Subject: RISKS DIGEST 13.69 REPLY-TO: risks@csl.sri.com RISKS-LIST: RISKS-FORUM Digest Monday 3 August 1992 Volume 13 : Issue 69 FORUM ON RISKS TO THE PUBLIC IN COMPUTERS AND RELATED SYSTEMS ACM Committee on Computers and Public Policy, Peter G. Neumann, moderator Contents: Computer scoring glitch at Olympics (John Carr) Wiretap Proposal Needs Study (Joe Abernathy) UK Inland Revenue to be privatised? (Paul Johnson) 21st-Century Singapore (Bob Frankston) User interface studies: oh, what's the use? (Robert Slade) Re: More identical name confusion (anasaz!John) Re: 911 call lands caller in jail (Ed Ravin, Derek Beatty) Software Hazard Analysis Course (Gord Symonds) CPSR Recommends NREN Privacy Principles (Dave Banisar) The RISKS Forum is moderated. Contributions should be relevant, sound, in good taste, objective, coherent, concise, and nonrepetitious. Diversity is welcome. CONTRIBUTIONS to RISKS@CSL.SRI.COM, with relevant, substantive "Subject:" line. Others may be ignored! Contributions will not be ACKed. The load is too great. **PLEASE** INCLUDE YOUR NAME & INTERNET FROM: ADDRESS, especially .UUCP folks. REQUESTS please to RISKS-Request@CSL.SRI.COM. Vol i issue j, type "FTP CRVAX.SRI.COMlogin anonymousAnyNonNullPW CD RISKS:GET RISKS-i.j" (where i=1 to 13, j always TWO digits). Vol i summaries in j=00; "dir risks-*.*" gives directory; "bye" logs out. The COLON in "CD RISKS:" is essential. "CRVAX.SRI.COM" = "128.18.10.1". =CarriageReturn; FTPs may differ; UNIX prompts for username, password. For information regarding delivery of RISKS by FAX, phone 310-455-9300 (or send FAX to RISKS at 310-455-2364, or EMail to risks-fax@cv.vortex.com). ALL CONTRIBUTIONS CONSIDERED AS PERSONAL COMMENTS; USUAL DISCLAIMERS APPLY. Relevant contributions may appear in the RISKS section of regular issues of ACM SIGSOFT's SOFTWARE ENGINEERING NOTES, unless you state otherwise. ---------------------------------------------------------------------- Date: Sun, 02 Aug 1992 16:17:00 EDT From: John Carr Subject: Computer scoring glitch at Olympics Excerpts from an article in the August 2, 1992 Boston _Globe_: "Judges Not Quick to Punch; Computer KO's Griffin" BADALONA, Spain -- Science lied yesterday. Five judges watching American light flyweight Eric Griffin fight Spaniard Rafael Lozano ... said the gold medal favorite had advanced as expected into the quarterfinals. Three said he did it by a wide margin. ... A computer said differently. The computer lied. What the computer insisted ... was that Eric Griffin was a 6-5 loser. And for the moment at least, that decision will stand, regardless of the opinion of the five men who actually watched the fight. ... Actually, after a review of the scorecards, it seemed more like some kind of computer glitch, but the result was the same. Elimination of a fighter. Destruction of a dream. Sorry about that. ... Under the scoring system, at least two judges must hit a button that registers a scoring point within a second after the first judge does. If the do not, the point is not awarded by the main frame computer, even though each point will be recorded individually. The individual judges scored the match 10-9, 26-17, 18-9, 19-10, and 8-5. The article said the system was installed after a Korean fighter won a victory at the 1988 olympics even though general opinion was that he lost the fight. [Later stories indicate the appeal failed. PGN] ------------------------------ Date: Fri, 31 Jul 92 15:25:39 CDT From: chron!ecopy501!edtjda@uunet.UU.NET (Joe Abernathy) Subject: Wiretap Proposal Needs Study [AP excerpts by Joe, from an article by W. Dale Nelson, 30 Jul 1992] Changes in wiretapping laws proposed by the FBI need further work, said Rep. Edward J. Markey, D-Mass, Chairman of the House subcommittee on telecommunications and finance. (In May, the FBI called for legislative changes to enable it to tap into new technologies such as cellular and ISDN.) Markey said a report by GAO "shows that more work needs to be done before the FBI's proposals can be seriously considered by the Congress. ... Before we impose wholesale changes on the communications industry, we must understand the details of what the FBI needs for each technology, and how those needs can be met with minimal costs to consumers and minimal threat to the telephone network." The GAO said it could not answer questions about the impact of the FBI proposals on costs, benefits and alternatives until the FBI had more clearly defined its specific needs. It also said the least intrusive alternatives could not be determined until the telecommunications industry had received and analyzed information on the FBI's needs. It said the correct solutions "will vary with the technology" but its analysis of the technological alternatives had been classified by the FBI and could not be disclosed. The budget submitted to Congress by the FBI in February included $26.6 million to update eavesdropping techniques. ------------------------------ Date: 24 Jul 1992 09:08:23-BST From: paj Subject: UK Inland Revenue to be privatised? I heard on Radio 4 today that the UK government is considering farming out the Inland Revenue's computer operations to a private company. Currently the IR spend 250M pounds per year on computing and hold some 40M files. 5 possible contractors are being approached, including IBM, DEC and ICL. A union representative gave a long list of reasons why this was a bad idea, starting with confidentiality. He claimed that the IR has a good reputation on this, and worried that a commercial company might not be as honest. The government either was not represented or did not comment. Paul Johnson (paj@gec-mrc.co.uk). | Tel: +44 245 73331 ext 3245 ------------------------------ Date: Tue 28 Jul 1992 10:34 -0400 From: Bob_Frankston@frankston.com Subject: 21st-Century Singapore >From "World Press Review" quoting "China Daily", Beijing [!]: The government of Singapore has announced a plan to link all households through grids of fiber-optic cables that will allow high-speed exchanges of text, sound, video and other media. The project called the National Information Infrastructure (NI), will also include a wireless communications network to give mobile-computer users access to information services. The NII is part of Singapore's drive to become a world leader in information and communications technology, which officials see as the backbone of 21st-century economies. Towards this end, all citizens 18 and older have been issued identity cards that allow government ministries and other bodies to cross-index information about them. ------------------------------ Date: 31 Jul 92 16:04 -0700 From: Robert Slade Subject: User interface studies: oh, what's the use? To bank to make deposits and withdrawal for lunch money. Chat with neighbour while Sweet Old Thing (i.e., my age) dithers with machine. Murmur from SOT: "Oh, dear. I have to make a deposit." Neighbour points out "deposit" key. More chat with neighbour. Murmur from SOT: "Does the stripe go up?" Neighbour points out picture of card (showing orientation) above slot. More chat with neighbour. Murmur from SOT: "It's still not going it." (ATM has by this time, shut down.) (Still need to deposit and withdraw. Look at lineup for tellers. Recall last time I used "manual" cashier: no lineup at cashier, five people in line for ATM. Thought I was really smart until realized that all five people at ATM have completed transactions before I got my money. Decide to eat at "golden arches".) Go to Skytrain station. Couple (of SOTs) at next ticket machine looking very worried. Take bill from wallet. Accidentally tear bill. Replace bill in wallet, take other. Complete transaction with ticket machine. Couple at next machine: "How do you work this?" Point out large legend at top. A: look at map, check how many zones to cross; B: push button for number of zones (machine displays price); C: put money in (pictures of acceptable coins over coin slot, acceptable bills over bill slot); D: take ticket. Point out large A by map, B by buttons, etc. Couple goes back to worrying in front of next ticket machine. Recall study on data base interface. Experimental systems: two commercial systems, three diverse experimental interfaces, one super-deluxe-easy-to- use-never-meant-to-be-implemented-because-*too*-easy-and-takes-too-much- processing-power-to-run inteface. Super-deluxe is natural language interface. Results show no benefit from any system. Further (frantic) investigation reveals subjects, normal data base users, cannot consistently make query in own native language. Become very depressed. Vancouver Institute for Research into User Security, Vancouver, Canada V7K 2G6 ROBERTS@decus.ca Robert_Slade@sfu.ca rslade@cue.bc.ca p1@CyberStore.ca ------------------------------ Date: Thu, 23 Jul 10:05:19 1992 From: anasaz!john@enuucp.eas.asu.edu Subject: Re: More identical name confusion (Bergman, RISKS-13.67) > The HRS' balky new $104.2 million computer thinks she is the St.Petersburg > Samantha, eligible for the same benefits and listed with the same Social > Security number, the Pensacola mother said. .. It looks to me like there is another risk here. HRS paid $104.2 million dollars for that system! There is simply no excuse for spending this much money on such a system. This is the risk of letting government agencies buy computer systems... not only do they not work.... they also cost too much! ------------------------------ Date: Sat, 25 Jul 1992 03:46:32 GMT From: elr%trintex@uunet.UU.NET (Unix Guru-in-Training) Subject: Re: 911 call lands caller in jail In RISKS-13.68, implies that the "risk of tying up 911 with a non-life threatening call" is much more serious than the jailing of a woman who called 911 to complain about a loud street party. Alas, in many big cities, if you want a police officer to appear at the scene, you MUST dial 911. Let's take New York City as an example -- Here's what happens if I call 911 about an incident: the 911 operator types in the address where I am reporting an emergency, then types in my description of the problem. The report is then sent onward ( as a computer message) to the dispatcher for the police precinct in question. The report appears on the dispatcher's screen, who finds an available police car and reads the report over the radio to the police officers who will handle the "job". If any person in this chain of events screws up -- if the police officer never shows up, if the dispatcher never calls a police car, etc., the responsible party can usually be determined by following the computer audit trail. The computer system also tracks the status of the report and I've often heard dispatchers radioing police officers asking them about the status of "jobs" that were resolved hours ago but were not cleared in the computer. When there are too many reports that have not had officers sent to them, the dispatcher announces an "alert" in the precinct and the officers race to finish up their current "jobs" and get to the new ones. The result is that there is a fair amount of machinery keeping track of a call to the police. But if I call my local precinct directly with a non-life threatening situation, a bedraggled desk officer will answer the phone, take my complaint, and then, if he or she feels like it, call 911 in order to get a car dispatched. If the desk officer doesn't feel like sending a car right away, they might type the complaint into the dispatch system as a "past complaint" job, and someone MAY get around to acting upon it much later that evening. Worst of all, the desk officer has the option of simply ignoring my complaint, and there is no mechanism (apart from me calling back again when I see no one has acted upon my call) to detect that he has done so. I've found that if I want the police to respond to nuisances like car alarms or street disputes, I have to call 911. The computer-human interface that is at the core of so many emergency dispatch systems has other quirks, too. In New York City, one sad side-effect of the "alert" mechanism described above is that the dispatcher will start assigning multiple jobs to the same patrol car in order to convince the computer that the precinct is no longer in "alert" status. Never mind that officers in the same car cannot be in two places at once, or that they might be diverted before they can handle the second "job" -- it keeps the computer happy. Ed Ravin, Prodigy Services Company, 445 Hamilton Avenue, White Plains, NY 10601 elr@trintex.UUCP philabs!trintex!elr +1-914-993-4737 ------------------------------ Date: Sat, 25 Jul 1992 11:53:03 -0400 (EDT) From: Derek Beatty Subject Re: 911 call lands caller in jail RGB Technology/703-556-0667 (...) asks about the "much more serious risk of tying up 911 with a non-life threatening call." This points out another risk: that of using systems in ways not originally intended. 9-1-1 service was originally for emergencies only (or so I believe). But it turns out that the *only* way to have a police car dispatched in Pittsburgh is to call 911. Calling the neighborhood police station (5 blocks away!) doesn't work---they direct you to call 911. I suppose there's also a risk here that a distributed system (local police stations) has been replaced by one with a single point of failure. I also wonder whether if I called the local station about an imminent threat whether they'd respond, or just say "call 911." Derek_Beatty@cs.cmu.edu (No NeXTmail! MIME Ok.) PhD student 412 268-7898 Computer Science, Carnegie Mellon Univ., 5000 Forbes Ave, Pgh PA 15213 USA ------------------------------ Date: Fri, 24 Jul 1992 07:38:31 -0400 (EDT) From: Gord Symonds Subject: Software Hazard Analysis Course DLSF Systems Inc. will be presenting a Software Hazard Analysis Course which will include practical insight, procedures and guidelines, 24-26 August 1992, in Ottawa, Ontario. For further information, please contact DLSF Systems Inc., Susan Fraser, (613) 592-8188 (voice), (613) 592-2167 (FAX). Must register by 14 August. ------------------------------ Date: Fri, 24 Jul 1992 17:28:43 EDT From: Dave Banisar Subject: CPSR Recommends NREN Privacy Principles CPSR Recommends NREN Privacy Principles (24 Jul 1992) WASHINGTON, DC -- Computer Professionals for Social Responsibility (CPSR), a national public interest organization, has recommended privacy guidelines for the nation's computer network. At a hearing this week before the National Commission on Library and Information Science, CPSR recommended a privacy policy for the National Research and Education Network or "NREN." Marc Rotenberg, Washington Director of CPSR, said "We hope this proposal will get the ball rolling. The failure to develop a good policy for the computer network could be very costly in the long term." The National Commission is currently reviewing comments for a report to the Office of Science and Technology Policy on the future of the NREN. Mr. Rotenberg said there are several reasons that the Commission should address the privacy issue. "First, the move toward commercialization of the network is certain to exacerbate privacy concerns. Second, current law does not do a very good job of protecting computer messages. Third, technology won't solve all the problems." The CPSR principles are (1) protect confidentiality, (2) identify privacy implications in new services, (3) limit collection of personal data, (4) restrict transfer of personal information,(5) do not charge for routine privacy protection, (6) incorporate technical safeguards, (7) develop appropriate security policies, and (8) create an enforcement mechanism. Professor David Flaherty, an expert in telecommunications privacy law, said "The CPSR principles fit squarely in the middle of similar efforts in other countries to promote network services. This looks like a good approach." Evan Hendricks, the chair of the United States Privacy Council and editor of Privacy Times, said that the United States is "behind the curve" on privacy and needs to catch up with other countries who are already developing privacy guidelines. "The Europeans are racing forward, and we've been left with dust on our face." The CPSR privacy guidelines are similar to a set of principles developed almost 20 years ago called The Code of Fair Information practices. The Code was developed by a government task force that included policy makers, privacy experts, and computer scientists. The Code later became the basis of the United States Privacy Act. Dr. Ronni Rosenberg, who has studied the role of computer scientists in public policy, said that "Computer professionals have an important role to play in privacy policy. The CPSR privacy guidelines are another example of how scientists can contribute to public policy." CPSR is a membership organization of 2500 professionals in the technology field. For more information about the Privacy Policies and how to join CPSR, contact CPSR, P.O. Box 717, Palo Alto CA 94302. 415/322-3778 (tel) and 415/322-3798 (fax). Email at cpsr@csli.stanford.edu. ------------------------------ End of RISKS-FORUM Digest 13.69 ************************