RISKS-LIST: RISKS-FORUM Digest Wednesday 6 September 1989 Volume 9 : Issue 22 FORUM ON RISKS TO THE PUBLIC IN COMPUTERS AND RELATED SYSTEMS ACM Committee on Computers and Public Policy, Peter G. Neumann, moderator Contents: Paris computer takes law into its own hands (ST4012704 and Sally Jubb) Brian Randell's comment on fault/failure analysis (Ted Lee) Re: US occupational hazards much worse than in Europe (Mats Ohrman) Re: medical systems and RF interference (Brian Kantor) Re: mis-tagging (Olivier Crepin-Leblond) Electronic House Arrest Failure (Martyn Thomas) Re: Lowest-bidder or weak specs? (Henry Spencer) Re: Law == Ethical Consensus (Douglas W. Jones, Victor Yodaiken, Gilbert Harman, Eric Hughes, Bill Murray, Joel M. Halpern) The RISKS Forum is moderated. Contributions should be relevant, sound, in good taste, objective, coherent, concise, and nonrepetitious. Diversity is welcome. CONTRIBUTIONS to RISKS@CSL.SRI.COM, with relevant, substantive "Subject:" line (otherwise they may be ignored). REQUESTS to RISKS-Request@CSL.SRI.COM. TO FTP VOL i ISSUE j: ftp CRVAX.sri.comlogin anonymousAnyNonNullPW cd sys$user2:[risks]get risks-i.j . Vol summaries now in risks-i.0 (j=0) ---------------------------------------------------------------------- Date: Wed, 06 Sep 89 17:34:18 BST From: ST4012704@PRIME-A.OXFORD-POLY.AC.UK Subject: Paris computer takes law into its own hands (From "The Guardian" - National Daily Newspaper) Wed 6-Sep-1989 A crusading computer has taken the law into its own hands and caught 41,000 Parisians on charges of murder, extortion, prostitution, drug trafficking and other serious crimes. But the big round-up ended in embarrassment after an admission by the City Hall yesterday that the electronic Batman could not tell the difference between a parking offfence and gang warfare. "The accused persons will be receiving latters of apology." an official at the City Hall Treasury department said. "Instead of receiving summonses on criminal charges, they should have been sent reminders of unpaid motoring fines in April. Somehow or other the standard codes we use for automatically issued reminders got mixed up." The first hint of the avenging computer's self-appointed mission to clean up the capital came at the weekend. Hundreds of Parisians received printed letters accusing them of big crimes, but demanding only petty fines for the major crimes of between #50 and #150 (pounds - UK equivalent). "About 41,000 people are involved and some of the charges are quite weird." the official admitted. "One man has complained of being accused of dealing in illegal vetinary products. Unfortunately, other accusations went much further, like man-slaughter through the administraion of dangerous drugs." "There were a lot of cases of living off immoral earnings, racketeering and murder." The official said an inquiry had been started to see if the caped computer had a human accomplice. So far, no one has asked the Joker if he was in Paris last week. [Also noted by Sally Jubb ] ------------------------------ Date: Tue, 5 Sep 89 21:05 EDT From: TMPLee.TIS@DOCKMASTER.NCSC.MIL Subject: Brian Randell's comment on fault/failure analysis (RISKS-9.21) I'd like to add one postscript to Brian Randell's observations about the difficulty (impossibility? perhaps) of analyzing the failure modes and latent defects of complex computer systems. Fault tree analysis, etc., may well be valid and useful if all one is doing is estimating the probability of failure under "normal" (even if stressed to the extreme by incompetent operators or "acts of God") operation. One must note, however, that if the system is being "stressed" by a conscious, knowledgeable, determined, perhaps well-funded, "enemy" even his pessimistic analysis is too-optimistic: if the system has exploitable flaws they WILL be found; it's only a question of time and energy. ------------------------------ Date: Wed, 6 Sep 89 08:14:23 GMT From: matoh@sssab.se (Mats Ohrman) Subject: Re: US occupational hazards much worse than in Europe, report claims JON@GAFFER.RAD.WASHINGTON.EDU (Jon Jacky) writes: >... The National Safe Workplace Institute found that more workers are >killed on the job in this nation than in most other industrialized >countries. ... US workers are 36 times more likely to be killed than >a Swede, >[ Such a big difference is surprising to me. Is this for real? It >is often noted that European safety regulations are generally more >stringent than those in the US. Doesn't surprise me. Swedish safety regulations are VERY strict. *Any* place with more than five employees has to have a safety ombudsman, an employee trained to recognize hazardous situation, who has the authority to stop any work that seems dangerous. Death accidents at work (other than traffic accidents) are rare enough to usually make it into the national media (and draw rather large headlines). On the other hand, there are people comparing living in Sweden to living in a padded cell. Oh, well... _ Mats Ohrman Scandinavian System Support AB, Box 535, S-581 06 Linkoping, Sweden ------------------------------ Date: Tue, 5 Sep 89 21:24:24 -0700 From: brian@ucsd.edu (Brian Kantor) Subject: Re: medical systems and RF interference (Ranzenbach, RISKS-9.21) If your radio was part of an 800MHz "trunked" radio system, it may have transmitted even when you were not keying the microphone. Trunked radio systems work by sharing a pool of channels between many users. When a user transmits, he briefly interrogates the controller and is temporarily assigned one of the pool of channels for his use. After some idle time, the channel is considered available for use by other members of the trunked system. Normally each mobile (which includes portables, etc) is monitoring a "home" channel, but when any unit in the system transmits, the repeater controller sends a signal out that directs ALL the units of that customer to switch to the channel chosen, typically for the duration of the dispatch. The mobiles normally do NOT acknowledge this switching, so they don't transmit for that reason. In this way they differ from a cellular telephone. However, it is possible to equip mobiles with unit status reporting that allows the base or repeater to poll each unit for its current status and can even be used (in wide-area multiple-receiver trunked systems) to guess a rough location of the unit. If your system were equipped with such an option, it might well cause your walkie to key up even if you aren't talking on it. There are, of course, other reasons for radios to key inadvertently. I recall a prime example when the local fire department kept getting jammed; it turns out that water from the fire hoses was spraying into a gap in the external- microphone plug in their walkies and keying the transmitter. Of course it only happened when they needed a clear channel most: at a working fire. However, NO piece of life-support equipment should be as RF sensitive as you describe that respirator to be. There is simply too much RF in the world around us to allow that kind of shoddy design. - Brian ------------------------------ Date: Fri, 1 SEP 89 14:35:29 GMT From: Olivier Crepin-Leblond Subject: Re: mis-tagging The UK experiment with electronic tagging does apply ONLY to remand prisoners who are not necessarily 'criminals' in the sense of killing/attempting to kill someone. I referred to them as criminals, since in the English language, you can call any breach of the law a crime. Speeding on the highway is a 'crime'. Anything which is punishable by law can be put under a general heading of 'crime'. However don't take my word for this since I am French, so I am sure that other people are more qualified than me to decide about this. I thank Geraint Jones for pointing this out. I just didn't think people would get confused about this. Olivier Crepin-Leblond, Electrical & Electronic Eng, Comp. Sys. & Elec., King's College London, UK. ------------------------------ Date: Mon, 4 Sep 89 12:15:53 BST From: Martyn Thomas Subject: Electronic House Arrest Failure A recent RISKS reported the experiment with electronic "tagging" of a suspect awaiting trial in the UK. The system seemingly involves a transponder permanently attached to the suspect's leg, interrogated at random by a transmitter attached to a phone. If the transponder fails to respond, the police are alerted that the suspect may have "escaped". Datalink newspaper (September 4th) reports that "the only person to have been tagged [ ... ] was woken in the early hours last week when a fault in the [ ... ] system keeping tabs on him alerted the police to an 'escape'. " Martyn Thomas, Praxis plc, 20 Manvers Street, Bath BA1 1PX UK. ------------------------------ Date: Tue, 5 Sep 89 23:11:36 -0400 From: henry@utzoo.UUCP Subject: Re: Lowest-bidder or weak specs? (RISKS-9.18) >2. Discard the highest and lowest bids. (Since all bidders are bidding >on the same job, if the bids are wildly out of range there's either a >problem with the spec or the vendor.) Unfortunately, discarding the low bid *sometimes* disqualifies precisely the people who are best suited to do the job: the ones who have found a new approach that radically simplifies the problem. The Douglas proposal for what became the A-4 Skyhawk (1950s carrier-based light bomber) specified half the weight -- and half the price -- that everybody else thought reasonable. In the beginning, everyone thought Ed Heinemann (the chief designer at Douglas) was either crazy or trying to pull a scam. The Skyhawk arrived on schedule, on spec, on budget, on price, and on weight, and was built by the thousands in an enormously successful program. If the bids are wildly out of range, it may be because somebody's got more than usual insight into what's going on. This might be either a realistic assessment of the real cost of the project, leading to a high bid, or a new approach, leading to a low bid. Either way, accepting the out-of-line bid could be the right thing to do. Unfortunately, it's really hard to tell for sure. You can't just look for some radical difference in the proposals, because there may not be one. Heinemann didn't coat the Skyhawk with antigravity paint; he was just unusually firm and thorough about finding ways to reduce weight. Henry Spencer at U of Toronto Zoology uunet!attcan!utzoo!henry henry@zoo.toronto.edu ------------------------------ Date: Wed, 6 Sep 89 09:31:16 CDT From: Douglas W. Jones Subject: Re: Law == Ethical Consensus I must take issue with Scott Guthery's piece in RISKS DIGEST 9.21, dated 4 Apr 88 (no doubt, due to unusual congestion somewhere in UUCP). He says that > The law *IS* the current ethical consensus. I will not argue that point, leaving that issue to those more versed in both the law and ethics. He goes on to conclude that > A teacher in a institution receiving U.S. taxpayer support is legally > obliged to state from the front of the classroom that if it isn't illegal > it is by definition ethically correct. This is nonsense. I am an associate professor at the University of Iowa, supported totally by tax dollars. Like most publically supported universities, we teach courses on ethics and on religion, and even in our computer science classes, we occasionally discuss ethical issues that are not addressed by the law. Although the public school systems of our country have seemed to have an incredibly difficult time with doing this, the universities have always done it. The key do doing so is fairly obvious. The University of Iowa College of Liberal Arts Classroom Manual (1983) governs the conduct of classes in my college. It states > No limitation is placed upon the teacher's freedom of expression in the > exposition of the teacher's own subject in the classroom or in statements > made outside the classroom, so long as these statements are in good taste. > However, members of the faculty are morally bound not to take advantage of > their positions by introducing into the classroom provocative discussions > of irrelevant subjects that are clearly not within their respective fields > of study. Note that we are not bound by any written contract to obey these rules, nor are these rules legislatively sanctioned. These rules do not represent the "moral consensus" of the state. Rather, they represent the "moral consensus" of the college. In a sense, the faculty of the college have imposed this rule on themselves in order to avoid situations that might force the state to reach it's own "moral consensus", codified in law, that might limit our freedom to teach. If I were to follow the logic Scott Guthery proposes, the fact that the state has taken no legislative stand on what I can teach would imply that it is completely moral for me to teach anything I want. It is pretty obvious that the statement in our classroom manual is not really restrictive enough, especially for those teaching in the departments of religion, economics, political science, and philosophy. In those departments, our code would suggest that faculty members would be entitled to advocate or even require adherence to particular religious, economic, political and philosophical stands, but doing so is clearly dangerous because it could bring a legislative reaction. Faculty members in those departments almost always have personal stands on such issues, and they are allowed to make their personal views clear, but at the same time, they are expected to tolerate students who disagree with their personal views and not try to impose those views. Fortunately, we have ethical traditions (most of which are not written into law) which allow us to retain our freedom of expression. It might almost be appropriate to state the following rule as an alternative to Guthery's statement: Laws are enacted when people fail to adhere to reasonable self-imposed ethical standards. Peer groups (friends, neighbors, fellow professionals) can all act to reenforce such standards. For example, we have an ethical consensus that stealing is bad, but no laws would have been enacted if it hadn't been for the fact that, despite this consensus, some people steal. In the professions, we have the opportunity to promulgate ethical codes, and in most mature professions, we can impose these codes on ourselves, providing methods to discipline our peers who fail to adhere to these codes. The more we succede in our efforts at regulating our own behavior, the less need there is for society as a whole to reach a "moral consensus" about how we should have behaved, and encode this consensus in law. Douglas W. Jones, Associate Professor of Computer Science, The University of Iowa [I first thought the date might have been a belated April Fool's gag. I suspect I stripped away some of the preceding header that would have indicated a REMAILing of an old item that had not previously appeared in RISKS. Recycling hits high gear? PGN] ------------------------------ Date: Tue, 5 Sep 89 21:07:04 EDT From: yodaiken%freal@cs.umass.edu (victor yodaiken) Subject: Re: Law == Ethical Consensus (RISKS-9.21) Scott Guthery writes in RISKS 9.21 : >A teacher in a institution >receiving U.S. taxpayer support is legally obliged to state from the >front of the classroom that if it isn't illegal it is by definition >ethically correct. This is false, and ethically incorrect. ------------------------------ Date: 5 Sep 89 23:36:47 GMT From: ghh@clarity.princeton.edu (Gilbert Harman) Subject: Re: Law == Ethical Consensus (RISKS-9.21) Scott Guthery [...] is confused. (1) The law *IS NOT* the current ethical consensus. (2) The current ethical consensus, if there were one, is not the same thing as what is ethically correct. (3) What is ethically correct is distinct from what is required by one or another religion. (4) A teacher in an institution receiving U.S. taxpayer support who says that, "if it isn't illegal it is by definition ethically correct" should be dismissed for incompetence both in ethics and in knowledge of definitions. Gilbert Harman, Princeton University Cognitive Science Laboratory 221 Nassau Street, Princeton, NJ 08542 HARMAN@PUCC.BITNET ------------------------------ Date: Tue, 5 Sep 89 17:21:13 PDT From: hughes@bosco.Berkeley.EDU Subject: Re: Law == Ethical Consensus (RISKS-9.21) Religion is not the only other source of ethics in the world. Philosophy, the largest such source, is not the same as religion nor is it the same as the law. Do not blur the distinction between ethics and morals. The ethics as found in the law should be the _minimum_ required. Eric Hughes hughes@math.berkeley.edu ucbvax!math!hughes ------------------------------ Date: Tue, 5 Sep 89 21:43 EDT From: WHMurray.Catwalk@DOCKMASTER.NCSC.MIL Subject: Law, religion and ethical norms It is said that in Soviet Russia everthing that is not explicitly permitted is implicitly restricted. Mr. Guthery suggests that in the U.S. everything that is not illegal is implicitly permitted. He seems to feel, indeed claims to know, that in public institutions to claim otherwise is to violate the constitutional ban on state recognition of religion. Of course, the implication is that law and religion are the only sources of ethical and moral norms. If the source is not law, then it must be religion. For the state to espouse such a norm is to recognize religion. If indeed state institutions are behaving this way, it would explain a great deal. It would explain viruses, drug abuse, a quarter of a million teen pregnancies, and a million abortions. It would explain 200,000 deaths per year from the use of tobacco, and 20,000 deaths a year from driving under the influence of alchohol. If state institutions are behaving this way, it would have to fall into the category that Bob Courtney calls "malicious compliance," conforming to the law only when compliance will make the law appear absurd. Of course, there are other sources for judging right behavior besides law and religion. They include community interest, enlightened self-interest, legitimate national interest, contract, professional ethics or practice, and other concepts of fairness, justice or equity. To that list one can add tradition and religion. However, I confess that when I first created the the list, I forgot tradition and religion; they did not even occur to me until I read Mr. Guthery's posting. Now, I confess that I erred grievously. I suggest that all those that would suggest that law and religion are the only sources of norms of right conduct, err even more. The position is so absurd, that had I not left religion off my list, equally absurd, I might be tempted to conclude that they were malicious. That is, they took their position in order to demonstrate that the state must recognize an establishment of religion. William Hugh Murray, Fellow, Information System Security, Ernst & Young 2000 National City Center Cleveland, Ohio 44114 21 Locust Avenue, Suite 2D, New Canaan, Connecticut 06840 ------------------------------ Date: 6 Sep 89 15:22:24 GMT From: jmh@ns.network.com (1606) Subject: Re: law == Ethical Consensus In his article, Scott Guthery states that a Professor at a tax supported institution is required to assert that Law == Ethical behavior. This is not true, and does not reflect either the law or the ethical guidelines of any of the major professional societies. I agree that the proliferation of non-legal guidelines does not provide a good basis for teaching ethics in computer science. However, the separation of Church and state does not prevent the teaching of a course on Ethical behavior of computer scientists. Nor does it restrict such a course to an explaanation of the legal constraints. (Not that there are Religion departments at most major tax supported institutions. Also, most philosophy departments have several course on ethics, including history and modern thoughts. These courses often deal with the question of whether certain behaviour is ethical under a certain theory. Often this is reflected against the background of the students and professors natural inclinations and insights into the topic.) Joel M. Halpern, Network Systems Corporation ------------------------------ End of RISKS-FORUM Digest 9.22 ************************