RISKS-LIST: RISKS-FORUM Digest Friday 17 November 1989 Volume 9 : Issue 44 FORUM ON RISKS TO THE PUBLIC IN COMPUTERS AND RELATED SYSTEMS ACM Committee on Computers and Public Policy, Peter G. Neumann, moderator Contents: More on BART's new computer system (PGN) Computer misdirects phone calls for TV programme (Olivier Crepin-Leblond) Murphy's Law Meets the Navy (PGN) Unwanted Credit (Stuart Bell) Saskatchewan shuts down translation project (Peter Jones) Re: Another intrusive database with associated privacy problems (Brinton Cooper) Re: Are you sure you declared ALL your dividends? (Jim Frost) Re: L.A. Times "computer" problems [anonymous] The RISKS Forum is moderated. Contributions should be relevant, sound, in good taste, objective, coherent, concise, and nonrepetitious. Diversity is welcome. CONTRIBUTIONS to RISKS@CSL.SRI.COM, with relevant, substantive "Subject:" line (otherwise they may be ignored). REQUESTS to RISKS-Request@CSL.SRI.COM. TO FTP VOL i ISSUE j: ftp CRVAX.sri.comlogin anonymousAnyNonNullPW cd sys$user2:[risks]get risks-i.j . Vol summaries now in risks-i.0 (j=0) ---------------------------------------------------------------------- Date: Fri, 17 Nov 1989 10:13:21 PST From: "Peter G. Neumann" Subject: More on BART's new computer system Last Saturday's San Francisco Chronicle article by Harre Demoro (summarized in RISKS-9.41) concerning BART computer troubles was apparently based on a partial simulation with only 10 trains and with intentional performance degradation resulting from the presence of trace software being used during a special-purpose test. That data was extrapolated to give the cited numbers. Also, the intended maxium number of trains was given incorrectly, and should have been 74 instead of 108. Thus, it appears that the article should be taken with a grain of salt. The first real test to measure performance was conducted for eight hours, ending last Saturday morning -- after the article appeared. Dr. Norman Zachary, President of Logica Data Architects Inc. (the Logica subsidiary responsible for the BART software), said on 15 November that "The results of the performance test conclusively show that Logica's system meets BART's specifications, including the ability to operate 74 trains automatically. We currently estimate we are very close to delivery of the system." (BART currently operates no more than 45 trains, but intends to go to 74 as part of its capacity expansion program.) This update is based on several phone calls with BART and Logica people. Stay tuned for any later developments. Peter ------------------------------ Date: Thu, 16 NOV 89 13:44:29 GMT From: Olivier Crepin-Leblond Subject: Computer misdirects phone calls for TV programme Cricket is our equivalent of baseball in England. Taken from ORACLE Teletext TV News Service, 2:00am, 16 NOV 89 "Yorkshire cricket fans were hit for six [ that's six runs... - OCL ] when they were invited to take part in a Yorkshire TV phone-in and received sex advice instead. After a programme called `What's to do about Yorkshire Cricket', viewers were invited to ring a special number to give their opinions. But when they dialled, they heard a recorded message from `Barbara' about sexual problems. British Telecom (BT) blamed a computer fault... " No comment. Olivier Crepin-Leblond, Computer Systems & Electronics, Electrical & Electronic Eng., King's College London, UK. [Also noted by Tim Steele ] ------------------------------ Date: Wed, 15 Nov 1989 18:27:43 PST From: "Peter G. Neumann" Subject: Murphy's Law Meets the Navy The Navy has an elaborate safety program that includes extensive concern for safety in software-controlled systems. Unfortunately there is an apparent gap between the intent and the execution. (It will be interesting to see how much the Navy's two-day reorientation period designed to increase awareness actually helps.) For the record, here is a summary of the past weeks. It may be worth noting that none of this run of problems seems to have been blamed on computers (as far as I know), but then most of our so-called "computer problems" are people problems anyway, irrespective of where the blame is placed. 29 Oct. Pilot's first-ever carrier landing kills 5 on carrier Lexington. 30 Oct. FA-18 pilot drops 500-pound bomb on guided missile cruiser Reeves; 5 injured. 31 Oct. Wave washes 3 sailors overboard on carrier Eisenhower; 2 rescued; several dozen missiles lost. 31 Oct. 12-foot swells on carrier Vinson, sailor swept overboard, lost. 1 Nov. Boiler room fire on oiler Monongahela, 9 suffer smoke inhalation. 9 Nov. A-7E Corsair 2 crashes into apartment complex in Smyrna GA. 2 killed, 4 injured. 11 Nov. Destroyer Kinkaid collides with merchant ship. 1 sailor killed, 5 injured. 11 Nov. Two A-6 attack bombers dropped bombs near a capsite. One injured. 14 Nov. Amphibious assault ship Inchon catches fire in Norfolk, 31 injured. 14 Nov. F-14 Tomcat fighter crashes at sea, FL training flight, no injuries. (Source: San Francisco Chronicle, 15 November 1989, p. A4) ------------------------------ Date: Thursday, 16 Nov 1989 14:25:58 EST From: stu@mwvm.mitre.org (Stuart Bell) Subject: Unwanted Credit Several months ago, an alcoholic relative applied for a credit card in his and my name - without my authorization. Eventually he began drinking and failed to intercept the bill when it arrived at my home. I immediately called the 800 number, cancelled the card and followed up with a registered letter. Now the problems begin. They sent me a follow up letter that indicated the balance had grown from $1200 when I cancelled the letter to somewhat over $2000. I called them and was informed that their computer was unable to cancel credit cards and was not programmed to refuse charges. In the registered letter that followed, I informed them that I would pay the original $1200 - even though both they and I agreed I was not responsible for this money. I declined to pay any further charges and told them there was no chance to recover the money from by relative - he was in a rehab center with no income. They responded by encouraging him to declare bankruptcy - since that was the only entry their computer would accept to cancel a credit card. Amazed, I tried to explain to them about fair credit laws and such (I am not a lawyer but the concept isn't too difficult to understand). Eventually they agreed that neither he or I was responsible for the charges - but they still couldn't cancel the credit card - only put it in a warning bulletin in case someone bothered to look it up. About the time the bill reached $3000, they sent him a supply of pre- authorized checks to write against his credit limit. Another phone call prompted the response that neither he or I was responsible for any charges incurred by writing these checks - but their computer has no way to stop sending these out once we are entered into the database. Eventually, the supervisor I spoke with began to understand the social responsibility of not giving unlimited funds to a drunk - was very sorry - but had no way to instruct the computer to stop sending out the credit cards (presumably he will get a new one when the current one expires) and the checks. I sent a registered letter to the president of the bank offering some computing consulting to help fix their computer systems. Any takers if he replies? The letter was acknowledged by receipt - but has caused no action from the bank. /Stu Bell MS=NASA (713) 333-0906 STU%MWVM.MITRE.ORG ------------------------------ Date: Fri, 17 Nov 89 08:13:19 EST From: Peter Jones Subject: Saskatchewan shuts down translation project According to a national newscast by the CBC at 7:00 EST, the Saskatchewan provincial government has decided to abandon the project to translate its laws into French using a computer system. This system was supplied by Guy Montpetit, who was also involved in LOGO Systems here in Montreal. The NDP opposition party had been criticizing the government for not checking into Mr. Montpetit's track record. (See "Gigatext Translation Services Inc. scandal" by Bhota San in RISKS-8.84 for a lengthy report on this project.) Peter Jones MAINT@UQAM (514)-987-3542 ------------------------------ Date: Thu, 16 Nov 89 13:56:08 EST From: Brinton Cooper Subject: Re: Another intrusive database with associated privacy problems Bill Gorman writes about "a treaty to detect and combat tax evasions on both countries. By means of this treaty both nations will have access to information concerning the income of mexicans living in the States and of northamericans living in Mexico." It may be even worse than inter-governmental data sharing. More and more governmental functions are now being performed by contractors. (By using contractors, the US Government doesn't incur "entitlement" expenses such as pensions, injury/accident compensation, unemployment insurance, etc.) So, not only would the Mexican government have your tax history, but so would some contractor such as TRW or another "data basing" corporation that may already have access to your medical and credit histories. The possibilities are boundless. Brint ------------------------------ Date: Thu, 16 Nov 89 18:10:52 GMT From: madd@world.std.com (jim frost) Subject: Re: Are you sure you declared ALL your dividends? On a similar note (Jones, RISKS-9.43), a few years back I wrote a system to be used by a bank to do electronic submission of 1099 forms (and some other similar forms). Shortly after submitting the forms, the bank received a letter from the IRS stating that the submission contained errors, each of which was fined, to a total of $65,000. The bank was upset. The error was that I left the "alpha" field, which is supposed to be the taxpayer's last name, blank for businesses (it's kind of hard to determine the last name of businesses). This was exactly what the documentation said you were supposed to do if you couldn't determine the correct field value. Apparently they didn't tell their DP department that... jim frost, software tool & die ------------------------------ Date: Wed, 15 Nov 89 18:48:00 [X]ST From: [anonymous] Subject: Re: L.A. Times "computer" problems Actually, since the database showed that the subscriber was only supposed to be receiving the Sunday edition, it is most probably the case that the daily deliveries were the result of a "lazy" newspaper delivery person, not the computers. It is quite common for these folks, especially in metro areas where they drive by and throw papers rapidly at many houses, to not want to bother differentiating between people with different types of subscriptions. So instead of paying attention to the computer generated lists of who should get what, they just throw a paper at every house that EVER gets a paper, regardless of the list. Sometimes it's even worse than that. For years we received our metro paper every day, without fail, even though we didn't have ANY subscription to the paper and called numerous times to try stop it. We weren't on any subscription lists. Apparently the delivery folks found it easier to just throw a paper at every house in the area instead of keeping track of the lists. One can assume relatively few people ever complained. ------------------------------ End of RISKS-FORUM Digest 9.44 ************************