISKS-11.87) just goes to show how hard it is to understand someone else if we don't make an effort to see the world from the other bloke's (apparently) cockeyed stand point. Just suppose, for the moment, that bridge building, or as one has to say these days civil engineering, is best approached by the more formal knowing-what-you-are-doing route; and just suppose that education in formal techniques does discourage partcipation by (say) right-handed people. In that case, one might expect to be able to get more right-handers into the subject by encouraging an experimental approach. However, you would not be educating them as good bridge builders. On the other hand, a rigid adherence to formal bridge design techniques would tend to make civil engineering a profession of a minority of the population. Bridges would become magical objects little understood and much feared by the rest of us. Now, do you want to live in a world where bridges are essentially experimental constructions in which you wouldn't want to trust? No. Or would you prefer a world in which we worship bridge-builders and live in fear and awe of their constructions? Of course not. I hope you can't tell which side of the argument I would defend if pressed. g ------------------------------ Date: Wed, 12 Jun 91 09:35:51 PDT From: shimeall@taurus.cs.nps.navy.mil (timothy shimeall) Subject: Conflicting goals (was Re: the impact of formalism...) Before diving into accusations of sexism, let's be sure that we are working to the same goal: Dijkstra (and apparently Nilges) is trying to promote the improvement of quality of programming, building better code with fewer bugs. Bernstein (and apparently Pomeranz and Frankel) is trying to promote the improvement of participation in programming, allowing more people (in this example, women) to program. These are BOTH laudible goals, but they are different goals and may conflict. All people (both men and women) do not have an equal talent for mathematical reasoning or inclination thereto. Is it sexist to point out that those with a high level of talent for mathematical reasoning have tools (mathematical techniques) available to use that those with a low level of talent do not have? Is it sexist to suggest (as Dijkstra has) that for some projects with a high need for quality, only those familiar and trained in mathematical reasoning (i.e., only those with the needed mental tools) should be allowed to program? Isn't there a need to differentiate programmers by background and ability, particularly in developement of life-critical systems? I don't believe that a high level of mathematical reasoning is needed for every programming project. Well-explored, low-risk application areas with a plethora of examples to work from may not demand mathematical reasoning for their programming. There is thus room in the programming profession for some without this talent. I applaud those who seek to encourage sexual equality in hiring those with the needed talents and inclinations for programming. As one who spends a LOT of time inducing individuals (of both sexes, the US military services do not consider sex when selecting for graduate education, and thus our student body is roughly 30% women) to reason logically about programs and programming, I welcome ANY efforts to improve the volume of participation in - and/or level of quality of -- software development. Tim ------------------------------ Date: Wed, 12 Jun 1991 07:41:47 PDT From: Eric_Florack.Wbst311@xerox.com Subject: Re: Formalism versus Experimentation =-=-=-= Ed concludes "Dijkstra is right and Nye and Bernstein are wrong" because he -=-=-=-= IMHO, Ed's right. Since what we are dealing with, when we program, is logic, should we not have the ability to reach conclusions in a logical manner? To that end, should we not have above a passing understanding of logical thought? I am dumbfounded by: =-=-= ... Bertstein's criticisms are, I believe, pointing out that the changes proposed by Dijkstra would be yet another barrier to women wishing to enter the field of Computer Science. =-=- While you are most correct in your assesment of a lack of educational even-handedness amongst the sexes, I question your conclusions.. Do we attempt to change laws of chemestry and electricity because of a particular group of students' inability to learn the laws as they are? IE: do we attempt to change reality to aid some people's ability to deal with it effectively? Why, then do you conclude that to learn computer logic, one need not learn logic, first? Is it simply because of one 'minority' or another's inability to deal with that progression? You say: =-=-=-= All education would benefit from massive dose of new and different thinking, so as to encourage marginalized groups to participate more fully, rather than a retreat to older, more formal approaches which would only push groups on the outside farther out. -=-=-= It is the retreat from the more formal, (and yes, harsher) learning environments, the 'massive dose of new ideas' that have placed this country into the educational crisis it's in today, where nearly 50% of high school students cannot read effectively. In the 'marginalized groups' as you put it, these percentages are even higher... we expect less of them, so they produce less. What you suggest is more of the same. It's sorta like the drunks in a car. THe car is in reverse and they notice they're headed for the cliff. THe drunk that's driving comes to the conclusion that the car will move forward if he pushes the gas pedal down real hard. The result, of course, is very predictable. Sorry, Hal. No sale here. Eric Florack:Wbst311:xerox ------------------------------ Date: Wed, 12 Jun 91 10:31:08 -0700 From: Jean-Francois Rit Subject: Are women a computer risk? And what about foreigners? The discussion revolves around straightening the three following inconsistent propositions: 1 Abstract logic is necessary to the computer industry 2 Logic is not compatible with women 3 Women must have an equal access to the computer industry Negating one of these propositions is sufficient to make them all consistent. Therefore the issues are: 1 Is more abstract logic necessary to the computer industry? In particular, is it necessary to avoid computer related risks? This is the abstract, purely technical argument. You can try to prove this, but it won't be easy. A substitute is relating anecdotes in comp.risks. 2 Is logic incompatible with women? This is probably not what should be discussed in this forum. Unfortunately I personally think this is the weakest point and therefore the thing that should be "fixed" if that were the case. 3 Should an equal access of women to the computer industry be enforced, no matter what added risks this involves? This is the political (in a broad sense) argument. More than a "Men against women" issue, the discussion stems from accepting or not that politics interferes with pure technic. Computer related risks address the impact of computer technology on society and employment in the computer industry is unavoidably one of them. Hal Pomeranz likens requiring the use of formalized logic to that of a foreign languages as an arbitrary but effective way of discouraging people from entering a field. What about non-anglophone students who want to enter the computer industry or let's say computer science research? Most of them have *at best* a knowledge of conversational english, yet they have to access to hard technical literature. Those who are not proficient enough or cannot adapt are definitely weeded out. You can find this perfectly normal or unacceptable depending on how much you think cultural imperialism is relevant to computer education. Jean-Francois Rit Tel: (415) 725 8813 CS Dept Robotics Laboratory e-mail: rit@cs.stanford.edu Cedar Hall Stanford, CA 94305-4110 ------------------------------ Date: Tue, 11 Jun 91 18:59:08 PDT From: lauren@vortex.com (Lauren Weinstein) Subject: Caller ID -- The Risks are already here! The Caller ID (CID) situation in California is still undetermined, other than that per-call CID blocking will definitely be provided at no charge, since this has been mandated by state law. It is decidedly unclear whether or not such blocking will be effective on interstate calls, since such calls are an FCC, not PUC (Public Utilities Commission), matter. A similar unclear situation exists with regard to 800 and 900 calls (remember that most 800 calls already have CID attached to them, at least on customer bills--and you can sign up for instant delivery of the caller numbers if you want them). Current rules seem to imply that CID blocking will not apply to 800/900 calls. I recently sent a letter to the California PUC promoting the need for per-line CID blocking, and asking a number of questions regarding call-return operations when the original caller had blocked their CID (the key question: since it is proposed that call-return would still function in this case, what number would show on the phone bill of the person activating call return in the case of message-unit and toll calls? Would it be marked "private"? Would only a partial number be shown? As for per-line blocking, I feel strongly that subscribers should not be required to take *extra* steps to maintain a level of privacy that they have already come to expect over the years. Particularly when people are in unusual locations, or under stress, elderly, in a hurry, etc., they are the least likely to remember about dialing special codes--even though they might especially need their number privacy in those situations. Nor should subscribers be forced to purchase special equipment to dial blocking codes for them when they're calling from their "normal" location. I have proposed that all unlisted/non-published numbers have caller-ID blocked by default, with all subscribers offered a one-time opportunity to choose the mode (blocked or unblocked) that they prefer without charge, after which further changes in the per-line CID blocking status would be subject to a fee. I have also proposed the availability of codes to change the per-line CID blocking status on a per-call basis (both for enabling and disabling CID). There is a fascinating publication that relates to all of this. It was originally provided to me by a company that builds equipment for CID number capture (Automatic Number Identification -- ANI capture). While it is primarily oriented toward use on existing 800 ANI capture systems, it is obviously looking forward to full-scale CID availability for non-800 calls. The publication is called "Inbound/Outbound" -- "Using Technology to Build Sales and Deliver Customer Service". It was a supplement to "Inbound/Outbound" magazine from July 1990. It is heavy on the promotion of MCI ANI delivery systems, which isn't surprising when you notice that the publication was prepared under the direction of MCI employees. Many manufacturers of ANI related equipment and systems (including name/address database lookup services) have ads within. It is a veritable cornucopia of endless praise for ANI/CID systems--I was unable to find a single negative statement concerning these systems. As far as they are concerned, ANI/CID is the best thing to happen to sales since the invention of the phone. There are database services who can search between 60 and 90 million name/address entries "instantly" over networks in response to incoming ANI phone number info, and others who will take a tape or floppy and get you the info "offline" at a lower price. One of their suggested applications for ANI/CID is hanging up on or refusing to answer calls from "suspicious" phone numbers with which you've had problem calls in the past (the RISKs are obvious). Another is recognize the phone number of your better customers and route them to operators ahead of all the other poor slobs waiting for assistance. Yet another is call back people who hang up without waiting for an answer on your sales lines. Overall, they list a range of applications (including various authentication applications) that seem to imply that (1) Everyone wants everyone to know who they are when they make a simple call, (2) Your customers will always call you from the same phone number, and you have the right to call them back on whatever number they happen to call you from, and (3) People hardly ever change their phone numbers. They also throw out the usual arguments about the use of ANI/CID in emergency situations, even though we all should know by now that 911 services are exempt from CID blocking. Most of the associated privacy RISKs with this technology have been discussed in this forum before, but I want to emphasize the incredible degree to which the intertwining of ANI/CID and database services can result in instant information about the caller (or rather, about the caller's phone number!) being provided to the entity being called, (though not necessarily accurate information, of course!) Not only can name/address be provided from the caller phone number, but also other nifty data such as "dwelling unit code" (what kind of residence are you living in? Do you live in a "bad" part of town?) and "wealth code" (are you rich? Does the company even want to bother talking to you?), and numerous others. There is also apparently talk of connecting into the credit inquiry databases so that, essentially, when you call a firm, it is possible that everything about that call will have been determined based on the voluminous information they were able to dig up from your phone number during a couple of rings! How you will be treated, who will answer your call, how long you wait in the queue, what they will say to you, and a range of other decisions can be made before you've said *one word* -- all based on the phone number from which you're calling, with all the issues of privacy and accuracy that accompany such a scenario. And remember--this is happening *right now*. These services exist today; they can be subscribed to immediately. Your area does not need to have local CID for your number to be transmitted via 800 or 900 calls--in fact, about 90+% of the phones in the U.S. are already transmitting their numbers on 800 and 900 calls. As more areas achieve "equal access" long distance carrier status, that number will eventually reach 100%. Local CID blocking will probably *not* block the delivery of your number via 800/900 calls under the current rules, though the definitive status of such calls remains unclear. We need federal legislation to address these issues, and we need it now. These concerns can not be dealt with effectively on a local or state basis. It's up to those of us who are aware of the dangers inherent in these systems to make our concerns known and push for appropriate improvements in the Privacy Act and other related legislation. Please feel free to contact me if you'd like further information about any of these topics. --Lauren-- ------------------------------ End of RISKS-FORUM Digest 11.88 ************************