Illustrative Risks to the Public
in the Use of Computer Systems
and Related Technology
Peter G. Neumann, Computer Science Laboratory,
SRI International, Menlo Park CA 94025-3493

Risks cases as of 15 January 2001, Copyright 2001, Peter G. Neumann, SRI International EL243, Menlo Park CA 94025-3493 (e-mail Neumann@csl.sri.com; http://www.CSL.sri.com/neumann/; telephone 1-650-859-2375; fax 1-650-859-2844): Editor, ACM SIGSOFT Software Engineering Notes, 1976-93, Assoc.Ed., 1994-; Chairman, ACM Committee on Computers and Public Policy (CCPP); Moderator of the Risks Forum (comp.risks); cofounder with Lauren Weinstein of People For Internet Responsibility (http://www.pfir.org, announced in RISKS-20.65). See also Lauren's Privacy Forum Digest (http://www.vortex.com), partially sponsored by the ACM CCPP.

Items Listed by Categories

Descriptor Symbols

The following descriptor symbols characterize each entry.

! = Loss of life/lives; * = Potentially life-critical or safety problem

V = Overall system or subsystem surViVability problems (with respect to diVerse adVersities, including attacks and malfunctions). Startlingly many cases fit this category; many V-unflagged cases also represent failures to continue performing properly, or delays, or other cases of misuse that could have led to much more serious survivability problems.

$ = Loss of resources, primarily financial

S = Security/integrity/misuse problem; P = Privacy/rights abuse or concern

H = Intentional Human misuse (e.g., user-administrator-operator-penetrator)

h = Accidental Human misuse or other inadvertence

I = Insider; O = Outsider; A = Inadequate Authentication or Access controls

d = System Development problems

e = Improper Evolution/maintenance/upgrade. (H,h,i,f,d,e involve human foibles.)

r = Problems with Requirements for system or operation (including the overall system concept)

f = Flaws (or Features in design, or hardware/software implementation

i = MisInterpretation/confusion/human errors at a man-system Interface

m = Hardware Malfunction attributable to system deficiencies, the physical environment, acts of God, etc.

M = Malfunction specifically due to electronic or other interference

+ = Beneficial; - = problematic with none of the above categories

@ = This item is also listed in another category

Items Listed by Categories

Recent Items (yet to be merged in)

Vm PGN's Univ. Maryland survivable systems course beset with survivability problems (S 25 1:)

fm California government agencies' computers fail, cars impounded; Pac*Bell blamed (R 20 62)

Vfm Software disaster leaves new Australian submarine unfit; wide range of pervasive hardware/software failures reported (R 20 48)

*fh Cancelling errors, serendipity in avoiding risks, and Kepler: note by Henry Baker (R 20 48,51)

Vm Weather-predicting Cray C90 supercomputer lost in fire, weather predictions reduced (R 20 62)

Vm Netcom file-server hardware outage loses half of the e-mail customers, depending on first letter of name (R 20 49)

m Airport security check powers up computer (R 20 55)

f MIT system weather command gives "Temp: 2147483647 F (2147483647 C)"; yes, that's 2³¹ - 1 (R 20 51-52); USA Today weather page: high of 577 F (R 20 58)

? NOAA radio +61 degrees F, wind-chill -64 (R 20 57)

f/m/h? Date failure on weather.com: 28 Apr not 16 Sep (R 20 58)

$fh Dispute over membership software used by German SPD (R 20 41)

$f Reliability of NT in embedded applications (R 20 41)

f Microsoft Word footnote problems irks federal appeals court: Word does not count words correctly (R 20 52)

fe IE2 cannot read www.microsoft.com for upgrade (R 20 55)

if More anomalies in Microsoft driving directions (R 20 62-63)

? Risks of "self-destructing e-mail" from Disappearing Inc. (R 20 62)

h,h Linux banned after Samba misconfigation blocks NT authentication (R 20 61)

rh Vending machine default phone number 000 (Australian emergency number) yields hundreds of false alarms (R 20 47)

f Kangaroo helicopter responses mess up Australian virtual-reality simulators (R 20 47,76)

hf Can you trust AT&T Wireless PCS text messaging? (no) (R 20 52-53)

f Risks of financial planning engines with bogus results (R 20 48)

h EverQuest is the "digital version of crack" (R 20 52)

rd More on California's software woes: welfare system problems (R 20 53)

h (but blamed on computer) Argos retail offered Sony Nicam TV for 3£ instead of 300£ (R 20 57)

f E*Trade Market Watch shows Dow Jones average at $1, down $10936.88 (R 20 56)

Vmfm Power coming back on causes UPS to lose power (R 20 55)

+/-?? Programming competency and the use of FORTH (R 20 49-53)

$f Toyota smog-warning computer suit (R 20 48)

fh CNN report on Gary Shandling lawsuit names him as "Changeling"; spelling corrected? (R 20 47)

h White House admits over one year of VP's e-mail lost forever (S 25 4:8, R 20 91)

f Software fault stops 76,000 customers receiving phone calls (S 25 4:8, R 20 87)

h UCITA, the Uniform Computer Information Transactions Act (Schneier, S 25 4:8 and R 20 87, and Simons in August 2000 CACM Inside Risks)

f Microsoft Explorapedia Nature: earth rotates in wrong direction (R 20 87)

+ Patent office revamps Web patent reviews (R 20 87)

h- 50 million U.S. adults at risk for Internet illiteracy (R 21 08-09; S 26 1:18)

(f/m/h?) Computer-related sewage release into Massachusetts Bay (R 21 08; S 26 1:18)

fid Not-so-smart weapons in Kosovo (R 21 01; S 26 1:18)

de Satellite system outage hits Associated Press (R 21 04; S 26 1:18)

m/f/h? Root servers used by Network Solutions failed (R 21 03; S 26 1:18-19)

$dh $35M San Mateo CAlifornia health system upgrade is a downer; receivables backlog over $40M; blame scattered (R 20 98)

$d WA King County blew $38 million on canceled payroll system (R 21 01; S 26 1:19)

eh Northeastern University admits 25% too many students (600 extra) after DB upgrade loses potential applicants (R 21 01; S 26 1:20)

f CSX crew spots problem signal, averts collision; insulation problem? (R 21 04; S 26 1:20)

e Upgrade to Guildford Station (Surrey, UK) software disables hundreds of train tickets for automated gates (R 20 94: S 26 1:20)

fi DC Metro can't label rerouted holiday trains on 4 Jul 2000: confusion (R 20 95; S 26 1:20)

m Computer crash caused loss of scheduled cab pickups (R 20 98; S 26 1:20)

m Sliced fiber-optic cable in Lancaster PA disrupts local and long-distance phone service NY to MD (R 20 93; S 26 1:20-21); another outage in Massachusetts (R 20 97)

m Heavy rains take out State Department phone service for 2 hours, backup batteries out because of earlier fire (R 20 93; S 26 1:21)

$mh Drop of welding material causes fire that affected 27 cables, telephone service for 25,000 (R 20 93; S 26 1:21)

m Remote line break leaves San Juan Puerto Rican without power (R 21 04; S 26 1:21)

- Booming computer firms are running out of power (R 20 98)

- Russian troops override power shutoff for unpaid bill affecting missile base (R 21 05; S 26 1:21)

!h Illinois man dies after utility cuts power for arrears (R 20 95; S 26 1:21)

f New Pentium III chip recalled (R 21 04; S 26 1:21-22)

*h F-117 stealth fighter in near-miss with UAL jet (R 21 04; S 26 1:22)

*SHA Fake air controllers alert in UK (R 21 04; S 26 1:22)

f/m? Collapse of UK air-traffic control computer (R 20 93-94); known bugs reduced from 500 to 200 (R 21 01)

def U.S. west-coast ATC woes 19 Oct (hundreds of flights affected) and 23 Oct 2000 (loss of flight plans for Northern CA and Western NV) (R 21 09; S 26 1:22)

mf FADEC computers cause uncommanded shutdowns of aircraft engines in flight; linked to power transistor (R 21 05; S 26 1:22)

m Total primary/secondary power outage at Sydney Airport leaves 20 planes circling (R 20 94; S 26 1:22-23)

m/f? Sydney Airport's new $43M baggage system fails for second time in five days (R 21 02; S 26 1:23)

h Oregon lottery coincidence reported by Infobeat caused by computer crash: winning numbers published before they were drawn by editor mistakenly using Virginia numbers after a crash! (R 20 94)

ef DB upgrade causes crash of Italian online stock trading (R 20 95)

f Fox network misprograms time on US VCRs for a year (R 20 95)

fh Army Automated Time and Attendance Production System (ATAAPS) loss of data for 10 days (R 20 97)

f Computerized air-conditioning bugs chill employees (R 21 05; S 26 1:26)

- ISP whacks game fan with $24,000 bandwidth fine (R 21 08; S 26 1:26)

e Memorial Society software upgrade loses some life-time members (R 21 08; S 26 1:26)

!!(f/h?) Russian nuclear sub explosion (missile test awry) kills crew of over 100 in Barents Sea, 13 Oct 2000. Also, Izvestia reported over 507 sub crew members had died previously. (R 21 01)

*f Sydney train system traps man's leg (R 21 01)

f New UK Millennium Bridge closed after one day, alarming instability despite extensive simulation; resonant frequencies at walking speeds! (R 20 93,95)

+/- People For Internet Responsibility (PFIR) Statement on Internet Policies, Regulations, and Control (http://www.pfir.org/statements/policies) (R 20 96)

S Navy to use Windows 2000 on aircraft carriers (R 20 95)

f Microsoft Windows Update Corporate Web site "features more than 1,000 system updates and drivers for the Windows 2000 platform"!!! (R 21 04)

f Y2K-leapyear hangover: CDMA GTE wireless date 31 Jun 00 (R 20 92)

+/- Stephen King's not scared of trusting online readers (R 20 98)

END of yet-to-be-merged recent material ...

Space

..... Manned/Womanned [Peopled?] Space Exploration:

!!$$Vrfh Shuttle Challenger explosion, 7 killed. [Removed booster sensors might have permitted early computer detection of leak?] [28Jan1986] (S 11 2) [Probably not? See Paul Ceruzzi, Beyond the Limits - Computers Enter the Space Age, MIT Press, 1989, Appendix.]

* Mercury astronauts forced into manual reentry? (S 8 3)

$f STS-1 1st Space Shuttle Columbia backup launch-computer synch problem. See Jack Garman, "The bug heard 'round the world" (S 6 5:3-10) Oct. 1981.

*f STS-2 shuttle simulation: bug found in jettisoning an SRB (S 8 3)

*f STS-2 shuttle operational simulation: tight loop upon cancellation of an attempted abort; required manual override (S 7 1)

*Vf STS-6 shuttle bugs in live Dual Mission software precluded aborts (S 11 1)

*m STS-9 Columbia return delayed by multiple computer malfunctions (S 9 1)

*f STS-16 Discovery landing gear - correlated faults (S 10 3)

*if STS-18 Discovery positioned upside down; mirror to reflect laser beam from Mona Kea aimed upward (+10,023 miles), not downward (... feet) (S 10 3)

*$ STS-20 Two-day delay of Discovery launch: backup computer outage (NY Times 26 Aug 1985); Syncom 4 satellite failure as well (S 10 5)

$f SRS-36 Atlantis launch delayed [25Feb1990]; "bad software" in backup tracking computer system, but no details given. (S 15 2)

h Shuttle Discovery shutdown procedure for two computers reversed (S 16 1)

*hife STS-24 Columbia near-disaster, liquid oxygen drained mistakenly just before launch, computer output misread (S 11 5)

*f Columbia orbiter suddenly rotates, due to telemetry noise (S 15 3)

$m Columbia delayed by computer, interface, sensors; then navigation (S 16 3)

$f Shuttle Endeavour computer miscomputes rendezvous with Intelsat satellite; nearly identical values interpreted as identical; those SW problems force spec changes (AviatWkSpT 29May/8Jun1992, S 17 3 duplic S 17 4)

* Shuttle computer problems, 1981-1985; 700 computer/avionics anomalies logged; landing gear problems in STS-6 and -13; multiple computer crashes in STS-9, cutting in backup system would have been fatal; thermocouple failure in STS-19 near disaster (S 14 2)

m Atlantis spacecraft computer problem fixed in space (S 14 5)

$f Untested for change, SW delays shuttle launch; 3-min on-line fix (S 15 3)

$(m/f?)V Shuttle Atlantis launch scrubbed: "faulty engine computer" (S 16 4)

$*V Columbia launch scrubbed at T-3sec 22Mar93, leaky valve (S 18 3:A14)

$*V STS-56 Discovery launch scrubbed at T-11sec 5Apr93, main propulsion system high-point bleed valve open-indicator went to off, closed-indicator did not switch to on. Indicator problem? program error? (S 18 3:A14)

h Discovery SRB recovered with missing pair of pliers (S 18 3:A14)

fm Channel blocked, Discovery exhausts storage for ozone data (S 18 3:A14)

H Experimental Space Shuttle e-mail address divulged, bombarded (S 16 4)

m Woodpeckers delay shuttle launch (S 20 5:8)

*m Docking problem aboard Soviet space station Mir (S 15 5)

m Mir Space Station computer problems add to difficulties; main computer failed during docking attempt, 19 Aug 1997 (R 19 31,32), with detailed analysis by Dennis Newkirk (R 19 33)

m Mir computer failure affects steering; replacement computer fails to load (end of May 1998, just before Discovery launch) (R 19 78)

*$d GAO reports on NASA Space Station: increased safety risks, costs (S 17 4)

* Risks of junk in space much greater than previously thought (S 17 4)

*f$ Potential software nightmare for International Space Station, with considerable discussion (R 19 49-51)

..... Satellites, Probes, Others:

$f Hubble Space Telescope problems, soaring costs, missed deadlines, reduced goals, etc. (S 15 2); sensors misdirected because of wrong sign on precession in star data; antenna # 2 limited by misplaced cable, #1 limited because software had only one limit stop, same for both (S 15 3) No system test. 1mm error in monitor program of mirror polisher (S 15 5) See M.M. Waldrop, Science 249, 17Aug1990, pp.735-736.

Vf/m Hubble Space Telescope antenna swing causes shutdown (S 17 1)

fh More Hubble SW: misloaded ephemeris table, bad macro (S 18 1:24)

$fhV $150M Intelsat 6 comm satellite failed; booster wiring error, payload in wrong bay; miscommun. between electricians and programmers (S 15 3)

$mV Canadian TeleSat Aniks die: solar coronal hole electron flux (S 19 2:3) Anik E-2 control restored, but with shorter life ($203M asset) (S 20 2:11)

fmV SOHO Mission Interruption Preliminary Status and Background Report documents apparently unconnected multiple failures that caused the satellite to lose control (R 19 87)

fhV Final report on the Solar and Heliospheric Observatory (SOHO) spacecraft failure: software flaw and improper command (R 19 90); mis-identification of a faulty gyroscope, staffing problems, inadequate training, ambitious schedule, unreviewed procedure changes, etc. (R 19 90, 94); contact finally reestablished. (S 24 1:31)

hm 5 printers off-line or jammed, Voyager 1 data lost over weekend (S 15 5)

f Voyager 2 software faults at launch, 20 Aug 1977 (S 14 6)

V$ Titan 34D, Nike Orion, Delta-178 failures follow Challenger (S 11 3)

V$* Titan 4 rocket test-stand SRB explosion; simulation missed failure mode (S 16 4)

V(m/f?) Final Titan 4A launch explodes with Vortex satellite; total cost over $1B, Aug 1998 (S 24 1:32, R 19 91)

mV Titan 4B leaves missile warning satellite in useless orbit (R 20 36)

Vm/f? Titan 4B with Milstar communications satellite separates four hours early, resulting in a useless low orbit, 30 Apr 1999 (S 24 4:26, R 19 36)

Vhm$ 6 successive Theater High-Altitude Area Defense (THAAD) failures, including three typos; then a "success" (R 20 43,45); Titan 4B failure (R 20 39) blamed on shifted decimal point in upper-stage software (R 20 45)

Vf,f Delta III launch ends after 71 seconds due to software flaw; two weeks later, Delta III leaves Loral Orion comm satellite in useless low orbit 4 May 1999 (R 20 38)

Vmfh Centaur/Milstar upper-stage failure due to attitude-control system software (R 20 49); roll-rate filter constant .1 factor (-0.1992476, not -1.992476) (R 20 57,59)

Vm$ Private imaging satellite Ikonos 1 disappears 8 minutes after launch (S 24 4:26, R 20 36); loss blamed on an electrical problem that prevented the aerodynamic payload cover from coming off. Subsequent Ikonos launched successfully (R 20 60):

f Terra spacecraft navigation software problems (S 25 3:18, R 20 78)

V$(m?f?) Two satellite failures (R 21 19, S 26 2:)

Vm/f? Russian rocket blows 12 Globalstar satellites (S 24 1:32, R 19 95)

V$(f?m?) Computer blamed for Russian rocket crash (R 21 18, S 26 2:)

h Boeing space station tanks accidentally taken to Huntsville dump (R 20 83)

Vh Space Station endangered by NASA flight controllers' blunder in maneuvering around space junk; predicted distance also way off (R 20 46-47)

SH Space Station Problem Reporting Database hacked (R 20 47-48)

$Vmf Space Station risks (R 21 14, S 26 2:)

V$ehf Canaveral Rocket lost; wrong key hit in loading guidance SW (S 16 4)

df NASA finds problems in EOSDIS Earth Observing System (EOS) spacecraft flight operations software development, expected to delay launch (R 19 67)

m+ Apollo 11 lunar module, pen used to replace circuit breaker (S 18 3:A14)

Vr* Lightning hits Apollo 12. "Major system upsets, minor damage". See article by Uman and Krider, Science 27 Oct 1989, pp. 457-464. (S 15 1)

V$m Lightning changed Atlas-Centaur program (51 sec). $160M lost (S 12 3, 15 1)

@V*$m Lightning hits launch pad, launches 3 missiles at Wallops Island (S 12 3)

V$f Mariner 1 Venus probe: HW fault plus programmer missed superscript bar in `R dot bar sub n'. See Paul Ceruzzi, Beyond the Limits - Flight Enters the Computer Age, Smithsonian, 1989, Appendix (S 14 5). (Earlier reports had suggested DO I=1.10 bug (see next item) or a garbled minus sign (or hyphen.) (S 8 5, 11 5, S 13 1)

$f Project Mercury had a FORTRAN syntax error such as DO I=1.10 (not 1,10). The comma/period interchange was detected in software used in earlier suborbital missions, and would have been more serious in subsequent orbital and moon flights. Noted by Fred Webb. (S 15 1)

*f Gemini V 100mi landing err, prog ignored orbital motion around sun (S 9 1)

V$f Atlas-Agena software missing hyphen; $18.5M rocket destroyed (S 10 5)

@VSH Lauffenberger convicted of logic bombing GD's Atlas rocket DB (S 17 1)

Vm Navy Atlas rocket places satellite in worthless orbit (S 18 3:A14)

V$f Aries with $1.5M payload lost: wrong resistor in guidance system; (S 11 5)

V*f TDRS relay satellite locked on wrong target (S 10 3)

Vm AT&T Telstar 401 satellite failure (S 22 4:26, R 18 76)

Vm Ariane 5 test problems: motor failures, nitrogen leak (S 20 5:9, R 18 27,28)

V$f New Ariane 5 failure (S 21 5:15); More on Ariane 5: conversion from 64-bit floating to 16-bit signed caused Operand Error (R 18 27-29,45,47); Note: Matra made software for Ariane5 and Taipei subway system (S 21 5:15); Incidentally, Robert L. Baber, Univ. Witwatersrand, Johannesburg, suggests you browse http://www.cs.wits.ac.za/ bob/ariane5.htm - showing how a simple correctness proof could have avoided this problem. (R 18 89-91)

*Mm Cosmic rays hit TDRS, Challenger comm halved for 14hrs [8Oct1984](S 10 1)

$Mr Sunspot activity: 1979 Skylab satellite dragged out of orbit (S 13 4)

hM 1989 pulsar discovery now attributed to TV camera interference (S 16 3)

V$hfe Soviet Phobos I Mars probe lost (Sep 1988): faulty SW update (S 13 4); cost to USSR 300M rubles (Aviation Week, 13 Feb 89); disorientation broke radio link, discharged solar batteries before reacquisition. [Science, 16Sep1988] More on Phobos 1 and 2 computer failures (S 14 6)

V$? Soviets lose contact with Phobos II Mars probe. Automatic reorientation of antenna back toward earth failed. (S 14 2)

V$f 1971 Soviet Mars orbiter failed after "unforgivable" SW bug; new info (S 16 3)

f Assessment of predictions on the Russian Mars Probe crash site (S 22 2:22)

V$fm 1993 Mars Observer lost entering Mars orbit (S 18 4:11; R 14 87,89; 15 01); loss blamed on fuel line leak (Washington Post, 10 Jan 1994)

f What really happened on Mars Rover Pathfinder? David Wilner on VxWorks system resets and preemptive priority scheduling, and Glenn Reeves - first-hand commentary must be read (R 19 49,50,53,54) and further discussion of priority inversion (R 19 50,53,54,56)

V$fm Mars Climate Orbiter lost, dipped too close to Mars due to English/Metric confusion; Mars Polar Lander reprogrammed to report back directly on 3 Dec 1999 (R 20 59-62); Mars Lander then lost entirely on landing attempt, search abandoned after a month. Crash finally blamed on software shutting engines off prematurely (R 20 84,86)

$f/h? NASA HESSI shake test 10 times too strong, damaging spacecraft (S 25 3:15, R 20 86)

$f Sea Launch rocket drops satellite into Pacific Ocean (S 25 3:15, R 20 84,86); single line of code allowed launch with second-stage valve open, causing helium leak (R 20 97)

Vfm$ Electronics startup transient opened telescope cover prematurely, destroying Wide Field Infrared Explorer (WIRE) spacecraft (R 20 47-48)

V$m $1.4B Galileo antenna jammed, en route to Jupiter (S 18 4:11)

V$m Landsat 6 vanishes; space junk tracked by mistake (S 19 1:10)

V$f Magellan space software problems: serious design flaw fixed (S 14 5) Nonatomic setting of scheduled and active flags interrupted. See H.S.F. Cooper, Jr., The Evening Star: Venus Observed, Farrar Straus Giroux, 1993. Discussion in J.M. Rushby, SRI-CSL-95-01.

$m Magellan spacecraft manual guidance overcomes faulty computer chip (S 15 2)

V*h Soyuz Spacecraft reentry failed, based on wrong descent program, (orbiting module had been jettisoned, precluding redocking) (S 13 4)

V$fe Viking had a misaligned antenna due to a faulty code patch (S 9 5)

*f Ozone hole over South Pole observed, rejected by SW for 8 years (S 11 5)

? Global-warming data confusion (R 19 91-92)

@Vfm Channel blocked, Discovery runs out of storage for ozone data (S 18 3:A14)

* Continuing trend toward expert systems in NASA (S 14 2)

f SW bug on TOPEX/Poseidon spacecraft "roll momentum wheel saturated" alarm aborted maneuver. It was recoverable, however. (S 18 1:24)

Defense

V!hhh U.S. F-15s take out U.S. Black Hawks over Iraq in Friendly Fire; 26 killed, attributed to coincidence of many human errors. (Other cases of friendly fire included 24% of those killed in the Gulf War.) (S 19 3:4) According to a seemingly reliable private correspondent who has read through at least 62 volumes of investigation reports, the public was seriously misled on this situation and there was a considerable cover-up. For now, contact me if you want further background.

!!$rhi Iran Air 655 Airbus shot down by USS Vincennes' missiles (290 dead); Human error plus confusing and incomplete Aegis interface (S 13 4); Commentary on Tom Wicker article on Vincennes and SDI (S 13 4); Aegis user interface changes recommended; altitude, IFF problems (S 14 1); Analysis implicates Aegis displays and crew (Aerospace America, Apr 1989); Discussion of further intrinsic limitations (Matt Jaffe, S 14 5, R 8 74); USS Sides Cmdr David Carlson questions attack on Iranian jet (S 14 6)

!!$rfe Iraqi Scud hit Dhahran barracks (28 dead, 98 wounded); not detected by Patriot defenses; clock drifted .36 sec. in 4-day continuous siege, due to SW flaw, preventing real-time tracking. Spec called for aircraft speeds, not mach 6, only 14-hour continuous performance, not 100. Patched SW arrived via air 1 day later (S 16 3; AWST 10Jun91 p.25-26); Shutdown and reboot might have averted Scud disaster (S 16 4) Patriot missiles misled by `accidental' decoys; T.A. Postol report (S 17 2); summary of clock drift, etc. GAO/IMTEC-92-26, February 1992 (S 17 2); reprisals against Postol for his whistleblowing (R 13 32, S 17 2); Army downgrades success to about 10% rather than 80% (R 13 37, S 17 2, 17 3) GAO report documents clock problem in detail (S 17 3) 24-bit and 48-bit representations of .1 used interchangeably (S 18 1:25)

*f Patriot system fails again (S 25 3:18, R 20 85)

*f Software snafu slowed critical data during Iraq raid (S 24 3:25, R 20 23)

!!V$h? Sheffield sunk during Falklands war, 20 killed. Call to London hindered antimissile defenses on same frequency? [AP 16May1986](R 2 53, S 11 3) An "official" version disputes this conclusion - see "The Royal Navy and the Falkland Islands" by David Brown, written at the request of the Royal Navy. Page 159 of that report discusses another problem with the Sea Wolf system, occurring several days later.

!V$ British Falklands helicopter downed by British missile. 4 dead (S 12 1)

!!V$f USS Liberty: 3 independent warning messages to withdraw were all lost; 34 killed, more wounded. Intelligence implications as well. (S 11 5)

!Vhfi? Stark unpreparedness against Iraqi Exocets blamed on officers, not technology, but technology was too dangerous to use automatically (S 12 3); Captain blamed deficient radar equipment; official report says radar detected missiles, misidentified them. (S 13 1)

Vrf$ USS Yorktown Aegis missile cruiser dead in water for 2.75 hours after unchecked divide by zero in application on Windows NT Smart Ship technology (S 24 1:31, R 19 88-94); letter to Scientific American: it was an explicit decision to "stimulate" [sic] machinery casualties? (S 24 4:26, R 20 37)

$hfe Navy software problems in upgrading software on battle cruisers USS Hue City and USS Vicksburg (S 23 5:25, R 19 86-87)

*Vf 5th Bell V22 Osprey crash: assembly error reversed polarity in gyro (S 16 4); Bell V-22 Osprey - correct sensor outvoted (S 17 1)

!V$(f?m?h?) Another Osprey crash (R 21 14, S 26 2:)

*H Fraudulent test SW in Phalanx anti-missile system, Standard missile (S 13 4)

Hhf West German flies Helsinki-Moscow through Soviet Air Defense (S 12 3)

Hhf Soviet Air Defense penetrated again by amateur pilot (S 15 5)

$h Russian missile-site power outage due to unpaid utility bill? (S 20 1:17)

**f Returning space junk detected as missiles. Daniel Ford, The Button, p.85

** WWMCCS false alarms triggered scrams 3-6 Jun 1980 (S 5 3, Ford pp 78-84)

** DSP East satellite sensors overloaded by Siberian gas-field fire (Daniel Ford p 62); Ford summarized (S 10 3)

**f BMEWS at Thule detected rising moon as incoming missiles [5Oct1960] (S 8 3). See E.C. Berkeley, The Computer Revolution, pp. 175-177, 1962.

** SAC/NORAD: 50 false alerts in 1979 (S 5 3), incl. a simulated attack whose outputs accidentally triggered a live scramble [9Nov1979] (S 5 3)

*** Serious false 2200-missile-alert incident 3 Jun 1980 described by Stansfield Turner, mentioning thousands of other false alarms (S 23 1:12, R 19 43)

*fmh Russian early-warning system close to retaliatory strike: Norwegian weather rocket mistaken for American Trident (R 19 85)

m Report from Kommersant Vlast on Serbukov-15 base false detection of ICBMs en route to Moscow on 25 Sep 1983; human intervention stopped retaliation; system allegedly misbehaved due to radiation (R 19 97)

*$VfM Libyan bomb raid accidental damage by "smart bomb" (S 11 3) F-111 downed by defense-jamming electromagnetic interference (S 14 2) More on U.S. radio self-interference in 1986 Libyan attack (S 15 3)

* Iraq using British Stonefish smart mines, with "sensitive" SW (S 15 5)

*SP Britain bugged radio equipment sold to Iraq (S 16 4)

*SP Trojan horse implants in DoD weapons (S 16 4)

*SP Trojan horse inserted in locally netted printer sold to Iraq? (S 17 2)

*Vm Arabian heat causing problems with US weapons computers (S 15 5)

*V$m Lightning hits launch pad, launches 3 missiles at Wallops Island (S 12 3)

* Frigate George Philip fired missile in opposite direction (S 8 5)

*h? Unarmed Soviet missile crashed in Finland. Wrong flight path? (S 10 2)

*Vf 1st Tomahawk cruise missile failure: program erased [8Dec1986] (S 11 2)

*Vm 2nd Tomahawk failure; bit dropped by HW triggered abort (S 11 5, 12 1)

f/m? CALCM cruise missile software bugs revisited (S 22 2:22)

hi Accidental launch of live Canadian Navy missile: color-code mixup (S 22 1:18)

*$rf Program, model flaws implicated in Trident 2 failures (S 14 6)

*VrmM RF interference caused Black Hawk helicopter hydraulic failure (S 13 1); More on Black Hawk EMP problems and claimed backwards pin (R 17 39,42)

*VSM RF interference forces RAF to abandon ILS in poor weather (R 21 17)

*f Sgt York (DIVAD) radar/anti-aircraft gun - software problems (S 11 5)

$f Software flaw in submarine-launched ballistic missile system (S 10 5)

V$f AEGIS failures on 6 of 17 targets attributed to software (S 11 5)

Vf WWMCCS computers' comm reboot failed by blocked multiple logins (S 11 5)

$ WWMCCS modernization difficulties (S 15 1)

*$f Gulf War DSN 20-30% call completion persists 3 mos. until SW patch (S 17 4)

$f Armored Combat Earthmover 18,000 hr tests missed serious problems (S 11 5)

$rfi Stinger missile too heavy to carry, noxious to user (S 11 5)

**V$$Sr Strategic Defense Initiative - debate over feasibility (S 10 5); Pentagon says SDI complexity comparable to nuclear reactors (Newsweek, S 17 3) See Way Out There in the Blue: Reagan, Star Wars, and the End of the Cold War, Frances FitzGerald, Simon & Schuster, 2000 for a fine retrospective analysis.

$d SDI costs, budget issues, risks discussed (S 17 4)

$ StarWars satellite 2nd stage photo missed - unremoved lens cap (S 14 2)

f StarWars FireFly laser-radar accelerometer wired backwards (S 19 2:2)

$* 1.7M resistors recalled. Used in F-15, Patriot, radar, comm aircr. (S 16 3)

$hd DoD criticized for software development problems (S 13 1)

* US Navy radar jammers certified despite software errors, failed tests (S 17 3)

$ USAF software contractors score poorly on selections (S 14 1)

$d ADATS tank-based anti-copter missile system development problems, $5B overrun, unreliability, ... (S 16 1)

$d British air defense system ICCS SW causes ten-year delay (S 15 5)

*Sf US Army Maneuver Control System vulnerable to software sabotage (S 15 5)

$d US-supplied Saudi Peace Shield air defense software problems (S 15 5)

$d Serious software problems in UK Trident nuclear warhead control (S 15 5)

*m Russian nuclear warheads armed by computer malfunction (R 19 14)

*h Outdated codes made US missiles useless until annual inspection (S 14 5)

S Classified data in wrong systems at Rocky Flats nuclear weapons plant (S 16 4)

SPh Classified disks lost by Naval commanders on London train (R 17 54)

hi? Listing of US Navy safety problems in two-week period (S 15 1)

Vm Rain shuts down Army computers; lightning effects and prevention (S 15 1)

* Role of e-mail, Internet, FAX in defeating 1991 Soviet coup attempt (S 16 4); (S) power surges used to fry faxes and computers in countermeasure (S 16 4)

* Russian auto-response missile system still in place in Oct 1993 (S 19 1:10)

!! Analysis of U.S. peacetime submarine accidents http://freeweb.pdq.net/gstitz/Peace.htm

Military Aviation

!!V$f Handley Page Victor tailplane broke, crew lost. 3 independent test methods, 3 independent flaws, masking flutter problem (S 11 2-12, correction S 11 3)

!Vf Harrier ejection-seat parachute system accidentally deployed, blew through the canopy, but without ejecting the seat and pilot, who was killed (S 13 3)

f Harrier targets police radar gun; fortunately not armed! (S 21 4:14)

*V(h/m?) Japanese pilot accidentally ejected into the Pacific (S 19 4:12)

*V$h Sea Harrier 1 accidentally bombs its own carrier, Ark Royal (S 17 3) 5 injured. Auto aim-off SW blamed for the Ark Royal bombing (S 18 1:23)

*V$f SAAB JAS 39 Gripen crash caused by flight control software (S 14 2, 14 5)

*V$fmhi 2nd JAS 39 Gripen crash 8Aug1993 blamed on pilot/technology (S 18 4:11); interface difficulties, complicated analysis (S 19 1:12)

*V$rf Software problems in B-1B terrain-following radar, flight-control; electronic countermeasures (stealth) jam plane's own signals (S 12 2)

*V$h B-1B swept wing punctures gas tank on the ground; blamed on low lubricant; problem found in 70 of 80 B-1Bs inspected (S 14 2)! No computer sensors?

$fd Stealth development problems including SW miscalculation in wiring (S 15 1)

$f UHB demonstrator flight aborted by software error at 12,000 feet (S 12 3)

*V$fh F-22 prototype crash first blamed on computer SW, then on pilot (S 17 3)

*V$f F-18 crash due to missing exception cond. Pilot OK (S 6 2, more SEN 11 2)

*Vhi F-18 missile thrust while clamped, plane lost 20,000 feet (S 8 5)

*f F-16 simulation: plane flipped over whenever it crossed equator (S 5 2)

*f F-16 simulation: upside-down, deadlock over left vs. right roll (S 9 5)

$Vhi F-16 landing gear raised while plane on runway; bomb problems (S 11 5)

*Vfh Unstallable F-16 stalls; novice pilot found unprotected maneuver (S 14 2)

$d USAF ECM systems: software 2 years late for F-16 and F-111 (S 15 5)

*hif Accidental shootdown of one Japanese F-15 by another (R 17 65, R 18 18); controversy continues (R 18 41,57)

*V$f? F-14 off aircraft carrier into North Sea; due to software? (S 8 3)

*V$f F-14 lost to uncontrollable spin, traced to tactical software (S 9 5)

Vf YF-23 fly-by-wire prototype attempted tail corrections while taxiing. Same problem on first X-29. (AFTI/F-16 had weight-on-wheels switch.) (S 16 3) AFTI/F-16 DFCS redundancy management: ref to J.Rushby SRI-CSL-91-3 (S 16 3)

+- Historical review of X-15 and BOMARC reliability experiences (S 17 3)

$ Systems late, over budget (what's new?); C-17/B-1/STC/NORAD/ASJP (S 15 1)

V*$fd C-17 SW/HW problems documented in GAO report; 19 on-board computers, 80 microprocessors, six programming languages; complexity misassessed GAO: "The C-17 is a good example of how not to approach software development when procuring a major weapons system." (S 17 3) Chairman John F. McDonnell's reply (S 17 4)

f C-130 testbed uncovers 25-yr-old divide-by-zero bug in X-31 SW (S 16 3)

*Vmf X-31 crash, 19 Jan 1995 (R 17 45,46,47,60,62; 60=Pete Mellor)

V(f?) Unplanned 360-degree roll of NASA's X-38 in test (R 21 10)

*VM US missile-warning radar triggers accidental explosions in friendly aircraft; radar must be turned off when planes land! (S 14 2)

* AF PAVE PAWS radar can trigger ejection seats, fire extinguishers (S 15 1)

!$h 1988 RAF Tornados collided, killing 4; flying on same cassette! (S 15 3)

V$ef DarkStar unmanned aerial vehicle (UAV) crash from software change, cost $39M (S 22 1:17-18)

mM? Air Force bombs Georgia - stray electromagnetic interference? (S 14 5)

*hme, etc. Navigation, GPS, and risks of flying (R 19 73,75,77); Implications of the U.S. Navy no longer teaching celestial navigation (R 19 75,77-79,81-82)

Commercial Aviation

..... Commercial flight incidents

!!$V(hi?) Korean Airlines KAL 007 shot down killing 269 [1Sept1983]; autopilot on HDG 246 rather than INERTIAL NAV? (NYReview 25 Apr 85; SEN 9 1, 10 3, 12 1) or espionage mission? (R.W. Johnson, "Shootdown") Further information from Soviets, residual questions (S 16 3); Zuyev reports Arctic gales had knocked out key Soviet radars; Oberg believed Sakhalin air defense forces were "trigger-happy" following earlier US Navy aircraft overflight incursions [Reuters 2Jan1993]; Analysis of recent articles on KAL 007 (Ladkin, R 18 44)

!!Vfe Korean Airlines KAL 901 accident in Guam, killing 225 of 254; worldwide bug discovered in barometric altimetry in Ground Proximity Warning System (GPWS) (S 23 1:11, R 19 37-38)

!!Vm Alaska Airlines flight 261, 31 Jan 2000, dove into Pacific Ocean after jackscrew failure in stabilizer assembly; hearing results show loss of paper trail (R 21 15)

!!V(m?h?) TWA Flight 800 missile-test accident hypothesis causing near-empty fuel-tank explosion off Long Island widely circulated in Internet e-mail, causing considerable flap. Missile theory officially discredited. Minireview of James Sander's The Downing of TWA Flight 800 (R 19 12); speculative discussion on the downing of TWA 800 (R 19 13); possibility of EMI raised in article by Elaine Scarry, New York Review of Books, 9 Apr 1998 (R 19 64-66). Harvard Magazine Jul-Aug 1998, pp. 11-12, diagram shows TWA 800 at 13,700 feet between a P3 Orion directly overhead at 20,000 feet, Black Hawk helicopter and HC-130 at 3,000 feet both directly below (with a C-141 and C-10 nearby). But this seems unlikely. (R 19 86) Report from Commander William S. Donaldson III, USN Ret., 17 July 1998, claiming a hostile missile attack http://www.aci.net/kalliste/donaldson.htm.

!!V$rh Air New Zealand crashed into Mt Erebus, killing 257 [28Nov1979]; computer course data error detected but pilots not informed (S 6 3, 6 5)

!!V$f/m? Lauda Air 767-300ER broke up over Thailand. 223 dead. Cockpit voice recorder: thrust reverser deployed in mid-air. Precedents on 747/767 controlled; investigation in progress. (S 16 3, AWST 10Jun91 pp.28-30) Suitcase full of cheap lithium-battery Chinese watches exploded? Earlier lithium battery problems: South African 747 in 1987, killed 159; Cathay Pacific 1990 emergency landing (S 16 3, Sunday Times, London, 23 Jun 91) Many other planes may be flying with the same thrust-reverser defect; FAA, Boeing simulations, suggest 757 less aerostable than though (S 16 4) Ex-Boeing expert had warned of software flaw in 747/767 proximity switch electronics unit; he claims he was ordered to suppress data. (S 17 1)

!!Vhifmr Northwest Air flight 255 computer failed to warn crew of unset flaps misset, thrust indicator wrong; 156 dead (S 12 4); circuit breaker downed the warning system that should have detected those problems. [But who checks the checker?] Simulator, plane behave differently (S 13 1) Report blames pilot error, unattributed circuit outage (S 13 3) Report that the same pilots had intentionally disconnected the alarm on another MD-80 two days before raises suspicions. (S 14 5, R-08.65) NW sues CAE over spec error in flight training simulator (S 15 5) A Federal jury ruled on 8 May 91 that the crew was to blame.

!!V$mf/h/i? British Midland 737 crash, 47 killed, 74 seriously injured; right engine erroneously shut off in response to smoke, vibration (Flight International 1 Apr 89); suspected crosswiring detected in many OTHER planes (S 14 2); low-probability, high-consequence accidents (S 14 5); random memory initialization in flight management computers (S 14 5); Kegworth M1 air crash inquest: many improvements suggested (S 15 3); Criticism of "glass cockpits" (S 15 3); UK AAIB fingers 737-400 liquid crystal display layouts (S 16 3); now-retired British vicar Reverend Leslie Robinson claims a witches' coven was operating under the flight path (R 20 12)

!!Vh Aeromexico flight to LAX crashes with private plane, 82 killed (S 11 5)

!!Vh Metroliner&transponderless small plane collide 15 Jan 87. 10 die (S 12 2)

!!Vh Two planes collide 19 Jan 87. Altitude data not watched by ATC. (S 12 2)

!!Vfih 1994 China Air A300-600 Nagoya accident killing 264: final report blames pilots and autopilot human-computer interface (R 18 33); (see also R 16 05-07, 09, 13-16)

!Vh Air France Airbus A320 crash blamed on pilot error, safety controls off (S 13 4); 3 killed. Airbus computer system development criticized (S 13 4); Subsequent doubts on computers reported: inaccurate altimeter readings; engines unexpectedly throttling up on final approach; sudden power loss prior to landing; steering problems while taxiing (S 14 2); reportage by Jim Beatson (R 08 49, 08 77), barometric pressure backset? (S 14 5) investigators blame pilot error; pilots charge recorder tampering (S 15 3) Pilots convicted for libel in blaming technical malfunctions! (S 16 3)

!!V? Indian Airlines Airbus A320 crashes 1000 ft short of runway; 97 die (S 15 2) A320 flight modes (S 15 3); apparent similarities in crashes (S 15 3) Air India unloading their A320s (S 15 5)

V(m?) Air India Airbus 320 autopilot failure [19Apr1999]? (S 24 4:26, R 20 32)

!!Vhmi French Air Inter A320 crash on approach to Strassbourg airport [20Jan1992]; 87 dead, 9 survivors; 2,000-foot altitude drop reported (R 13 05); crash site at 2496 feet. Report fingers mixture of human and technical error, airport ill equipped, serious failings in altimeter system, pilot unable to stop descent (S 17 2); Air Inter official charged with negligent homicide (S 18 2:9); Commission of Enquiry blamed Pilot Error (S 18 4:12); New case of A320 descent-rate instability identified approaching Orly, related to Air Inter crash (S 18 1:23); Final report blames crew training and interface problems (S 19 2:11)

!Vf 1994 Toulouse A330 accident blamed on experimental SW. 7 died (S 19 4:11)

* A320 flight-control computer anomalies summarized by Peter Ladkin (R 18 78)

!*(V,etc.) Compendium of commercial fly-by-wire problems (Peter Ladkin) (S 21 2:22)

@!!$hi Iran Air 655 Airbus shot down by USS Vincennes' Aegis system (above)

?h Qantas airliner challenged by US Cowpens, Aegis missile cruiser (S 17 4)

!V(f/h/i?) Varig 737 crash (12 dead) flightpath miskeyed? (S 15 1)

!V 707 over Elkton MD hit by lightning in 1963, everyone killed (S 15 1)

!V$m AA DC-10 stall indicator failed; power was from missing engine (S 11 5)

!V Bird strikes cause crash of Ethiopian Airlines 737, killing 31 (S 14 2)

!V Dominican Republic 757 crash 6 Feb 1996, cause unclear (S 21 4:13, R 17 84)

!V BirgenAir crash at Puerto Plata killed 189 (R 17 87)

!!V$hi Further discussion of American Airlines Cali and Puerto Plata B757 crashes (R 18 10); in Cali crash, killing 159 of 163: same abbreviated code used for different airports (S 22 1:17); in a trial, evidence was given that 95 of 8,000 navigational beacons were not included in the airline database, including Cali's Rozo (R) - see media reports 17 Apr 2000. US Federal jury allocated responsibility 17% to Jeppessen, 8% to Honeywell, 75% to American Airlines (R 20 92; S 26 1:23)

!fi EFIS failure main suspect in Crossair crash (S 25 3:17-18, R 20 78)

!Vh 1996 B757 Aeroperu Flight 603: duct tape over left-side static port sensors? (S 22 2:22; R 18 51,57,59) Peru Transport Ministry verified this [Reuter, 18Jan1997]

Vm Migratory birds jam FAA radar in Midwest (R 17 44)

m Lovesick cod overload Norwegian submarine sonar equipment (R 20 07) [Who needs a cod peace?]

!!V Chinese Northwest Airlines BA-146 Whisperjet crashed on second takeoff attempt, killing 59; cause not available [23Jul1993] (S 18 4:12)

!V Ilyushin Il-114 crash due to digital engine control failure (S 19 1:9)

*V mi Dec 1991 SAS MD-81 crash (ice damaged engine) due to auto thrust restoration mechanism not previously known to exist by SAS (S 19 1:12)

*Vf 11 cases of MD-11s with flap/slat extension problem, including China Eastern Airline plane that lost 5000 feet on 6 Apr 1993 (S 18 4:11)

Vf/m/h? Chinook helicopter engine software implicated (S 23 3:23, R 19 51); more on the Chinook enquiry (R 21 14,18-20)

*Vrh Lessons of ValueJet 592 crash: William Langewiesche in Atlantic Monthly (R 19 62,63)

*Vf DC-9 chip failure mode detected in simulation (S 13 1)

!!V$f Electra failures due to simulation omission (S 11 5)

!V$f Computer readout for navigation wrong, pilot killed (S 11 2)

*Vhi South Pacific Airlines, 200 aboard, 500 mi off course near USSR [6Oct1984]

*Vhi China Air Flight 006 747SP 2/86 pilot vs autopilot at 41,000 ft with failed engine, other engines stalled, plane lost 32,000 feet [19Feb1985] (S 10 2, 12 1)

*V Simultaneous 3-engine failure reported by Captain of DC-8/73 (S 14 2)

*Vfm Boeing KC-135 autopilot malfunction causes two engines to break off (S 16 2)

*Vf Avionics failed, design used digitized copier-distorted curves (S 10 5)

*Vf Lufthansa A320 overruns runway in Warsaw; actuator delay blamed (S 19 1:11); Logic flaw in braking system; fix required fooling the logic! (S 19 2:11)

mV A320 engine-starter unit overheats after takeoff, trips breakers, gave false thrust-reverser indications, engine control failure (S 19 2:12)

*V$f 727 (UA 616) nose-gear indicator false positive forces landing (S 12 1)

*Vhi USAir 737-400 crash at NY LGA; computer interface, pilot blamed (S 15 1)

!Vi Crash of USAir Flight 427 nearing Pittsburgh, 8 Sep 1994: see Jonathan Harr, (The New Yorker, 5 Aug 1996 (S 22 1:17)

*V Tarom Airbus automatic mode switch escaped pilot's notice (S 20 1:16)

*Vf British Airways 747-400 throttles closed, several times; fixed? (S 15 3)

*Vf JAL 747-400 fuel distribution stressed wings beyond op limits (S 16 3)

*Vf Older Boeing 747 planes suspected of diving due to autopilot design flaw; 747-400 speed reduction of 50 knots ordered; 747-200 sudden increase in thrust, another pitched upwards; etc. (S 17 3); FAA report on possible 747 autopilot faults relating to altitude losses (S 18 3:A15)

Vf 747 tail scrapes runway; center of gravity miscalculated by improper program upgrade (R 19 11)

*Vf Boeing 757/767 Collins autopilot anomalies discussed (S 19 1:10)

**V 767 (UA 310 to Denver) four minutes without engines [August 1983] (S 8 5)

*Vf 767 failure LA to NY forced to alternate SF instead of back to LA (S 9 2)

*Vm Martinair B767 Aircraft suffers EFIS failure; instruments blank (S 21 5:15)

*V(f/m?) B777 autopilot/flight-director problems [Oct1996]? (S 22 4:29, R 18 83)

V$ Boeing 777 landing-gear weakness; strength off by factor of 2 (R 17 04)

*he Australian Ansett B767 fleet grounded due to maintenance breaches (R 21 17)

*Vf 11 instrument software failures in BA aircraft in Jul-Aug 1989 (S 15 5)

*fhi Analysis of potential risks of the Enhanced Ground Proximity Warning System (EGPWS), by Jim Wolper (R 19 56); pilots computer literacy? (R 19 57); relationship with GPS accuracy (R 19 57)

* Missile passes American Airlines Flight 1170 over Wallops Island (S 22 1:18)

m Fire alarms on Boeing 777 triggered by tropical fruit and frog cargo (S 22 1:17)

M Cell phone ringing in Adria Airways luggage alarms avionics; plane returns (R 21 20)

*m INCETE power ports in use in at least 1700 aircraft can result in exploding batteries? (R 19 94)

m* High-flying hijinks: canine passenger sinks teeth into plane (R 20 54)

..... Private plane incidents

!Vrhi John Denver plane crash linked to unlabelled implementation change over spec: lever up for off, down for right tank, to the right for left tank; not very intuitive! (R 20 43)

..... Airport problems

m Power failure disrupts Ronald Reagan National Airport 10 Apr 2000 for almost 8 hours; backup generator failed (R 20 87)

$fd $200M Denver airport baggage system seriously delays opening (S 19 3:5); costly stopgap old-fashioned system planned in the "interim" (S 19 4:6); new software problems for incoming baggage (R 17 61); city overruled consultant's negative simulation results (R 18 66)

Vdfm$ Kuala Lumpur International Airport: Risks of being a development pioneer (R 19 68); airport opens 30 Jun 1998, but baggage and check-in systems failed for several days (R 19 84); similar events at the opening of the new Hong Kong airport a few days later (R 19 85)

Vm Amsterdam Schiphol airport computer down for 30 minutes, major delays (R 19 85); unchecked out-of-range value (R 19 93)

V$fe American Airlines' SABRE system down 12 hours; new disk-drive SW launched "core-walker" downing 1080 old disk drives, stripped file names ... (S 14 5)

Vm American Airlines' Sabre system software problem down for four hours (30 Jun 1998, evening rush hour) affected hundreds of flights across 50 airlines; second crash in a week (R 19 84)

f/m SAS new baggage system miseries at Copenhagen Airport (R 19 97)

h SAS reprinted summer airline timetables for the winter, but Internet version was correct (R 20 05)

mh Boston airport electronic display fiasco on flight to Philly (R 19 96)

..... Masquerading

*VSH Miami air-traffic controller masquerader altered courses (S 12 1)

*VSH Roanoake Phantom spoofed ATC, gave bogus information to pilots for 6 wks, caught (S 19 2:5); out-of-work janitor pleads guilty (R 15 39)

VSH Manchester (UK) air-traffic-controller message spoofer (UK) (S 21 2:21)

..... Other air-traffic control problems

*h 20-foot aircraft separation near-collision over LaGuardia Airport, 3 Apr 1998, due to controller being distracted by spilled coffee (R 19 79,84) together with increased error rates and radar dropouts results in FAA ordering retraining of air-traffic controllers (R 19 79)

fe Westbury Long Island TRACON upgrade failed test, but backup to old software backfired (R 19 79)

*Vfm Radar blip lost Air Force One (S 23 4:21, R 19 63)

Vm* Air Force One disappeared from the Gibbsboro NJ radar twice on 5 Jun 1998, with President Clinton en route to MIT for the commencement speech; also reported was near-collision with a Swissair 747, missed by radar, Oct 1997 (R 19 79); Air Force Two disappeared from radar, 7 Jun 1998, and the same radar failed with AF2 overhead 17 Jun 1998 (R 19 82)

m?f? San Francisco Airport radar phantom flights (R 21 20, S 26 2:)

f Air-traffic control woes (R 21 09, S 26 2:)

Vm Aviation near-crashes in Kathmandu (R 21 09, S 26 2:)

*V(m?f?) Indianapolis FAA route center running on generators for a week (R 21 11, S 26 2:)

*h Delta plane 60 miles off course, missed Continental by 30 feet (S 12 4)

Vf SW fault in aircraft nondirectional beacon landing approach system (S 16 3)

V* New San Jose CA ATC system still buggy, plane tags disappear (S 14 2)

*Vf ATC computers cause phantom airplane images (S 16 3)

Vf West Drayton ATC system bug found in 2-yr-old COBOL code (S 16 3)

*Vh Open cockpit mike, defective transponder caused 2 near-collisions (S 12 1)

*Veh ATC equipment test leads to Sydney landing near-collision (R 20 24)

*Vmf More ATC problems, fall 1998: New air-traffic control radar systems fail, losing aircraft at O'Hare (R 20 07); Dallas-FortWorth ARTS 6.05 TRACON gives ghost planes, loses planes (one for 10 miles), one plane on screen at 10,000 feet handed off and showing up at 3,900 feet! 200 controller complaints ignored, system finally backed off to 6.04 (R 20 07); near-collision off Long Island attributed to failure at Nashua NH control center (R 20 11); TCAS system failures for near-collision over Albany NY (R 20 11); two more TCAS-related incidents reported (R 20 12); landing-takeoff near-miss on runway at LaGuardia in NY (R 20 13); discussion on trustworthiness of TCAS by Andres Zellweger, former FAA Advanced Automation head (R 20 13)

V(f/m?) Faulty TCAS behavior. Australian report shows two faulty TCAS cases: Jan 1998 near Hawaii, TCAS off by 1500 feet vertically, caused false maneuvers; Jun 1999 over China, TCAS had higher plane descending toward the lower (R 20 60,62);

*Vfm Complete ATC power failure in the U.S. Northwest, 15 Jan 1999, discussion by Seattle controller, Paul Cox (R 20 19)

*Vmh Dulles radar fails for half-hour 23 Nov 1998 (R 20 10); discussion of air-traffic control safety implications (R 20 11), and ensuing comments from a controller (R 20 12)

*Vh Risks of runway crossings with tight takeoff/landing schedules (R 20 10)

f Airline clock wraparound in displays: UA Flight 63 from SFO "Delayed 1 hr 39 min, Arrive Honolulu Intl 12:01am Tues Early 22 hr 35 min" (R 20 15); More United Airlines Website flight curiosities (R 20 44)

h Couple join Mile-High Club, disrupt British air-traffic control (S 19 1:10)

h Accidentally enabled sex-aid vibrator in hand luggage causes bomb scare on Monarch Air flight; apparently not unusual (R 20 34)

*Vm Air-traffic control data cable loss caused close calls (S 10 5)

V$SHm Attack on fibre-optic cables causes Lufthansa delays (S 20 2:12)

VmM Display lasers affect aircraft: pilots blinded over Las Vegas (R 17 55)

*d Reports on new En Route Centre NERC for UK ATC (R 19 18,23,69)

*Vfm Review on air-traffic control outages by Peter Ladkin (S 23 3:26, R 19 59)

*fhm, etc. UK air-traffic control problems summarized at www.pprune.org (R 21 11)

*VM More on EMI and RF interference from passenger devices in aircraft systems (Ladkin) (R 19 24); still more, including discussion of Elaine Scarry article in 26 Sep 2000 The New York Review of Books( and follow-ups (R 21 04,08,11)

VSfM Case of GPS jamming of Continental flight by failed Air Force computer-based test (R 19 71) more on GPS jamming/spoofing: British Airways flight lost all three GPS systems while French military was testing jammers; Continental DC-10 lost all GPS signals while Rome Lab was experimenting with jammers (R 19 74,85)

Vf/h? GPS kills 8 in air (R 20 44-45) and radar-assisted collisions (R 20 45)

@*VM Cell-phone linked to London to Istanbul crash-landing? (R 19 34,36,37)VM Australia's Melbourne Airport RF interference affected communications, traced to an emanating VCR! (R 17 44)

*VM Osaka Int'l Airport's radar screens jammed by TV aerial booster (S 12 3)

*M Cellular telephone activates airliner fire alarm (S 14 6)

Vfmhi? Aviation Risks using Windows NT avionics systems (S 23 3:27, R 19 46)

*Vfi Flawed ATC radars: planes disappear from screens; other problems (S 12 1)

hi Controller screwup causes NW 52 to Frankfurt to land in Brussels (R 17 38,40)

*Vdef Risks in the new Sydney airport control system (R 17 43)

*m Computer outage in Concorde leads to rocky nonautomatic landing (S 12 4)

*Ve British ATC 2-hr outage, 6-hr delays: faulty HW/SW upgrade (S 12 1) Computer problems down FL ATC, slow airline flights in Southern U.S. (S 19 1:11)

*Vfmd Air-traffic-control snafus in Chicago, Oakland, Miami, Washington DC, Dallas-FortWorth, Cleveland, New York, western states, Pittsburgh! (S 20 5:12); Another Oakland airport radar outage 28 Nov 1995, two hours (R 17 49)

V*fm Philadelphia airport radar problems, May 1999 (R 20 42) More radar glitches at Philadelphia airport 10 Mar 2000 (S 25 3:18, R 20 84)

Vhm Brief KC power outage triggers national air-traffic snarl (S 23 3:23, R 19 51)

!Vm New York air traffic slowed for 10 hrs by construction contamination (R 19 41)

*f Fall 1998 air-traffic control upgrade problems: New Hampshire (R 19 93), Salt Lake ATC (R 20 05); Dallas-FortWorth ARTS 6.05 (S 24 1:31, R 20 07), Chicago (R 20 07)

Vm Effects on automated traffic controls of plane crashing into 500Kv power line near Cajon Pass; more than 1000 traffic lights out (R 19 29,30); earlier effects of power failure in Perth (R 19 30); risks of major outages (R 19 32,33)

*Vhe Southern Cal plane crash due to software change? (S 12 1)

*Vmf Alaskan barometric pressure downs altimeters; FAA grounds planes (S 14 2)

*Vfm FAA Air Traffic Control: many computer system outages (e.g., SEN 5 3, 11 5), near-misses not reported (S 10 3)

*Vf ATC computer system blamed for various near-misses, delays, etc. (S 12 4)

*Vhi Air-traffic controller errors. O'hare near-miss: wrong plane code (S 12 3)

V(f/m/h?) 2 jets in near-miss approaching LAX; Brazilian VASP MD-11 pilot blames autopilot, others blame pilot (R 19 10)

*Vh F-16 incidents, TCAS: 4 separate risky military approaches (S 22 4:28, R 18 83)

*V$fm FAA report lists 114 major telecom outages in 12 months 1990-91; Secretary Pena blames air-traffic woes on computer systems (S 19 4:11) 20 ATCs downed by fiber cable cut by farmer burying cow [4May1991] (S 17 1); Kansas City ATC downed by beaver-chewed cable [1990] (S 17 1); Other outages due to lightning strikes, misplaced backhoe buckets, blown fuses, computer problems (S 17 1) 3hr outage, airport delays: Boston unmarked components switched (S 17 1) More on the AT&T outage of 17Sep91 noted below (5M calls blocked, air travel crippled, 1,174 flights cancelled/delayed) (S 17 1)

fh WashingtonDC air traffic slowed 11 Jun 1997: old wiring error (S 22 5:13)

V$fe SW bug downs Fremont CA Air Traffic Control Center for 2 hours [8Apr1992]; 12 of 50 radio frequencies died [17Apr1992], reason unspecified (S 17 3)

V$d New Canadian air-traffic control system SW problems, system late, it crashes, planes flying backwards, frozen displays, no radar,... (S 17 4)

*Vm NY Air Route Traffic Control Center computer failure (S 21 5:15)

*Vef Computer glitches foul up flights at Chicago airports (S 24 4:26,R 20 38)

@See below, general telephone problems that affected traffic control.

*$ Discussion of the implications, needs for oversight, assurance (S 17 1)

*V$m FAA ATC computers in Houston down for 3 hours; long delays (S 12 2)*

*V$rm El Toro ATC computer HW fails 104 times in a day. No backup. (S 14 6)

Vhfm Accidental power outage affects Pacific Northwest air traffic (S 21 2:21)

Vm Dallas-FortWorth ATC system power outage affects southwest (R 17 40)

Vm Las Vegas approach radar outage (R 17 41)

*V$m London ATC lost main, standby power, radar; capacitor blamed! (S 12 2)

*f London ATC goof - US ATC program ignores East longitude (S 13 4)

*f Software misdirects air-traffic controller data in Boston (S 13 4)

@d New £300 million UK air-traffic control system confronts complexity (S 22 1:18)

*Vh Commercial plane near-collisions up 37.6% in 1986; 49 critical (S 12 2)

*H Radar center controllers (So.Cal) concealed collision course info (S 12 2)

*V Jetliners in near-miss over Cleveland; wrong freq assigned, neither plane in contact with controllers (S 16 4)

*Vid Complexity of the airplane pilot's interface increasing (R 18 63)

*V Computer errors involved in plane crashes? (Aftonbladet) (R 18 65,66)

* Problems with below-sea-level aircraft altitudes (R 18 72,74)

h Plane takes off, flies for two hours, without pilot (R 19 47)

*Vf `TCAS Sees Ghosts' (see IEEE SPECTRUM, August 1991, p.58) (S 16 4); Traffic Alert Collision Avoidance System blasted by ATC people (S 17 1); See also relevant discussion on human errors by Don Norman (S 17 1:22)

Vih? TCAS related collision-avoidance mistake discussed (S 18 1:24)

*f Air-traffic controller reports on potential TCAS problem (S 18 3:A15)

Vf TCAS blamed for near collision over Portland WA; previous reports of phantom planes and misdirected avoidance maneuvers (S 19 2:12); Followup report (S 19 3:9)

*f?/+ TCAS incidents: northwestern U.S., Tehran (S 20 5:13)

? Discussion of TCAS near-miss in Southern Calif. (R 19 55,56)

*Vf Chicago's O'Hare Airport radar lost planes, created ghosts (S 17 1)

*h GAO faults FAA for inadequate system planning in Los Angeles area (S 15 5)

$ FAA drops navigation system contract (S 21 5:16)

*Vhi Four 1986 British near misses described - all human errors (S 12 2)

*Vf/m? Leesburg VA Air Traffic primary, backup systems badly degraded (S 15 1)

*Ve? DFW ATC 12-hour outage after routine maintenance (S 15 1)

*V$ Computer outages force delays in So. Cal, Atlanta (S 12 2)

* Macaque reaches 747 cockpit controls; monkey loose on Cosmos 1887 (S 12 4)

$ Travicom computerized air cargo system withdrawn; £5M lost (S 12 2)

$H Computer hides discount airline seats from agents; lost sales (S 12 2)

$f Pricing program loses American Airlines $50M in ticket sales (S 13 4)

f,h,i Ordering airline tickets on-line: Nonatomic transaction gave tickets but no reservation (R 19 27); name confusions on e-tickets, with similar names (R 19 28) and identical names (R 19 29)

$d American Airlines reservation system SW woes adding cars, hotels (S 17 4)

V$m Power outage causes Australian airline reservation system "virus" (S 13 3)

f Delayed DoT airline complaint report blamed on computer (S 12 3)

$ First-day snafu at new Pittsburgh Airport; BA luggage uncoded (S 18 1:25)

Vm Hong Kong Flying Service computers corroded by hydrogen sulphide (R 19 41)

$f*h British Air 10M-pound inventory system loses parts, earnings, convictions, user confidence, nearly causes deaths, and costs legal expenses (S 18 1:9)

Rail, Bus, and Other Public Transit

!Vh 42 die in Japanese train crash under manual standby operation (S 16 3)

!$Vm Loose wire caused Britrail Clapham train crash, 35 killed (S 14 6)

!!$Vhi Canadian trains collide despite "safe" computer; 26 killed (S 11 2)

*Vmh Rail Canada train derailed 3 Sep 1997; early warning alarm ignored by untrained crew, who disconnected it (R 19 94-95,97)

!Vh Southern Pacific Cajon crash kills 3; tonnage computations wrong (S 14 6)

!Vm Cannon St train crash in London, 1 dead, 348 injured, brakes failed (S 16 2)

!Vm Kings Cross passenger trapped in automatic door, killed; no alarm (S 16 2)

!V*h London commuter train crash out of Euston Station, 8 Aug 1996 (S 22 1:18)

V!*h Ladbroke British train collision, Oct 1999; driver ran red Signal 109 (R 20 59-60, 62-63)

*V(r?f?) London underground train went 4 stops with fail-safe doors open (S 16 2)

*Vrf London Docklands Light Railway crash; protection system incomplete (S 12 4)

*Vh DLR unmanned trains crash under standby manual control (S 16 3)

e DLR train stopped at station not yet built to avoid changing SW (S 16 3)

*hf London Underground wrong-way train in rush-hour (S 15 3)

*fh London Underground train leaves ... without its driver (S 15 3)

*fh Another London Underground driver leaves train, which takes off (S 19 2:2)

@SH London Underground hacked by insider posting nasty messages (R 17 36)

*h 1928 British rail interlocking frame problem revisited (S 15 2)

*f British Rail signalling software problems, trains disappear (S 15 5)

*Vm Leaves on track cause British Rail signal failure (S 17 1)

*Vf Removal of train's dead-man's switch leads to new crash cause (S 17 1)

*f/h? Severn Tunnel rail crash (100 injured) under backup controls (S 17 1)

V*fm Intercom hang-up caused 1997 Toronto train collision, 19 Nov 1997; 50 hospitalized; "dwarf signals" (R 20 49)

!Veihh Head-on train collision in Berlin killed 3, injured 20; track controls mistakenly set to one-way traffic, overseer overrode halt signal (S 18 3:A3)

!Vm German high-speed train disaster Jun 1998 and implications; automated system with inadequate sensors and overrides (R 19 80,81,83,89)

Vfm Berlin new automated train switching system (Siemens Generation C) fails from the outset of its use (R 19 77)

f Berlin S-Bahn stopped by switching SW stack overflow (S 22 2:19)

*feh NY City subway crash due to operator, outdated parameters (S 20 5:8)

*m Runaway train on Capitol Hill (S 24 3:26, R 20 13)

m Computer crash freezes train traffic in 8 US states (S 20 3:8)

$Vdef Stack overflow shuts down new Altona switch tower on first day (S 20 3:8)

m Paper-clip causes hard-drive overflow, triggering traffic-control computer failure stopping trains in south Finland for an hour (R 19 10)

* Train Accident in China due to safety systems known not to work (S 17 1)

*m Control faults cause Osaka train to crash, injuring 178 (S 19 1:4)

f/m? Computer glitch causes severe train delays in Melbourne (R 20 48)

Vm Electrocuted snake cancels 34 trains in northern Japan (R 19 88)

*hi Amtrak mainline train collision in Maryland, Feb 1996 (S 21 4:13)

Vf/m? Amtrak ticket system breaks down (S 22 2:19)

Vrm Hurricane Floyd had widespread effects, Amtrak operations center problems in Jacksonville affected trains in Eastern Seaboard, Chicago, Michigan; also DC commuter rail (R 20 58); ISDN lines, ATMs, EDS (R 20 62); nationwide AT&T cellphone service interruptions (R 20 59);

Vm/f Emergency Alert System interrupts hurricane announcement, and crashes for 20 minutes (R 20 58)

f/m Train-ticket vending machine bogus tickets; innocent victim harassed (R 19 20)

Vm Swedish central train-ticket sales/reservation system and its backup both fail (R 20 05)

!i Washington D.C. Metro crash kills operator (S 21 4:13)

Vmf Washington D.C. Metro Blue Line delay 6 Jun 1997; system+backup failed (R 19 22)

Vmfe Computer crash impacts Washington DC Metro (S 23 3:25, R 19 50)

Vf/m? Computer problems foul up the Washington D.C. Metro system; graphics system froze (R 20 60)

*h Atlanta MARTA commuter train jumps track, injuring 19 (S 21 5:14)

*f LIRR trains fail to trigger computerized crossing gates (S 22 1:18)

m Lightning knocks down wall of an English pub, and closes fail-safe railroad crossing that blocked fire engines (R 19 72)

Vfm Computer crash shuts down Taipei subway (S 21 5:14) Note: Matra made software for both Ariane5 and Taipei subway system (S 21 5:15)

V$mf Swiss locomotives break down in cold weather; SW fails (S 20 2:11)

*f Flaw discovered in Swedish rail control system after near miss (R 19 22)

fh Union Pacific merger aftermath: gridlock, lost trains (S 23 1:11, R 19 41)

* Japanese railway communications jammed by video game machines (S 12 3)

* Japanese train doors opened inadvertently several times; EMI? (S 12 3)

*f SF BART train doors opened between stations during SF-Oakland leg (S 8 5)

f SF BART automatic control disastrous days of computer outages (S 6 1)

*V$m BART power mysteriously fails and restores itself 5 hours later (S 12 3) battery charger short and faulty switch subsequently identified (S 12 4)

m BART ghost train, software crash, 3 trains fail, system delays (S 22 2:19)

f BART ghost trains; 567 cases in two years (R 20 31-32)

f SF Muni Metro: Ghost Train recurs, forcing manual operation (S 8 3)

f SF Muni Metro: Ghost Train reappears; BART problems same day (S 12 1)

mM San Francisco Muni adds new communicating streetcars, has to remove old ones blocking comms to increase service (R 19 95); Muni driver leaves car, which went on driverless! (R 19 95)

*fm Chunnel has ghost trains, emergency stops (due to salt water?) (S 20 3:9)

Vf Phantom trains down Miami's Metromover inner loop for 2 days (S 20 5:8)

$*H SF Muni Metro crash; operator disconnected safety controls (S 18 3:A3)

$d Washington D.C. Metro stops payments on troubled computer (S 23 4:21)

h LA Rapid Transit District computer loses bus in repair yard (S 12 2)

$f LA RTD phantom warehouse in database "stores" lost parts (S 12 2)

fhi Analysis of the Chicago train/bus crash (R 17 43)

$*f Puget Sound ferry computer failures - 12 crashes; settlement vs builder $7 million; cost of extra $3 million for manual controls! (S 12 2); Electronic "sail-by-wire" replaced with pneumatic controls (S 14 2,15 2)

*Vm Water seepage stops Sydney automated monorail computer controls (S 13 4)

Vfh Daylight savings time changeover halts train for an hour (S 15 3)

m Risks of the modern train: lots of inconveniences (R 20 54)

Automobiles

!hi Driver kills cyclist while trying to save Tamagotchi virtual pet on her key ring (R 19 67)

!$h Wilson (draw)Bridge warnings not set, truck plows into car (S 17 1); See relevant discussion on human errors by Don Norman (S 17 1-22)

!$f? Mercedes 500SE with graceful-stop no-skid brake computer left 368-foot skid marks; passenger killed (S 11 2)

!$f? Audi 5000 accelerates during shifting. 2 deaths. Microprocessor? (S 12 1)

*$f? Microprocessors in 1.4M Fords, 100K Audis, 350K Nissans, 400K Alliances/ Encores, 140K Cressidas under investigation (S 11 2)

fmM More on risks of microprocessors in cars (S 16 2)

*V(f?) Saturn auto assumption cuts off engine at high speed (R 21 10); Nissan also (R 21 13)

*SM Sudden auto acceleration due to interference from CB transmitter (S 11 1);

*M Sudden acceleration of Dutch bus commonplace: interference (S 23 1:11, R 19 40)

M GM sudden acceleration (31 deaths, 1121 injuries between 1973 and 1986) linked to EMI in court; Audi cases still suspected; cars less protected than aircraft (R 19 38); note from Adam Cobb in Australia (R 19 42)

M Remote-control car starter also controls car doors, turns on heater, defroster, or air-conditioner, up to 400 feet away (R 19 37)

f(i?) BMW under GPS navigation driven into Havel River (R 20 14)

M Swedish policeman's handheld digital radio triggered his car airbag, which hit him with the radio unit (R 19 43)

SMr Cell phones can interfere with auto systems (R 19 63)

SM Czechs ban mobile phones in gas stations (interference) (R 19 68-69)

Sf Denver car-emission testing program bypass (S 21 4:17, SAC 14 3)

f Germany to rely on on-board diagnostics for vehicle emission checks (R 21 15, S 26 2:)

f$ Emissions software glitch falsely fails hundreds of older cars in Atlanta (R 20 04)

*? Fly-by-wire SAAB: joystick, no mechanical linkage, keyboard, screen (S 17 3)

*Vefm Jaguar loses all power due to faulty car phone installation (S 15 5)

*f 1986-87 Volvos recalled for cruise control glitch (S 13 3)

* General Motors recalls almost 300K cars for engine software flaw (R 18 25)

f*$ General Motors recalled almost one million cars (1996-97 Chevies, 1995 Cadilacs) for undesired airbag deployments; Chevy fix involved software change (R 19 85)

- Comments on software explosion in new automobiles (S 22 2:23)

*H Home-reprogrammed engine micro makes 1984 Firebird into race car (S 12 1)

SH Hacking of car engine computers reaches Australia (S 13 4)

*f Anti-skid brakes and computer controlled race cars? (S 12 1)

*Vrf Car with computerized steering loses control when out of gas (S 12 4)

*Vf Non-fail-safe power-outage modes - car locks (S 13 1)

*Vrm Experimental semi-truck micro died (EMI) when near airport radar (S 12 1)

*$f El Dorado brake computer bug caused recall of that model [1979] (S 4 4)

i?m?f? Ford/VW/Nissan cars with Microsoft dashboard Windows PCs (S 23 3:25, R 19 54)

*$f Ford Mark VII wiring fires: flaw in computerized air suspension (S 10 3)

*Vf Cadillac recalling 57,000 cars for headlights-out computer problem (S 12 3)

V$f Oldsmobile design lost: hard disk wiped, backup tapes blank! (S 12 4)

f GM blames smelly Astros and Safaris on faulty computer fuel mix (S 13 4)

*mh Computer blamed for unbalancing of tires (S 14 6)

$drf Computer traffic/revenue model problems delay Denver highway (S 17 3)

m True Value 500 lap-counters in 5 cars fail during race; no time for backup (S 22 5:13)

*m Automated Pentagon car barrier hoisted limousine, injuring Japanese Defense Minister and five others, Sep 1998; faulty sensor (R 19 97); same gate malfunctioned, Aug 1990, injures German defense attaché and American aide (R 21 06; S 26 1:26)

*f Problems with the Wide Area Augmentation System (WAAS) (S 25 3:17, R 20 84)

..... Roller-coaster accidents

*m? 42 Japanese injured in roller-coaster car crash (EMI?) (S 12 3)

*$f Computer-controlled Worlds of Fun roller coaster trains collide (S 15 3)

*$f Dorney Park roller coaster crashes; same design flaw, builder (S 18 4:2)

* Roller Coaster controls balance scariness and safety? (S 15 5)

*e Astroworld ride jams at top with reporters; untested SW change (S 16 3)

*f Blackpool roller-coaster (1) fault traps 30; (2) 2 trains collide (S 19 4:5)

+? More on making roller coasters idiot-proof: automation (R 19 93)

Motor-Vehicle and related Database Problems

!!h Bus crash kills 21, injures 19; computer database showed driver's license had been revoked, but not checked? Also, unreported citation (S 11 3)

!P Murderer got actress Rebecca Schaeffer's address from CA DMV; new regs on DB access: notify licensee, delay response for two weeks (S 14 6)

$SP Misused (25% of sample) computerized Calif auto registration info (S 16 4)

SHI 24 California DMV clerks fired in fraudulent license scheme (S 23 1:14, R 19 27)

@California DMV fosters identity theft: 100,000 of 900,000 duplicate license requests in 1999 were fraudulent! (R 21 07; S 26 1:34)

*SH California Ex-DMV worker admits altering driving records for money (S 17 1)

$SH Personal misuse of motor vehicle data by London policeman (S 17 1)

$SPH Iowa theft ring misusing license plate info, busted (S 18 1:19)

*SH British auto citations removed from database for illicit fee (S 11 2-4)

$SH Father's desktop publishing used for bogus drivers' licenses (S 18 3:A8)

P Risks of stored digitized photos on drivers licenses (S 19 1:9)

$f California DMV computer bug hid $400 million fees for six months (S 11 2)

$f Toronto motor vehicle computer reported $36 million extra revenue (S 11 3)

Vef NJ DMV computer system upgrade crashes on first live use (R 19 80)

hP NY State DMV accidentally cancels auto registrations (R 21 15, S 26 2:)

V(m?e?) Mass. Motor Vehicle computer down after maintenance (S 14 6)

f Alaskan DMV program bug jails driver [Computerworld, 15Apr1985] (S 10 3)

f? Parisian computer transforms traffic charges into big crimes (S 14 6)

$ Georgia vehicles stopped as stolen; new tags match old ones (S 15 3)

$f New California DMV computer system issues large erroneous bills (S 16 1)

$e SW patch adds $10-30 to 300,000 auto tax bills in Georgia (S 19 3:5)

$ Chicago cars get erroneous tickets for illegal parking (S 15 3)

$h 1000 IL residents dunned for bogus parking violations (S 15 3)

$f NYC parking violations computer issues many bogus bills per year (S 15 5)

f Computer glitch mails Mass. driver's licenses `en masse' (S 22 4:29, R 18 83)

f NJ DMV computer changes drivers' names to "Watkins Leasing Co." (S 12 3)

*f 100-year-old's age computed as 0, license renewed without test (S 15 2)

$ NSWales computer deregisters ALL police cars; unmarked car scofflaw (S 15 2)

i Mileage input default problem in Ill. exhaust emission enforcement (S 17 2)

$fd California DMV system upgrade botched; $44.3M deadend (S 19 3:5)

..... Automated highways:

* Human risks in IVHS automated vehicles (R 19 08,10,11)

Electrical Power (nuclear and other) and Energy

..... Nuclear power:

!!!V$rh Chernobyl nuclear plant fire/explosion/radiation [26Apr1986] (S 11 3) Misplanned experiment on emergency-shutdown recovery procedures backfired. Fatal (at least 31), serious cases continue to mount. Wide-spread effects. (The town of Chernobyl is now being dismantled.) [Vladimir Chernousenko, director of exclusion zone, estimates already 7-10K deaths among the clean-up crew, according to San Francisco Examiner, 14Apr1991, p. A-6.] 500,000 contaminated, 229,000 in clean-up crew (San Fran. Chron, 17Apr91); 8,500 in clean-up crew dead, many others (San Fran. Chron,14Apr91,p.A10)

*Vh Russian nuclear sub near-disaster due to utility power shutoff? (R 17 42,44)

*V(f/h?) Russian nuclear sub explodes 13 Aug 2000: torpedo-launch test backfires, with crew over 100; previously, 507 nuclear sub crew members had died overall (R 21 01)

*V$f 14 failures in Davis-Besse nuclear plant emergency shutdown (S 11 3)

*$hrmi Three Mile Island PA, now recognized as very close to meltdown (S 4 2), with 4 equipment failures plus misjudgement. SW flaw noted (S 11 3)

!!V,$ Various previous nuclear accidents - American (3 deaths SL-1 Idaho Falls) Soviet (27-30 deaths on Icebreaker Lenin, three other accidents) (S 11 3)

*r Subsequent to Chernobyl, US Nuclear Regulatory Commission relaxed fire isolation guidelines, enabling a fire to wipe out two systems (S 11 3)

*$ Crystal River FL reactor (Feb 1980) (Science 207 3/28/80 1445-48, SEN 10 3)

*Vrf Bug discovered in Shock II model/program for designing nuclear reactors to withstand earthquakes shuts down five nuclear power plants (S 4 2)

* Nuclear power-plant safety (S 12 4)

*$f? British nuclear reactor software safety disputed (S 14 6)

*d Untested risk management system for UK nuclear power stations? (S 18 2:10)

*$hf? Sizewell B nuclear computer safety software complexity causes concern; Sellafield reprocessing plant computer error adds further concerns (S 17 1) Official report summarized. Maintenance work underway. Two shield doors left open. Waste raised. Plant still shut down, more study. (S 18 1:27) See also Dolan (R 15 58) and Parnas (R 15 59) on software testing.

*$f? French nuclear power software safety considered error-prone (S 15 1)

*Vm Oswego NY Nuclear reactor offlined by 2-way radio in control room (S 14 5)

VSMr Interference downs Iowa nuclear power plant (2nd time) (S 18 1:12)

*f SW error at Bruce nuclear station releases radioactive water, and raises questions about Darlington (S 15 2); more on Darlington, shutdown SW difficult to modify, verify (S 16 2)

* Fuzzy control in nuclear reactor startup/shutdown (Omron FZ-1000) (S 16 3)

*r Nuclear Regulatory Commission Emergency Response Data System vulnerability: only one modem (R 20 11)

*hhf Report by Chiaki Ishikawa on Japanese nuclear accident, with significant radiation release: a case study of bad design (R 20 61)

*f Grenoble neutron reactor 10% over limit; equations wrong and instrument miscalibrated, ordinary not heavy water assumed in both cases! (S 15 2)

$df New French reactor's distributed computer system abandoned (S 16 2)

*$VSH Lithuanian nuclear power-plant logic bomb detected (S 17 2)

Vhi 20 of 59 Soviet N-Plant shutdowns 1st half 1991 due to `human error' (S 16 4)

f (Assumed) false alarm at San Juan Capistrano nuclear plant (S 16 4)

*Vf Power surge shuts down 9 Mile Point nuclear station Oswego NY; uninterruptible backup power fails as well; site area emergency triggered (S 16 4)

$* Tolerability of Risks from Nuclear Power Stations (report) (S 18 1:11)

* Northeast Util. Millstone 2 nuclear power problems, underreporting (S 19 4:7)

Vhi Xerox machine caused nuclear-power plant emergency halt (S 21 5:16)

VSH Florida nuclear controls "vandalized"? Switches glued (R 18 35)

*H More than 150 cases of falsified reports on welds in nuclear-power plants. (R 19 39)

@eh Pilgrim nuclear plant Y2K readiness questioned by NucRegComm (R 20 40)

*+/- California's Diablo Canyon 1 nuclear reactor auto shut down releases some radioactive steam; shutdown worked properly (R 20 89)

..... Nonnuclear power:

!m,h Electrocution leads to more deaths (R 21 15, S 26 2:)

hd Grid-lock: Software missing, California electric power deregulation delayed (S 23 3:25, R 19 52)

VSHO Calif. PG&E power substation damaged; note links attack to McVeigh verdict (R 19 21)

mf$ "Heading off emergencies in large electric grids" (IEEE Spectrum article, April 1997, pp.43-47) (R 19 09)

@$* Risk: Analysis, Perception and Management (report), assessing the worth of a human life around £2M to 3M, .5M in Transport Dept. (S 18 1:11)

*V$r 1965 Northeast power blackout due to set-too-low threshold being exceeded

*V$f Power blackout of 10 Western states, propagated error [2Oct1984] (S 9 5)

*V$mh Western U.S. power blackouts, more propagated effects [2Jul1996] (S 21 5:13); apparently, initial report of outage from tree on power line was not relayed: operator could not find a phone number

*V$mhf West-coast summer power losses: 10 Aug 1996 affected 8 million accounts in 8 states, parts of Canada and Baja, with major outages, air-traffic effects; many interlinked causes. 13 Aug outages included Palo Alto shutdown due to erroneous signal (S 22 1:16); Palo Alto outage fried the Cable Co-op Playboy channel scrambling chip, programs went out in the clear (S 22 1:17); Stanford outage 10-11 Oct 1996 takes down Silicon Valley Internet connectivity, newpaper Web sites; caused by rats, explosion (S 22 1:16) (R 18 27-29,34)

VSH(O?) 3.5-hour San Francisco power blackout 23 Oct 1997 blamed on sabotage (S 23 1:13, R 19 42)

V$m Downtown Chicago hit by electrical blackout, 12 Aug 1999; 3 of 4 transformers down, plus high-voltage cable (R 20 55)

*V$hm Another San Francisco power outage: SFO Airport, Pacific Stock Exchange, rapid transit down, 1 million customes affected (S 24 3:25, R 20 11)

*$Vm Auckland NZ without power for weeks; El Nino drought affects cables (R 19 61); Auckland major power supply failure (4 power-cable failures): analysis report released (R 19 88)

Vm Power cut in northern India hits 226,000,000 people (R 21 18)

Vm Power cut blocks emergency calls (R 21 16)

*V$ Don't forget the 6-week power outage in Quebec in winter 1996-97 due to massive collapse of heavily iced transmission towers, which had massive effects. Although it was not directly computer related, whoever designed the towers certainly did not allow for reality as the weight of the ice was way over the designed load.

*Vrfm Maine Emergency Broadcast System fails: no emergency power (R 19 55)

V$m Intel shut down by power-company software bug, 5-hour outage (R 18 02)

*m Jan 1994 L.A. earthquake power failure affects Pacific NW (S 19 2:3)

Vm$$ Chicago Loop tunnel flood blows power,computers,comm 13Apr92 (S 17 3)

*Vf Ottawa power utility loses working three units to faulty monitor (S 11 5)

V$fdmh $25M Australian power system runs amok; damages = $1.5M (S 20 2:11)

*VSi Misdirected phone call shuts down local power (S 20 3:7)

*V$rm Squirrel arcs power, downs computers in Providence RI (S 12 1)

V$rm SRI attacked by kamikaze squirrel who downs uninterruptible power (S 14 5)

Vrm 4th SRI squirrelcide causes 8-hour outage, surges, system rebuild (S 20 1:17)

Vrm$ 5th SRI squirrelcide causes 18.5-hour institute outage, knocking out cogeneration power and disconnecting from utility power (R 19 96); earlier cases: see (R 17 91, R 18 52-53).

m Another squirrelcide: San Jose Airport power cut (R 20 87)

V$rm Squirrel attack brings down Walla Walla (S 21 2:17)

Vrm Squirrel knocked out Trumbull Connecticut infrastructure computer center (S 22 1:17)Vm Racooonoitering causes power outage at UC Santa Barbara (R 21 11)

Vrm Snail causes Liechtenstein's cable TV system to fail (S 22 1:17)

Vrm Kamikaze raccoon downs cold fusion experiments (S 14 5)

Vrm Rat bridging connector downs U.C. Berkeley campus power (S 19 4:6) @Also, see Nasdaq squirrel outages (S 13 1) and (S 19 4:5-6)

Vrm Rat-induced short-circuit at Barranquilla airport closes airport (R 19 38)

Vrm Rat-patrol cat in Dhaka, Bangladesh, shorted out power station control room (R 19 74)

Vr* House cat kills power to commercial district in Dhaka Bangladesh (R 19 67) ("Un chat" in the dark?)

Vm Fire ants enjoy the comfort of electrical equipment (R 19 17-19)

Vrfh Vacuum cleaner interrupts uninterruptible power (S 19 3:8)

*Vm Reactor overheating, low-oil indicator; two-fault coincidence (S 8 5)

Vhi Trainee raises false alarm on utility emergency printer (S 12 3)

Vmf Fire risks compounded by loss of residential power; alarms and cordless phone ran off house power (R 19 82)

..... Natural Gas

Vm One-meter ice block in main gas supply knocks out 1/4 of gas in Victoria, Australia, with secondary power losses (R 19 81)

V*hm UK Cable-and-Wireless employee accidentally cut gas line while repairing phone line (R 19 96)

V*m Esso natural gas plant explosions in Victoria, Australia, killed 2, requires 5M people to shut off gas, despite three other plants (R 20 01)

Medical, Health, and Safety Risks

..... Various hospital and health-care problems

!hrife Therac 25 therapeutic accelerator programming and operational flaws; 2 [now 3] killed, 3 injured (S 11 3, 12 3); see also Ivars Peterson, Science News, 12 March 1988; Jon Jacky, The Sciences, NY Acad. Sci Sep/Oct 89. See the definitive article by Leveson/Turner, An Investigation of the Therac-25 Accidents, IEEE Computer, July 1993, pp. 18-41: 2 deadly flaws: a nonatomically edited command line whose effect did not complete within 8 seconds, a six-bit counter that when zero bypassed the collimator check. Hardware interlock in Therac 20 eliminated.

!(ei?) Zaragoza Spain cancer radiation mistreatment; at least 3 died (S 16 2)

*f Brit. hospital radiation underdoses by 30% due to SW bug (S 17 2, 19 1:3)

!h$ 3 patients die when Russian hospital omits utility payments (R 20 25)

*Vm Risks of an `uninterruptible power supply' that wasn't: baby born by torchlight (R 21 09)

*Vm Fuse caused a hospital to disconnect from the power grid (R 20 11)

Vrm Power outage leaves hospitals in the dark; inadequate backup (S 24 4:26-27, R 20 25)

!fh Woman killed daughter, tried to kill son and self; "computer error" blamed for false report of their all having an incurable disease (S 10 3)

!Vhri Girl electrocuted by heart-monitor plugged into electrical outlet (S 12 1)

m Seizure-inducing video hospitalizes 650 Japanese youths (R 19 51)

[!h bogus] Report of cleaning person inadvertently killing patients (R 18.28,29); story later apparently debunked (R 18 72) mfh "When Doctors Make Mistakes" (New Yorker, 1 Feb 1999) considers user interfaces on defibrilators, design variations in anesthesia controls (R 20 18)

rfhm Computer-based patient monitor problems: improvements still needed in anesthesiology (R 20 49-50)

*+/- Open-source anesthesia software (Salon, R 20 52)

*VmM? Medical monitors reboot in mid-surgery due to EMI? (R 20 49); other medical risks (R 20 51-52)

V*m Clinical disruptions following loss of telephone service (R 20 50)

h* Medical paper retracted following discovery of programming error (R 20 48); Statistical errors in medicine (R 20 49); Misplaced priorities with electronic hospital records (R 20 50)

*fmd Life-threatening flaw in implantable cardioverter-defibrillator and other life-threatening medical equipment failures (R 20 48); Complexity and Safety in Medical Electronics, Dr. John Doyle (R 20 53)

*fh Clinac 1800/2100C interlock boards switched, some calibrations x2 (S 16 4)

*fi Risks of false alarms in medical systems; disconnected alarms (S 19 2:3)

@*SHI Hacker-nurse unauthorisedly changes prescriptions, treatments (S 19 2:5)

h Bremen hospital computer uses financial bottom-line whether to give intensive care; local government objects (R 18 84)

$ Walter Reed Hospital health care system botches prescriptions, lab orders; access to narcotics not secure; increases doctors' workloads (S 17 3)

$f NY Blue Cross system confuses patients with same gender, birthdate (S 17 3)

m Harvard Pilgrim HMO scheduling system creates chaos (S 21 4:13)

@f/h? Empire Blue Cross/Shield glitches necessitate $50M write-off (S 18 3:A5)

i Infirmary patient mistook painkiller button for call button (S 18 2:5)

*rf Blood test for man born in 1889 "normal" (for 1989 birth!) (S 15 2)

*f Medical SW fails to identify high cancer risks in British women (S 17 3)

!$dfh London ambulance service SW development woes; major test fails (S 17 3) Complicated system, incomplete training, "wartime action room" (S 18 1:26) Up to 20 deaths from delays, worst case 11 hrs (S 18 1:28); LAS made `virtually every mistake in the book' in implementation. (S 18 2:9)

*Vf 100 US hospital computer systems die; 2**15 days after 1/1/1900 (S 14 6)

$ Computer delays cost Nottingham Hospital over £300K (S 17 1)

*f Three medical product recalls due to software errors (S 14 5)

*f Overseeing dementia patients by computer: conflicting advice (S 16 4)

*f Multipatient monitoring system recalled; mixed up patients (S 11 1)

*f Diagnostic lab instrument misprogrammed (S 11 1)

*fi AI medical system in Nevada gave wrong diagnosis, overdose (S 11 2)

$* 2nd mammogram after first botched causes health insurance denial (S 16 3)

f Doctor phone analysis skewed by inability to register long waits (S 18 2:13)

*h Nondial emergency phone gives recording to DIAL another number! (S 15 2)

*SHi Rochester General Hospital disowns Web site heart-attack info (R 20 83-84)

..... Pacemakers, interference, etc.

!SrfM Arthritis-therapy microwaves set pacemaker to 214, killed patient (S 5 1)

!SrfM Retail-store anti-theft device reset pacemaker, man died (S 10 2, 11 1)

*VSrfM Electrocauterizer disrupts pacemaker (S 20 1:20)

*Vrif Pacemaker locked up when being adjusted by doctor (S 11 1)

+M Improved designs (including sealed titanium cases) have reduced the likelihood of RF interference. See Design of Cardiac Pacemakers, John G. Webster (ed.), IEEE Press, 1995, pp. 207-211.

!VrSM Cellular/radio RFI affects medical equipment; defibrillator fails; TV-RFI-altered diagnosis leads to unneeded pacemaker (S 19 4:7)

+M RF risk turns pacemaker failure into accidental life-saver (S 19 4:7)

*Vf Risks of flaws in programmable defibrillators (R 19 50,52,53)

i Heart-monitoring software interface problem (R 18 49,50)

*SM Stereo speaker risk to heart device (S 14 5)

*Vm Failed heart-shocking devices due to faulty battery packs (S 10 3)

*VrM Medical electronics RF susceptibility: triggers hospital alarms respirators failed because of portable radio interference (S 14 6)

VrSM New HDTV signal shuts down Baylor heart monitors on same frequency (R 19 62)

!SrM Miner killed by radio-frequency interference (S 14 5)

..... Chemical health hazards

! Higher miscarriage rate for women in computer-chip manufacturing (S 12 2)

!* Reports on miscarriages in U.S. chip workers, Finnish VDT users; effects of Nintendo and other games on epilepsy (S 18 2:10)

* "Dirty Secrets" of chip industry: hazardous chemicals (R 19 55)

*f(h?) Computer flaw drops chlorine level, makes water undrinkable in Lewiston ME (S 24 1:32, R 19 92)

..... Electromagnetic and other occupational hazards

*f/h US occupational hazards much worse than in Europe? (S 14 6)

*m Video display terminal health safety a continuing concern (S 11 3, 11 5); Series of three New Yorker articles by Paul Brodeur, 12-19-26 June 1989 Article on VDT Radiation, Paul Brodeur in MacWorld (S 15 5); VDT health effects discussed in K.R. Foster book chapter (R 14 70, S 18 4:5)

*m Scandinavian study shows magnetic fields increase leukemia risks (S 19 1:3)

? Mobile phones cause memory loss? (R 20 23); Italian hospitalized for "acute Internet intoxication" (R 20 24) Studies continue to show possible health hazards from cell phones.

* Computer noise linked to stress, especially in women (S 15 5)

*f Killer terminals -teletypes (old) and Televideo 910s (S 14 1)

* Repetitive strain injury, other risks in video terminal use (S 12 2)

$ British Telecom pays £6000 for repetitive strain settlement (S 17 1)

$ Apple settles RSI claim, after lawyer's error; IBM off the hook (R 16 86)

$i Three awards (largest $5.3M) for arm, wrist, hand injuries attributed to Digital LK201 keyboard (R 18 66); references on RSI (R 18 68); Judge overturns all but smallest verdict in Digital keyboard case (R 19 14); a New York jury ruled Digital was not responsible for 9 workers' RSI cases (R 19 82)

* Carpal tunnel syndrome (R 10 12,10.14), ulnar nerve syndrome (R 10.13)

*$ Long Island county legislation on VDT Use (S 13 3)

* VDTs and dermatology: rosacea, acne, seborrheic dermatitis, poikiloderma of Civatte. Medical article, useful references. (S 13 4)

* VDTs and deterioration of eye focusing (S 13 4)

* Health risks from dusty computer displays (R 18 21,23)

* Glass cleaner causes static sparks, PC fires (S 13 2)

!$ 2 Compaqs (Portable II) exploded after battery circuits rewired (S 12 1)

*V GPS receiver explodes; PLGR violent venting at Fort Irwin (R 18 32)

* Health hazards attributed to laser printers (S 12 1)

@m Display lasers affect aircraft: pilots blinded over Las Vegas (R 17 55)

*f Dangers of computerized robot used in surgery (S 10 5)

* Computer use and extension phones linked with weight gains (S 15 3)

m*? Risks of computerized Japanese toilets (R 20 51-52)

*!h Trash compactor kills shoplifter; original story on automatic initiation incorrect (R 20 90-91)

..... 911 problems

@!Vhi Death of 5-year-old boy due to SF 911 computer equipment failure (S 12 2) Ultimately blamed on terminal operator failing to press a button.

!f CADMAS 911 dispatch SW problem contributed to woman's death (S 16 1)

@!f Emergency dispatch EMS SW truncates address, man dies (R 11 55,57,60)

@!f 911 software discarded updated address in fatal Chicago area fire (S 17 1)

!Vfmh NYC 911 system crash during backup generator test: backup failed for an hour, main for 6 hours (R 20 19)

m Los Angeles 911 system with no alternative power fails for 17 hours, but backup system worked! (A novelty in RISKS archives!) (R 20 03,07)

m Wet cable leads to 120 false 911 calls (R 20 10)

h? Fort Worth TX police computer makes 1,300 invitational calls in the wee hours: "reverse 911" (R 20 23)

Vm* Small fire escalates into major disruption for 113,000 Toronto phone lines, with resulting protracted outages including 911 services (R 20 49,51)

Vf/m/h? Glitch misroutes Nevada 911 calls to San Diego CHP (R 20 62)

..... Database issues

SHI DMV security code disclosed at hospital in New Haven (R 18 28)

$SHAI Mass. hospital technician accessed ex-employee's account, accessed 954 files, harassed former patients, raped girl (R 17 07, SAC 13 3)

SHI 6000 AIDS records stolen from Miami hospital PCs and diskettes (S 19 2:9); bad prank follows (S 20 5:10)

SHI 4000-person AIDS database leaked to press, Pinellas County, FL (R 18 48,53); former Health Dept employee and roommate charged (Reuters, 15 Feb 1997)

f SW error almost doubled apparent death rate in St. Bruno, Canada (S 15 3)

P Confidential medical records sold at auction (S 16 4)

..... More safety risks

- Internetomania: psychology of net usage (S 23 5:26, R 19 78)

*fm? Medical image compression problems discussed (S 16 2)

S Actress Margot Kidder's breakdown reportedly triggered by computer virus' lost files (R 18 46)

!h Woman electrocuted in hotel; faulty air-conditioning? (S 20 5:9)

!f [bogus] 2 dead, 1 brain-dead from Chilean bank terminal [Weekly World News] (S 12 2)

mf? Baby death due to software-controlled air bag deactivation? (R 20 28)

* Computer CPU falls on man's foot (S 12 4)

+ E-mail between Bordeaux and Minneapolis rescues a suicide attempt (S 18 1:6)

+ Microchip in dog tag identifies Australian boy (S 19 1:3)

Other Environmental Risks

(!)*$$hif Exxon Valdez oil tanker on autopilot runs aground with captain absent; worst oil spill in US history; computer records deleted (S 14 5)

*fh Automatic speed reduction causes New Orleans Bright Field crash (S 22 2:19)

*f/h Computers blamed each time, 3M, 5.4M, 1.5M gallons of raw sewage dumped into Willamette River in three separate incidents (S 13 3, 13 4)

h GPS setup error affects dredge dumping in California (S 24 4:27, R 20 30)

rfh 1993 Midwest flood-warning problems; operations, models flawed (S 18 4:5)

h/f? Orlando newspaper forces stormwater tax delay; computer blamed (S 17 2)

* Smoke ban in India brings back mosquitos, malaria (nontech risk) (S 19 4:7)

@*f Ozone hole over South Pole observed, rejected by SW for 8 years (S 11 5)

@fm Channel blocked, Discovery runs out of storage for ozone data (S 18 3:A14)

Robots and Artificial Intelligence

!m Japanese mechanic killed by malfunctioning Kawasaki robot (S 10 1, 10 3) (Electronic Engineering Times, 21 December 1981)

!m At least 4 more, possibly 19 more robot-related deaths in Japan (S 11 1)

!mM? 6 of these deaths due to stray electromagnetic interference? (S 12 3)

!m Michigan man killed by robotic die-casting machinery (S 10 2, 11 1)

! [bogus] Chinese `AI' computer electrocutes its builder (S 10 1) [WWN]

!f [bogus] Computer electrocutes chess player who beat it! (WWN) (S 14 5)

* Two cases of robot near-disasters narrowly averted by operators (S 11 3)

V(!) Budd Company robot commits suicide by dissolving its electronics (S 13 3)

$hi Programmed tunnel-digging robot runs amok (a-muck), $600,000 to fill hole (S 22 5:13)

f Servant robot runs amok, winds up in court (S 11 5)

f NBC network-news robot camera runs amok during broadcast (S 13 3)

$S Risks of on-line robotic SW repair: SoftRobots (S 12 4)

Vmf? Stanford robot veered off course, fell down stairs (S 18 1:7)

V$m Fiber cable snap ends Dante robot only 21 ft into Mt Erebus volcano (San Francisco Chronicle, 3 Jan 1993, p.B-6)

V$m Dante II robot explores Mt Spurr plagued by problems: bear chews on antenna; power loss; topples over; tether snaps; finally helicoptered out (S 19 4:5)

f Hospital delivery robot blocks exit from elevator (R 20 42)

*Sr Thai robot has Web interface controlling a gun; risky! (R 21 02; S 26 1:19)

*Sr(f?) USAF self-triggering robotic weapon system: airborne laser on a Boeing 747 (R 21 20, S 26 2:)

Other Computer-Aided-Design Problems

*rh Hartford Civic Center Roof collapse: wrong model (S 11 5, ref. 14 5)

*f Salt Lake City shopping mall roof collapses on first snowfall (S 11 5)

@Vm Computer-center roof collapses in snow, downs 5000 ATMs (S 18 3:A4 and 5)

$rf America's Cup Stars&Stripes misdesign due to modeling programs (S 12 1)

*f John Hancock Building in Boston - problems in "active control" (S 12 1)

*f Potential building collapse: the 59-story building saga in New York (S 20 5:10)

Accidental Financial Losses, Errors, System Outages

$eh Largest computer error in US banking history: US$763.9 billion (S 21 5:13)

*$h Oct 1987 Dow-Jones index losses amplified by program trading (S 13 1); Side-effects of saturated computer facilities; brokerage sued (S 13 1); Losses over 100 points truncated to two digits by Signal service (S 13 1); Program trading halted by Wall Street firms for own stability (S 13 3)

$f L.A. County's pension fund loses $1.2B over 20 years due to programming error (R 19 66)

$fe New £170M system gyps British pensioners of up to £100 each week (R 20 05)

V$m U.S. national EFTPOS system crashed on 2 Jun 1997 for two hours, 100K transactions were "lost". One CPU failed, backup procedures to redistribute the load also failed. (R 19 21)

$hi Reuters/ZDNet typo (TMCO instead of TMCS) causes wild stock fluctuations (R 20 11)

$f Multiple stock transactions result from blocked confirmation (S 13 1)

V$f E-Trade computers crash repeatedly (S 24 3:25,R 20 20)

V$ef Schwab's e-brokerage crashes (S 24 3:25, R 20 23)

$h German stock exchange bond futures goof: wrong buttons (S 24 3:25, R 20 09)

e$ Canadian Imperial Bank upgrade affected half the transactions (S 22 2:22)

fh? Canada's Bank of Commerce glitch delays 85,000 transactions (R 19 72)

$e Fidelity Brokerage computer problems from new system installation (S 22 2:22)

$h Mistyped password put two brokers in the same computer files (S 13 1)

$f Midwest Stock Exch 13-yr error redirected $Millions in broker fees (S 17 1)

f/h? Stock listing error: IBM at 0 1/16, down 88 1/2; implications? (S 17 1)

$h Milano stock falls 20% due to typing error (S 19 1:5)

$f Investment program turns into selling-only doomsday machine (S 19 1:5)

$f Computer malfunction causes panic selling at Hong Kong stock exchange (S 22 2:20)

e Risks of Dow-Jones over 10,000: D10K (R 19 64,73); no big deal - nothing adverse happened.

reh Berkshire-Hathaway 1st NYSE stock to exceed $10,000 per share (S 18 1:9); Warren Buffet's never-split NYSE Berkshire Hathaway stock quotes BRK.A reach $32768 per share, must be entered by hand, blowing on-line databases (R 19 64); similar events in Australian stock market (R 19 70)

$f $32 Billion overdraft at Bank of New York (prog counter overflow) (S 11 1)

$fe Ent Federal Credit Union misprocessed multiple same-day transactions for over a year, retroactively deducted $1.2 million from accounts (R 18 53)

$h Franklin National Bank earlier lost $50M in speculation, led to demise (R 18 54)

$f UK bank SW glitch hands out extra £2B in half hour (S 15 1)

$hi $2 Billion goof due to test tape being rerun live (S 11 2)

$m Mag-snag hits Reserve Bank of India's clearing operations (S 19 3:6)

$d UK paid SD-Scicon £7.3M for scrapped IBM 3090 SW system (S 18 1:11)

$dh BofA MasterNet development blows $23M; backup system gone(S 12 4) Two BofA executives leave after DP problems costing $25M (S 13 1); $60M more spent in botched attempt to fix it (S 13 2)

($) Barclays Bank almost transfers £14 billion to Greece (S 17 1)

$def $18M new system hinders collection of $10M in L.A. taxes (S 16 2)

$h British woman overdrawn by £121 billion, due to typing error (R 20 04)

$f $100M overdraft plus daily interest in Sydney - "computer error" (S 13 1)

$rih $.5M transaction became $500M due to "000" convention; $200M lost (S 10 3)

$hi? California bank deposited $1M instead of $100K; it was spent (S 19 3:5)

$$ High stakes: Wall St bank wires average over $1.2 trillion/day (S 12 2)

$h Slow responses in Bankwire interface SW resulted in double posting of tens of $millions, with interest losses (S 10 5)

$f Australian Comm. Bank doubled all transactions for a day (S 13 2)

$h Some French civil servants get paid twice, others not at all (S 21 2:17)

$(f/h?) Double posting of credit-card charges (S 19 3:6)

$fi NYC subway fare cards double-deduct; user interface at fault (S 19 3:6)

$fe Extra line in Chemical Bank program doubles ATM withdrawals (S 19 3:6)

$h Doubled payroll run surrounds Thanksgiving, run before and after (S 20 2:9)

he National Australia Bank operational goof: payroll program not restored after test, payroll missed (R 19 97)

$h $98,002 refund check based on zip code, not correct amount $1.99 (R 19 16)

$f German Bundesbahn (railway) software messes up payrolls (S 20 2:9)

$h Computer blunders blamed for $650M student loan losses (S 14 2)

$h Unvetted software patches threaten $26B federal retirement fund (S 20 3:7)

f/h? Empire Blue Cross/Shield glitches necessitate $50M write-off (S 18 3:A5)

$f California state computer wrote $4M checks accidentally (S 11 5)

h? 75,000 duplicate Calif. unemployment checks issued accidentally (S 18 3:A5)

$f Farmer receives $4M US Government check instead of $31 (S 17 3)

$f Canadian Pacific stock price sanity check rejects legitimate data (S 12 4)

$h Australian man can keep $335,000 windfall from computer data error (S 12 4)

$f/i/h? Howard Jenkins receives accidental $88M; bank system error (S 19 4:8)

SHI Dutch electronic-banking direct-debit scandal: Friesian church minister discovers surprise privileges (R 18 81)

$f SW errors blamed for £71,000 VAT misdeclared; £21,000 fine results (S 16 3)

$h First Boston loses $10M to $50M on computer securities inventory (S 13 2)

$f New software system blocks commercial loans in California (S 14 5)

$f $2B (3M bank transactions) stalled when computer rejected posting (S 13 2)

rf More on ATM range checking. $999,999,999 deposit test goes through (S 15 5)

$f Computer system refuses deposit of $200K; max just under $100K (S 17 4)

f Bank's Exchange network overloads in Oregon and Wash, ATMs act up (S 15 5)

mh Computer aspects of Credit Lyonnais Fire discussed (R 18 14)

Vm Computer-center roof collapses in snow, downs 5000 ATMs (S 18 3:A4 and 5)

$fi Chase Manhattan computer glitch affects thousands (S 21 4:12)

m$ 2000 Toronto-Dominion ATMs crashed for a weekend (S 22 2:22)

$h Codelco loses $207M on mistyped instruction (buy, not sell) (S 19 3:5)

$f Ben & Jerry's expects first-ever loss, partly due to SW problems (S 20 2:11)

$f NZ Databank computer error withholds funds for many accounts (S 16 2)

$m European ATM repeated debit (S 14 2)

Ve Chemical Bank's ATMs go down after botched file update (S 19 4:6)

Ve 1529 Bank of America ATMs down after maintenance goof (R 19 16)

Vfe Bank of Montreal card functions paralyzed by software flaw (R 20 01)

e Non-U.S. Bank ATM users' debited, get no money; botched upgrade (S 18 2:12)

$ Norwegian bank ATM gives 10 times the requested cash; long lines (S 15 3)

$h European bank mounted wrong tape redid monthly transfers (S 14 2)

$he Wells Fargo deposits slip - another software glitch (S 14 5)

$f Wells Fargo 1987 IRS forms stated 100-times-salary for employees (S 15 1)

V(m?f?) Wells Fargo computer network outage (R 21 15, S 26 2:)

Vf/m? Repeated computer outages for Swedish Nordbanken, affecting 3.5M customers; cause not reported (R 21 18)

h? Resolution Trust Corp badly overreports to IRS on interest paid (S 18 2:11)

$f 120,000 long addresses mess up British building society computer (S 14 6)

$f Program bug permitted auto-teller overdrafts in Washington State (S 10 3)

h 2,000 Texans get false overdraft notes from Bank One in Y2K test (R 20 13)

$h Glitch causes 4 billion euro overdraft (S 24 4:27, R 20 30)

$h New Zealand student grants debited instead of credited (S 14 5)

fm More nonatomic ATM transactions: account debited, no cash (R 19 40)

$h Brown University senior's account mistakenly given $25,000 (S 12 2)

$f $80,000 bank computing error reported - by Ann Landers (S 12 4)

e? Lisbon ATM gives receipt in esperanto instead of espanol (S 18 2:11)

$dem Brit. Foreign Office accounting computer outage off by £458M (S 16 2)

$f $40M Pentagon foreign military sales computer misses $1B (S 13 3)

hi British audit missing £37M (16M `usual errors', 21M lost) (S 18 3:A6)

$fe Minnesota PR firm cut over to untested system, bills months behind (S 13 4)

f$ San Jose system stops issuing garbage bills (S 22 2:20)

$fe IRS reprogramming delays; interest paid on over 1,150,000 refunds (S 10 3)

$fh IRS overbills 1000 people by $68M in five flood-damaged states (S 18 4:4)

$h IRS audit turns up $752 VDT valued at $5.6M; $36K payment for idle mini; 32 duplicate payments, overpayments worth $.5M, $17.2M undocumented (S 18 4:4)

$SP IRS computer modernization problems: privacy and security, cost (S 18 4:4)

$f Variances in up to 25% of adjustable-rate mortgage bills (S 16 1)

$f British retail price index 1% off, costs £121M, testing (S 16 1)

V$h San Jose library lost two weeks of records. Books, fines lost. (S 11 3)

V$fm Los Alamitos racetrack lost $26K in excess payoffs; betting halted (S 16 2)

fi Risks of banks' not retaining data between Quicken runs (R 19 39)

$h Fire-control test backfires in midst of bank's end-month processing (S 15 5)

$fm Newly centralized Sendai postal/banking computer crash effects (S 16 3)

+ NY Federal Reserve bank Fedwire EFT survives power outage, no loss (S 15 5)

$m LA Federal Reserve computer snafu delays bank deposits (S 17 3)

V$f SW flaw freezes Barnett Banks (Florida) computer for one day (S 17 4)

$fh 5M NWB credit-card users get erroneous bills (S 17 4)

$ Buy.com mispriced a monitor; automated price search promises lowest price; (R 20 21)

@SH World Bank virus ("Traveller 1991") (S 16 4)

S$e Barclays Internet-banking security-glitch following software upgrade enables access to accounts of others (R 21 01; S 26 1:37)

..... Lottery, Gambling, etc.:

($) Connecticut lottery computer accidentally gave backdated tickets (S 13 3)

$ShH Proprietor tries to cash 5 extra winning lottery tickets (S 18 4:3)

$f(H?) SW enables winning tickets purchased after lottery drawing (S 16 1)

f/m Maryland Lottery software glitch distributes wrong winning numbers (S 22 1:20)

$f,h California Lotto computer crash and its costly effects (S 14 1)

$m Computer problems delay California Lotto payouts (twice) (S 15 3)

h Calif. lottery computer gets ahead of itself; sales halted early (S 20 5:10)

Vm U.K. lottery terminals downed by satellite network breakdown (S 20 5:10; R 17 18)

f$ Arizona Lottery Pick 3 random number bug: 9 never picked; not so random after all (R 19 83)

H Cooperative database develops winning combinations for Dutch soccer scatchables with 1445 alternatives; competition cancelled (S 22 1:21)

$h Programmer unauthorizedly limits sale of certain lottery tickets (S 15 3)

$f California lottery delayed; Daily 3 had flawed pseudorandom program (S 17 3)

$f One-armed bandit chips "incompatible"; 70.6%, not 96.4% payoff (S 17 4)

$f Electronic Keno game beaten; pseudorandom sequence gets reset (S 19 3:10)

fS Unlosable casino game: browser click on back to undo loss; risk of negative bets for intentional losses subtracted from losses! (S 22 1:20)

@$Hhi Greyhound racetrack takes bets after race; NZ$7,000 payout (S 18 2;4)

$em Racetrack betting seriously impaired by degraded computer system (S 12 2)

$Vf Saratoga Race Track parimutuel computer down on opening day (S 14 6)

V$m Dog-track computer outage costs bettor $17,000 (S 19 2:2)

$ Breeder's Cup tote-board display crashes, reduces betting take (S 22 2:21)

Vm 1996 Melbourne Cup off-course betting computer fails (S 22 2:21, R 18 58))

$SH Russian cockroach race swindle involved altered computer files (S 22 2:21)

+/- U.S. Senate bans Internet gambling (R 19 89); U.S. House rejects bill restricting Internet gambling (R 20 95)

+ Co-owner of offshore online gambling business goes to prison (R 21 01; S 26 1:30)

Financial Frauds and Intentionally Caused Losses

$SHA See Bruce Schneier article on the Future of Fraud (R 20 08)

$SHOf TILT! Counterfeit pachinko cards send $588M down the chute (S 21 5:19); Pachinko cards suggested by a CIA briefing to hinder money laundering (S 22 1:18)

$SHI Volkswagen lost $260M to computer based foreign-exchange fraud (S 12 2) 5 people (4 insiders, 1 outsider) convicted, maximum sentence 6 years.

$SH Computer problems at BCCI; records "confused"? (S 16 4)

($)H Four financial frauds, each foiled (e.g., by luck) $70M Chicago First National, $54.1M Union Bank of Switzerland (S 13 3) 250M kroner Norwegian clearing house Bankenes Betalingsentral BBS (S 13 3) $15.2M Pennsylvania lottery scam - post-fabricated ticket (S 13 3)

$SH $70 million bank scam attempt; bogus request overdrew account (S 17 3)

$S Risks in CHIPS clearinghouse handling $1M/sec. $20M stolen in 1989, distributed widely; culprits caught but only $8M recovered (S 18 1:10)

$SHI Salomon Brothers scandal aided by misuse of database confirmations (S 16 4)

$SHO FBI arrests Emulex securities and wire fraud suspect in stock manipulation hoax (R 21 04; S 26 1:27) with stock plummeting 62% in one day; Mark Simeon Jakob pleads guilty, 29 Dec 2000, surrendered $54,000 in cash to court

$SHO Jason Diekman settlement: $272,826 for perpetuating false information on the Internet and profiting from stock fluctuations in Just Toys Inc. and The Havana Republic (R 21 04; S 26 1:27-28)

$SHOA/I Russian hacker Vladimir Levin breaks Citibank security (S 20 5:13), sentenced to 3 years in jail (R 19 61) $10 million transferred, but most of it recovered

$SH $15.1M fraud accidentally foiled because of a computer error (S 13 2)

$SH $9.5M computer-based check fraud paid legitimate DCASR invoice (S 13 2)

$SH Czech hackers allegedly rob banks of $1.9M (S 22 2:22)

$H European Community study of fraud on the Internet (R 19 13)

$SHI Olympia WA HealthDept check scam detected; four indicted (S 18 1:12)

$SHI Military pay fraud nets $169,000 using bogus account (S 23 1:14, R 19 26)

$SHO Plot to tap British bank/credit-card information by higher-tech gang revealed by coerced software expert in jail (R 18 70)

SHAO Chinese hackers who transferred 720,000 yuan to their own bank accounts sentenced to death (R 20 14)

@SHI Massachusetts welfare fraud investigators fired: tax-record misuse (S 22 1:20)

@$S Risks of Conn. fingerprinting system to catch welfare recipients (R 18 69) Also, note earlier NY Medicaid proposal (R 13 40)

fe Software incompatibility hinders Florida fingerprint system (R 20 02)

$SHI Teller embezzles $15K, caught by computer audit-trail (S 19 3:10)

$SH Brussels BNP branch hit by BFr 245M computer fraud (S 19 1:6)

$SHI Joseph Jett, Kidder Peabody, created $350M phantom profits, got bonus of $9M; scheme undetected by KP oversight (double meaning not a pun) (S 19 4:12)

$SH U.K. computerized bank fraud nets £1M (S 14 2)

$SH 1993 Prague computer crime up 75.2% including a $1.2M transfer (S 19 1:7)

$SH $1.2M Czech computer fraud culprit gets 8 years in jail (S 19 2:7)

$SHI Japanese bank workers steal 140 million yen by PC (S 20 2:12)

$SHI Bank executive in Malaysia transfers $1.5M (S 15 5)

$SHI $550,000 Tokyo bank fraud suspected in funds transfers (S 19 2:6)

$SHI Beijing Hotel managers embezzle $9K by rigging billing records (S 19 4:13)

$H Chemicals cause checks to disappear, bogus checks clear and vanish (S 13 3)

$SHA Foiled counterfeiting of 7,700 ATM cards using codes in database (S 14 2); five admit automated teller scam (Mark Koenig) (S 14 5)

SHO Italian thieves use bank cards, PINs, captured with bogus machine (S 17 4)

$SH Bogus ATM used to steal PINs, withdraw $100,000; two arrested (S 18 3:A9) 2 arrested; 300 accounts hit at 50 banks; $12M in fraud activity (R 14 85)

$SHP UK stolen ATM captures IDs/PINS, enables 250K-pound theft (S 19 4:12)

SH$ Phony ATM installed on High St in London, nets £120K (R 17 34)

SH Theft of entire ATM bungled in British Columbia (R 19 20)

$fSH Instant money: Bogus deposit exploits ATM flaw (S 22 2:21)

$SHO Polish gang carries out ATM fraud in Israel (S 22 2:23)

@$SH 1994 UK National Audit Office report on computer misuse in government: 140% increase; 655 cases, 111 successful; £1.5M defrauded; misuse; 350% increase in viruses; 433 computer thefts, worth £1.2M (S 20 3:11)

$SH European cyberfraud: $150K phone calls, $400K Dell losses (SAC 13 3)

$SH Cybercrime losses double to $10 billion; 485,000 credit-card numbers stolen from e-commerce site; hacking credit cards is preposterously easy; (Credit-card fraud worldwide is reportedly just under $1 billon a year, at about .7 percent of gross. It represents only about 2% of banking losses. PGN) (R 20 85)

$SP Professor stole 40 student SSNs and IDs to get credit cards (R 21 02; S 26 1:38)

$SHfe Stolen ATM card nets $346,770; limits inoperative (S 20 2:12)

$SH Health cards used to rip off ATM for $100K (S 20 3:12)

SH Bogus card reader opens ATM door and helps capture IDs and PINs (S 19 3:10)

@$SP Barclays credit system voice-mail hack gives sensitive info (S 18 1:20)

@$SH U.Texas Dean's conferred password used to misappropriate $16,200 (S 17 3)

$H Two charged with computer fraud in jewelry store credit scam (S 18 2:14)

$SH Reservation computer fraud nets 50M AA frequent flier miles (S 14 1)

$SHI Frequent flier computer scam nets 1.7 million bonus miles (S 14 2); Prison terms for travel agents in AA FreqFlyer ticketing fraud (S 16 2)

$SH $Millions of bogus airline ticket sold in Phoenix (S 14 6)

$fH Reversing air return/depart dates fakes out reservation computers (S 14 6)

$SH Bogus computer message nets 44 kilos of gold from Brinks (S 14 2)

$H `Credit doctors' sell clean credit records to high-risk clients (S 13 4)

$SPH ASIS seminar reported $15M in 1991 Medicare fraud penalties (S 18 1:21)

SH Wall St audit trail off enables $28.8M computer fraud (S 12 4) [bogus???]

$H Hertz computer system kept two sets of books for accidents (S 13 2)

$h Hertz charged $5 for gas if < 50 miles driven and tank filled (S 18 2:9)

$H Value Rent-A-Car system charged for bogus 5 gallons (S 18 2:9)

$SH NYC gas pumps rigged to deliver less fuel than charged (S 18 4:3)

$SH Harrah's $1.7 Million payoff internal fraud - Trojan horse chip? (S 8 5) 11 indicted (17 riggings in 3 yrs); `winner' later found dead (stoolie?)

$SH Computer-generated Dartmouth graduation tickets sold for $15 (S 19 4:12)

$h Manual card-swipe gains weeks in taxi charge float (R 20 02)

SH States (MO, NJ, TX) crack down on "cyberfraud" (S 19 4:10)

SHOI Italian police stop digital bank robberies with bogus shadow system; 21 arrested (R 21 08; S 26 1:25)

SHOA Linear search nets 17,000 bank records from GST Startup certificate suppliers (R 20 94)

..... Tax fraud and tax data misuse:

$SHAI Massive NY City tax fraud wipes out $13M in taxes; many implicat

Contents

Descriptor Symbols

Items Listed by Categories

Recent Items (yet to be merged in)

Space

Defense

Military Aviation

Commercial Aviation

Rail, Bus, and Other Public Transit

Automobiles

Motor-Vehicle and related Database Problems

Electrical Power (nuclear and other) and Energy

Medical, Health, and Safety Risks

Other Environmental Risks

Robots and Artificial Intelligence

Other Control-System Problems

Other Computer-Aided-Design Problems

Accidental Financial Losses, Errors, System Outages

Financial Frauds and Intentionally Caused Losses