Subject: RISKS DIGEST 16.18 REPLY-TO: risks@csl.sri.com RISKS-LIST: RISKS-FORUM Digest Tuesday 21 June 1994 Volume 16 : Issue 18 FORUM ON RISKS TO THE PUBLIC IN COMPUTERS AND RELATED SYSTEMS ACM Committee on Computers and Public Policy, Peter G. Neumann, moderator ***** See last item for information on RISKS (comp.risks) ***** Contents: Physical Location via Cell Phone (Derek Atkins) RF Interference (unattributed alt.shenanigans item via Elana) EDI mail storm (Cheryl Berthelsen via Brian D. Renaud) Re: Campaigns and Elections (Peter J. Denning) Re: Airframe Safety (Bill Murray, Mark Staler, Andy Dingley, Tom Lane) Shopping Risks... (Philip R. Banks) Info on RISKS (comp.risks), contributions, subscriptions, FTP, etc. ---------------------------------------------------------------------- Date: Sun, 19 Jun 94 01:32:47 EDT From: Derek Atkins Subject: Physical Location via Cell Phone I'm sure many people have heard this already, even though it only happened yesterday (Friday, 17 June). I'm sure most people have heard about O.J. Simpson [he was charged with a double murder], and Friday evening he took a long drive around the LA Highway system. Police said that they discovered his location (and even his very car) through the use of the Cellular Phone system. The RISKS are obvious: Being able to locate someone just by their cell phone, and by extension, just keeping a cell-phone turned on transmits enough information to be located. For example, if anyone carries a Digital Personal Communicator (DPC), or other such flip-top cell phones, or any cell phone, for that matter, they can be physically tracked, basically, anywhere in the country through the cellular phone system. And as the cells get smaller, the location detail gets better. What will happen when we have micro-cellular phones, a cell for every building, or even a cell for every office! Think about the level of personal tracking that can be done with this level of detail! -derek ------------------------------ Date: Sun, 19 Jun 1994 02:18:02 GMT From: elana@netcom.com (Elana Who?) Subject: a risk from alt.shenanigans of all places (!!!) [No, I did NOT make this post up!!! Elana] >From alt.shenanigans... scott.baldwin@castles.com (Scott Baldwin) writes: >M>because we tend to get blamed for any interference unless we can find >M>the actual source!) >M>Radio direction finding is fun... > We used to do this all the time as well! HF radios of course. What I >found to be pleasing, is this old VW Bug (about a '63 I think) would >always be going down the freeway during the afternoon at the same time I >would be going to work. I heard that if you had high enough RF power >you could disturb the electric fuel pump, so I tried this one day using >a 600 Watt PEP amp and keyed an AM carrier, and what did I see??? > A VW bug slowing down and starting to pull over >:) I did this for an >entire week... hehe! ------------------------------ Date: Fri, 17 Jun 94 11:14 EDT From: brena@hcia.com (Brian D. Renaud) Subject: EDI mail storm [Seen on the Health Information Management Listserv -- Brian] Date: Thu, 16 Jun 94 23:04:54 -0500 From: Cheryl Berthelsen Subject: IS THE WHAT EDI IS ALL ABOUT? The following article was published today in the Jackson Clarion-Ledger. Is this what Electronic billing does for us? Are the Medicare fiscal intermediary software programs for claims processing really that stupid? WOMAN GETS THE MESSAGE, OK? Dorothy Joyce's mailman brought her 131 letters in one visit, and none of it was junk mail. All were from one correspondent: MEDICARE. "The postman said, 'Lady, I've never delivered so much mail to one person before,'" Joyce, 77, said. Each envelope contained four notices concerning Joyce's claim for a $29.97 doctor's visit. Each cost 46 cents to mail; the government spent $60.26 to tell Joyce her claim was invalid. After her May 17 visit to Dr. Samual P. Robinson's Gulfport office, Robinson's computer notified Medicare's computer that Joyce had been there. And kept on notifying, said Margaret Brundidge, a clerk with Travelers Insurance Co. Medicare office in Jackson. Cheryl Berthelsen, PhD, Assistant Professor, Univ. of Mississippi Medical Center, School of Health Related Professions (SHRP), Jackson, MS 39216 ------------------------------ Date: Fri, 17 Jun 94 12:51:23 EDT From: pjd@cne.gmu.edu (Peter J. Denning) Subject: Re: Campaigns and Elections (Agre, RISKS-16.12) Phil Agre recently said he found it "scary" that some political campaigners are apparently tailoring political ads to probable interests of individuals, based on extracts from available databases. He is, however, describing an activity that is already happening with advertising in general. I don't understand the grounding for his assessment that tailored political ads are "scary". Few of us like the telemarketers who call at dinner and seem to know things about us, but most people would call this "annoying" not "scary". Peter Denning ------------------------------ Date: Thu, 16 Jun 94 17:27 EST From: William Hugh Murray <0003158580@mcimail.com> Subject: Airframe Safety If I recall correctly, this thread began when someone asserted that AI aircraft were just too unsafe for him. I remember thinking at the time that that was a "nationalist" position not supported by facts. One set of facts looks something like this: >DC-9/MD-80 2065 68 3.29 >Boeing 727 1831 62 3.39 >Boeing 737 2515 57 2.27 >Boeing 747 988 22 2.23 >DC-10 446 21 4.71 >Airbus A300/310 636 7 1.10 >Airbus A320 411 4 0.97 According to this data a rational person might actually prefer AI airframes. Based upon the data a rational person would certainly prefer the A320 to, let us say the B727. However, based upon public perception, one would certainly prefer the B727. The 727 enjoys a well-deserved public reputation for safety. On the other hand, those of us who have been adults since the 727 was introduced remember that early in their use they fell out of the sky like hail stones. In response to a number of crash landings the operations manual was changed. The landing configuration was changed from nose-down low-revs to nose-high high-revs. That change contributed greatly to the enviable safety record of the 727. Based upon the data above, one might prefer the A320 to the DC10. On the other hand, the data could be very misleading. The DC10s, having been around a great deal longer, may have lost far fewer airframes per operation. (Besides, I like to fly on DC10s. In many configurations, they are the most comfortable planes in the air. I do not pretend to be completely rational. If I were, I would certainly prefer any of these planes to my car.) My point is that, given the sizes of the (Ns) numbers above and given what they measure, it is simply not possible to make a rational choice between the planes. It probably is not possible even to rationally prefer them to automobiles. I make my living trying to help my clients make rational and safe choices in areas where there is all too much data about the consequences of an event and all too little about the rates of occurrence. Given the statistical significance of this data, I doubt that I could change the client's life expectancy by more than a few seconds, one way or the other, by making a systematic choice between those planes, on that or any other available data, even if she took a flight every day. Taken across the entire population likely to fly on those planes, I could do a tiny bit better. However, I could not do sufficiently better to justify public policy. I sympathize with those charged with doing so. There seems to be a political demand, or at least an expectation, in our current culture for zero risk. The real world does not work that way. William Hugh Murray New Canaan, Connecticut 06840 ------------------------------ Date: Thu, 16 Jun 1994 13:01:03 +0800 From: stalzer@macaw.hrl.hac.com Subject: Flighty statistics In RISKS-16.16 p.mellor@csr.city.ac.uk presented the following data: >Aircraft No. in Hulls % Losses >Type Service Lost > >DC-9/MD-80 2065 68 3.29 >Boeing 727 1831 62 3.39 >Boeing 737 2515 57 2.27 >Boeing 747 988 22 2.23 >DC-10 446 21 4.71 >Airbus A300/310 636 7 1.10 >Airbus A320 411 4 0.97 Unfortunately, there is no way to interpret this data. Maybe the DC-10s were flown several times a day and the A320s were parked. You must supply miles flown vs. hulls lost, or, even better yet, hops vs. hulls lost (since most accidents happen in takeoff/landing). Mark Stalzer stalzer@macaw.hrl.hac.com ------------------------------ Date: Thu, 16 Jun 94 21:27:58 GMT From: dingbat@codesmth.demon.co.uk (Andy Dingley) Subject: Airbus Risks On a lighter note, this discussion of Airbus RISKS reminds me of an article in Flight International a few years ago, on the Airbus and its software problems. The Airbus has many new software-related systems, and had many teething troubles with them. Navigation systems were mentioned as problematic, as were the concerns about fly-by-wire. The crucial problems, as far as operations were concerned, weren't about any of these high profile systems; they were about something as mundane as the computer controlled lavatory valves. If you have a navigational failure, the co-pilot needs to get their manual plotter and charts out again, but you can still fly on. OTOH, a plane full of a few hundred incontinent pensioners on their way to Tenerife isn't going *anywhere* unless the toilets are working ! Andy Dingley Codesmiths of Newcastle dingbat@codesmth.demon.co.uk ------------------------------ Date: Sat, 18 Jun 94 20:50:15 -0700 From: Tom Lane Subject: How to lie with statistics (Re: Does it matter why A3??'s have a poor record?) Pete Mellor writes: > The following table shows the number of crashes per hull in service for > different aircraft types. I can't believe that anyone would propose such numbers as a useful measure of safety. The Airbus models are much newer than the ones they are being compared to. 727s, for instance, are quite old (most of 'em are approaching retirement, are they not?) and would have seen many more flights than A3xx craft. The low rates reported for A3xx probably just reflect the youth of the fleet. I would find loss rates per mile flown, or perhaps per departure, far more credible. Anyone have that data? tom lane ------------------------------ Date: Sat, 18 Jun 1994 13:40:01 +1200 From: Subject: Shopping Risks... I am sure most people reading the RISKS DIGEST have been bitten by the automated supermarket checkout machines. However, having been bitten recently, I believe it bears repeating. It has been a weekly routine with my family to help my mother on thursday nights do the shopping. Normally we take along a list, a calculator and generally have a fairly good chat while we take care of the groceries. Now the supermarket we shop at has a checkout system based on a barcode scanner that they pass the goods over to tot the price up. We double check the price using the calculator by adding up the shelf listed prices as we procure the items from the shelf. But in over two years of doing this we have *never* had a calculator result that tallied exactly with the given price. Often this can be explained as human error but the supermarket has an array of interesting tricks that often account for this difference. 1) Not listing the price. Anywhere. This is often the case in the bread section. 2) Listing the *wrong* price. Several times we have bought a product that has been listed at one price and has rung up on the checkout counter at another price. Usually we only spot the difference once we have returned home and tried to identify why the calculator result was out. Invariably the price change is in the supermarket's favour. 3) Double scanning products. That way it gets rung up twice and you get charged twice for the one product. 4) The bar code information is for the wrong product. Presumably data entry errors occur and the bar code on the product you are buying is linked to the wrong price data. Now I am not suggesting that any of these practices are deliberate but it is easy to see why supermarkets are not terribly keen to stamp out such problems. All it requires is a hundred or so errors, a week, like this to occur and the supermarket accrues, on average, another $300 of profit. (Our average difference is usually around the $3 mark.) What makes it worse is that alot of the supermarket staff believe the computer to be infallible and incapable of error. When I assure them that, due to my profession of programming the things, I know very well that they can go wrong it a large number of ways they almost invariably remain dubious of my assertion. The risks are fairly clear. It is worthwhile double checking the price you get charged for your groceries. While the system itself is fairly reliable it naturally cannot cope with the human error side of things due to faulty use or data entry into the system. Philip R. Banks Syntax: mail < banks_p@kosmos.wcc.govt.nz > ------------------------------ Date: 31 May 1994 (LAST-MODIFIED) From: RISKS-request@csl.sri.com Subject: Info on RISKS (comp.risks), contributions, subscriptions, FTP, etc. The RISKS Forum is a moderated digest. Its USENET equivalent is comp.risks. Undigestifiers are available throughout the Internet, but not from RISKS. SUBSCRIPTIONS: PLEASE read RISKS as a newsgroup (comp.risks or equivalent) on your system, if possible and convenient for you. BITNET folks may use a LISTSERV (e.g., LISTSERV@UGA): SUBSCRIBE RISKS or UNSUBSCRIBE RISKS. U.S. users on .mil or .gov domains should contact (Dennis Rears ). UK subscribers please contact . Local redistribution services are provided at many other sites as well. Check FIRST with your local system or netnews wizards. If that does not work, THEN please send requests to (which is not automated). CONTRIBUTIONS: to risks@csl.sri.com, with appropriate, substantive Subject: line, otherwise they may be ignored. Must be relevant, sound, in good taste, objective, cogent, coherent, concise, and nonrepetitious. Diversity is welcome, but not personal attacks. PLEASE DO NOT INCLUDE ENTIRE PREVIOUS MESSAGES in responses to them. Contributions will not be ACKed; the load is too great. **PLEASE** include your name & legitimate Internet FROM: address, especially from .UUCP and .BITNET folks. Anonymized mail is not accepted. ALL CONTRIBUTIONS CONSIDERED AS PERSONAL COMMENTS; USUAL DISCLAIMERS APPLY. Relevant contributions may appear in the RISKS section of regular issues of ACM SIGSOFT's SOFTWARE ENGINEERING NOTES, unless you state otherwise. ARCHIVES: "ftp crvax.sri.comlogin anonymousYourName cd risks: Issue j of volume 16 is in that directory: "get risks-16.j". For issues of earlier volumes, "get [.i]risks-i.j" (where i=1 to 15, j always TWO digits) for Vol i Issue j. Vol i summaries in j=00, in both main directory and [.i] subdirectory; "dir" (or "dir [.i]") lists (sub)directory; "bye" logs out. CRVAX.SRI.COM = [128.18.30.65]; =CarriageReturn; FTPs may differ; UNIX prompts for username, password; bitftp@pucc.Princeton.EDU and WAIS are alternative repositories. See risks-15.75 for WAIS info. To search back issues with WAIS, use risks-digest.src. With Mosaic, use http://www.wais.com/wais-dbs/risks-digest.html. FAX: ONLY IF YOU CANNOT GET RISKS ON-LINE, you may be interested in receiving it via fax; phone +1 (818) 225-2800, or fax +1 (818) 225-7203 for info regarding fax delivery. PLEASE DO NOT USE THOSE NUMBERS FOR GENERAL RISKS COMMUNICATIONS; as a last resort you may try phone PGN at +1 (415) 859-2375 if you cannot E-mail risks-request@CSL.SRI.COM . ------------------------------ End of RISKS-FORUM Digest 16.18 ************************