RISKS-LIST: RISKS-FORUM Digest Thursday 14 July 1988 Volume 7 : Issue 22 FORUM ON RISKS TO THE PUBLIC IN COMPUTERS AND RELATED SYSTEMS ACM Committee on Computers and Public Policy, Peter G. Neumann, moderator Contents: A-320 Airbus Crash Inquiry (Brian Randell) User interface problem in the Aegis system? (Kee Hinckley) Radar cross sections, Flt. 655, and F-14s (Eugene Miya) GM Blames Computer for Smelly Vans (PGN) Lockpicking at Los Alamos (Gary McClelland) Supposedly-unique id. no. from non-unique personal characteristics (Larry Margolis) NJ Driver's license number coding (Scott Robbins) Colwich Junction, England, 1986 (Mark Brader) Shades of Fantasy in Real-Life -- group games (acwf?) IQ measurement by machine? (Mark Brader) Aviation units (Richard S. D'Ippolito) RISKS and PGN Saturation! (PGN) The RISKS Forum is moderated. Contributions should be relevant, sound, in good taste, objective, coherent, concise, and nonrepetitious. Diversity is welcome. CONTRIBUTIONS to RISKS@CSL.SRI.COM, with relevant, substantive "Subject:" line (otherwise they may be ignored). REQUESTS to RISKS-Request@CSL.SRI.COM. For Vol i issue j / ftp kl.sri.com / get stripe:risks-i.j ... . Volume summaries in (i, max j) = (1,46),(2,57),(3,92),(4,97),(5,85),(6,95). ---------------------------------------------------------------------- Date: Tue, 12 Jul 88 21:31:25 +0100 From: Brian Randell Subject: A-320 Airbus Crash Inquiry Today's Guardian carried a story with a new and alarming slant. It is reprinted here in toto, without permission. AIRBUS INQUIRY OBSTACLES FUEL COVER-UP FEARS [By] Paul Webster in Paris An attempt to stop an examining magistrate investigating the cause of the A-320 airbus crash in eastern France last month has raised doubts over official claims made immediately after the crash that pilot error was the only cause. Mr Germain Sengelin, the senior examining magistrate at Mulhouse, defied a Justice Ministry order yesterday to drop a judicial inquiry and said that he could understand that there was official concern that "the search for truth was being placed above other interests." The magistrate was told to hand over the inquiry to a judge but continued questioning witnesses. He was concerned that the Airbus's two flight recorders were taken away after the crash by Transport Ministry officials. He said the recorders had not been sealed to "guarantee their authenticity and integrity." He was also angry that the local public prosecutor, who is responsible to the Justice Ministry, had already decided that pilot error was the cause of the crash which killed three passengers during an aero-club joyride flight. More than 130 other people escaped when the low-flying Air France chartered jet crashed into a wood. Air crew trade unions have also stepped up their protest over the plane's dependence on a revolutionary computer fly-by-wire system operated by a two-man crew. The air crews, who believe a flight engineer is needed to oversee the ultra-modern equipment which is supposed to correct pilot error, said there was a moral question involved. The policy of a two-man flight crew was putting passenger lives in danger. Pilots on France's domestic airline, Air Inter, began a new strike last night as part of a three-year campaign over Airbus safety. With the judicial and Transport Ministry inquiries, there are three investigations being made into the accident, the third being by Air France. But before any investigating team was able to give a point of view, the flight recorders had been analysed by civil aviation officials and the main finding revealed by the Transport Minister at the time, Mr Louis Mermaz. He ruled out any possible fault in the plane's design and blamed the pilot. As the Airbus is Europe's main challenger to US civil aviation supremacy, Mr Mermaz was concerned that doubts over the computer system could affect orders from more than 50 airline companies for about 500 A-320s which sell for about (pounds)20 million. ------------------------------ Date: Wed, 13 Jul 88 10:47:46 EDT From: Kee Hinckley Subject: User interface problem in the Aegis system? Something mentioned briefly in newsweek's analysis of what happened is that the display system does not show the actual radar blip, but rather an icon which indicates information about the object (under/on/above water and friendly/unknown/ enemy). Although at the 20 mile range there would be no difference in blip size, they asserted that a dumber radar system might have seen a difference at the distance at which missles were fired. If this is true it is a good example of an instance where switching to a symbolic display resulted in a loss of potentially critical information. (Of course the blip size is still not a good indication of aircraft type, given reflectivity differences, but any bit of information can help.) Kee Hinckley, User Environment, Apollo Computer Inc. ------------------------------ Date: Thu, 7 Jul 88 20:06:23 PDT From: Eugene Miya Subject: Radar cross sections, Flt. 655, and F-14s Please do not mistake the visual cross-section of a target to equal a radar cross-section. Radar is a less than exact science, all cross-sections are determined empirically with a anechoic chamber. A good example to understand this is the B-52, which comes with a drone called a Quail. The Quail is a tiny fraction of the B-52's size but is designed to give an identical signature (not quite). Several radar references include a recent Spectrum article on radar cross-sections (the IEEE will now probably do A320 and 655 article as they did they award winning Stark article). There is also Skolnick's book on radar. Current thinking is also based on active transponders, not on cross-section. --eugene miya, NASA Ames ------------------------------ Date: Thu 14 Jul 88 11:29:44-PDT From: Peter G. Neumann Subject: GM Blames Computer for Smelly Vans (UPI) Detroit Owners of some General Motors vans have been advised not to blame a rotten-egg smell on their companions but rather on the vehicles' computer. GM has discovered that under certain conditions, 1987 Chevrolet Astro and GMC Safari vans with 4.3 liter engines and overdrive transmissions spew an exhaust with the unmistakable smell of rotten eggs. The company has issued a bulletin to dealers with instructions on how to fix the problem. Among the remedies is replacement of the computer, which monitors the engine's fuels mix. The computer in question is used only in vans with overdrive transmission, the Detroit News was told by a GM service technician. An improper fuel mix results in the buildup of a sulfur and hydrogen mixture, causing the odor, the technician said. [San Francisco Chronicle, 14 July 1988, p. A11] ------------------------------ Date: Tue, 12 Jul 88 09:08 MDT From: Gary McClelland Subject: Lockpicking at Los Alamos Anyone interested in the recent discussion of lockpicking and security would enjoy reading Richard Feynman's hilarious chapter on his lockpicking adventures at Los Alamos during the bomb building days. The chapter is in his collection of autobiographical stories entitled "Surely You Must be Joking, Mr. Feynman. Reproducing excerpts here would spoil the fun. If the locks to the atomic secrets were so easy to pick it is hard to imagine what system would be required to guarantee no burglars get in the house. Just keep the insurance premiums paid and make it look like your house would be a bit more troublesome than the neighbor's. Gary McClelland (Univ of Colorado) ------------------------------ Date: 12 Jul 88 12:31:37 EDT From: Larry Margolis Subject: supposedly-unique id. no. from non-unique personal characteristics New York State also encodes the driver's sex and date of birth in the driver's license number. The reason for this is that a police officer can do a quick check to tell if the license is invalid. (No guarantee that it's valid, of course, but if the DOB on the license doesn't match the encoded version, or the sex isn't encoded properly, you know that it's invalid.) Larry Margolis ------------------------------ Date: Mon, 11 Jul 88 16:41 EDT From: Subject: NJ Driver's license number coding tab@mhuxu.att.com writes: > I had to laugh at "The Eyes Have It". The last five digits of my NJ >driver's license number are 61664. This is supposed to represent my >date of birth and eye color. I was born on 11-22-66, and the last time >I checked my calendar, we didn't even have 61 months! On NJ driver licenses, the first 4 of the last 5 digits are always the month and date you were born. If you were born in October, November, or December, the first '1' is replaced by a '6' , hence 6166 for those four digits on your license. I *think* this is always the case for people born in those three months; other numbers might be used in place of the '1'. My mother was born in October, and the numbers on her license are 60422 for the last five digits. The last number on your license is your eye color; if you have a picture license, the codes for numbers and eye colors are on the back of the license card. You might also note that of the second group of 5 digits, the first two should be '66' in your case, because you were born in 1966. The reason for doing all of this is because NJ picture driver's licenses are very easy to alter for ID purposes (to buy alcohol, etc.) - so the DMV figured they'd get smart and build the birthdate into the DL number. Except now everyone knows the secret and it's pretty useless. I believe all the numbers on a license mean something --> another thing they try to protect against is people replacing the picture with another (also very easy on a NJ picture license). Scott Robbins SROBBINS@DREW.BITNET ------------------------------ Date: Wed, 13 Jul 88 18:20:35 EDT From: msb@sq.com (Mark Brader) Subject: Colwich Junction, England, 1986 The official report on a train collision* at Colwich Junction, England, on September 19, 1986, has been released and is written up in the June issue of Modern Railways magazine. There are two RISKS-related points. *Both trains had electric lomocotives, which collided. The northbound train was supposed to stop; the southbound one was running at 95 to 100 mph. Of "nearly 900" passengers on the two trains, 75 were injured, 32 requiring hospitalization, but the only fatality was the southbound train's driver. The basic cause was driver error. The error related to "approach-controlled" signals, where a restrictive aspect is used merely to force the train to slow down, rather than its original meaning of "prepare to stop". In some cases new flashing aspects are used to indicate approach control, but the exact meaning varies (it would take too long for me to go into detail here). The driver assumed that a particular red signal was going to clear as he approached, when it was actually telling him to stop, hence the accident. The magazine editorially blasted the present inconsistent system, saying that approach control, which is supposed to stop trains from taking junctions too fast, "is now a lethal menace because it does different things in different places and is bound to lead drivers into confusion". They call for a system with the desired speed explicitly displayed. There was a further contributing cause. The northbound train was equipped with wheelslip protection, i.e., antilock braking, which a witness heard in operation. (Why do trains need antilock braking when they don't have to steer? Because if the wheels slide, flat spots are worn onto them, causing bad riding and premature wear.) The driver had no way to turn the wheelslip protection off. If he had had, the accident might have been avoided; experiments to test this were incon- clusive, it being too difficult to reproduce the exact conditions. But an override would certainly have reduced the stopping distance, and the report recommended that wheelslip protection be automatically turned off when the driver selects emergency braking. Mark Brader "What can be more palpably absurd than the prospect held out utzoo!sq!msb of locomotives travelling twice as fast as stagecoaches?" msb@sq.com -- The Quarterly Review (England), March 1825 ------------------------------ Date: Thu, 14 Jul 88 14:23:36 BST From: mcvax!doc.ic.ac.uk!acwf@uunet.UU.NET Subject: Shades of Fantasy in Real-Life -- group games I noticed the following article in UK Micro Mart magazine and thought it might indicate some hitherto unforeseen risks of computer use! Melanie Weaver and Jez Thorpe, both avid users of Telemap Groups Shades game, have become the first couple to marry after meeting in a multi-user computer game. The newly-weds met in Shades, where players exist in a fantasy world of castles, wizards and buried treasure. Their characters married in the game; then they were engaged for real a month later, and married recently at a church in Cornwall. Melanie, who works in the travel business said: ``When I started playing the last thing on my mind was that I would meet my future husband through a computer game. But I soon discovered that one of the best things about Shades is that it allows you to meet lots of interesting people.'' Shades is a multi-user adventure set in a fantasy world where players attempt to rise from the rank of novice to wizard by collecting treasure and scoring as many points as they can. With up to 128 players taking part the characters you encounter -maybe in the on line pub, The Talking Shoppe - could be using a computer anywhere in the world. ------------------------------ Date: Thu, 14 Jul 88 13:42:42 EDT From: msb@sq.com (Mark Brader) Subject: IQ measurement by machine? The following article by Bob Gray of Edinburgh University appeared in sci.misc as an outgrowth of an exchange about the high-IQ society Mensa. The risks associated with these machines would seem to be of the same type as those associated with the use of polygraph machines as if they were lie detectors. Mark Brader, SoftQuad Inc., Toronto (Forwarded text follows. The quoted paragraph is from an earlier article by Chris Long in the same newsgroup.) > Binet originally designed his tests to detect mental deficiency, which > they do, up to a point. Alas, things did not stay there. Goddard, > Terman, and Thorndike took things to where they are now. Just to add some more napalm to the postings... A company in Guildford, Surrey, UK announced last week that they are to market a device to directly measure the early signs of diseases affecting the brain. Alzheimer's disease and senile dementia were mentioned. Electrodes are attached to the scalp and the electrical activity of the brain in response to computer controlled stimulus is measured. The device is also claimed to be able to measure IQ. The report then went on to mention that some companies have already expressed an interest in the device for selecting people with low intelligence to do boring and repetitive jobs. This device may be an application of some research here at the University of Edinburgh which showed a correlation of greater than 0.6 between scores on IQ tests and direct EEG measuremernts of the speed at which the sensory areas of the brain can process information. Bob ------------------------------ Date: Thursday, 14 July 1988 11:17:32 EDT From: Richard.S.D'Ippolito@sei.cmu.edu Subject: Aviation units It's curious how errors creep in everywhere. In Joe Morris's discussion of aviation units, he reproduces a segment of a table from Jeppesen showing SI units of distance as "km", where the correct unit is "Km". Would an SI person also interpret the non-SI column entry "nm" as "nanometers" and reject the chart? A manual purporting to set a "official standard" for safety purposes, assuming that the error wasn't a copy error, has an incorrect symbol used for a unit modifier -- kilo is ALWAYS uppercase as are all SI prefixes that multiply as opposed to those representing fractional parts, which are lowercase. (E.g., m = milli = 10^-3 and M = mega = 10^6.) "kg" is NOT an SI unit, but Kg is! Imagine drugs if mg could be milligrams, micrograms, or megagrams, or radiation if mCu were hastily written for microcuries. Some of the folks in my particular field, the electronic, still mark capacitors with mF for microfarads and mmF for micro-microfarads when they should be uF (greek letter micro) and pF (pico = 10^-12). Yes, we in our leisure know what is meant, but why should the burden be on the reader to interpret, especially in a critical situation? And why the mixed units? All units in a table should be consistent, defined, or spelled out, so that nm, n.m., na. mi., are OBVIOUSLY nautical miles, and not nanometers. To have adjacent lines of a table showing kg and nm (mixed units with one incorrectly spelled) is irresponsible and, well, risky. And all those footnotes? They tell me that there is no standard. ------------------------------ Date: Wed, 13 Jul 88 17:54:20 PDT From: Peter G. Neumann Subject: RISKS and PGN Saturation! The RISKS backlog is up to 50 unfielded messages just in the past week. Many of the pending messages are marginal, and will probably not surface. Many are purely speculative, and those have to be very carefully written in order to be worthy. Others are interesting, but drifting further and further afield -- as seems to happen whenever a subject develops. Others continue to dwell on topics that have already been covered. I realize some of you are receiving RISKS only after long delays (days, in some cases even weeks), which makes it very hard for you not to avoid duplication of messages that you have not even seen yet! But bear with me as I continue to wrestle with the balance between an open forum and a manageably readable, interesting forum. Thanks. Peter ------------------------------ End of RISKS-FORUM Digest 7.22 ************************