Subject: RISKS DIGEST 11.86 REPLY-TO: risks@csl.sri.com RISKS-LIST: RISKS-FORUM Digest Tuesday 11 June 1991 Volume 11 : Issue 86 FORUM ON RISKS TO THE PUBLIC IN COMPUTERS AND RELATED SYSTEMS ACM Committee on Computers and Public Policy, Peter G. Neumann, moderator Contents: The RISKS of political correctness in computer science (Ed Nilges) There's a Ford in your future (and your past!) (John Moore) Public Key Crypto Freeware Protects E-MAIL (Philip Zimmermann) Airbus offers autothrottle option (Robert Dorsett) More on Thrust Reversal Accidents (Russ Teasdale) Computer Privacy (cont'd) -- Letter to The Economist (Marc Rotenberg) Freedom, Privacy & Technology SIG (Judi Clark via Lance J. Hoffman) The RISKS Forum is moderated. Contributions should be relevant, sound, in good taste, objective, coherent, concise, and nonrepetitious. Diversity is welcome. CONTRIBUTIONS to RISKS@CSL.SRI.COM, with relevant, substantive "Subject:" line. Others ignored! REQUESTS to RISKS-Request@CSL.SRI.COM. For vol i issue j, type "FTP CRVAX.SRI.COMlogin anonymousAnyNonNullPW CD RISKS:GET RISKS-i.j" (where i=1 to 11, j always TWO digits). Vol i summaries in j=00; "dir risks-*.*" gives directory; "bye" logs out. The COLON in "CD RISKS:" is essential. "CRVAX.SRI.COM" = "128.18.10.1". =CarriageReturn; FTPs may differ; UNIX prompts for username, password. ALL CONTRIBUTIONS CONSIDERED AS PERSONAL COMMENTS; USUAL DISCLAIMERS APPLY. Relevant contributions may appear in the RISKS section of regular issues of ACM SIGSOFT's SOFTWARE ENGINEERING NOTES, unless you state otherwise. ---------------------------------------------------------------------- Date: Sun, 09 Jun 91 00:36:11 EDT From: Ed Nilges Subject: The RISKS of political correctness in computer science An article in Communications of the ACM for November 1990, "Women and Computing", by Karen A. Frankel, cites Danielle Bernstein of the Kean College of New Jersey on Edsger Dijkstra's comments in Communications for December 1989. In the Dijkstra article, "On the Cruelty of Really Teaching Computer Science", Professor Dijkstra argued for a reform in computer science education, basing it on formal mathematics and logic rather than on early exposure to the computer. Bernstein, according to Frankel, feels that Dijkstra is being sexist! This is because, Bernstein claims, that women prefer experimentation and teamwork to the sort of solitary abstract thinking that Dijkstra emphasizes in all of his work. Bernstein is echoing other feminist authors on logic and mathematics, including Andrea Nye. Nye's "feminist reading of the history of logic", Words and Power, "deconstructs", if you please, the history of logic from the pre-Socratics to Gottlob Frege (the 19th century German mathematician who attempted to found mathematics on logic.) Nye, and apparently Bernstein, believe that solitary abstract thinking is a typically male activity and to force women to engage in it is sexist. Nye presents a rather vicious caricature of Frege as a solitary old man. Nye avoids any mention of Frege's intellectual honesty when the young Bertrand Russell presented him with evidence that his theory was so flawed (by the paradoxes of set theory) as to be unusable. Unfortunately, if comp.risks is any guide, Dijkstra is right and Nye and Bernstein are wrong. Given the scale and potential for disaster in errors in software, programmers need to do MORE solitary and abstract thinking...not less. I teach the C programming language as a consultant at a major midwest financial firm from time to time. In my classes, I have two distinct groups of students: Americans and Russian emigres. The Russian students are significantly more adept, although they are programmers originally educated in Soviet technical institutes and universities that lag far behind American schools in computer technology. When I talked to the Soviet students, I learned that they had greatly benefited from a mathematical background that included calculus in grade school. Add to this the UNavailability of machine time in the Soviet Union (waits of a week for time on batch systems not unheard of), and these programmers became skilled at the solitary, highly abstract, and distinctly non-experimental activity of writing carefully designed programs and of desk checking code. Meanwhile, many of my American students, educated in the regimes of experimentation and of teamwork that Bernstein recommends, are confused and bored by the C programming language, with its more structured syntax, its lvalues, and its rather difficult semantics. I admit to using a rather formalist approach to teaching including railroad diagrams of syntax and playing computer, but I do try to liven things up with jokes described by some students (alas) as "corny." I find NO sex differences. Russian emigre women in these classes are just as adept as their male counterparts, whereas the American women by and large had more difficulty. [There were American exceptions, students just as able as the emigres, but NO outlier Russians: no Russians were confused by the course.] It is true that teamwork can sometimes lead to better software. But Gerald Weinberg et al. introduced the notion of "structured walkthrough" in the late Sixties NOT as a way to design software, but as a way to review software, and "typically male" solitary and abstract thinking a la Frege (not to mention Frege's intellectual honesty) is an excellent preparation for the most grueling structured walkthrough. Also, the results of group CREATIVE effort (as opposed to group review effort) can often resemble the famous camel: "a horse designed by committee". The history of software is littered with the bleached bones of such camels, including Cobol. It's sad that political correctness should find its way into formal computer science where MATHEMATICAL correctness is what is needed. Anti-racist, anti-war, anti-sexist "political correctness" is needed nowadays, and I am doing some work in the applicability of "critical theory" (the philosophical background of political correctness) to software creation. But forcing teachers of introductory computer science to be "politically correct" and avoid hard subjects in order not to be sexist does a disservice to the profession and to women computer scientists. ------------------------------ Date: Sat, 8 Jun 91 8:30:26 MST From: anasaz!qip.john@asuvax.eas.asu.edu (John Moore) Subject: There's a Ford in your future (and your past!) CNN has been running a story about a Ford Motor Co. "customer flight recorder." This is a device that is installed in a car when a customer has an intermittent problem. Mechanics can later read it out and attempt to diagnose the problem. There seems to be some risk to this. If one has an accident while this is installed, the data in the machine might be used in a subsequent lawsuit or prosecution. Presumably it is recording speed and other operating parameters. John Moore, 7525 Clearwater Pkwy, Scottsdale, AZ 85253 (602) 951-9326 HAM:NJ7E ...{asuvax,mcdphx}!anasaz!john or john@anasaz.UUCP ------------------------------ Date: Fri, 7 Jun 91 11:39:59 MDT From: Philip Zimmermann Subject: Public Key Crypto Freeware Protects E-MAIL At a time when the Government seems bent on keeping the public from having access to electronic privacy technology, there is now a freeware MSDOS software application that protects E-mail and files via public key cryptography. Philip Zimmermann's program, PGP (Pretty Good Privacy), provides privacy and authentication without the hassles of managing keys associated with conventional cryptographic software. No secure channels are needed for users to exchange keys. PGP combines the convenience of RSA public key cryptography with the speed of conventional cryptography, fast message digests for signatures, data compression, and sophisticated key management. And PGP performs the RSA functions relatively fast. PGP is RSA public key cryptography for the masses. PGP version 1.0 is now available through electronic distribution for MSDOS in the compressed archive file PGP10.ZIP, containing the executable binary and user documentation. This release file can be found on BIX, Compuserve, FidoNet, in comp.binaries.ibm.pc and alt.sources on Internet, the WELL, PeaceNet, EcoNet, EXEC-PC, and many other BBS systems. A separate file, PGP10SRC.ZIP, contains all the C source code and can be found on most of these same networks. --Philip Zimmermann, Author of PGP (Pretty Good Privacy) [Added postscript:] The manual directs end users to contact PKP for patent licensing, and gives their phone number, and warns of their patent. I also warn of probable export restrictions. Source code is under FSF Copyleft, which makes it hard to make any commercial proprietary derivations from the source code. I'd like to make this additional statement: PGP is an educational effort. I want people to know how they can protect the privacy of their personal electronic communications and confidential information. PGP provides an educational example; an independently-developed working prototype that illustrates how it can be done. I want to guarantee that the detailed knowledge of, and access to, this technology cannot be suppressed by Government. Once people know that real security and privacy is possible, I hope that they will make lawful use of it in accordance with patent law. The inventors and patent holders of the RSA cryptosystem deserve renumeration for their brilliant contribution to cryptography. I strongly urge end users of PGP to obtain licensing of the RSA algorithm from Public Key Partners. The "PGP User's Guide" provides more detailed patent information and how to contact PKP. ------------------------------ Date: Sun, 9 Jun 91 18:49:45 CDT From: rdd@cactus.org (Robert Dorsett) Subject: Airbus offers autothrottle option, from FLIGHT INTERNATIONAL RISKers may recall a threat by Airbus Industry (documented in "Airbus May Add to A320 Safeguards, Act to Counter Crew 'Overconfidence'", AVIATION WEEK & SPACE TECHNOLOGY, April 30, 1990, p. 50) to extend flight-path protections, following the crash of an Airbus A320 in Bangalore in early 1990. In that crash, it was believed that the pilot had kept his energy state too low. Thus, even though the aircraft was said to be "protecting" the pilot from a stall, it was still too slow to recover from the steep glide path. The following article by Julian Moxon appeared in the May 1, 1991 FLIGHT INTERNATIONAL. "Airbus Industrie has decided on an optional change to the A320 autothrottle software, which is designed to prevent pilots allowing the aircraft to crash because it has insufficient flying energy. "The modification, to be offered to all A320 operators, follows an earlier, Airbus mandated, autothrottle update resulting from the 1991 crash of an Indian Airlines A320. "In that incident, the pilots allowed the aircraft's speed to decrease below flying speed. The mandatory software changes cause an automatic, small, increase in engine thrust enabling the engines to spool up faster if the pilot has to advance the throttle suddenly. The software update is designed to warn pilots who are hand-flying the aircraft that its flying energy is becoming dangerously low. This could occur with the autothrottle switched off and the aircraft in an excessively nose-high attitude. "'The A320 is stall protected,' says Airbus engineering vice-president Bernard Ziegler, 'but not against lack of sufficient energy. So we're introducing a new concept: to provide the crew with a warning about the aircraft's energy status.' "Ziegler says the modifications are the only ones that have had to be made to the A320 flight control software since the aircraft was introduced. He says there will be no change to the flight control laws of the A330/A340, '...which proves we got it right from the beginning.'" As a historical note, Ziegler was a point man in Airbus's scam to clean up the controversy after the Habsheim crash. Only pilots make mistakes, see... Robert Dorsett rdd@cactus.org ...cs.utexas.edu!cactus.org!rdd ------------------------------ Date: Tue, 11 Jun 1991 04:22:33 GMT From: rteasdal@polyslo.CalPoly.EDU (Falconer) Subject: More on Thrust Reversal Accidents The loss of an aircraft due to an uncommanded thrust reverser activation is not unknown. Earlier this year, a USAF C-5A transport was destroyed on takeoff at Ramstein AFB in Germany, during a Desert Shield deployment flight. The accident was blamed on the mechanical failure of a thrust reverser detent, which took place during full-thrust climbout. The C-5 became uncontrollable and crashed seconds after wheels-up, with complete loss of life. It is quite fortunate that the big bird was not serving as a troop carrier at the time; as it was, I believe that about twenty lives were lost, all of them aircrew or supernumerary passengers. Russ Teasdale -- rteasdal@polyslo.CalPoly.EDU -- (Falconer) ------------------------------ Date: Mon, 10 Jun 91 16:45:04 PDT From: cdp!mrotenberg@labrea.Stanford.EDU Subject: Computer Privacy (cont'd) -- Letter to The Economist Ed Ravin (11.63) and Paul Johnson (11.66) noted the recent article in The Economist on Computers and Privacy. The article is particularly important because the Europeans are now considering an extensive directive on data protection in anticipation of the formalization of the European Community in 1992. I sent the following letter to The Economist which appeared this week (June 8). I post it here because there continues to be some confusion about the opposition to Lotus Marketplace. Sir- Your raise important questions about computers and privacy (May 4th). In the United States, consumers and privacy advocates joined forces to oppose the release of Lotus Marketplace, which would have provided information about consumers' income and buying habits. This was not, as you suggest, because small organizations might obtain information available to larger organizations. We opposed Marketplace because information that was provided for the purpose of obtaining personal credit was going to be sold for direct marketing without any effective mechanism for consumers to opt out. This practice may well be illegal under the Fair Credit Reporting Act, and was clearly unethical. It is generally true, as you say, that more information is better. The problem with the sale of personal information is that it often occurs without the knowledge or consent of the individual involved. It is a form of unjust enrichment that accrues in greatest measure to those organizations that are most deceptive in their collection of personal information. To condone this practice is foolhardy. Marc Rotenberg, Washington DC, Computer Professionals for Social Responsibility ------------------------------ Date: Tue, 11 Jun 91 8:55:37 EDT From: hoffman@eesun.gwu.edu (Lance J. Hoffman) Subject: Freedom, Privacy & Technology SIG [Forwarded by Professor Lance J. Hoffman, Department of Electrical Engineering and Computer Science, The George Washington University, Washington, D. C. 20052 (202) 994-4955 fax: (202) 994-0227] BMUG, Inc. Computer Professionals for Social Responsibility . . . . . . . Berkeley Chapter Special Interest Group on Freedom, Privacy and Technology Formed by BMUG and CPSR/Berkeley The "Special Interest Group on Freedom, Privacy and Technology" has been formed in a unique effort by the Berkeley Macintosh User Group (BMUG) and the Berkeley chapter of Computer Professionals for Social Responsibility (CPSR/Berkeley). Judi Clark, principal organizer of the interest group for BMUG/CPSR-B, said it will hold free monthly meetings, open to the public, on Sunday afternoons, at the BMUG office, 2055 Center St., Berkeley - a half block from the Berkeley BART station. The inaugural meeting will begin at 2 p.m. on Sunday, June 30, 1991. It will feature a discussion of "Current Freedom and Privacy," by Alameda County Assistant District Attorney Don Ingraham and futures columnist and computer entrepreneur Jim Warren. The comments will focus on protecting personal privacy, personal property and traditional constitutional freedoms in the "Information Age." It will include issues raised at the recent First Conference on Computers, Freedom and Privacy, a landmark event that received extensive national press and was described by one television reporter as the "constitutional convention of cyberspace." Mr. Warren chaired that Conference, and Mr. Ingraham served on its Program Committee. Ms. Clark said it will be the first in an ongoing series of presentations on electronic freedom and privacy issues, cosponsored by BMUG and CPSR/Berkeley as part of the formation of a unique "special interest group" on such issues. "We will encourage public consideration of the current issues in our changing technology - issues that will inevitably affect all our lives, whether or not we personally use computers," Clark said. The group will begin with a series of free presentations by professionals from the fields of telecommunications, law, marketing and information management, with plenty of time for questions and discussion, she said. Clark said the decade of the 1990's will be pivotal in terms of laws, regulations and policies relating to increasingly pervasive electronic media: Individuals, organizations and governments are increasingly dependent upon computers, databases and telephone-line networks. "The collection of information into databases and libraries has a legitimate and often commercial value," she said. "Most of this information needs to be readily available to enhance sound decision-making by individuals, organizations and governments." "However, such unbridled public access to vast amounts of often personal information will prompt growing concerns about privacy, and these concerns need to be considered early in the policy making process, before they get lost," Clark said. Some specific issues to be addressed in coming months include: o How the Constitution's Bill of Rights defines "freedom" and "privacy" in the First, Fifth and Sixth amendments - a particularly timely issue during the 200th anniversary year of the Bill of Rights. o How the legal system will deal with the new technology, such as the NCIC 2000, a nationally accessed database system used by the FBI, police departments and their patrols, and others. o What do the terms "secondary use" and "search and seizure" mean in terms of computerized data and network information? o What role credit companies, utilities, and medical facilities might play in the future. Please feel free to post this release anywhere you wish. Thank you for your interest and support. For more information, contact Judi Clark, 549-2684 (BMUG), 261-3718 (direct), fax: 261-1869 (direct) or e-mail judic@well.sf.ca.us June 5, 1991 ------------------------------ End of RISKS-FORUM Digest 11.86 ************************