RISKS-LIST: RISKS-FORUM Digest Friday 8 December 1989 Volume 9 : Issue 52 FORUM ON RISKS TO THE PUBLIC IN COMPUTERS AND RELATED SYSTEMS ACM Committee on Computers and Public Policy, Peter G. Neumann, moderator Contents: Unsafe French software? (A. N. Walker) Congress repeals catastrophic insurance, SSA still collects premiums (Rich Rosenbaum) Another runaway military computing project: WWMCCS (Jon Jacky) Courts say violation of professional code is malpractice (Jon Jacky) Risks of computerized typesetting (Chuq Von Rospach from SF-LOVERS, via Alayne McGregor) 486 chip faults: PC shipments halted, customers warned (Jon Jacky) Selling Government-Held Information (Peter Jones) Cellular phone service in Hungary (Adam J. Kucznetsov) The RISKS Forum is moderated. Contributions should be relevant, sound, in good taste, objective, coherent, concise, and nonrepetitious. Diversity is welcome. CONTRIBUTIONS to RISKS@CSL.SRI.COM, with relevant, substantive "Subject:" line (otherwise they may be ignored). REQUESTS to RISKS-Request@CSL.SRI.COM. TO FTP VOL i ISSUE j: ftp CRVAX.sri.comlogin anonymousAnyNonNullPW cd sys$user2:[risks]get risks-i.j . Vol summaries now in risks-i.0 (j=0) ---------------------------------------------------------------------- Date: Tue, 5 Dec 89 18:08:51 GMT From: "Dr A. N. Walker" Subject: Unsafe French software According to "The Sunday Correspondent" [a new `quality' weekly] of December 3rd, "Nuclear experts fear that reactors along the northern coast of France have fundamental design faults that could lead to a disaster which could devastate large areas of Britain. ... British experts are also concerned about the increasing reliance being placed by French nuclear engineers on computers whose tasks are so complex they can never be checked for safety. ..." (page 1). The inside story, page 3, concentrates on engineering problems with the French PWR reactors, but there appear to be also some computer RISKS: "Key computer safety scheme error prone French nuclear engineers are programming their computers using a language which is notorious for allowing dangerous errors to slip in, say British experts. ... Although computer equipment is now highly reliable, the incredible complexity of the software they [sic] run makes it very difficult to guarantee their behaviour ... Professor John Cullyer, of Warwick University, ... says ... [the complexity] is ``beyond present capabilities''. The French nuclear industry's wide use of a computer language called C is also criticised by [unnamed -- ANW] British software experts. They claim that it is too easy to write dangerous programs with C, yet difficult to spot the mistakes .... [A French spokesman said ...] ``Yesterday we had a demonstration for visitors and everything worked fine''. On the whole, I suppose I'm impressed that they use C rather than Fortran, Cobol, Assembler or BNF. Andy Walker, Maths Dept., Nott'm Univ., UK. ------------------------------ Date: Tue, 5 Dec 89 16:38:16 -0800 From: rosenbaum@nssg.enet.dec.com (Rich Rosenbaum 226-5922) Subject: Congress repeals catastrophic insurance, SSA still collects premiums A story on "All Things Considered" (National Public Radio) this evening reported that although Congress has recently repealed the catastrophic illness law, the Social Security Administration (SSA) will be unable to stop collecting insurance premiums until June 3, 1990. It seems that the SSA "warned" Congress that unless legislative action was taken by October 24, they would be unable to enact the changes quickly. The problem? "Apparently there are 150 different software programs that have to be changed and the computers just are not geared up to do that." Once again, the computer is at fault. Interestingly, it is possible for the SSA to raise the premium in January to $5.30. By the way, people will eventually get their money back, without interest. Rich Rosenbaum ------------------------------ Date: Thu, 7 Dec 1989 22:02:31 PST From: JON@GAFFER.RAD.WASHINGTON.EDU (Jon Jacky) Subject: Another runaway military computing project: WWMCCS This digest has carried occasional articles about problems with the WorldWide Military Command and Control System (WWMCCS). A history of the project since the early 1970's appears in the article, "The Pentagon's Botched Mission," by Willie Schatz, DATAMATION, Sept. 1 1989, pps. 22-26. >From the lead paragraph: "Seven years after the (WWMCCS modernization) project started, the military has spent $395.4 million, the users are outraged, the system is unfinished, responsibility for the project has been transferred, its name has been changed twice, and no one is entirely sure what will happen now." - Jonathan Jacky, University of Washington ------------------------------ Date: Thu, 7 Dec 1989 21:54:52 PST From: JON@GAFFER.RAD.WASHINGTON.EDU (Jon Jacky) Subject: Courts say violation of professional code is malpractice Here are excerpts from the article, Malpractice in IS? by J.J. Bloombecker in DATAMATION, October 15 1989, pp. 85 - 86: A ruling by a US Court in Missouri ... recognized computer malpractice as the basis for holding third-party IS practitioners liable for acquiring an unworkable computer system for a client ... In DIVERSIFIED GRAPHICS V. GROVES, the jury held consultants from Ernst & Whinney (Now Ernst & Young, having merged with Arthur Young and Co.) liable for shirking the Management Advisory Services Practice Standards of the American Institute of Certified Public Accountants (AICPA) in their procurement of a turnkey system for Diversified Graphics. In February, the US Court of Appeals of the Eighth Circuit agreed, and it let the jury verdict stand. "DIVERSIFIED is a significant precedent for [establishing] the proposition that liability can by incurred by any professional performing the types of services that E&W offered to perform," says Peter Sadowsky, a partner in The Stolar Partnership in St. Louis, which represented Diverisified Graphics. "It is equally likely to apply to people doing systems design or programming, not just systems acquisition." ... "Prior to DIVERSIFIED GRAPHICS, most courts refused to extend professional liability standards to computer specialists. Now we've got a federal court of appeals doing just that," said J.T. Westermieir, a partner in the Washington DC office of Fenwick, Davis and West, and a specialist in computer law. Futhermore, says Westermeier, an IS manager who lists membership in an association such as DPMA or ACM on a resume implies that he or she has accepted the associations professional standards. Having done that, a computer professional should expect his or her work to be judged by those standards. Other lawyers who have analyzed the case, however, say it is unclear whether professional standards for IS managers could be used as a similar basis as the AICPA standards were in DIVERSIFIED. John Hennelly, a partner at Bryan, Cave, McPheeters and McRoberts in St. Louis, which represented Ernst & Whinney, says the case doesn't necessarily lead to broader conclusions about the liability of nonaccountants ... Eric Savage, with the Hackensack, N.J.-based law firm of Michael Goodman, believes it was easy for the court in DIVERSIFIED to find E&W guilty of malpractice because of the accounting organization's highly visible professional standards. Thus, he says, it would be difficult to apply the decision to a case that is adjudicating the liability of a computer professional not employed by an accounting firm. ... (There are two sidebars to the story. One, labelled A CASE IN POINT, describes the client's needs, and how the system recommended by the accounting firm failed to meet the client's needs. This sidebar quotes the court's finding that the accounting firm did not have sufficient expertise to recommend a computer system for this client. Another sidebar, HOW SOME OF THE STANDARDS COMPARE, quotes the relevant portions of the AICPA Standards, which essentially say that members shall only accept jobs which they are qualified to perform, and shall conscientiously perform the jobs which they have accepted to the benefit of their client. This is placed alongside sections from the Association for Computing Machinery (ACM) Disciplinary Rules which essentially say the same thing.) - Jonathan Jacky, University of Washington ------------------------------ Date: Thu, 7 Dec 89 10:58:22 EST From: alayne@gandalf.UUCP (Alayne McGregor) Subject: risks of computerized typesetting Date: Mon, 23 Oct 89 09:01:54 EDT From: Saul Jaffe (The Moderator) Sender: sfl@elbereth.rutgers.edu To: SFLOVERS-RECIPIENTS Subject: SF-LOVERS Digest V14 #339 Reply-To: SF-LOVERS@rutgers.edu SF-LOVERS Digest Monday, 23 Oct 1989 Volume 14 : Issue 339 [...] Date: 20 Oct 89 23:25:08 GMT From: chuq@apple.com (Chuq Von Rospach) Subject: Angel Station Typos [[The following press release was distributed by Tor books about the typos in Walter Jon William's new book, Angel Station. If you are one of those who bought it and want a corrected copy, replacement instructions are included. How many publishers do *you* know that replace faulty books? Kudos to Tor...]] For immediate release: 11 October 1989 THE STRANGE LUCK OF WALTER JON WILLIAMS Not too long ago, Tor SF author Walter Jon Williams got a very pleasant surprise: His science fiction novel HARDWIRED (Tor, 1986) was prominently featured in a national advertising campaign for Nissan Motors' new "Infiniti" automobile. Apparently the Powers that Be decided that some law of good fortune had been violated. When Williams returned from the World Science Fiction Convention in Boston to linger over the pages of his newest Tor hardcover ANGEL STATION, he got a most un-pleasant shock: Not only was there a rash of very strange typographical errors on page 9 of the book, but fully seventeen lines of type were completely missing from page 354. When Williams called Tor's editorial staff in New York to report the errors, they immediately checked the press run of the book. Sure enough, the defects were present in every copy -- despite the fact that all previous proof sheets, and the book's bound uncorrected galleys, were free of the errors. This isn't "business as usual" for Tor. Although an occasional typo slips by the proofreading process, and minor errors creep into final copies, nothing of this sort has ever happened to a Tor book before. How did it happen? Well, no one knows exactly -- but the evidence points to some sort of software error in the generation of the final "repro proof" long after the stages at which books are normally checked and proofread in house. For example, the typos on page 9 all involve characters that are exactly five letters off in sequence from the correct characters. Tor is offering to replace all defective copies of the ANGEL STATION hardcover with corrected copies from a new printing. To receive a correct copy, simply remove pages 1 through 6 (three leaves) and send them, along with your name and address, to Customer Service, St. Martin's Press, 175 Fifth Avenue, New York NY 10010, Attn: ANGEL STATION Replacement. This offer is open to individuals and dealers alike, though copies of the removed pages must be received for each copy the owner wants replaced. Alternately, collectors who wish to keep their "true first" edition, typos and all, may write to Tor's own editorial offices at 49 West 24th St, New York NY 10010 for an errata sheet correcting the errors, which includes the missing text. Meanwhile, Tor's editors are leaving nothing to chance where Williams's work is concerned. They've set up a special Walter Jon Williams Task Force to make sure the author's next work, a short-story collection called FACETS scheduled for publication as a hardcover in January 1990, escapes the strange luck of Walter Jon Williams. For further information, contact Patrick Nielsen Hayden, Administrative Editor, (212) 741-3100. Chuq Von Rospach chuq@apple.com ------------------------------ Date: Wed, 6 Dec 1989 22:21:59 PST From: JON@GAFFER.RAD.WASHINGTON.EDU (Jon Jacky) Subject: 486 chip faults: PC shipments halted, customers warned Additional news about problems with the 486 chip, noted by Peter Neumann in RISKS 9.36, appear in a trade newspaper article, "Bug Hampers 486 Shipments" by Elliot M. Kass in COMPUTER DESIGN (News Edition) 28(2), Nov. 13 1989, p. 1: Santa Clara, CA --- A Halloween fright spooked systems vendors late last month when a flaw was discovered in the floating point unit of Intel's 80486 micro- processor. The bug, unearthed by Compaq Computer (Houston, TX) during routine testing, could delay initial shipments of some 486-based systems up to two months. Intel played down the seriousness of the design defect, saying it still plans to ship tens of thousands of the IC's this quarter. The firm reported that it had already fabricated a corrected version of the 32-bit microprocessor and that the first production quantities should be available by the end of the month. In the meantime, Intel has halted production of the flawed unit. Intel declined to say how many of the defective chips have been shipped. Spokespersons insisted that the financial impact on the company would be mininal. The 486 was introduced this past April, and volume shipments began only recently. The manufacturers will accept returns from customers already in possession of the faulty IC's. NOT THE FIRST BUG Rumors about the bug had persisted for several weeks, according to industry observers. Confined to one small section of the IC unit, the flaws are neither serious nor unusual considering the complexity of the 1.2 million transistor device, most analysts agreed. Most sources agreed that Intel's time frame for correcting the problem was realistic. On average, the redesign will mean one- to two-month ramp-up delays for 486-based systems, predicted Michael Slater, editor and publisher of MICROPROCESSOR REPORT (Palo Alto, CA). Ironically, this is the second time that Compaq has detected a flaw in an Intel microprocessor. Four years ago the systems maker discovered a bug in the 486's predecessor, the 80386. That problem, which involved the production process, went undiscovered for 16 months after the unit had gone into full production, and was very costly for Intel. This time around, Slater pointed out, the bug is confined to a small aspect of the chip's design, and was picked up a few weeks into production. Compaq, which came across the problem during beta tests of its newly announced Deskpro 486/25 personal computer, admitted that it in its present state, the 486-based PC's weren't ready for market. The new processors will heavily target CAD and other technical applications dependent on the 486's floating point math processor. The microprocessor unit's design flaw reportedly involves the simultaneous execution of tangent and sine or cosine functions, as well as certain error detection features. General purpose business programs that don't make use of the FPU could still run unhindered. As of press time, Compaq was still uncertain how the shipping schedule for its new machine would be affected, but said it was confident they would be in production quantities by the first quarter of next year. VENDORS MODERATELY AFFECTED THe effect of the chip defect on other vendors varied. IBM (Armonk, NY) the only vendor that's already begun shipping a 486-based product, suspended shipments of its 486/285 Power Platform. Company spokespersons said they would instruct customers already in possession of the board to limit its use to test environments, or to applications that don't involve the affected portions of the chip. IBM said it expects to resume shipments of its processor board early next month. The company is continuing production of the Power Platform with the original chips and will replace them once the debugged units are available. The substitution procedure is relatively simple, the vendor noted, and will prevent further slipping of its shipment schedule. Customers in possession of the boards will receive an upgrade. - Jonathan Jacky, University of Washington ------------------------------ Date: Wed, 6 Dec 89 08:20:17 EST From: Peter Jones Subject: Selling Government-Held Information On CBC's Daybreak program this morning, there was an interview about the possibility of selling information help by government institutions to private companies. For example, names and addresses of municipal bonholders or property owners could be used for direct mailing. Currently, there is a dispute concerning the information held by the Inspector of Companies on company names, and names and addresses of directors. This information, although publicly available, is regarded by the Inspector as confidential. For example, it would be possible to guess a person's political affiliations from the presence of his name on the board of directors of a political organization. There are two issues here, being disputed by the private companies on one side, and the government and the Quebec Civil Liberties Association on the other: 1) Prevention of access to confidential data. (A straightforward computer problem). 2) Making data available in a form that allows massive searching and matching. This raises the privacy issues currently being disputed. Peter Jones MAINT@UQAM (514)-987-3542 ------------------------------ Date: Tue, 5 Dec 89 17:19:48 EST From: Adam J. Kucznetsov Subject: Cellular phone service in Hungary From New York Times (5 Dec. 1989) business section (excerpts): US West in Budapest phone deal US West Inc., one of the nation's seven regional Bell telephone companies, said yesterday that it had signed an agreement with Hungary to build a mobile cellular telephone system in Budapest. The Hungarian cellular system will be the first such telephone network to be constructed in Eastern Europe. Because of the shortage of telephones in the nation, Hungarians are expected to use cellular telephones for basic home service, as well as mobile communications. For Hungary and the other Eastern European countries, which have antiquated telephone systems, it will be faster and cheaper for the Government to deliver telephone service by cellular networks than it would be to rebuild the nation's entire telephone infrastructure. [one paragraph omitted] The system, which is scheduled to go into operation in the first quarter of 1991, will initially provide cellular communications to Budapest's 2.1 million residents. Eventually, the system will serve all of Hungary, which has 10.8 million citizens. [rest of article omitted] The article explains that "[the system is] viewed as an alternative until the country can develop its infrastructure" and goes on to state that "Hungary currently has 6.8 telephone lines for every 100 people" compared to 48.1 in the United states. Hungary's interest in supplanting an antiquated and inadequate phone system is understandable. The privacy issues, however, raised by a proposal to make (presumably unencrypted) cellular telephone service one of the primary communication channels of the country -- even in transition to a more capable conventional system -- should be obvious to RISKS readers. Adam J. Kucznetsov, Department of Linguistics, Columbia University {ajuus@cuvmb.BITNET} ------------------------------ End of RISKS-FORUM Digest 9.52 ************************