|University of Bielefeld - Faculty of technology|
Networks and distributed Systems
Research group of Prof. Peter B. Ladkin, Ph.D.
|Back to Abstracts of References and Incidents||Back to Root|
|This page was copied from: http://catless.ncl.ac.uk/Risks/16.06.html|
ACM Committee on Computers and Public Policy, Peter G. Neumann, moderator
TOKYO (Reuter) - The test pilot of a trainer jet built for the Japanese air force was accidentally ejected when the emergency bailout system mysteriously functioned, the plane's makers said Tuesday. Pilot Masahiko Kameishi was later plucked from the sea by a military helicopter. He was reported to have suffered minor injuries to his arms and knees. Kameishi was flying the T-4 two-seater over the Pacific Ocean southwest of Tokyo on Monday when he was suddenly ejected into the sea with a parachute, a spokesman for manufacturers Kawasaki Heavy Industries Ltd said. His co-pilot, seated in the rear, landed the plane safely at a nearby military base. The Kawasaki spokesman said the company was looking into whether the ejection was activated by mechanical malfunction or by something the pilot may have touched. More than 100 T-4s are already in service with the Air Self-Defense Force, Japan's air force. Kameishi's plane was to have been handed over to the air force June 1. Frank Carey at Bell Labs firstname.lastname@example.org
1. The following item is apparently from COOVER@MITRE.ORG . It was sent by SnailMail to Will Tracz, the new editor of Software Engineering Notes, presumably for the RISKS section. Will faxed it to me. From Law Practice Management, April 1994, p. 16: Well, it's April again and time for the annual buying frenzy for All The Latest tax-return software. Just so you're on notice -- last year at this time *PC Magazine* did a comparison of twenty different tax- return packages. When they ran a test scenario through the packages (see -- I don't actually have to say it out loud anymore -- you people know what's coming), that's right, *every single package* computed a different total tax due. Sort of like calling the IRS Help Line. 2. Colin Smiley sent me a note observing that his social security number was visible through the window of the envelope that contained his refund check, and pointing out the evident risks. 3. The IRS is now beginning the integrated computerization of its entire tax process. This presents many interesting risks relevant to our newsgroup, such as those relating to security, integrity, authenticity, insider abuse, fraud, violations of privacy, bogus returns, and so on. 4. Your RISKS Moderator is now a member of the IRS's Commissioner's Advisory Group (CAG), and cochairman of its Subgroup on Technology, Security, and Privacy. If you have problems that you believe need to be addressed, please send them to me (email@example.com) if you do not want them to appear in RISKS. The next meeting is coming up in midJune. PGN
The following article is quoted in its entirety from the (UK) Computer Weekly, issue dated 12 May 1994. [Brian Randell, Dept. of Computing Science, University of Newcastle, Newcastle upon Tyne, NE1 7RU, UK +44 91 222 7923 ]FAX = +44 91 222 8232] Why bulletin boards are a libel minefield Nick Braithwaite warns of the dangers of digital defamation and how network and bulletin board operators must guard against being unwitting participants in user's libellous missive Libel doesn't figure prominently in most network operators' list of priorities. Many assume that transient screen messages are private and unlikely to damage anyone's reputation. Electronic mail and bulletin boards foster informal communication, so users may be resistant to the idea that defamation risks are attached to electronic "conversations" . But beware if you run network or database. You could be in the firing line for a libel claim. In the first case of its kind in the UK, Canadian academic Dr Laurence Godfrey issued a libel writ in London against another academic based in Geneva claiming he was defamed by a bulletin board message posted on the Usenet system. If the claim succeeds, hosts and users could soon be contemplating sizeble pay-outs. In fact, there's nothing novel about the Godfrey case. Libel suits have been an occupational hazard for information providers and electronic database operators for many years, but now network hosts too have begun to experience defamation problems. Only recently, Compuserve was sued for libel in the US, while individuals in both the US and Australia have faced claims over uncomplimentary bulletin board messages. Are electronic messages "published" for libel purposes? The first requirement is a degree of permanence in the communication. Most experts now agree that, if defamatory, even transitory computer messages flashed on screen are sufficiently permanent, once stored in memory, to be libellous. Slurs posted on bulletin boards are even more likely to be held libellous. The "publication" requirement is minimal, satisfied if just one person other than the plaintiff sees the material. Despite the international aspects of the Godfrey case, one solitary viewing of a bulletin board in England allows a case to be litigated in London, where libel actions are hard to defend. The author of a defamatory statement is an obvious libel target, but corporations with deep pockets usually make more enticing defendants. Happily for US-based computer networks, the court in the Compuserve case ruled Compuserve could not, without editorial control, be liable for defamatory statements by users. In England, it is likely that operators will have to prove they were not negligent or reckless in allowing the statement onto the system. So if you follow the US standard, you should not exercise any editorial control at all. If you follow the English standard you should exercise maximum control. In fact there ought to be no real conflict, because it is difficult to imagine a court insisting that an operator should vet all messages on the system. Whichever standard of care prevails, database and public access network operators will have every incentive to minimise editorial control over what they carry. Plainly, for some databases and networks that will not be practical. But for libel purposes, the ideal is probably to emulate a telecoms carrier, disclaiming all responsibility for the content of messages. Some practical steps to keep the lawyers at bay are: Check you have a warranty from the subscriber that they will not input defamatory material. Or, if you are worried about staff messages, put a warning in their contract of employment. Consider a statement in your user contract that the operator has no editorial control over traffic on the system. Display a warning on-screen that the host does not endorse any defamatory statements. These may not solve every problem, but will help reduce risk. [Nick Braithwaite is a lawyer in the London-based media group of solicitors Clifford Chance]
From the Reuter newswire via Executive News Service (GO ENS) on CompuServe: "FORT LAUDERDALE, Fla, May 9 (Reuter) - Three former owners of Value Rent A Car Inc pleaded guilty Monday to racketeering charges and face prison sentences of two to five years and fines totalling $2 million." They are also accused of having wiretapped the offices of Mitsubishi Motors executives. Mitsubishi Motors owned 80% of the firm at that time. [MK: This is known as taking an interest in management.]
United Press newswire (94.05.11 @ 09:59 EDST) via Executive News Service on CompuServe: CAMBRIDGE, Mass., May 11 (UPI) -- A Massachusetts judge continued a hearing on a suit by eight convicted murderers who seek to end the state's new practice of monitoring inmate phone calls to the outside. The eight lifers, saying they are representing all 10,000 state prisoners, filed suit against Nynex and Massachusetts corrections officials for tapping their phone calls." The article continues with the following key points: o William "Lefty" Gilday, convicted of murdering a policeman, claims that the phone monitoring system is unconstitutional. o Corrections officials argue that "the taps are necessary to curb fraud, harassment and drug dealing by inmates." o Gilday was convicted in 1984 of running a credit-card fraud operation from prison and defrauding American Express of $4,000. [MK: set flame = on Interesting perspective on rights and responsibilities, eh? These folks remind me of the self-righteous anger of some criminal hackers when legal processes interfere with their self-proclaimed rights to attack other people's computer systems. "Rights for me, not for you; duties for you, not for me." Could we maybe apply the Key-Escrow Proposal to criminals? How about "Lock 'em Up and _Throw Away_ the Keys"? set flame = off Why is my neck turning red?] Mich Kabay / not representing anyone else this time.
From the Reuter newswire via CompuServe's Executive News Service (GO ENS): "FRANKFURT, May 10 (Reuter) - A journalist from a well-known German satirical magazine has cut off fugitive real-estate tycoon Juergen Schneider from one source of cash -- by ringing up Schneider's credit card company and cancelling his account. The magazine Titanic said journalist Bernd Fritz had telephoned the Eurocard company and blocked the account by giving Schneider's name and date of birth." The article explains that Schneider has been on the run for over a month and has filed for bankruptcy. He is under investigation for credit fraud. Asked for identifying information, including Schneider's bank, the journalist picked a bank at random--and was right. The magazine writers now claim that they will try to block credit cards for other fugitives. [Comment by MK: I have been saying for a long time we need PINs for credit cards! I hold no brief for the accused man, but it does seem odd that someone else be able to cancel a person's account. How would you like it if some prankster cancelled _your_ credit/bank/phone/... account with a simple phone call?] Michel E. Kabay, Ph.D. / Dir Education / Natl Computer Security Assn
The Washington Post newswire (94.05.11) includes an interesting essay by Michael McKeon entitled, "Fragmenting of the News." The author discusses the declining importance of the mass media for distributing news and the rising importance of electronic communities where opinions are more uniform. <<begin summary>> He writes, "More ominously, they have the ability to deny access to anyone trying to reach them with a message." By this he means that faxes, videos, electronic mail and Internet or other newsgroups put control in the hands of the individual. He calls these non-official communications groups "the stealth medium." He sees these groups as the modern equivalent of the tavern conversations of a different generation. These "virtual communities" exist without geography; they consist of people with similar interests and sometimes with similar views. He worries that the information passing through the stealth medium is unchecked for accuracy. Furthermore, "the character of the information tends to be more emotional and, as a result, more reflective of peoples' true feelings." People tend to flame others when there is no face-to-face contact. And "people are often choosing information delivered by demagogues appealing to fear, anxiety and prejudice through heated rhetoric and distortion." Even worse, in the writer's view, politicians and the mass media are turning into their very own insular virtual community. Politicians and government officials speak to each other through the media but are losing their audience outside the Beltway. Politicians, he argues, must learn to address smaller and more specific audiences using the communications channels at hand. <<end summary>> [Comment by MK: McKeon addresses an important question--how one ensures accuracy in cyberspace. At the moment, there are few mechanisms for generating consequences for defamatory, inaccurate or harmful "speech" in cyberspace. We don't even have universal mechanisms for identification, authentication and non-repudiation. I'm glad to see a mainstream non-technoid writer raising these points in the mainstream media. Naturally, I had to send it to my virtual community for discussion. <g>] Michel E. Kabay, Ph.D. / Dir Education / Natl Computer Security Assn
United Press International newswire (94.05.11 @ 01:46 EDST) reports on an interview with Business Software Alliance President Robert Holleyman during his visit to Microsoft offices in Redmond, WA. <<begin summary>> Writer STUART GLASCOCK's key points: o MS would be 4 times larger were it not for counterfeit software. o Total losses (not per year) to software thieves by US software companies alone exceed $12 billion. o Holleyman said, "Software piracy continues to plague the industry, stifling motivation, destroying incentives for creating new programs, and impeding growth. Strong copyright laws and enforcement measures are critical to enhance the legitimate market for software." o Other estimated annual losses due to software theft: Europe $4.9 billion Asia $3.9 billion US & Canada $2.4 billion Africa & MidEast $0.7 billion Latin America $0.8 billion Japan $1.9 billion o BSA represents the leading U.S. software companies. BSA members are Aldus Corp., Apple Computers Inc., Autodesk Inc., Computer Associates, Intergraph Corp., Lotus Development Corp., Microsoft Corp., Novell Inc., WordPerfect Corp. o "Untold numbers of U.S. jobs are lost to piracy," said Ann Woodliff, associate general counsel for Aldus Corp. "The numbers are staggering," Woodliff said. "It's difficult to put a number around it. Our piracy losses are over 40 million worldwide." o "BSA operates 20 hotlines around the world for callers seeking information about piracy or to report suspected incidents of software theft. Nearly 250 per day are received on these lines, the BSA claims. The number in the United States is 800-688-2721." <<end summary>> [MK comment: I wish we could convince the criminal-hacker, "Information Wants to be Free" gang that encouraging software theft harms _people_ working in the software industry. I think everyone who works in the software field should be supporting or participating in local programs to reach schoolchildren and their parents and explain why stealing software is a Bad Thing. I've recently been asked to speak at a local school and am working with my synagogue to introduce a discussion of the morality of cyberspace to our community. Already, a friend has been so moved by my arguments that he has had discussions with his teenaged sons and has thrown out years of stolen software. When he was offered a stolen copy of a package last week, he turned it down for the first time in his life and said, "If I need it, I'll buy it." He told me he is getting used to the idea but feels good about it. "I realized that I was setting a terrible example for my children."] Michel E. Kabay, Ph.D. / Dir Education / Natl Computer Security Assn
[Sent to RISKS courtesy of John Rushby <RUSHBY@csl.sri.com>. PGN] From an article by William Hartston, *Independent on Sunday*, 8th May 1994, p.21 (numbers column) A major accident in the Channel Tunnel resulting in 70 or more deaths will happen once in 100,000 years, according to a report by Eurotunnel. Impressive, but how was it calculated? Give or take a few millenia, 100,000 years is the time homo sapiens has been around; 10,000 years ago, you could walk from England to France without getting your feet wet. So how did Eurotunnel look 100,000 years into the future? It began with statistics from 1984-90, which showed a total of 313 people killed in railway accidents in Britain, including 99 at stations. With 268 billion passenger kilometres traveled, simple arithmetic yields figures of 0.08 fatalities per 100 million passenger kilometres plus 0.95 fatalities per 100 million passenger journeys (for those killed at stations). These figures, and their French equivalents, were then combined and applied to the tunnel, as though it were a randomly selected 50km stretch of track, with a station at each end. The figure may then be modified by the decreased likelihood of anyone throwing himself in front of a moving train under the Channel. Fires and derailments, however, (estimated at 4.4 per cent and 18.5 per cent respectively of the "total system risk") are likely to have more serious consequences, which are, in turn, balanced by more stringent safety procedures. Eurotunnel concludes: 'The Channel Tunnel represents a significant advance in railway safety' which may be true. But for all the precision, it is little more than informed guesswork: 100,000 years is a long time on a train line. The Titanic was unsinkable. Has Eurotunnel overlooked an iceberg too?" [I believe Eurotunnel is planning for 10 trains/hour. I think that makes one accident every 100,000 years a 10 ^ -10 claim.. I also heard something about an independent report that had been suppressed that argued that the 10 trains/hour figure was unsustainable taking into account factors such as gradients, length and weight of trains, time to accelerate from stations, etc. Robert Stroud]
In RISKS-16.04, Mark Stalzer (firstname.lastname@example.org) wrote about his HMO doctor's deliberate "misdiagnosis" of his baby daughter's rash as lupus, in order to get past the HMO restrictions for referring her to a specialist. He was understandably quite upset at having received notification of this diagnosis in the mail, without any previous phone call or explanation from the doctor or other HMO personnel. In addition to the ridiculousness of the HMO doctor having to play games like this just to refer a patient to a specialist that the doctor feels the patient needs to see, there's another big risk in this story. In this age of nation-wide computer databases like the Medical Information Bureau, this little girl (and other people like her who were similarly "misdiagnosed" by the HMO doctors) may now be listed somewhere in some database as having a serious, pre-existing disease -- which could cause her to be unjustly rejected sometime next century when she applies for life insurance, medical insurance, a physically demanding job, college, or who knows what else. I won't try to address whether this kind of database is fair or just even when the information it contains is *accurate*, but it should be obvious to RISKS readers that in this case (and many others) it could also contain inaccurate, very damaging information. -- Amy McNulty (email@example.com)
> The root cause of this crash seems to be a confused co-pilot. I think you're being much too harsh on the copilot. He was trying to fly the plane in a standard way, and the plane's auto-pilot did something inexplicable. While perhaps the copilot could have responded better (but note several other odd auto-pilot actions later), I would have to say the root cause was the "go-around mode for unknown reasons". Since people don't always diagnose unexpected behaviour correctly, it is important to decrease the chances of their being confronted with some unexpected behaviour in a time or place with little margin for error. The question one has to ask about the rather sophisticated auto-pilots now in use is not "are they perfect?" We know that they aren't. But, "How often do they fail, and can pilots reasonably be expected to recover from the failures?" By comparing the dangers of the new technology with the dangers of the old technology, we can make an intelligent choice. Unfortunately, the vendors try to convince us that their technology is perfect, which is clearly false. --David Wittenberg firstname.lastname@example.org
I won't name names, but another RISKS contributor suggested that copyright owners or patent holders "MUST" license to all on reasonable terms. That is not true. In general patents or copyrights may be licensed on any terms the owner can get and the owner may pick and choose licensees at will. The exceptions are few, and are related to antitrust issues that do not apply to 99.99% of situations. Some (other than the U.S.) countries have mandatory licensing of various kinds of patents and copyrights (e.g., mandatory licensing of educational textbook copyrights in India), but again, with a few exceptions, the U.S. doesn't work that way. And for other pedants like me: I'm not gonna launch into a discussion of "fair use," music-performance situations, copyright collectives, weapon patents, and other stuff which would explain some of the "exceptions" to the general rule I've alluded to. Think about it. What competitive advantage would a patent confer if you had to license it to anyone? Ditto copyrights. The whole point of such rights is to limit the people who can exploit a certain work. Mark Seecof <email@example.com> Publishing Systems Dept. Los Angeles Times
TCI Cablevison of Washington often has a similar display with a Guru Error (Amiga) for days on end on the Public Info channels. Also, Cablevision of Terre Haute, IN used to have a Apple ][+ that would bomb out and draw random lines on the PI channel. Terre Haute First National Bank built a new building complete with 6 huge automated computer displays (light-bulb type) and they often got out of sync, triggering an alarm that would display a very distinct Commodore Basic prompt on all six signs all night.
firstname.lastname@example.org (H Morrow Long) writes about the error he noticed on his local cable channel recently. Our local cable system and a couple of the surrounding ones use Commodore Amigas for such things as the on-line cable guide (The Preview Guide), local programming information screens, etc... My guess is that there is specialized software available to the cable operator from whatever company broadcasts The Preview Guide which is customizable by region, content or whatever (ad packages come to mind). A few years ago you could usually look forward to seeing the dreaded Amiga 'Guru Meditation Error' plastered on your cable guide screen whenever there was a big storm or over a long holiday weekend. It was amusing at first, but it soon became tiresome. Since it hasn't happened in the past couple of years I'm assuming they've invested in a battery backup or better equipment. One risk for them: Since Commodore has gone belly-up, what's going to happen to their equipment when it dies. Will they be relegated to searching the orphaned-computer parts bin at their local used computer store? Paul
The existing 9 digit ZIP code already provides a path to your door -- in most cases, it maps out to either an individual house, four or five houses, apartment building, or cluster of floors in an apartment building. So there's no new RISK with the 11 digit code -- as a matter of fact, it's already in use on some barcoded mail (but the 11 digit ZIP is only used in the barcode, so you haven't noticed it yet). The RISK is that zipcode bloat makes addressing mail more and more complicated and error-prone for humans, or that adding extra digits to the ZIP code is being touted instead of making better use of the existing digits to make things easier for the bureaucrats in the Post Office. Ed Ravin, Prodigy Services Company, 445 Hamilton Avenue White Plains, NY 10601 +1 914 448 4737 email@example.com [Similar comments were received from PMDebenham@email.meto.govt.uk, who noted Britain's system is often unique to 10 or 20 households, grayjw <firstname.lastname@example.org>, who noted the use of the first few digits to determine insurance rates, Chuck Weinstock <weinstoc@SEI.CMU.EDU>, Frederick Wheeler <email@example.com>, firstname.lastname@example.org (Martin G. Halvorson), email@example.com (Mark Brader), who wondered about the (non)difference between giving out a unique address and a unique ZIP, and firstname.lastname@example.org (Vidiot), who noted that the U.S. Postal Service is already using the 11 digits. PGN]
|This page was copied from:||http://catless.ncl.ac.uk/Risks/16.06.html|
by Michael Blume