Subject: RISKS DIGEST 12.69 REPLY-TO: risks@csl.sri.com RISKS-LIST: RISKS-FORUM Digest Monday 16 December 1991 Volume 12 : Issue 69 FORUM ON RISKS TO THE PUBLIC IN COMPUTERS AND RELATED SYSTEMS ACM Committee on Computers and Public Policy, Peter G. Neumann, moderator Contents: 800 telephone outage due to software upgrade (PGN) Stock-listings typo: The possibilities are scary. (James Parry) More on Lauda crash and computers (Nancy Leveson) "Questioning Technology" in WHOLE EARTH REVIEW (Rodney Hoffman) Privacy of Email (James Ting Lui) More on E911 and representation (Bob Frankston) Re: Computer records track killer (Brinton Cooper) Re: The description is right, only the language is wrong (Scott E. Preece) The EFF Pioneer Awards (Gerard Van der Leun) The RISKS Forum is moderated. Contributions should be relevant, sound, in good taste, objective, coherent, concise, and nonrepetitious. Diversity is welcome. CONTRIBUTIONS to RISKS@CSL.SRI.COM, with relevant, substantive "Subject:" line. Others may be ignored! Contributions will not be ACKed. The load is too great. **PLEASE** INCLUDE INTERNET FROM: ADDRESS, especially .UUCP domain folks. REQUESTS please to RISKS-Request@CSL.SRI.COM. For vol i issue j, type "FTP CRVAX.SRI.COMlogin anonymousAnyNonNullPW CD RISKS:GET RISKS-i.j" (where i=1 to 12, j always TWO digits). Vol i summaries in j=00; "dir risks-*.*" gives directory; "bye" logs out. The COLON in "CD RISKS:" is essential. "CRVAX.SRI.COM" = "128.18.10.1". =CarriageReturn; FTPs may differ; UNIX prompts for username, password. ALL CONTRIBUTIONS CONSIDERED AS PERSONAL COMMENTS; USUAL DISCLAIMERS APPLY. Relevant contributions may appear in the RISKS section of regular issues of ACM SIGSOFT's SOFTWARE ENGINEERING NOTES, unless you state otherwise. ---------------------------------------------------------------------- Date: Sat, 14 Dec 91 12:24:37 PST From: "Peter G. Neumann" Subject: 800 telephone outage due to software upgrade AT&T Restores `800' Service BASKING RIDGE, N.J. (AP, Friday the 13th, December 1991) Thousands of toll-free "800-number" calls were blocked throughout the East on Friday night, American Telephone & Telegraph said. The outage struck at 7:20 p.m. as technicians loaded new software into computers in Alabama, Georgia and New York, said Andrew Myers, an AT&T spokesman. The software identifies and transfers 800 calls, he said. Several thousand calls from New England to the South were affected. The company restored service around 9 p.m., when it switched back to old software. AT&T plans to use the old software until it can find and fix problems with the new. "Obviously we don't like it when a single call doesn't get through, but I wouldn't consider this a serious problem," Myers said. ------------------------------ Date: Sat, 14 Dec 91 18:27:17 -0500 From: kibo@world.std.com (James 'Kibo' Parry) Subject: Stock-listings typo: The possibilities are scary. This is a quote from a message I just received (sent Sat, 14 Dec 91) > investor's daily has what i hope is a typo in it today > ibm is listed at 0-1/16, down 88-1/2 Now, the question is, what happens if a typo gets into the electronic stock quotations that are monitored by trading programs? Someone's computer sees IBM losing most of its value, dumps it all ASAP... kibo@world.std.com James Parry, 271 Dartmouth St. #3D, Boston MA 02116 (617) 262-3922 Independent graphic designer and typeface designer. ------------------------------ Date: Sun, 15 Dec 91 07:03:26 -0800 From: leveson@cs.washington.edu Subject: More on Lauda crash and computers >From the Seattle Post-Intelligences, Saturday December 14: "Boeing Hush-up Charged" by Bill Richards A former Boeing computer expert said yesterday that the company ordered him to play down his discovery of a software flaw in a critical control unit that could have triggered last May's fatal crash of a Lauda Air Boeing 767. Darrell Smith, a computer software engineer employed as a troubleshooter by Boeing in 1989 and 1990, said in an interview with the P-I that he warned the company last year of problems with software that runs the "proximity switch electronics unit" (PSEU) on Boeing's 747 and 767 jetliners. The device allows the plane's computerized parts to electronically converse. Smith said he told Boeing officials the software could trigger a rogue signal that would cause the plane's computer-driven systems to malfunction. But Smith said Boeing officials in charge of the troubleshooting program told him they "didn't want to get anybody excited" and ordered him to omit any mention of potential system-wide problems resulting from the flawed software from his formal report. Instead, he was told to report just on the PSEU's internal problems, he said. "They said this is a non-critical system and I couldn't use terms like `crash' or `catastrophic' in the report because they didn't want people to get excited," he said. Boeing spokesman Chris Villiers said yesterday the company hasn't had time to study all of Smith's allegations. Villiers said Boeing doesn't believe the PSEU was responsible for the Lauda Air crash. Smith's concerns about the unit's software on the 747 has been "addressed and resolved," Villiers said. Smith, who has 13 years experience as a computer engineer, resigned in June 1990 after turning in what he called a "diluted" report with no mention of the potential ramifications from the software flaws. Boeing awarded him its Certificate of Outstanding Performance just before he quit. Smith, ..., said he told Boeing officials the software contained an "architectural flaw" that could lead the unit to send a random signal to other electronic systems within a jetliner, providing them with false information. So poorly designed was the PSEU software, he said, that he recommended that it be completely redesigned. One of the electronic subsystems linked to the PSEU is the auto-restow, which is supposed to automatically retract a jet's backup ground braking system, the thrust reverser, if it accidentally starts to deploy in flight. [old news about the cause of the accident omitted]. While Villiers said that the PSEU can electronically converse with the auto-restow system on the 767, he said it could only order the system to retract the thrust reversers, not deploy them. Villiers said Boeing tested the software system in the 767 and found no evidence that the PSEU unit was putting out false messages to other systems. [Wishy washy statement by FAA omitted] But Smith said that because the software's false messages are random, it is almost impossible to determine in a laboratory setting if the PSEU software isn't working. "It all depends on what is going on with the airplane at the time," Smith said. "There's no way to repeat the exact conditions that would cause the messages to be sent. It can cause the system to crash, or get false information, or just go crazy." For example, Smith said, the control unit could notify the rest of the electronic subsystems that the plane's landing gear was down while the plane was still in flight. That would cause the auto-restow to switch to a ground-speed mode check, Smith said. The system would then "see that the aircraft was going too fast, and kick in the reverse thrusters -- while the aircraft was really in flight." [more old news about cause of crash and repetition of above deleted] Smith said that Boeing passed on the report to Eldec Corp. of Lynnwood, which wrote the software for the company, and the findings were independently verified by other Boeing computer experts. The report says Eldec's software violated seven of Boeing's own software specification.. "This problem ... is a very real and serious impediment to the correct operation of the PSEU," it concludes. Thomas Brown, Eldec's president and COO, said yesterday that the company was not aware of Smith's report. Brown said that while Eldec produced the software for PSEU units on both the 747-400 and 767, he does not know whether software could trigger the auto-restow or activate the thrust reverser system on either jet. "We are not in a position to answer that question," Brown said. "We don't know all the uses of our signals. Only Boeing can answer that." [P.S. This story was followed by a story that Lauda had just ordered four Boeing 777 jetliners and was the seventh airline to do so. It now has 86 firm orders for the 777.] ------------------------------ Date: Sat, 14 Dec 1991 16:06:44 PST From: Rodney Hoffman Subject: "Questioning Technology" in WHOLE EARTH REVIEW The Winter 1991 issue of WHOLE EARTH REVIEW is a special focus issue on "Questioning Technology". I haven't yet read it, but it certainly contains some provocative feature articles (summaries are from the magazine): Excerpt from the 1991 book "In the Absence of the Sacred: The Failure of Technology and the Survival of the Indian Nations" by Jerry Mander. Our unquestioning faith in technology's ability to solve problems has led us to the "greatest environmental crisis since the dawn of human life." "Artifact/Ideas and Political Culture" by political theorist and author Langdon Winner. Political ideas embedded in our technological tools often conflict with our stated ideals. "No innovation without representation" is the first of three steps toward technological democracy. "Assessing the Impacts of Technology" by Linda Garcia, a project director and senior analyst at the Office of Technology Assessment. Describes the approach and political pressures of OTA's work. "Renegotiating Science's Contract" by Howard Levine, philosopher and former director of the National Science Foundation's Public Understanding of Science Program. We need greater public participation in the formation of scientific and technical decisions. "Reclaiming Our Technological Future" by Patricia Glass Schuman, president of the American Library Association and of Neal-Schuman Publishers. Debunks current myths of a paperless future. "Privacy and Technology" by MIT sociologist Gary T. Marx. Examines data-gathering techniques and offers tips on protecting your privacy. Additional pieces: "NASA Goes to Ground" by Wendy Alter and James Logan "Designer As Savior, Designer As Slave" by J. Baldwin "Beauty and the Junkyard" by Ivan Illich "Technology's Backside" by Marshall P. Smith "Figure and Ground: Information Technology and the Economic Marginalization of Women" by Elin Whitney-Smith "Why Multi-Media Publishing is a Crock" by Tim Oren "The Vision Vine" by Earl Vickers "Genes, Genius, and Genocide" by Jason Clay ------------------------------ Date: Thu, 12 Dec 1991 16:19:54 -0500 (EST) From: James Ting Lui Subject: Privacy of Email The following is an article that appeared in one of this week's Pittsburgh Post-Gazettes. I was originally going to paraphrase the article, but I think that the entire article is relevant. So here it is: Is `E mail' private on firm's computer? (by Glenn Rifkin, New York Times) When Alana Shoars arrived for work at Epson America Inc. one morning in January 1990, she discovered her supervisor reading and printing out electronic mail messages between other employees. As electronic mail administrator, Shoars was appalled. When she had trained employees to use the computerized system, Shoars told them their mail was private. Now a company manager was violating that trust. When she questioned the practice, Shoars said, she was told to mind her own business. A day later, she was fired for insubordination. She has since filed a $1 million wrongful termination suit. A spokesman for Epson America, which is based in Torrance, CA, refused to discuss Shoars's account of the monitoring episode and insisted that her dismissal had nothing to do with her questioning of the electronic mail practice. He denied that Epson America, the United States marketing arm of a Japanese company, had a policy of monitoring electronic mail. The Shoars case has brought attention not only to issues of technology and employee privacy, but also to broader questions of ethics among computer professionals. By taking a public stand, Shoars has become a visible exception in a profession that tends to ignore or avoid ethical issues, according to academician and consultants who monitor the field. Although Shoars has found a new job as electronic mail administrator at Warner Brothers in Burbank, CA, she still bristles about Epson: "You don't read other people's mail just as you don't listen to their phone conversations. Right is right and wrong is wrong." Michael Simmons, chief information officer at the Bank of Boston, disagrees totally. "If the corporation owns the equipment and pays for the network, that asset belongs to the company, and it has a right to look and see if people are using it for purposes other than running the business," he said. At a previous job, for example, Simmons discovered that one employee was using the computer system to handicap horse races and another was running his Amway business on his computer. Both were fired immediately. "The guy handicapping horses was using 600 megabytes of memory," Simmons said. Federal Express, American Airlines, Pacific Bell and United Parcel Service all have electronic-mail systems that automatically inform employees that the company reserves the right to monitor messages. But many companies have yet to formulate clear policies. "It's highly irresponsible for an employer not to have a policy," said Mitchell Kapor, former chairman of Lotus Development Corp., who left the company five years ago. Some believe, however, that even if there is advance notice, the monitoring of electronic mail or searching through personal files is flat out wrong. One who takes that position is Eugene Spafford, a computer science professor at Purdue University. He said: "Even if a company does post notice, is that something it should do? The legal question may be answered, but is it ethical? The company may say it is, employees say it isn't, and there's a conflict." Though they oversee the electronic mail networks, computer professionals have generally removed themselves from such debates. Simmons said that if ethics were the topic of a meeting of information systems experts, "it would be a very short meeting." Technologists approach the information resource in a distinctive way, said Detmar Straub, assistant professor of management information services at the University of Minnesota. "They say `If the system can do it, let's do it,' rather than `should the system do it?'" Straub said. "I've talked to systems managers who say the wouldn't hire a programmer who couldn't break into any system." But as computers and networks extend their reach into global business, such attitudes may no longer suffice. "Information systems people should be held to a higher level of ethics than the general population, just as doctors and lawyers are," said Donn B. Parker, a senior management consultant at SRI International in Menlo Park, CA. ------------------------------ Date: 12 Dec 1991 13:44 -0400 From: Subject: More on E911 and representation My cousin, who lives in Wurstboro NY told me that her address was changed from a more rural form to one that is suitable for the 911 database. Just a reminder that the representation problem works both ways, we can change the representation to conform to the data or we can change the data to conform to the representation. The latter, in fact, is what happens when the a medical diagnosis must conform to the data coding. Another comment on telecom and 911 is that 911 doesn't work universally for the same reason that I cannot simply tell my son to always dial my 800 number or my pager number to reach me. The problem is the design flaw in the phone system that requires I not only know my destination phone number, but also the particular rules of the phone (and PBX or hotel) I happen to be using. Maybe some of this will get fixed in ISDN, but for now, I'd like to start a campaign to get a standard for dialing that is location-independent. Ideally, we'd replace "9" on a PBX with "**" to mean a local call. Alternatively, we'd establish a new access code such as "**" that would always place one into universal dialing mode that would allow dialing of 1-xxx. And since "1" is the North American access code, it would allow uniform dialing of any international number. (Yes, it would be very easy to accidently dial the codes for other countries -- a solvable problem). The key here is that if we want to take advantage of telecommunications technology we mustn't accept historic accidents like "9" to exit a PBX and the inability to use area codes on many local calls, but must tame the technology. More to the point, if we can renumber our houses in the interest of safety then we should be willing to complete the process and make the phone simple to use -- especially for those who are panicked or simply not ready to deal with arcania. (I also want check digits on phone numbers but that is a separate issue). Maybe we can use the laws protecting the handicapped to argue that the phone system is not sufficiently accessible in its present form. [In Wurstboro, The Wurst is Yet to Come. Neither a wurstboroer nor a wurstlender be. Unless you are an Auslaender. 'Aus bayou? You never sausage nonsense before? At SIGSOFT '91 in New Orleans, there were lots of sausages. And maybe even the wurst computer-related pun you ever heard? PGN] ------------------------------ Date: Sun, 15 Dec 91 20:41:14 EST From: Brinton Cooper Subject: Re: Computer records track killer (Jenkins, RISKS-12.68) Robert Jenkins reports on one John Tanner who "murdered his student girlfriend and hid her body underneath the floorboards of her house..." and how "...his story began to fall apart" when, "He told the police that he and the girl had taken a bus ride together to the train station at a time when she was already dead." A computer check of the company's records showed, "Only one person got on the bus and bought a ticket to the station at the time Mr Tanner claimed." Mr Jenkins calls this "... another example of low-level, invisible, surveillance that computers introduce into our lives..." as though it were something objectionable, generally to be avoided. Mr Jenkins missed the point. The computerized records were used in a way that would pass strict Constitutional test in the USA, yet contributed (I assume) to the arrest and conviction of a murderer. In fact, the *identity* of the passengers was not recorded. You might way that Mr Tanner was convicted as much by mathematics as by computerization. Then, perhaps this would be "...another example of low-level, invisible, surveillance that mathematics introduces into our lives." _Brint ------------------------------ Date: Sat, 14 Dec 91 23:00:08 -0600 From: preece@urbana.mcd.mot.com (Scott E. Preece) Subject: Re: ... only the language is wrong (Franklin, RISKS-12.58) | It is hard to believe that this error would have occurred, and not been | caught, before the age of computers. The RISK here is that as the chain | of events handled purely by computers lengthens, it becomes possible for | relatively major errors to occur unnoticed, because no one is looking | closely at the output at any stage. The observation is clearly correct, but the claim in the first sentence is simply incorrect. Such errors can and do happen all the time at every newspaper in the world. Proofreaders are, as they say, human and to err is, as we used to admit before we took to blaming computers for everything, human. I haven't seen any French in my local paper's classified, but I have seen blocks of Latin (a classical layout mockup tool), ads set in totally pied type, ads run upside down and, occasionally, backwards, ads run in the wrong section, etc., etc. scott preece, motorola/mcg urbana design center 1101 e. university, urbana, il 61801 uucp: uunet!uiucuxc!udc!preece 217-384-8589 ------------------------------ Date: Fri, 13 Dec 1991 17:02:52 -0500 From: van@eff.org (Gerard Van der Leun) Subject: The EFF Pioneer Awards THE ELECTRONIC FRONTIER FOUNDATION'S FIRST ANNUAL PIONEER AWARDS CALL FOR NOMINATIONS (Attention: Please feel free to repost to all systems worldwide.) In every field of human endeavor, there are those dedicated to expanding knowledge, freedom, efficiency and utility. Along the electronic frontier, this is especially true. To recognize this, the Electronic Frontier Foundation has established the Pioneer Awards. The first annual Pioneer Awards will be given at the Second Annual Computers, Freedom, and Privacy Conference in Washington, D.C. in March of 1992. All valid nominations will be reviewed by a panel of outside judges chosen for their knowledge of computer-based communications and the technical, legal, and social issues involved in networking. There are no specific categories for the Pioneer Awards, but the following guidelines apply: 1) The nominees must have made a substantial contribution to the health,growth, accessibility, or freedom of computer-based communications. 2) The contribution may be technical, social, economic or cultural. 3) Nominations may be of individuals, systems, or organizations in the private or public sectors. 4) Nominations are open to all, and you may nominate more than one recipient. You may nominate yourself or your organization. 5) All nominations, to be valid, must contain your reasons, however brief, on why you are nominating the individual or organization, along with a means of contacting the nominee, and your own contact number. No anonymous nominations will be allowed. 5) Every person or organization, with the single exception of EFF staff members, are eligible for Pioneer Awards. You may nominate as many as you wish, but please use one form per nomination. You may return the forms to us via email at: pioneer@eff.org. You may mail them to us at: Pioneer Awards, EFF, 155 Second Street Cambridge MA 02141. You may FAX them to us at: (617) 864-0866. Just tell us the name of the nominee, the phone number or email address at which the nominee can be reached, and, most important, why you feel the nominee deserves the award. You can attach supporting documentation. Please include your own name, address, and phone number. We're looking for the Pioneers of the Electronic Frontier that have made and are making a difference. Thanks for helping us find them, The Electronic Frontier Foundation -------EFF Pioneer Awards Nomination Form------ Please return to the Electronic Frontier Foundation via email to: pioneer@eff.org or via surface mail to EFF 155 Second Street, Cambridge,MA 02141 USA; or via FAX to USA (617)864-0866. Nominee: Title: Company/Organization: Contact number or email address: Reason for nomination: Your name and contact number: Extra documentation attached: -------EFF Pioneer Awards Nomination Form------ [USE WHATEVER SPACE YOU NEED; BLANKS AND UNDERSCORES DELETED BY PGN...] ------------------------------ End of RISKS-FORUM Digest 12.69 ************************