RISKS-LIST: RISKS-FORUM Digest Wednesday 30 August 1989 Volume 9 : Issue 19 FORUM ON RISKS TO THE PUBLIC IN COMPUTERS AND RELATED SYSTEMS ACM Committee on Computers and Public Policy, Peter G. Neumann, moderator Contents: NEW INSTRUCTIONS TO FTP VOL i ISSUE j, effective immediately (PGN) Reg. of Motor Vehicles computer slows down (Adam Gaffin) British nuclear reactor software safety disputed (Jon Jacky) South German hackers hack TV German Post (Klaus Brunnstein) Ethics (Donald J. Weinshank via Tom Thomson) sci.aeronautics, a new newsgroup (Robert Dorsett) What's a stamp? (postal service problems) (David Elliott) The RISKS Forum is moderated. Contributions should be relevant, sound, in good taste, objective, coherent, concise, and nonrepetitious. Diversity is welcome. CONTRIBUTIONS to RISKS@CSL.SRI.COM, with relevant, substantive "Subject:" line (otherwise they may be ignored). REQUESTS to RISKS-Request@CSL.SRI.COM. Vol summaries (i.j)=(1.46),(2.57),(3.92),(4.97),(5.85),(6.95),(7.99),(8.88). > > > > > > > > NEW FTP INSTRUCTIONS GIVEN BELOW < < < < < < < < < ---------------------------------------------------------------------- Date: Thu, 24 Aug 1989 10:44:34 PDT From: Peter Neumann Subject: NEW INSTRUCTIONS TO FTP VOL i ISSUE j, effective immediately ftp CRVAX.sri.com anonymous x cd sys$user2:[risks] get risks-i.j bye WHERE the largest j for each i (the VOLUME SUMMARY ISSUE) is given by (i.j)=(1.46),(2.57),(3.92),(4.97),(5.85),(6.95),(7.99),(8.88). GOOD LUCK! I may be a little late getting the newest issues over. The FTP IN does not work well enough quite yet. Thanks for your patience. ------------------------------ Date: Wed, 30 Aug 89 10:54:54 pdt From: adamg@well.UUCP (Adam Gaffin) Subject: Reg. of Motor Vehicles computer slows down From the Middlesex News, Framingham, Mass, Aug. 29, 1989 By Michael Sereda NEWS STAFF WRITER MetroWest police, more accustomed to battling crime, are battling a broken Registry of Motor Vehicles computer that hasn't spit out information since Sunday. So far, 6,000 inquiries on licenses and registrations have backed up, handcuffing police and leaving Registry officials to crank out renewals on paper. ``It's a real pain in the neck, particularly on a busy night and there's so much going on,'' said Medfield Police Dispatcher Shirley Rossi. ``You're able to check the status of someone on a warrant ... but you can't check the status if they have a suspended or revoked license, and you can't check the status of a vehicle, if it's unregistered, registered. It just basically makes it difficult if they want to write a ticket.'' ``This is an ongoing thing with (the Registry),'' Rossi said. Trouble began, spokesman Kathi Connelly said, on Sunday morning when the Registry shut down the electronic brain for four hours of scheduled maintenance. After the maintenance was performed, the computer came back on line for about an hour and then started acting up, she said. The 4-year-old computer, which stores information on the state's 3 million drivers and 6 million vehicles, was operating off and on throughout Sunday, before ``crashing'' late that night or early Monday morning, she said. The glitch meant that police throughout the state could not check on a person's driving record or the validity of a registration. ``It gets very difficult,'' said Framingham Lt. Wayne McCarthy. ``There've been several times that it's down, and later it comes up (after a suspect is let go) and it comes back that someone's license is revoked or suspended. ``They may have had a license on them and we couldn't check on it,'' McCarthy said. ``It kind of stops the checking process out on the road,'' said State Police Sgt. Joseph Parmakian. While the computer was down Sunday and Monday, the system automatically stored the inquiries and answered them when operation resumed between 4 p.m. and 6 p.m. Monday, Connelly said. At the Registry, customers who wanted to renew their licenses went away with temporary paper renewals and without the laminated photo license, which is computer-generated, Connelly said. Those drivers can return for the photo license, she said. She said she could not estimate how many customers might have been inconvenienced. Other Registry transactions involving the public were done on paper, she said. ``To be frank, we were kind of worried that something like this would happen,'' Connelly said. ``The computer has been operating at 100 percent capacity for more than a year. Generally, computer systems are supposed to operate at no more than 85 percent of capacity.'' The computer's maker, Amdahl Co. of Sunnyvale, Calif., flew parts and repair technicians to Boston to help out, she said. The repairs did not cost the Registry additional money because they were covered under a maintenance agreement, she said. Permanent help is on the way for the Registry in the form of a new computer with an expanded memory, Connelly said. The new computer will have the ability to handle 40 million instructions per second - in computer lingo, that means it's real fast. The Registry will be going out to bid in 10 to 12 weeks for the $7 million machine. The money for the computer, Connelly noted, has already been budgeted and will be paid over a five-year period. Connelly said that David Lewis, the Registry's computer boss, ``feels secure the problem has been taken care of.'' ``We'll be happy when it's replaced,'' she added. ------------------------------ Date: Tue, 29 Aug 1989 14:06:30 PDT From: JON@GAFFER.RAD.WASHINGTON.EDU (Jon Jacky) Subject: British nuclear reactor software safety disputed The following article appears in NEW SCIENTIST, 5 August 1989, p. 24: CEGB Rebuffs Critics of Safety Software by Susan Watts The Central Electricity Generating Board has responded to critics who doubt the reliability of the software that will protect Britain's latest nuclear power stations from accidents. Specialists in computer safety systems fear that this software does not meet current standards for such "safety-critical" software, published recently by the Ministry of Defence (MoD). The CEGB has been reluctant to publish details of the protective system. At a special session of the Hinkley Point inquiry in Bristol, Martyn Thomas, the chairman of the committee on safety software at the British Computer Society (BCS), urged the CEGB to allow an expert committee to make an independent assessment of the software. This software, which the board ordered from Westinghouse in the US, might one day be solely responsible for shutting down pressurized-water reactors should something go seriously wrong. The MoD's draft standard, Def Stan 0055, stipulates that all software for systems which protect human life must be analyzed mathematically, rather than simply relying on estimates of the probability that such software will not fail. Thomas fears that the systems could not meet the requirements of MoD's new standard (THIS WEEK [a section in NEW SCIENTIST] 1 April 1989). The only way to allay concern about the protection system among computer experts would be for the CEGB to publish details of the system and to allow the expert committee to scrutinize it, he says. The board rejects charges that the emergence of the new standards invalidates or renders inadequate its designs, which have been under development for some time. The board points out that it has its own independent assessment team, which includes a member of the safety systems group of the BCS. But Thomas says that this "Independent Design Team", although independent of Westinghouse, is made up of employees of the CEGB. This is not good enough, says Thomas, who wants the inquiry to open an extra session on the safety aspects and reliability of the software which will control the reactor. In Bristol, Thomas said that the Health and Safety Executive, whose team at the Nuclear Installations Inspectorate (NII) has to approve the system before it is allowed to operate, is severely short of skilled resources for assessing programmable electronic systems of any sort. He also has serious reservations about whether the NII has the staff and skills to evaluate safety of the protection system. He says that the CEGB has not answered the substantive point of his evidence; that this important area of the design, where opinions within the computer community have been maturing quite rapidly over the past six months, ought to be examined by public inquiry. He says that he asked the CEGB several months ago for information about the design of the system. The Health and Safety Executive (HSE) has responded to the evidence submitted by Thomas, and says that it has adequate expertise and resources to do its job. The HSE says that it has addressed the potential problems with software identified at the time of the Sizewell inquiry, and that the NII expects the CEGB to make use of new checking techniques as they become available. - Jonathan Jacky, University of Washington ------------------------------ Date: 29 Aug 89 14:16 GMT+0100 From: Klaus Brunnstein Subject: South German hackers hack TV German Post Last Saturday (August 26, 1989), ZDF (=2nd German TV, one of the 2 nationwide TV channels) asked there spectators whether smoking should be banned in the public. The spectatores could answer by telephone, dialing for "yes" a telephone number nnnnnn1, or nnnnnn2 for "no". Within a time slot of 14 minutes, 52.942 telephone calls came in, with a quota of 54:46 in favor of a smoking prohibition. That means, that 29.669 voted in favor of a prohibition, and 25.273 opposed. On Monday (August 28, 1989), a group of South German hackers said that they manipulated the quota by dialing the "yes" number with from 83 PCs at a rate of 4 times a minute; virtually all of their calls came through so that about the maximum of 4.648 Yes-votes came from their computers. The result was thus significantly changed: without the computer votes, the result would be: Yes=25.021; No=25.273, which is a small majority of the opposition. German news media (only) now start a debate about the "security" (not about the quality!) of the German Post Office's "TED" =TEleDialog system used for this TV transmission. The system was developped in 1979 (and used several times, mainly for entertainment purposes, e.g. vote on the Saturday movie). TED consists of 11 regional computers which count how often a specific number is dialed; the count is transferred to the TV station which rented this service, after a given time limit is reached. The maximum capacity for a nationwide counting procedure is 350.000 "votes" per hour. On Saturday, only slightly over 50% of the capacity was used, probably due to vacation time and missing interest in the corresponding TV show. The system can easily be hacked; probably, some more hackers tried and practicised such hacks earlier. There have been some discussions before when, at a local election in the Federal State of Hamburg, some strange results about political themes came up. But only now, as leisure time themes and activities of hackers are involved (and other catastrophy themes are not visible), a discussion is started about the "security". My prognosis:the essential question about the quality of the results produced by such a tool and procedure will only be discussed when questions of common (national?) interest are asked, such as: shall we replay Steffi's or Boris's last winning game. Klaus Brunnstein Hamburg, FR Germany ------------------------------ Date: Tue, 29 Aug 89 12:57:36 bst From: Tom Thomson Subject: Ethics I thought this article from humanist was worth posting to risks and to security. What risks do we suffer if our engineers/scientists are unethical, or are taught to subscribe to conflicting sets of ethical principles? Is it likely that societies like ACM, BCS, IEEE, etc will have incompatible ethical codes, each of course incompatible with whatever is taught in the computer science schools? Forwarded article:- Sender: HUMANIST Discussion Reply-To: Willard McCarty Humanist Discussion Group, Vol. 3, No. 402. Monday, 28 Aug 1989. Date: Mon, 28 Aug 89 17:14:47 EDT >From: weinshan@cpswh.cps.msu.edu (Dr Donald J. Weinshank) If I may, I would like to reopen the question of "computer ethics." Let me try to formulate the question this way: "Is there a rational and consensual basis for computer ethics?" The older I get, the more I feel the poignancy of this exchange in The Brothers Karamazov: "Is that really your conviction as to the consequences of the disappearance of the faith in immortality?" the elder asked Ivan suddenly. "Yes. That was my contention. There is no virtue if there is no immortality." Absent a consensual reality, on what basis can we construct a system of computer ethics for our students? Do we reduce ethical questions to the merely legal ones? If it ain't illegal, is it OK? Do we point to a series of mini-consensuses? The ACM says ...., and the MLA says ...., and the Department of Redundancy Department has published yet another statement of computer ethics. Are students to choose one ethics position from Column A and one from Column B as they see fit? Are computer ethics merely negative ("Thou shalt not..."), or are they also positive? Are there ethical statements which are unique to (or apply with special force to) the field of computing, or are they the general ones of "intellectual honesty, curiosity, an eye for detail, a respect for theory, and delight at discovery" (Miller quoting Ryle on 20 June, 1989). If computer ethics can be taught, then I have these questions: * Who is doing the teaching? People in the Humanities? Engineers? Computer Scientists? * What are the people who are teaching computer/engineering/scientific ethics teaching? * What texts? * What contexts: part of many courses or a separate required/elective course? ------------------------------ Date: Wed, 30 Aug 89 19:41:02 CDT From: rdd@rascal.ics.UTEXAS.EDU (Robert Dorsett) Subject: sci.aeronautics, a new newsgroup The sci.aeronautics newsgroup has been formed on usenet. It will be dedicated to discussions of various aspects of aviation, such as human factors, airliner oprations, avionics, and aeronynamics. It is intended to complement the existing rec.aviation newsgroup, not replace it. There is also a mailing list. Submissions should be mailed to aeronautics@rascal.ics.utexas.edu Administrative details (requests to subscribe, unsubscribe, questions) should be addressed to: aeronautics-request@rascal.ics.utexas.edu The "aeronautics" mailing list will be a moderated version of the sci.aeronautics newsgroup. It will be a one-way feed (sci.aeronautics -> mailing list), unless sufficient demand requires that it go in the opposite direction. Robert Dorsett Internet: rdd@rascal.ics.utexas.edu UUCP: ...cs.utexas.edu!rascal.ics.utexas.edu!rdd ------------------------------ Date: Tue, 29 Aug 89 10:05:35 -0600 From: dce@Solbourne.COM (David Elliott) Subject: What's a stamp? (postal service problems) Recent articles and letters in "Linn's", a weekly philatelic newspaper, give an interesting view of problems in the US Postal Service. A recent scam has people paying as much as $40 to find out about a "little-known regulation" that allows people to send first-class mail for $.02 instead of $.25. There is no such regulation, at least not specifically. Nowadays, stamps are printed with phosphorescent inks (sometimes the colored ink contains phosphor and sometimes a clear overcoating is applied). Automatic cancelling machines detect the phosphor, rejecting envelopes that have none. The result is that any stamp with the phosphor will trigger the cancelling machine: a $.25 stamp, a $.02 stamp, a $.01 stamp, a piece of selvage (stamp sheet edge), some used stamps, and some foreign stamps. In fact, one political candidate's secretary used this trick to "save money". No charges were made ("It's a simple mistake"). On the other side of the coin (as it were), overzealous postal clerks refuse valid stamps: * The 1987 Stamp Collecting issue, which shows a 100-year old cancel as part of the design ("We don't accept cancelled stamps"). * The 1947 100th anniversary souvenier sheet contains stamps with the same designs as the US 1847 issues (5 and 10 cent values). The 1847 stamps were invalidated during the Civil War. * The 1989 souvenier sheet showing a reprint of the 90 cent Lincoln stamp of the 1880's is expected to have similar problems. * Any postal customer with the proper permit is allowed to use precancelled and fractional-valued stamps, but obtaining and using the permit is not always possible with some clerks and postmasters. David Elliott ------------------------------ End of RISKS-FORUM Digest 9.19 ************************