RISKS-LIST: RISKS-FORUM Digest Wednesday 15 November 1989 Volume 9 : Issue 43 FORUM ON RISKS TO THE PUBLIC IN COMPUTERS AND RELATED SYSTEMS ACM Committee on Computers and Public Policy, Peter G. Neumann, moderator Contents: L.A. Times Computer Foulup (Jerry Hollombe) Altered bits in Risks 9.39 (John M. Sullivan and Henk Langeveld) Re: Apollo 12 (Artificial lightning) (Henry Spencer) Re: Equinox TV programme on A320 (Alan Marcum) Failure of Systems After Earthquake (Jon von Zelowitz) Article about "Paperless Office" (Alan Marcum) Are you sure you declared ALL your dividends? (Peter Jones) Re: Another intrusive database ... (Jim Horning) Re: Computer errors and computer risks (David Smith, John Locke) The RISKS Forum is moderated. Contributions should be relevant, sound, in good taste, objective, coherent, concise, and nonrepetitious. Diversity is welcome. CONTRIBUTIONS to RISKS@CSL.SRI.COM, with relevant, substantive "Subject:" line (otherwise they may be ignored). REQUESTS to RISKS-Request@CSL.SRI.COM. TO FTP VOL i ISSUE j: ftp CRVAX.sri.comlogin anonymousAnyNonNullPW cd sys$user2:[risks]get risks-i.j . Vol summaries now in risks-i.0 (j=0) ---------------------------------------------------------------------- Date: 14 Nov 89 02:21:45 GMT From: hollombe@ttidca.TTI.COM (The Polymath) Subject: L.A. Times Computer Foulup Here's a first-hand experience, for a change: Some months ago my SO subscribed to the L.A. Times newspaper. She made it very clear she wanted the Sunday edition only. A week later papers began arriving -- every day. We called the Times and complained. The person who answered looked us up in their data base. Sure enough, we're listed there as Sunday edition only. She said not to worry about it, we would only be billed for the Sunday papers. Time goes on. Daily papers continue to arrive. We complain again. (We don't _want_ daily papers. Not even for free). Same story. The computer has us listed as Sunday only, so we shouldn't worry about it. More time. More daily papers. Recycling them is becoming a major nuisance. On our third, most recent call the Times operator asked "What is it you want?" We answered "Sunday delivery only." "Well, the computer says that's what you're getting." End of conversation. We're still getting daily papers. )-: The Polymath (aka: Jerry Hollombe), Citicorp(+)TTI, 3100 Ocean Park Blvd., Santa Monica, CA 90405 {csun|philabs|psivax}!ttidca!hollombe ------------------------------ Date: Wed, 15 Nov 89 19:36:25 -0500 From: sullivan@math.Princeton.EDU Subject: Altered bits in Risks 9.39 I get my news from phoenix.princeton.edu, and on that machine, RISKS-9.39 arrived AFTER 9.40 and 9.41. Furthermore, many characters had been altered, having their 2^2 bit set. The most common changes were ' ' -> '$' (happened 30 times) and 'h -> l' (there were many instances of the word "tle"). I also noticed y->}, s->w, i->m, p->t, b->f, r->v. Note that in all of these cases, the letter substituted has ascii value exactly 4 greater than the original (one extra bit set). John M. Sullivan Princeton Univ. Math Dept. sullivan@math.princeton.edu [Similar behavior was reported by several other recipients, including henk@cs.eur.nl (Henk Langeveld) in Rotterdam, whose return path to me was "euraiv1!eurtrx!hp4nl!mcsun!uunet!seismo!ukma!tut.cis.ohio-state.edu! gem.mps.ohio-state.edu!usc!ucsd!ames!lll-lcc!unisoft!mtxinu! ucbvax!CSL.SRI.COM!risks". His copy had an interesting FROM: field -- "From: rmsks@CSL.SRI.COM (RISKS Forum)". We have reported previously on compression screwups making systematic substitutions in software. This one looks like a transient hardware bit error in the 4's bit, somewhere along the line. I hope someone can track down its origin. This is the kind of thing that simply shouldn't happen anymore. Reliable protocols? Bah, humbug. PGN] ------------------------------ Date: Wed, 15 Nov 89 13:35:23 EST From: henry@utzoo.UUCP Subject: Re: Apollo 12 (Artificial lightning, RISKS-9.42) An interesting sidelight is *why* Apollo 12 survived the lightning strikes. The Apollo spacecraft's electronics got scrambled quite thoroughly, but the independent computers running the Saturn V booster were unaffected. They were in a much less exposed position, on top of the booster proper, underneath the Apollo spacecraft assembly. (They may also perhaps have been better protected against electrical upsets, although I don't know that for sure.) Early in the Saturn program, there had been some discussion of the idea of saving weight by having the spacecraft computers run the booster as well; Wernher von Braun vetoed the idea and insisted on the booster having its own control system. This was probably more because of potential problems with changing payloads -- the Saturn V was meant to be NASA's heavy booster well into the 1980s, launching much more than just Apollo -- but I seem to recall that better protection for the electronics was mentioned as well. Henry Spencer at U of Toronto Zoology ------------------------------ Date: Tue, 14 Nov 89 09:36:34 PST From: Alan_Marcum@NeXT.COM Subject: Re: Equinox TV programme on A320 (from 9.42) Truth stranger than fiction? Several months ago, I stumbled on a novel, _Passengers_, copyright 1983, by Thoms G. Foxworth & Michael J. Laurence. It tells the story of a brand new airliner with active fly-by-wire controls and inherent aerodynamic instability. The book does have some technical flaws. However, it happens to cover not just the active fly-by- wire issue, but also whistle-blowing and different international safety standards and evaluations. Again, not one's most technically accurate source, but an enjoyable read nonetheless, especially in light of many of the discussions on RISKS. Alan M. Marcum, NeXT Technical Support (415)780-3753 ------------------------------ Date: Mon, 13 Nov 89 23:12:05 PST From: vonzelow@adobe.com (Jon von Zelowitz) Subject: Failure of Systems After Earthquake An article in the San Francisco Bay Guardian of November 9, 1989 entitled "We Almost Lost San Francisco", and an accompanying sidebar "Water, Water Everywhere..." investigate some of the failures and near-failures of major systems during the October 17th earthquake. Most failures were made up for by individuals' dedication and heroism. According to the article, years of budget cuts and neglect had left the City unprepared for such a disaster. Here is a summary of some of the points in the article. The telephone system held up pretty well, but the 911 system (not intended for a disaster) was overloaded. There are only a few 911 trunk lines from each exchange, and only 15 lines go into the 911 operators. With 911 flooded, the primary way for citizens to contact the fire department was the Street Telegraph System, which was first built in 1875, and reconstructed after the 1906 earthquake. The Fire Department had defended the system from former Mayor Feinstein's budget axe. The telegraph system is triggered by pulling alarm boxes along city streets, sending a coded signal to a teletype at the Central Fire Alarm Station. Because the alarm boxes contain spring-driven works, and the telegraph lines are battery-powered, the boxes worked fine after the quake. Unfortunately, the success story of the street boxes ends there. The telegraph messages are decoded by a 16-year-old DEC computer. It has a history of crashing under heavy load, and went down almost immediately after the quake. Dispatchers ended up using an antiquated 1940's-era card system called "the tubs" to identify the locations of alarms and assign units. A department chaplain used a pegboard to keep track of assignments. Fire Commissioner Sharon Bretz told the Bay Guardian that no computer could have handled the flood of calls into the Central Fire Alarm System. The City's police, fire, and ambulance radio works through a repeater on Twin Peaks, the highest point in town. When electrical power failed, emergency generators kicked in. They are so old that mechanics can no longer obtain spare parts for them. Both had trouble with their water pumps. The first one overheated and failed; luckily, a dedicated engineer kept the second unit (an identical machine with identical failure mode) running. A large fire broke out in the Marina district. Water was eventually supplied by the Phoenix, an aging fireboat. There is a special high-pressure water system specifically designed to supply water for firefighters after an earthquake, but no one ordered it turned on. Even if the order had been given, some of the pump stations are unmanned and automated, and have no generators; the electrically-operated valves would not have worked. And some of the dozen workers who know how to operate the system live out of town. [I was lucky -- no damage to my home, and no nearby fires. I headed for the neighborhood bar for some warm beer, and returned home when power came back on (around midnight). -jvz] ...sun!adobe!vonzelow vonzelow@adobe.com Jon von Zelowitz ------------------------------ Date: Tue, 14 Nov 89 14:06:00 PST From: Alan_Marcum@NeXT.COM Subject: Article about "Paperless Office" Here's an article someone at work sent to me. I find the perspective of the author, um, interesting, and offer it to the group for their perusal, amusement, and comment. No more John Hancock Businesses start to sign off on paperless deals By Tom Steinert-Threlkeld Dallas Morning News DALLAS. Until now, the operative phrase for sealing a contract has been, "Put your 'John Hancock' on the line." Soon, that may change. The operative phrase could well become, "Send your personal identification code over the line." Such is going to be the impact of the paperless contract. Unlike much of the rest of the "paperless office," electronic purchase orders, invoices and payments are taking off. The process is called electronic data interchange. EDI involves a variety of protocols and standards for paperless communications allowing companies to buy and sell goods and services to each other simply by sitting at a screen on a desk. EDI is growing rapidly. Dallas attorney Benjamin Wright, author of a new book called "EDI and American Law: A Practical Guide," estimates that as many as 7,000 firms and agencies worldwide now use electronic means for conducting basic business transactions. Market Intelligence Research Co. estimates that only $11.3 million of business was conducted through such means in 1985. That will have grown to $144.7 million of EDI business this year, the Mountain View research firm estimates. By 1993, use will grow to $1.1 billion, the company says. Two years later? $1.8 billion. EDI is here to stay. But the John Hancock problem remains. How do you prove that an electronic document is for real? As computer malfeasance has proved, electronic information can come from anywhere and go to anywhere. No fingerprints get left. No signatures are affixed. Heck, for that matter, make the wrong move and the whole blasted thing gets erased in a blink. And there are no carbons. It's not quite as bad as all that. As Wright notes, electronic documents frequently can be more secure than paper documents. Electronic systems provide a multitude of options for automatically securing and authenticating documents or data: passwords, security codes, encryption, and the like. In addition, the information is less susceptible to damage. With electronic transactions, basic information on a transaction need only be typed one time. Let's say your company sends a quote to a customer. The customer gets the quote. Electronically, the customer can reuse the data when it sends back an acknowledgment of receiving the quote. From then on, through purchase order, invoice, statement and payment, the data remains the same. No errors get added at each step, from separate data entry operators. Even if there is an error, it gets identified and fixed more rapidly, by electronic means. The systems can even automatically generate an electronic trail to follow complex transactions and ongoing business. Acknowledgments, tracking numbers, audit logs, network transmission reports there's a wealth of information that can be logged by electrons, instead of by hand. This is no small matter when you're trying to prove a transaction took place. You can't haul electrons into court. You still will have to take paper, even if it is a printout of the transaction that actually was stored magnetically on tape. And you won't be able to show that you signed off on the deal. Paperless transactions also mean signatureless transactions. The basic means of sealing deals for centuries is giving way in a matter of years. Alan M. Marcum, NeXT Technical Support (415)780-3753 ------------------------------ Date: Tue, 14 Nov 89 18:43:49 EST From: Peter Jones Subject: Are you sure you declared ALL your dividends? On CBC radio this morning, during the Daybreak program, there was an interview with a tax expert by the name of Benoit Lasalle. Mr. Lasalle was warning taxpayers that some people were getting letters from the income tax department alleging that they had failed to declare dividend income. According to Mr. Lasalle, these demands for payment, (allowing a very short time to reply), were often in error. For example, one taxpayer was being assessed for dividends paid into his tax-sheltered Registered Retirement Savings Plan!. The scary part is that the tax department is unable to produce a paper copy of the T5 form, which is normally sent to the taxpayer by his financial institution. Missed dividend declarations are determined on the basis of information transferred from the financial institution to the tax department. If a taxpayer has failed to keep records of previous taxation years (at least 3), he could end up paying more tax than he should to avoid trouble. Peter Jones MAINT@UQAM (514)-987-3542 ------------------------------ Date: 14 Nov 1989 1514-PST (Tuesday) From: horning@src.dec.com (Jim Horning) Subject: Re: Another intrusive database ... (RISKS-9.42) I'm surprised that people find this surprising. I moved from Toronto, Ontario to Palo Alto, California in 1977, and a couple of years later received a letter from the IRS asking me to account for income that appeared on my Canadian income tax return that they couldn't identify on my US return. (Fortunately, I was able to show that I had properly reported it). Ever since, I've assumed that transnational exchange of income tax data was routine. Jim H. ------------------------------ Date: Wed, 15 Nov 89 09:55:12 -0500 From: dsmith@dcsc.dla.mil (David Smith) Subject: Re: Computer errors and computer risks (Davis, RISKS-9.40) Randall Davis suggests that using the terms "computer errors" and "computer risks" when speaking of social risks not arising uniquely from but only amplified by the use of computers leads to discussing these matters in the wrong forums -- computer technology instead of social morality. He says that, for example, if the misuse of computer databases and telecommunications to implement policies that impinge drastically on individual privacy rights were truly a "computer risks" problem, all that would be needed to solve it would be the elimination of the computer. It isn't quite that simple. The motivation to establish and implement a policy may be exist, but if there's no tool to implement it adequately, the motivation will likely remain dormant, the policy unpursued. Only when a tool becomes available that makes implementation feasible will the policy be elaborated and implemented. It's possible to maintain large, irresponsibly constructed paper databases on suspected child molesters, but not feasible; with computers, it's not only feasible but easy -- the technology empowers the idea. The existence of the motivation is a social moral concern. That the pursuance of policy based upon the motivation has been made feasible by the existence of a powerful and compliant technology is both a social moral concern and a technology concern. The distinction is important, but it shouldn't prevent discussion of the issue in both forums. ------------------------------ Date: 15 Nov 89 21:53:05 GMT From: jxxl@cs.nps.navy.mil (John Locke) Subject: Re: Computer errors and computer risks (King, RISKS-9.42) In the incipient stages of their White House investigation, Woodward and Bernstein finagled access to a large quantity of Library of Congress records on books checked out by White House offices. The distillation of their findings was that E. Howard Hunt had done a massive amount of research on Senator Ted Kennedy, presumably to aid in smearing him should he decide to run for the presidency. The findings became part of a larger pattern of shady campaign practices. This invasion of privacy seems palatable since, in the light of history, it can be deemed a "good cause." I could trivialize my next point by saying that a good laptop PC would have saved Woodward and Bernstein a couple of long evenings. But the fact is this, in the information age the widespread use of PC's serves as a kind of "people's revolution." Previous to PC's, computerized information processing was centralized and primarily accessible to a managerial elite. With the advent of PC's information processing capability has been decentralized to some extent. The possibilities for using computers to monitor government and business should not be overlooked. ------------------------------ Date: Wed, 15 Nov 89 19:36:25 -0500 From: sullivan@math.Princeton.EDU Subject: Altered bit position in Risks 9.39 I get my news from phoenix.princeton.edu, and on that machine, RISKS-9.39 arrived after 9.40 and 9.41. Furthermore, many characters had been altered, having their 2^2 bit set. The most common changes were ' ' -> '$' (happened 30 times) and 'h -> l' (there were many instances of the word "tle"). I also noticed y->}, s->w, i->m, p->t, b->f, r->v. Note that in all of these cases, the letter substituted has ascii value exactly 4 greater than the original (one extra bit set). John M. Sullivan Princeton Univ. Math Dept. sullivan@math.princeton.edu [Similar behavior was reported by several other recipients, including henk@cs.eur.nl (Henk Langeveld) in Rotterdam, whose return path to me was "euraiv1!eurtrx!hp4nl!mcsun!uunet!seismo!ukma!tut.cis.ohio-state.edu! gem.mps.ohio-state.edu!usc!ucsd!ames!lll-lcc!unisoft!mtxinu! ucbvax!CSL.SRI.COM!risks". But his copy had an interesting FROM: field -- "From: rmsks@CSL.SRI.COM (RISKS Forum)". We have reported previously on compression screwups making systematic substitutions. This one looks like a transient hardware bit error in the 4's bit, somewhere along the line. Before u4ia sets in, I hope someone can track down its origin. PGN] ------------------------------ End of RISKS-FORUM Digest 9.43 ************************