University of Bielefeld -  Faculty of technology
Networks and distributed Systems
Research group of Prof. Peter B. Ladkin, Ph.D.
Back to Abstracts of References and Incidents Back to Root
This page was copied from: http://catless.ncl.ac.uk/Risks/12.69.html


Previous Issue Index Next Issue Info Searching Submit Article

The Risks Digest

Forum on Risks to the Public in Computers and Related Systems

ACM Committee on Computers and Public Policy, Peter G. Neumann, moderator

Volume 12, Issue 69

Monday 16 December 1991

Contents

o 800 telephone outage due to software upgrade
PGN
o Stock-listings typo: The possibilities are scary.
James Parry
o More on Lauda crash and computers
Nancy Leveson
o "Questioning Technology" in WHOLE EARTH REVIEW
Rodney Hoffman
o Privacy of Email
James Ting Lui
o More on E911 and representation
Bob Frankston
o Re: Computer records track killer
Brinton Cooper
o Re: The description is right, only the language is wrong
Scott E. Preece
o The EFF Pioneer Awards
Gerard Van der Leun
---------------------------------------------

800 telephone outage due to software upgrade

"Peter G. Neumann" < neumann@csl.sri.com >
Sat, 14 Dec 91 12:24:37 PST
     
          AT&T Restores `800' Service
        BASKING RIDGE, N.J. (AP, Friday the 13th, December 1991)
        Thousands of toll-free "800-number" calls were blocked throughout the East
     on Friday night, American Telephone & Telegraph said.  The outage struck at
     7:20 p.m. as technicians loaded new software into computers in Alabama, Georgia
     and New York, said Andrew Myers, an AT&T spokesman. The software identifies and
     transfers 800 calls, he said.  Several thousand calls from New England to the
     South were affected.
        The company restored service around 9 p.m., when it switched back to old
     software. AT&T plans to use the old software until it can find and fix problems
     with the new.  "Obviously we don't like it when a single call doesn't get
     through, but I wouldn't consider this a serious problem," Myers said.
     
     
---------------------------------------------

Stock-listings typo: The possibilities are scary.

James 'Kibo' Parry < kibo@world.std.com >
Sat, 14 Dec 91 18:27:17 -0500
     
     This is a quote from a message I just received (sent Sat, 14 Dec 91)
     
     > investor's daily has what i hope is a typo in it today
     > ibm is listed at 0-1/16, down 88-1/2 
     
     Now, the question is, what happens if a typo gets into the electronic
     stock quotations that are monitored by trading programs?  Someone's
     computer sees IBM losing most of its value, dumps it all ASAP...
     
     kibo@world.std.com     James Parry, 271 Dartmouth St. #3D, Boston MA 02116
       (617) 262-3922       Independent graphic designer and typeface designer.
     
     
---------------------------------------------

More on Lauda crash and computers

< leveson@cs.washington.edu >
Sun, 15 Dec 91 07:03:26 -0800
     
     From the Seattle Post-Intelligences, Saturday December 14:
     
                  "Boeing Hush-up Charged" by Bill Richards
     
        A former Boeing computer expert said yesterday that the company ordered him
     to play down his discovery of a software flaw in a critical control unit that
     could have triggered last May's fatal crash of a Lauda Air Boeing 767.  Darrell
     Smith, a computer software engineer employed as a troubleshooter by Boeing in
     1989 and 1990, said in an interview with the P-I that he warned the company
     last year of problems with software that runs the "proximity switch electronics
     unit" (PSEU) on Boeing's 747 and 767 jetliners.
        The device allows the plane's computerized parts to electronically 
     converse.  Smith said he told Boeing officials the software could trigger a
     rogue signal that would cause the plane's computer-driven systems to
     malfunction.  But Smith said Boeing officials in charge of the troubleshooting
     program told him they "didn't want to get anybody excited" and ordered him to
     omit any mention of potential system-wide problems resulting from the flawed
     software from his formal report.  Instead, he was told to report just on the
     PSEU's internal problems, he said.  "They said this is a non-critical system 
     and I couldn't use terms like `crash' or `catastrophic' in the report because
     they didn't want people to get excited," he said.
        Boeing spokesman Chris Villiers said yesterday the company hasn't had time
     to study all of Smith's allegations.  Villiers said Boeing doesn't believe
     the PSEU was responsible for the Lauda Air crash.  Smith's concerns about the
     unit's software on the 747 has been "addressed and resolved," Villiers said.
        Smith, who has 13 years experience as a computer engineer, resigned in
     June 1990 after turning in what he called a "diluted" report with no mention
     of the potential ramifications from the software flaws.  Boeing awarded him
     its Certificate of Outstanding Performance just before he quit.  Smith, ...,
     said he told Boeing officials the software contained an "architectural flaw"
     that could lead the unit to send a random signal to other electronic systems
     within a jetliner, providing them with false information.  So poorly designed
     was the PSEU software, he said, that he recommended that it be completely
     redesigned.
        One of the electronic subsystems linked to the PSEU is the auto-restow,
     which is supposed to automatically retract a jet's backup ground braking
     system, the thrust reverser, if it accidentally starts to deploy in flight.
     [old news about the cause of the accident omitted].
        While Villiers said that the PSEU can electronically converse with the
     auto-restow system on the 767, he said it could only order the system to 
     retract the thrust reversers, not deploy them.  Villiers said Boeing tested the
     software system in the 767 and found no evidence that the PSEU unit was putting
     out false messages to other systems.  [Wishy washy statement by FAA omitted]
        But Smith said that because the software's false messages are random, it is
     almost impossible to determine in a laboratory setting if the PSEU software
     isn't working.  "It all depends on what is going on with the airplane at the
     time," Smith said. "There's no way to repeat the exact conditions that would
     cause the messages to be sent.  It can cause the system to crash, or get false
     information, or just go crazy."  For example, Smith said, the control unit
     could notify the rest of the electronic subsystems that the plane's landing
     gear was down while the plane was still in flight.  That would cause the
     auto-restow to switch to a ground-speed mode check, Smith said.  The system
     would then "see that the aircraft was going too fast, and kick in the reverse
     thrusters -- while the aircraft was really in flight."
        [more old news about cause of crash and repetition of above deleted]
        Smith said that Boeing passed on the report to Eldec Corp. of Lynnwood,
     which wrote the software for the company, and the findings were independently
     verified by other Boeing computer experts.  The report says Eldec's software
     violated seven of Boeing's own software specification..  "This problem ... is a
     very real and serious impediment to the correct operation of the PSEU," it
     concludes.  Thomas Brown, Eldec's president and COO, said yesterday that the
     company was not aware of Smith's report.  Brown said that while Eldec produced
     the software for PSEU units on both the 747-400 and 767, he does not know
     whether software could trigger the auto-restow or activate the thrust reverser
     system on either jet.  "We are not in a position to answer that question,"
     Brown said.  "We don't know all the uses of our signals.  Only Boeing can
     answer that."
     
     [P.S.  This story was followed by a story that Lauda had just ordered four
     Boeing 777 jetliners and was the seventh airline to do so.  It now has
     86 firm orders for the 777.]
     
     
---------------------------------------------

"Questioning Technology" in WHOLE EARTH REVIEW

Rodney Hoffman < Hoffman.El_Segundo@Xerox.com >
Sat, 14 Dec 1991 16:06:44 PST
     
     The Winter 1991 issue of WHOLE EARTH REVIEW is a special focus issue on
     "Questioning Technology".  I haven't yet read it, but it certainly contains
     some provocative feature articles (summaries are from the magazine):
     
     Excerpt from the 1991 book "In the Absence of the Sacred: The Failure of
     Technology and the Survival of the Indian Nations" by Jerry Mander.  Our
     unquestioning faith in technology's ability to solve problems has led us to the
     "greatest environmental crisis since the dawn of human life."
     
     "Artifact/Ideas and Political Culture" by political theorist and author Langdon
     Winner.  Political ideas embedded in our technological tools often conflict
     with our stated ideals.  "No innovation without representation" is the first of
     three steps toward technological democracy.
     
     "Assessing the Impacts of Technology" by Linda Garcia, a project director and
     senior analyst at the Office of Technology Assessment.  Describes the approach
     and political pressures of OTA's work.
     
     "Renegotiating Science's Contract" by Howard Levine, philosopher and former
     director of the National Science Foundation's Public Understanding of Science
     Program.  We need greater public participation in the formation of scientific
     and technical decisions.
     
     "Reclaiming Our Technological Future" by Patricia Glass Schuman, president of
     the American Library Association and of Neal-Schuman Publishers.  Debunks
     current myths of a paperless future.
     
     "Privacy and Technology" by MIT sociologist Gary T. Marx.  Examines
     data-gathering techniques and offers tips on protecting your privacy.
     
     Additional pieces:
     
     "NASA Goes to Ground" by Wendy Alter and James Logan
     "Designer As Savior, Designer As Slave" by J. Baldwin
     "Beauty and the Junkyard" by Ivan Illich
     "Technology's Backside" by Marshall P. Smith
     "Figure and Ground: Information Technology and the Economic
        Marginalization of Women" by Elin Whitney-Smith
     "Why Multi-Media Publishing is a Crock" by Tim Oren
     "The Vision Vine" by Earl Vickers
     "Genes, Genius, and Genocide" by Jason Clay
     
     
---------------------------------------------

Privacy of Email

James Ting Lui < jl3p+@andrew.cmu.edu >
Thu, 12 Dec 1991 16:19:54 -0500 (EST)
     
     The following is an article that appeared in one of this week's Pittsburgh
     Post-Gazettes.  I was originally going to paraphrase the article, but I think
     that the entire article is relevant.  So here it is:
     
     Is `E mail' private on firm's computer? (by Glenn Rifkin, New York Times)
     
     When Alana Shoars arrived for work at Epson America Inc. one morning in January
     1990, she discovered her supervisor reading and printing out electronic mail
     messages between other employees.  As electronic mail administrator, Shoars was
     appalled.  When she had trained employees to use the computerized system,
     Shoars told them their mail was private.  Now a company manager was violating
     that trust.  When she questioned the practice, Shoars said, she was told to
     mind her own business.  A day later, she was fired for insubordination.  She
     has since filed a $1 million wrongful termination suit.
     
     A spokesman for Epson America, which is based in Torrance, CA, refused to
     discuss Shoars's account of the monitoring episode and insisted that her
     dismissal had nothing to do with her questioning of the electronic mail
     practice.  He denied that Epson America, the United States marketing arm of a
     Japanese company, had a policy of monitoring electronic mail.
     
     The Shoars case has brought attention not only to issues of technology and
     employee privacy, but also to broader questions of ethics among computer
     professionals.  By taking a public stand, Shoars has become a visible exception
     in a profession that tends to ignore or avoid ethical issues, according to
     academician and consultants who monitor the field.  Although Shoars has found a
     new job as electronic mail administrator at Warner Brothers in Burbank, CA, she
     still bristles about Epson: "You don't read other people's mail just as you
     don't listen to their phone conversations.  Right is right and wrong is wrong."
     
     Michael Simmons, chief information officer at the Bank of Boston, disagrees
     totally.  "If the corporation owns the equipment and pays for the network, that
     asset belongs to the company, and it has a right to look and see if people are
     using it for purposes other than running the business," he said.  At a previous
     job, for example, Simmons discovered that one employee was using the computer
     system to handicap horse races and another was running his Amway business on
     his computer.  Both were fired immediately.  "The guy handicapping horses was
     using 600 megabytes of memory," Simmons said.
     
     Federal Express, American Airlines, Pacific Bell and United Parcel Service all
     have electronic-mail systems that automatically inform employees that the
     company reserves the right to monitor messages.  But many companies have yet to
     formulate clear policies.  "It's highly irresponsible for an employer not to
     have a policy," said Mitchell Kapor, former chairman of Lotus Development
     Corp., who left the company five years ago.  
     
     Some believe, however, that even if there is advance notice, the monitoring of
     electronic mail or searching through personal files is flat out wrong.  One who
     takes that position is Eugene Spafford, a computer science professor at Purdue
     University.  He said: "Even if a company does post notice, is that something it
     should do?  The legal question may be answered, but is it ethical?  The company
     may say it is, employees say it isn't, and there's a conflict."
     
     Though they oversee the electronic mail networks, computer professionals have
     generally removed themselves from such debates.  Simmons said that if ethics
     were the topic of a meeting of information systems experts, "it would be a very
     short meeting."
     
     Technologists approach the information resource in a distinctive way, said
     Detmar Straub, assistant professor of management information services at the
     University of Minnesota.  "They say `If the system can do it, let's do it,'
     rather than `should the system do it?'" Straub said.  "I've talked to systems
     managers who say the wouldn't hire a programmer who couldn't break into any
     system."  But as computers and networks extend their reach into global
     business, such attitudes may no longer suffice.
     
     "Information systems people should be held to a higher level of ethics than the
     general population, just as doctors and lawyers are," said Donn B. Parker, a
     senior management consultant at SRI International in Menlo Park, CA.
     
     
---------------------------------------------

More on E911 and representation

< frankston!Bob_Frankston@world.std.com >
12 Dec 1991 13:44 -0400
     
     My cousin, who lives in Wurstboro NY told me that her address was changed 
     from a more rural form to one that is suitable for the 911 database.  Just a 
     reminder that the representation problem works both ways, we can change the 
     representation to conform to the data or we can change the data to conform to 
     the representation.  The latter, in fact, is what happens when the a medical 
     diagnosis must conform to the data coding.
     
     Another comment on telecom and 911 is that 911 doesn't work universally for 
     the same reason that I cannot simply tell my son to always dial my 800 number 
     or my pager number to reach me.  The problem is the design flaw in the phone 
     system that requires I not only know my destination phone number, but also 
     the particular rules of the phone (and PBX or hotel) I happen to be using. 
     Maybe some of this will get fixed in ISDN, but for now, I'd like to start a 
     campaign to get a standard for dialing that is location-independent.
     
     Ideally, we'd replace "9" on a PBX with "**" to mean a local call.  
     Alternatively, we'd establish a new access code such as "**" that would 
     always place one into universal dialing mode that would allow dialing of 
     1-xxx.  And since "1" is the North American access code, it would allow 
     uniform dialing of any international number.  (Yes, it would be very easy to 
     accidently dial the codes for other countries -- a solvable problem).
     
     The key here is that if we want to take advantage of telecommunications 
     technology we mustn't accept historic accidents like "9" to exit a PBX and 
     the inability to use area codes on many local calls, but must tame the 
     technology.  More to the point, if we can renumber our houses in the interest 
     of safety then we should be willing to complete the process and make the 
     phone simple to use -- especially for those who are panicked or simply not 
     ready to deal with arcania.  (I also want check digits on phone numbers but 
     that is a separate issue).
     
     Maybe we can use the laws protecting the handicapped to argue that the phone 
     system is not sufficiently accessible in its present form.
     
              [In Wurstboro, The Wurst is Yet to Come.  
              Neither a wurstboroer nor a wurstlender be.  
              Unless you are an Auslaender.  'Aus bayou?
              You never sausage nonsense before?  At SIGSOFT '91
              in New Orleans, there were lots of sausages.  And maybe 
              even the wurst computer-related pun you ever heard?  PGN]
     
     
---------------------------------------------

Re: Computer records track killer (Jenkins, RISKS-12.68)

Brinton Cooper < abc@BRL.MIL >
Sun, 15 Dec 91 20:41:14 EST
     
     Robert Jenkins reports on one John Tanner who
       "murdered his student girlfriend and hid her body underneath the
       floorboards of her house..." and how "...his story began to fall apart"
       when, "He told the police that he and the girl had taken a bus ride
       together to the train station at a time when she was already dead."  A
       computer check of the company's records showed, "Only one person got on 
       the bus and bought a ticket to the station at the time Mr Tanner claimed."
     
     Mr Jenkins calls this "... another example of low-level, invisible,
     surveillance that computers introduce into our lives..." as though it were
     something objectionable, generally to be avoided.
     
     Mr Jenkins missed the point. The computerized records were used in a way that
     would pass strict Constitutional test in the USA, yet contributed (I assume) to
     the arrest and conviction of a murderer.  In fact, the *identity* of the
     passengers was not recorded.  You might way that Mr Tanner was convicted as
     much by mathematics as by computerization.  Then, perhaps this would be
     "...another example of low-level, invisible, surveillance that mathematics
     introduces into our lives."
                                                  _Brint
     
     
---------------------------------------------

Re: ... only the language is wrong (Franklin, RISKS-12.58)

Scott E. Preece < preece@urbana.mcd.mot.com >
Sat, 14 Dec 91 23:00:08 -0600
     
     | It is hard to believe that this error would have occurred, and not been
     | caught, before the age of computers.  The RISK here is that as the chain
     | of events handled purely by computers lengthens, it becomes possible for
     | relatively major errors to occur unnoticed, because no one is looking
     | closely at the output at any stage.
     
     The observation is clearly correct, but the claim in the first sentence is
     simply incorrect.  Such errors can and do happen all the time at every
     newspaper in the world.  Proofreaders are, as they say, human and to err is, as
     we used to admit before we took to blaming computers for everything, human.  I
     haven't seen any French in my local paper's classified, but I have seen blocks
     of Latin (a classical layout mockup tool), ads set in totally pied type, ads
     run upside down and, occasionally, backwards, ads run in the wrong section,
     etc., etc.
     
     scott preece, motorola/mcg urbana design center	1101 e. university, urbana, il
     61801              uucp: uunet!uiucuxc!udc!preece	217-384-8589
     
     
---------------------------------------------

The EFF Pioneer Awards

Gerard Van der Leun < van@eff.org >
Fri, 13 Dec 1991 17:02:52 -0500
     
         THE ELECTRONIC FRONTIER FOUNDATION'S FIRST ANNUAL PIONEER AWARDS
                             CALL FOR NOMINATIONS
           (Attention: Please feel free to repost to all systems worldwide.)
     
     In every field of human endeavor, there are those dedicated to expanding 
     knowledge, freedom, efficiency and utility.  Along the electronic frontier,
     this is especially true.  To recognize this, the Electronic Frontier 
     Foundation has established the Pioneer Awards.  The first annual Pioneer 
     Awards will be given at the Second Annual Computers, Freedom, and Privacy 
     Conference in Washington, D.C. in March of 1992.
     
     All valid nominations will be reviewed by a panel of outside judges chosen
     for their knowledge of computer-based communications and the technical, 
     legal, and social issues involved in networking. 
     
     There are no specific categories for the Pioneer Awards, but the following
     guidelines apply:
        1) The nominees must have made a substantial contribution to the 
     health,growth, accessibility, or freedom of computer-based communications.
        2) The contribution may be technical, social, economic or cultural.
        3) Nominations may be of individuals, systems, or organizations in the 
     private or public sectors. 
        4) Nominations are open to all, and you may nominate more than one 
     recipient. You may nominate yourself or your organization. 
        5) All nominations, to be valid, must contain your reasons, however 
     brief, on why you are nominating the individual or organization, along 
     with a means of contacting the nominee, and your own contact number. No 
     anonymous nominations will be allowed.
        5) Every person or organization, with the single exception of EFF 
     staff members, are eligible for Pioneer Awards.
     
     You may nominate as many as you wish, but please use one form per 
     nomination. You may return the forms to us via email at:
                  pioneer@eff.org.  
     You may mail them to us at: 
                  Pioneer Awards, EFF, 
                  155 Second Street 
                  Cambridge MA 02141.  
     You may FAX them to us at:
                  (617) 864-0866.
     
     Just tell us the name of the nominee, the phone number or email address 
     at which the nominee can be reached, and, most important, why you feel 
     the nominee deserves the award.  You can attach supporting documentation. 
     Please include your own name, address, and phone number.
     
     We're looking for the Pioneers of the Electronic Frontier that have made
     and are making a difference. Thanks for helping us find them,
     
     The Electronic Frontier Foundation
     
                   -------EFF Pioneer Awards Nomination Form------
     
     Please return to the Electronic Frontier Foundation via email to:
               pioneer@eff.org
     or via surface mail to EFF 155 Second Street, Cambridge,MA 02141 USA;
     or via FAX to USA (617)864-0866.    
     
     Nominee:
     Title: 
     Company/Organization:
     Contact number or email address:
     Reason for nomination:
     Your name and contact number:
     Extra documentation attached: 
     
                   -------EFF Pioneer Awards Nomination Form------
     
           [USE WHATEVER SPACE YOU NEED; BLANKS AND UNDERSCORES DELETED BY PGN...]
     
     
---------------------------------------------

Previous Issue Index Next Issue Info Searching Submit Article


Report problems with the web pages to Lindsay.Marshall@newcastle.ac.uk.
This page was copied from: http://catless.ncl.ac.uk/Risks/12.69.html
COPY!
COPY!
Last modification on 1999-06-15
by Michael Blume