2-May-87 11:48:10-PDT,25454;000000000000 Mail-From: NEUMANN created at 2-May-87 11:46:44 Date: Sat 2 May 87 11:46:44-PDT From: Peter G. (coordinator) Neumann Subject: RISKS DIGEST 4.79 Sender: NEUMANN@CSL.SRI.COM To: RISKS-LIST@CSL.SRI.COM RISKS-LIST: RISKS-FORUM Digest Saturday, 2 May 1987 Volume 4 : Issue 79 FORUM ON RISKS TO THE PUBLIC IN COMPUTER SYSTEMS ACM Committee on Computers and Public Policy, Peter G. Neumann, moderator Contents: Risks of RISKS resurgent -- CSL DEAD FOR THREE DAYS, STILL HALF DEAD Re: Fidelity Mutual Funds Money Line feature (Amos Shapir) Wheels up (Martin Minow) Special Risk Assessment issue of 'Science' (Rodney Hoffman) Radiation hazards to computers (Wm Brown III) Neutron beam detection (Richard H. Lathrop) Computer Database Blackmail by Telephone (Steve Summit) Liability Law in the UK (Brian Randell) The RISKS Forum is moderated. Contributions should be relevant, sound, in good taste, objective, coherent, concise, nonrepetitious. Diversity is welcome. (Contributions to RISKS@CSL.SRI.COM, Requests to RISKS-Request@CSL.SRI.COM) (Back issues Vol i Issue j available in CSL.SRI.COM:RISKS-i.j. MAXj: Summary Contents Vol 1: RISKS-1.46; Vol 2: RISKS-2.57; Vol 3: RISKS-3.92.) ---------------------------------------------------------------------- Date: Sat 2 May 87 10:57:56-PDT From: Peter G. Neumann Subject: Risks of RISKS resurgent -- CSL DEAD FOR THREE DAYS, STILL HALF DEAD To: RISKS@CSL.SRI.COM Somewhen on Tuesday afternoon, 28 April, someone plugged some equipment into the circuit used by CSL.SRI.COM. The result was not only blown fuses, but a physically destroyed disk on CSL. We currently have a patchwork system cannibalized from another system, with a very small disk, and thus I am running without most of my macros, history files, etc. (just the files created in the last month). We will not be back in regular service until the END OF THE COMING WEEK, so please bear with us. Mail received by RISKS after early Monday evening 27 April, but before the crash, was lost. Mail sent to RISKS by you during the outage was either returned undelivered, or else queued and eventually received, depending upon mailer whims. Grumble. ------------------------------ From: Amos Shapir Date: Mon, 27 Apr 87 16:43:10+0300 To: RISKS@CSL.SRI.COM Subject: Re: Fidelity Mutual Funds Money Line feature (RISKS 4.78) Because of the slowness of mail here, the habit of paying your bills by a 'permanent order' to your bank have become very popular; many utilities also give discounts if you choose to pay your bills in that way, since they are assured of getting their money - no bounced or bad checks. However, a common experience is that it is very hard to cancel such an order - you have to keep badgering the bank until your request gets all the way through to the data processing center, and even when you think everything's ok someone loads an old backup tape, and your stone rolls back to the bottom of the hill. Sometimes the only way is to close the account, but when you have as many as 10 such orders, that's also complicated. Amos Shapir, National Semiconductor (Israel) 6 Maskit st. P.O.B. 3007, Herzlia 46104, Israel Tel. (972)52-522261 amos%nsta@nsc.com {hplabs,pyramid,sun,decwrl} ------------------------------ Date: Mon, 27 Apr 87 06:02:42 PDT From: minow%thundr.DEC@src.DEC.COM (Martin Minow THUNDR::MINOW ML3-5/U26 223-9922 27-Apr-1987 0855) To: "risks@csl.sri.com"@src.DEC.COM Subject: Wheels up You may recall the extensive discussion on Risks a few months ago about computer-controlled airplanes. It seems, that if the plane was on the ground and you told the computer to raise the landing wheels, it did so -- crashing the plane. I recently bought the "Flight Simulator" computer game for my home computer. While parked on the ground, I told it to raise the (simulated) landing wheels. It did so, crashing the (simulated) plane. (If you haven't seen it, "Flight Simulator" is an impressive piece of work.) Martin Minow minow%thundr.dec@decwrl.dec.com ------------------------------ Date: 29 Apr 87 16:56:20 PDT (Wednesday) From: Hoffman.es@Xerox.COM Subject: Special Risk Assessment issue of 'Science' To: RISKS@CSL.SRI.COM Partial contents of 'Science' magazine for 17 April 1987 (vol 236 no 4799) Editorial on "Immortality and Risk Assessment" "Risk Assessment and Comparisons: An Introduction" "Ranking Possible Carcinogenic Hazards" "Perception of Risk" "Risk Assessment in Environmental Policy-Making" "Health and Safety Risk Analyses: Information for Better Decisions" "The Safety Goals of the U.S. Nuclear Regulatory Commission" [Computers are explicitly omitted. Eugene Miya] [But there is still much for us to learn from this issue... PGN] ------------------------------ Date: Thu, 30 Apr 87 17:42 PDT From: Wm Brown III Subject: Radiation hazards to computers To: RISKS@SRI-CSL.ARPA Paul Stewart's contribution on airport luggage scanners which use slow neutrons to detect explosives reminded me of a phenomenon which plagued a company I once worked for. The product we sold was a satellite navigation receiver which used the old Transit constellation of satellites to provide position fixes for commercial ships. Many of these systems were sent around the world to be installed wherever a vessel happened to be at the time. After a couple of years, we began to notice that our overseas dealers frequently had systems fail out of the box with invalid EPROM checksums. Machines installed within the U.S. virtually never failed in this way, even though they were built with parts from the same vendor and datecode lot. Spare PROM sets became a standard part of everyone's service kits. Finally someone collected enough data to correlate these failures with the distance a system traveled by air freight; the dealers farthest from home usually saw the most failures. I seem to remember that flights over the polar routes did the most damage. One of our engineers had a background in nuclear physics and power engineering; the best theory he was able to propose was that high energy particles in the upper atmosphere occasionally hit heavy metal atoms in the ceramic chip packages and kicked out slow secondary emissions which corrupted cells in the EPROMs. Has anyone else had first-hand experience with this phenomenon? Can someone with adequate theoretical knowledge offer another hypothesis? Do the FAA's new bomb detectors pose a similar threat? ------------------------------ Date: Mon, 27 Apr 87 11:34 EDT From: Richard H. Lathrop Subject: Neutron beam detection [RISKS 4.75] To: RISKS@CSL.SRI.COM Date: Mon, 20-Apr-87 00:40:59 PDT From: beach!paul@rand-unix.ARPA (Paul Stewart) Subject: Radiation risk at airports? To: risks@csl.sri.com ....a computer-based system that bombards luggage or other cargo with a "beam of slowed neutrons" and uses a computer system to analyze the signature of the resulting gamma radiation emissions to characterize for the potential presence of explosives. I have been licensed by the US NRC as a nuclear reactor operator (I have since allowed this to expire), and was once the chief programmer and statistician on a science project which used this technique to monitor trace element pollution in tree rings. The method is known as Neutron Activation Analysis (NAA). It is based on the propensity of an atomic nucleus to absorb a neutron and thereby transition to another isotope of the same element, but with the next higher atomic weight. The resulting isotope is often energetically unstable, and often decays to a stable state by emitting a gamma ray at a frequency characteristic of the isotope involved. (This is a slightly different mechanism from the propensity of plutonium-239 and uranium-235 to absorb a neutron, become unstable, and fission.) The neutron capture coefficient (known as the "cross-section") is a characteristic property of the elemental isotope, and can be looked up in tables of physical constants (e.g., the CRC Handbook of Chemistry and Physics), as can the stability, decay mode, frequency, and half-life of the resultant isotope(s). The cross-section varies widely across isotopes (a spread of ten orders of magnitude!). As some naturally occurring isotopes transition to other stable isotopes and some have miniscule cross-section, activated gamma radiation will result only in some (this means many) cases. For short irradiation times the amount of any given isotope created is the product of the neutron flux (intensity), the time period irradiated, the amount of the element present, the proportion of the element occurring as the precursor isotope, and the precursor isotope's capture cross-section. (Note that if the flux is extremely low very little of the radioactive isotope will be created.) If the resulting isotope is unstable, it will emit radiation at a characteristic frequency and half-life, also obtainable from tables. The shorter the half-life the more intense the short-term radiation, the longer the half-life the longer the radioactive isotope persists. By measuring the radiation at a particular frequency of interest and subtracting the ambient background, it is possible to calculate the amount of a given element present in the original sample. The question then, for anyone who understands this technology or knows about Science Applications International, is: what will happen to luggage, cargo, etc., possibly including foods and other items that can be ingested or will be in close proximity to persons for long periods of time, after passing through such neutron beam systems once or possibly many times in the course of complex or multiple trips? Almost all of the above will become slightly radioactive, the degree to which being essentially determined by the neutron flux characteristics, exposure times, and elemental content of the irradiated matter. Bodily damage from radiation results mostly from the accompanying ionization, in which chemical bonds are disrupted by the high energy levels and chemically reactive ions are created. Food is particularly worrisome because most of the radiation is absorbed internally, and because the body has mechanisms that produce high local concentrations of certain elements (e.g., iodine in the thyroid, calcium in the bones, etc.). Common isotopes in food having high natural abundance, reasonably large cross-sections, and medium half-lifes (hence, readily made radioactive) include sodium-23 and chlorine-37. Common metals with similar properties include aluminum-27, copper-63 and -65, zinc-64, silver-107 and -109, gold-197, mercury-202, and several of the trace elements used in making stainless steel. Are airline passengers to be subjected to the radioactive luggage and cargo simply because the emission levels meet "government standards"? Well, yes, but this has to be kept in perspective. For example, "government standards" are typically less than the ambient background due to cosmic rays, etc., and also less than the incremental increase due to living in a brick house (because of trace radioactive elements and isotopes present in the brick from the earth), living in Denver instead of New York (because of the greater exposure to cosmic rays from less atmospheric shielding), or a medical X-ray. This does *not* mean that they are harmless --- the effects of low-level radiation are *very* poorly understood and the health aspects, if any, somewhat controversial. Of especial concern is genetic damage due to ionization and resulting disruption of chromosomes. Will the frequent traveler be at greater risk than the occasional traveler? Yes, given the perspective about ``risk'' above. What is the real story about these systems? I cannot answer this question, only discuss the underlying technology. The "real story" depends on (1) physical parameters such as exposure time and neutron flux characteristics which are not provided in the story, and (2) medical effects of low radiation levels, which are poorly understood and controversial. Date: Tue, 21 Apr 87 11:50:35 edt From: Scott Dorsey Subject: Neutron beam detection [RISKS 4.75] A machine which detects nitrogen chains may also detect things like ammonia if it cannot discriminate between long and short chains.... For virtually all purposes nuclear processes are completely decoupled from chemical ones, and so the technique cannot discriminate between long and short chains. It is in fact unlikely that nitrogen is being detected in this way. 99.63% of natural nitrogen occurs as nitrogen-14, which on neutron capture transitions to nitrogen-15 which is stable. 0.37% occurs as nitrogen-15, which has an insignificantly miniscule capture cross-section. This makes sense when you think about it, as otherwise the nitrogen in the air would render the technique worthless. Rather, it is more likely that some readily-activated rare-earth element associated in trace quantities with explosive manufacture is what is actually being detected. This is done, e.g., in studies which wish to monitor the lead deposition from gasoline even though lead is essentially inactivable. These studies look instead for vanadium, which occurs in gasoline in trace amounts but is readily activated and detected. Date: Thu, 23 Apr 87 16:29:25 CST From: marco@ncsc.ARPA (Barbarisi) To: risks@csl.sri.com Subject: Neutron Beams for Explosives Detection I did an experiment with neutron radiation for a physics laboratory while I was in college .... a silver dime was placed in a device called a "neutron howitzer" and irradiated .... it was very "hot" upon removal As mentioned above, silver activates rather nicely. Typically this experiment measures the two different half-lives associated with the two different silver isotopes which are activated. The latex stick which held the dime in the neutron howitzer showed no sign of radiation at all. Carbon, hydrogen, nitrogen and oxygen, the basic elements of complex carbohydrates and many polymers, are all essentially inactive under neutron irradiation. In any case, for a physics experiment the holder would be chosen to be inert, so as not to compromise the experiment with spurious radiation. Thus, I doubt that there would be any lasting effect on clothing and food from low energy neutron radiation. This is not a justified assumption without additional technical substantiation. It depends critically on what elements are irradiated, for how long, and within how strong a neutron flux. -=*=- Rick ------------------------------ Date: Fri, 1 May 87 08:04:44 pdt From: Steve Summit To: risks@CSL.SRI.COM Subject: Computer Database Blackmail by Telephone The following article was in the (Portland) Oregonian, 1 May 1987. I'm not quite sure what to make of it, except that I can't quite believe it. This looks like the kind of information abuse that people (myself included) would say "couldn't happen, because people are more reasonable than that." PNB CANCELS 976 NUMBER FOR PERSONAL-DATA COMPANY Seattle (AP) -- Pacific Northwest Bell has canceled the 976-prefix toll-call number of a Seattle company that obtains and sells information about individuals. The company had sent post cards to thousands of Seattle residents, offering to delete data about them from company files if they called the telephone number--a call that cost $7.50. After PNB attorneys alleged that the post cards could involve extortion, the phone company canceled Profile Service Corp.'s 976 number Monday, the first time such action had been taken in the Seattle area, said PNB spokesman Bruce Amundson. But Jan Sakamoto, Profile's president, said the company did nothing wrong and would appeal the phone company's action to the Washington State Utilities and Transportation Commission. "I don't think it's blackmail or fraud," Sakamoto said. Instead, he said, his company was "catching the brunt of people's ire at not being able to control information about themselves." Commission spokesman Raymond Day said PNB apparently was within its rights in canceling the number. The commission allows PNB to cut off service "without prior notice, for unlawful use of service or use of service for unlawful purposes," Day said. Seattle news media, the state attorney general's office, the Utilities and Transportation Commission, the Postal Service and PNB have received numerous complaints about the cards, which were mailed to 20,000 Seattle residents. The card read: "Profile Service Corp. knows some personal things about you that other people might like to know. Our company's computer files contain names, telephone numbers, complete addresses, credit reports and other important pieces of information about you. We have purchased this information from a variety of public and private sources." The card then advised consumers to call its 976 number to have the number deleted from its computer files. The $7.50 charge for the call would be billed to caller's phone numbers, with most of the charge being remitted by PNB to Profile. People who called the number will have the charge deleted from their phone bills, Amundson said. I think it's interesting that the company is not offering to delete information because it is incorrect, but simply because people might not want it there, as long as they are willing to pay. It would not surprise me if Profile Service Corp. didn't really have any data at all, but was simply out to milk money from people who are anxious about "not being able to control information about themselves." It's refreshing that Pacific Northwest Bell chose to put a stop to this scam. I suppose they could have stayed out of it, saying it was Profile's business. No mention is made of what "use" Profile Service Corp. makes of the data it keeps. If their raison d'etre is simply to get rich on people's $7.50 paranoia calls, they can preserve income, lower expenses and raise profits by not maintaining an expensive computer database at all. It would be interesting to know how big Profile Service Corp. is: if it's just Jan Sakamoto in his garage, and if he's got other income, he can't lose: the only expense is the postcard mailing, so once that is recovered, each phone call is pure profit. Steve Summit ------------------------------ From: Brian Randell Date: Wed, 29 Apr 87 11:05:46 bst To: Neumann@csl.sri.com Subject: Liability Law in the UK From Datalink (UK) March 23 1987: LAW THREATENS FIRMS WITH COURT OVER FAULTS A new Bill may leave computer companies wide open to claims for personal injury says Angus McCrone: Software and hardware suppliers are being advised to take careful notice of a new law which means they could be sued for damages if their products are involved in a user's personal injury. The law is a product liability bill which is now on its way through parliament and should be on the statued books by May next year. The bill gives individuals the right to sue companies if they can claim that they have suffered personal injury as a result of defective products - whether computer products or any other sort. This is likely to apply not only where an individual suffers injury from using a computer system, but also where a computer error is alleged to have caused an accident, such as a plane crash. Computer suppliers could even be sued if their systems have designed a large object, such as a bridge, which has fallen down and caused injury. This marks a radical change from the past, when products suppliers were only likely to be sued for damages if it could be proved that they were guilty of clear negligence. The proposed legislation has prompted groups like software's Computing Services Association (CSA) and hardware's Business Equipment Trade Association (Beta) to warn of serious consequences for their members. Alan Smith, director of administration at Beta - which represents most of the big hardware manufacturers including IBM, ICL, Honeywell and Hewlett Packard - said that his organisation is 'very worried' about the new legislation. "It completely reverses 500 years of legal precedents,' Smith said. 'At the moment a claimant has to prove negligence by a supplier and that this negligence was the cause of injury. 'In the future, as a result of this legislation, all suppliers will be treated as guilty unless they can prove that their products did not cause the injury.' In other words, Smith reckons the difference between a system or program going wrong, and being misused, could be blurred. 'If someone misuses a computer in the machine tool industry or in a hospital, who is to say that the system did not malfunction and cause the injury?' He predicts that the product liability legislation would hit hardware vendors in two other respects - it will become much more difficult and expensive for them to insure products for liability, and they could be hit by a spate of 'spurious claims' for damages. Both factors will present suppliers with increased costs. Smith said; 'The next five to 10 years could be a nasty experience for a lot of companies.' But while hardware vendors look certain to be hit by the proposed product liability law, it is still not clear whether software will be included in the legislation or not. Ranald Robertson, legal services manager at CAP and an expert on software and the law, commented that the Government has not made clear whether software will be treated as a 'product' and so will be covered by the new legislation. Robertson said; 'Until a test case is brought to court, we are unlikely to have a definitive statement as to whether software is included in the legislation. 'But any software producer which ignores this legislation and its possible implications does so at its own peril, because there could be situations where a defect is attributable to faulty software and a potential liability could exist', Robertson added. Doug Eyeions, director general of the CSA, described one example; 'If software is used to make a bridge or a nuclear reactor, and it turns out to have bugs, then this legislation could lead to an enormous liability for the software supplier.' The CSA is arguing that software, by its very nature, cannot be guaranteed to be 100% bug free and cannot be tested in all possible circumstances - therefore it would be unfair to classify software as a 'product' for the purposes of the new law. Another argument which the software industry is putting forward to the Government is the so-called 'development risk defence'. This argues that a supplier should escape product liability if it is judged that with the benefit of current scientific knowledge, it could not have foreseen a particular defect. But these sorts of arguments may fall on deaf ears. One parliamentary amendment which had the support of Beta has already been defeated. The Government is also under pressure from the EEC which has issued a directive requiring all its member states to have suitable product liability laws in place by May 1988. Because the proposed law applies to all products the implications for the software and hardware industries have taken some time to sink in. But groups like the CSA and Beta are now lobbying very hard to influence what Eyeions describes as 'one of the major issues facing the industry'. Elsewhere in the paper, a brief summary article states: According to Praxis chairman Martyn Thomas, who is involved with the Alvey formal methods team, this could mean software houses will have to prove they used state-of-the-art formal methods in the design stage. Rather than companies sorting themselves out in time for the new law, he thinks "what's more likely to happen is that there'll be a court decision that a company wouldn't have been liable if it had used formal methods. Brian Randell - Computing Laboratory, University of Newcastle upon Tyne UUCP : !ukc!cheviot!brian JANET : brian@uk.ac.newcastle.cheviot ------------------------------ End of RISKS-FORUM Digest ************************ -------