30-Jun-86 23:25:59-PDT,9257;000000000000 Mail-From: NEUMANN created at 30-Jun-86 23:23:56 Date: Mon 30 Jun 86 23:23:56-PDT From: RISKS FORUM (Peter G. Neumann, Coordinator) Subject: RISKS-3.16 Sender: NEUMANN@SRI-CSL.ARPA To: RISKS-LIST@SRI-CSL.ARPA RISKS-LIST: RISKS-FORUM Digest, Monday, 30 June 1986 Volume 3 : Issue 16 FORUM ON RISKS TO THE PUBLIC IN COMPUTER SYSTEMS ACM Committee on Computers and Public Policy, Peter G. Neumann, moderator Contents: Chernobyl (a suprise to the Soviets) (Martin Minow) Airwaves & Security (2 Subjects) (Richard S. D'Ippolito via dhm) Interesting Technical Questions (originally SDI) (Martin Moore) The RISKS Forum is moderated. Contributions should be relevant, sound, in good taste, objective, coherent, concise, nonrepetitious. Diversity is welcome. (Contributions to RISKS@SRI-CSL.ARPA, Requests to RISKS-Request@SRI-CSL.ARPA.) (Back issues Vol i Issue j available in SRI-CSL:RISKS-i.j. Summary Contents in MAXj for each i; Vol 1: RISKS-1.46; Vol 2: RISKS-2.57.) ---------------------------------------------------------------------- Date: 30-Jun-1986 1510 From: minow%pauper.DEC@decwrl.DEC.COM (Martin Minow, DECtalk Engineering ML3-1/U47 223-9922) To: risks@sri-csl.ARPA Subject: Chernobyl (a suprise to the Soviets) From the Danish newspaper Information, May 31, 1986. Soviet Union Ove Nathan: Chernobyl Totally Choked the Leaders The Danish atomic physicist and rector for Copenhagen University, Ove Nathan, who is currently attending a conference on atomic weapons in Moscow, said Friday [May 30] in an interview with Swedish Broadcasting that an intensive discussion is going on behind the scenes in the Soviet Academy of Sciences. According to Ove Nathan, the accident at Chernobyl totally choked the politicians in charge of the Soviet Union. They had never imagined that something similar could have occurred. Ove Nathan has spoken with several members of the Soviet Academy of Sciences who said that the mathematical calculations they used in their probability computations were completely incorrect. These must be revised, and possibly also the decision to locate nuclear reactors in or near densely populated areas. "The new thing is that they openly admit that they do not know how they will handle the situation after the accident. They say that is extremely complicated, nothing can be taken for granted, and there are no sure factors one can rely on. Every day brings a new surprise." Professor Nathan suggests that this is a situation that is completely un-Sovietic. This is the first time in the Soviet history that the elite in the Soviet Academy of Sciences admit that they don't have firm ground under their feet. Ove Nathan believes, that the most serious consequence of the Chernobyl catastrophe will be an increased demand in the Soviet society for open information from the government. Translated by Martin Minow [The Danish original of the text that I translated as "the mathematical calculations they used in their probability computations were completely incorrect" is "den matematiske kalkyle, man har anvendt i sine sandsynlighedsberegninger, var helt fejlagtige" -- I don't have a dictionary so I'm not quite certain my translation was completely correct.] ------------------------------ Date: 30 Jun 1986 15:20-EDT From: dhm@sei.cmu.edu To: risks@sri-csl.arpa Subject: Airwaves & Security (2 Subjects) [This message is being forwarded for Richard S. D'Ippolito (rsd@sei.cmu.edu) whose machine does not yet have ARPAnet access; replies temporarily to dhm@sei.cmu.edu] AIRWAVES It seems to me that what's been missing in the debate on Airwaves/Privacy is that 'public' ownership is being erroneously equated with 'free access'. We certainly pay camping fees at public parks and tolls on some public roads. Public ownership of the airwaves (essentially nothing real) means simply equal access under the same set of government (public) rules and regulations so that no group is denied access for discriminatory (in the constitutional sense) reasons. Now then, why should a business expect to have its product stolen, which is essentially what is happening? And why can't they protect their normal interests, i.e., proprietary information, with whatever security deemed necessary and have the government back them up (with laws and penalties) just as they do with communications through the mails -- another 'publically owned' and equally accessible enterprise? And by the way, your rights in this state (PA) in public parks are considerably restricted from what they are on your own property -- no firearms, alcohol, pets, or explosives. I can't feel sorry for those who want to steal a service. SECURITY Mr. Richard Cowan has presented what I think to be a commonly held but misconceived argument on security, locks, and crime. It is not the proper duty or function of business to reduce the causes of crime by paying unrealistic wages or creating unnecessary jobs. Some people are thieves, period, not because they are poor or unemployed. And, as long as there is one left, all prudent people will want locks. Please, let's skip the sociological arguments in the discussions of SDI. [Disclaimer: For those who do not know (most of Pittsburgh doesn't yet) the SEI is not involved with SDI, nor do we write war (or any) software here -- no flames, please.] The SDI should be evaluated on several, I believe, criteria. Please let me try to be brief and state several assumptions (which not all of us may hold): () We have a defense need (implicit function of the government). () The perfect defense is one that is never tried. () The Soviet Union is our strongest enemy. Given these, we can view the SDI in several ways (sorry to condense): () If the Soviets are against it, it must be good for us, i.e., it's a political diversion and keeps them from spending more time on sorry ventures like Afghanistan. () It doesn't have to work -- it's successful if no enemy tests it. () If it causes our enemies to spend a lot of time and resources to match it, then the diversion of their resources from their people can de-stabilize the government through the rise of dissent and unrest. Now, don't we need to include issues like that in the evaluation of any defense? I'm certainly as unhappy as anybody about wasted tax dollars, as I pay to many of them now. Also, I would like to live in a peaceful world (read risk-free), too, but it just isn't going to happen. I would like all engineers (I'm one) and scientists to take the high side of the debate to the public -- that we work our butts off to make things as risk-free as possible and that we are willing to discuss and quantify (where possible) the magnitude and probabilities of the risks. In Great Britain, they talk about these things to the public all the time. Here, only the insurance companies know. For example, in building a chemical plant, the calculations of the magnitudes and probabilities of a life- injuring or -destroying accident and the resulting cost (yes, they put cold numbers on them -- your medical insurance company already has the value of your arm listed) is factored in along with all the other costs to determine the proper design and location of the plant in economic terms. It is totally unrealistic for us to put infinite values on human lives (I didn't say life) because that's when we conclude that everything must be perfect and risk free. A perfect example of this kind of reasoning can be seen in the FDA's treatment of hazardous substances. Have you notice that the allowable limits of these substances always decreases to the limits of measurability as new measuring instruments are devised, even in the absence of direct risk at those levels which are now orders of magnitude below the levels accepted as harmful? Where do we stop? In more concrete terms, I was unable to attend a lecture on this subject: Is a program with a known and predictable error rate of one wrong answer in 10,000 executions useless?, but the subject did intrigue me. --- Richard S. D'Ippolito (rsd@sei.cmu.edu) Software Engineering Institute Carnegie-Mellon University ------------------------------ Return-Path: Received: from eglin-vax.ARPA [...] Sun 29 Jun 86 12:42:37-PDT Date: 0 0 00:00:00 CDT From: Subject: Interesting Technical Questions (originally SDI) To: "risks" > Looking at the question from another side, all technical analysts > agree that it is possible to build SOMETHING that sometimes does some > fraction of what you want it to do, and the interesting technical > questions are what is the nature of this something, what will it be > able to do, and how often can it do it. ...and how much will it COST? Not only in money, but in people, raw materials, other resources, etc. This is a fundamental question in ANY engineering effort. Martin Moore (mooremj@eglin-vax.arpa) ------------------------------ End of RISKS-FORUM Digest ************************ -------