| University of Bielefeld - Faculty of technology | |
|---|---|
|
Networks and distributed Systems
Research group of Prof. Peter B. Ladkin, Ph.D. |
|
| Back to Abstracts of References and Incidents | Back to Root |
| This page was copied from: http://catless.ncl.ac.uk/Risks/16.06.html | |
ACM Committee on Computers and Public Policy, Peter G. Neumann, moderator
Plane accidentally ejects pilot into sea
Tax preparation programs; IRS privacy; IRS computerization
Digital Defamation in the UK
We spy harder!
Killers sue over phone taps
Journalists attack credit card account
Fragmenting of the News
Software piracy vexes industry
Ultra-high dependability and the Channel Tunnel
Re: Future of US health care?
Re: China Air A300 Crash
Re: Copyright/patent owners: quick correction
Re: Amusing computer-related anecdote about cable
Re: 11-digit ZIP code
Info on RISKS (comp.risks), contributions, subscriptions, FTP, etc.
TOKYO (Reuter) - The test pilot of a trainer jet built for the Japanese air
force was accidentally ejected when the emergency bailout system mysteriously
functioned, the plane's makers said Tuesday. Pilot Masahiko Kameishi was
later plucked from the sea by a military helicopter. He was reported to have
suffered minor injuries to his arms and knees. Kameishi was flying the T-4
two-seater over the Pacific Ocean southwest of Tokyo on Monday when he was
suddenly ejected into the sea with a parachute, a spokesman for manufacturers
Kawasaki Heavy Industries Ltd said. His co-pilot, seated in the rear, landed
the plane safely at a nearby military base. The Kawasaki spokesman said the
company was looking into whether the ejection was activated by mechanical
malfunction or by something the pilot may have touched. More than 100 T-4s
are already in service with the Air Self-Defense Force, Japan's air force.
Kameishi's plane was to have been handed over to the air force June 1.
Frank Carey at Bell Labs f.e.carey@att.com
1. The following item is apparently from COOVER@MITRE.ORG . It was sent by
SnailMail to Will Tracz, the new editor of Software Engineering Notes,
presumably for the RISKS section. Will faxed it to me.
From Law Practice Management, April 1994, p. 16:
Well, it's April again and time for the annual buying frenzy for All
The Latest tax-return software. Just so you're on notice -- last year
at this time *PC Magazine* did a comparison of twenty different tax-
return packages. When they ran a test scenario through the packages
(see -- I don't actually have to say it out loud anymore -- you people
know what's coming), that's right, *every single package* computed a
different total tax due.
Sort of like calling the IRS Help Line.
2. Colin Smiley sent me a note observing that his social security number was
visible through the window of the envelope that contained his refund check,
and pointing out the evident risks.
3. The IRS is now beginning the integrated computerization of its entire tax
process. This presents many interesting risks relevant to our newsgroup, such
as those relating to security, integrity, authenticity, insider abuse, fraud,
violations of privacy, bogus returns, and so on.
4. Your RISKS Moderator is now a member of the IRS's Commissioner's Advisory
Group (CAG), and cochairman of its Subgroup on Technology, Security, and
Privacy. If you have problems that you believe need to be addressed, please
send them to me (neumann@csl.sri.com) if you do not want them to appear in
RISKS. The next meeting is coming up in midJune.
PGN
The following article is quoted in its entirety from the (UK) Computer
Weekly, issue dated 12 May 1994.
[Brian Randell, Dept. of Computing Science, University of Newcastle,
Newcastle upon Tyne, NE1 7RU, UK +44 91 222 7923 ]FAX = +44 91 222 8232]
Why bulletin boards are a libel minefield
Nick Braithwaite warns of the dangers of digital defamation
and how network and bulletin board operators must guard against
being unwitting participants in user's libellous missive
Libel doesn't figure prominently in most network operators' list of
priorities. Many assume that transient screen messages are private and
unlikely to damage anyone's reputation. Electronic mail and bulletin boards
foster informal communication, so users may be resistant to the idea that
defamation risks are attached to electronic "conversations" .
But beware if you run network or database. You could be in the firing line
for a libel claim.
In the first case of its kind in the UK, Canadian academic Dr Laurence Godfrey
issued a libel writ in London against another academic based in Geneva
claiming he was defamed by a bulletin board message posted on the Usenet
system. If the claim succeeds, hosts and users could soon be contemplating
sizeble pay-outs.
In fact, there's nothing novel about the Godfrey case. Libel suits have
been an occupational hazard for information providers and electronic
database operators for many years, but now network hosts too have begun to
experience defamation problems. Only recently, Compuserve was sued for
libel in the US, while individuals in both the US and Australia have faced
claims over uncomplimentary bulletin board messages.
Are electronic messages "published" for libel purposes? The first requirement
is a degree of permanence in the communication. Most experts now agree that,
if defamatory, even transitory computer messages flashed on screen are
sufficiently permanent, once stored in memory, to be libellous. Slurs posted
on bulletin boards are even more likely to be held libellous.
The "publication" requirement is minimal, satisfied if just one person
other than the plaintiff sees the material.
Despite the international aspects of the Godfrey case, one solitary viewing of
a bulletin board in England allows a case to be litigated in London, where
libel actions are hard to defend.
The author of a defamatory statement is an obvious libel target, but
corporations with deep pockets usually make more enticing defendants. Happily
for US-based computer networks, the court in the Compuserve case ruled
Compuserve could not, without editorial control, be liable for defamatory
statements by users.
In England, it is likely that operators will have to prove they were not
negligent or reckless in allowing the statement onto the system. So if you
follow the US standard, you should not exercise any editorial control at all.
If you follow the English standard you should exercise maximum control.
In fact there ought to be no real conflict, because it is difficult to imagine
a court insisting that an operator should vet all messages on the system.
Whichever standard of care prevails, database and public access network
operators will have every incentive to minimise editorial control over what
they carry.
Plainly, for some databases and networks that will not be practical. But for
libel purposes, the ideal is probably to emulate a telecoms carrier,
disclaiming all responsibility for the content of messages. Some practical
steps to keep the lawyers at bay are:
Check you have a warranty from the subscriber that they will not input
defamatory material. Or, if you are worried about staff messages, put a
warning in their contract of employment. Consider a statement in your user
contract that the operator has no editorial control over traffic on the
system. Display a warning on-screen that the host does not endorse any
defamatory statements. These may not solve every problem, but will help reduce
risk.
[Nick Braithwaite is a lawyer in the London-based media group of solicitors
Clifford Chance]
From the Reuter newswire via Executive News Service (GO ENS) on CompuServe:
"FORT LAUDERDALE, Fla, May 9 (Reuter) - Three former owners of Value Rent A
Car Inc pleaded guilty Monday to racketeering charges and face prison
sentences of two to five years and fines totalling $2 million."
They are also accused of having wiretapped the offices of Mitsubishi Motors
executives. Mitsubishi Motors owned 80% of the firm at that time.
[MK: This is known as taking an interest in management.]
United Press newswire (94.05.11 @ 09:59 EDST) via Executive News Service on
CompuServe:
CAMBRIDGE, Mass., May 11 (UPI) -- A Massachusetts judge continued a hearing
on a suit by eight convicted murderers who seek to end the state's new
practice of monitoring inmate phone calls to the outside.
The eight lifers, saying they are representing all 10,000 state prisoners,
filed suit against Nynex and Massachusetts corrections officials for tapping
their phone calls."
The article continues with the following key points:
o William "Lefty" Gilday, convicted of murdering a policeman, claims that
the phone monitoring system is unconstitutional.
o Corrections officials argue that "the taps are necessary to curb fraud,
harassment and drug dealing by inmates."
o Gilday was convicted in 1984 of running a credit-card fraud operation
from prison and defrauding American Express of $4,000.
[MK:
set flame = on
Interesting perspective on rights and responsibilities, eh? These folks
remind me of the self-righteous anger of some criminal hackers when legal
processes interfere with their self-proclaimed rights to attack other people's
computer systems. "Rights for me, not for you; duties for you, not for me."
Could we maybe apply the Key-Escrow Proposal to criminals? How about "Lock
'em Up and _Throw Away_ the Keys"?
set flame = off
Why is my neck turning red?]
Mich Kabay / not representing anyone else this time.
From the Reuter newswire via CompuServe's Executive News Service (GO ENS):
"FRANKFURT, May 10 (Reuter) - A journalist from a well-known German satirical
magazine has cut off fugitive real-estate tycoon Juergen Schneider from one
source of cash -- by ringing up Schneider's credit card company and cancelling
his account.
The magazine Titanic said journalist Bernd Fritz had telephoned the
Eurocard company and blocked the account by giving Schneider's name and date
of birth."
The article explains that Schneider has been on the run for over a month and
has filed for bankruptcy. He is under investigation for credit fraud.
Asked for identifying information, including Schneider's bank, the journalist
picked a bank at random--and was right.
The magazine writers now claim that they will try to block credit cards for
other fugitives.
[Comment by MK: I have been saying for a long time we need PINs for credit
cards! I hold no brief for the accused man, but it does seem odd that someone
else be able to cancel a person's account. How would you like it if some
prankster cancelled _your_ credit/bank/phone/... account with a simple phone
call?]
Michel E. Kabay, Ph.D. / Dir Education / Natl Computer Security Assn
The Washington Post newswire (94.05.11) includes an interesting essay by
Michael McKeon entitled, "Fragmenting of the News." The author discusses the
declining importance of the mass media for distributing news and the rising
importance of electronic communities where opinions are more uniform.
<<begin summary>>
He writes, "More ominously, they have the ability to deny access to anyone
trying to reach them with a message." By this he means that faxes, videos,
electronic mail and Internet or other newsgroups put control in the hands of
the individual. He calls these non-official communications groups "the
stealth medium." He sees these groups as the modern equivalent of the tavern
conversations of a different generation. These "virtual communities" exist
without geography; they consist of people with similar interests and sometimes
with similar views.
He worries that the information passing through the stealth medium is
unchecked for accuracy. Furthermore, "the character of the information tends
to be more emotional and, as a result, more reflective of peoples' true
feelings." People tend to flame others when there is no face-to-face contact.
And "people are often choosing information delivered by demagogues appealing
to fear, anxiety and prejudice through heated rhetoric and distortion."
Even worse, in the writer's view, politicians and the mass media are turning
into their very own insular virtual community. Politicians and government
officials speak to each other through the media but are losing their audience
outside the Beltway.
Politicians, he argues, must learn to address smaller and more specific
audiences using the communications channels at hand.
<<end summary>>
[Comment by MK: McKeon addresses an important question--how one ensures
accuracy in cyberspace. At the moment, there are few mechanisms for
generating consequences for defamatory, inaccurate or harmful "speech" in
cyberspace. We don't even have universal mechanisms for identification,
authentication and non-repudiation. I'm glad to see a mainstream non-technoid
writer raising these points in the mainstream media. Naturally, I had to send
it to my virtual community for discussion. <g>]
Michel E. Kabay, Ph.D. / Dir Education / Natl Computer Security Assn
United Press International newswire (94.05.11 @ 01:46 EDST) reports on an
interview with Business Software Alliance President Robert Holleyman during
his visit to Microsoft offices in Redmond, WA.
<<begin summary>>
Writer STUART GLASCOCK's key points:
o MS would be 4 times larger were it not for counterfeit software.
o Total losses (not per year) to software thieves by US software
companies alone exceed $12 billion.
o Holleyman said, "Software piracy continues to plague the industry,
stifling motivation, destroying incentives for creating new programs, and
impeding growth. Strong copyright laws and enforcement measures are critical
to enhance the legitimate market for software."
o Other estimated annual losses due to software theft:
Europe $4.9 billion
Asia $3.9 billion
US & Canada $2.4 billion
Africa & MidEast $0.7 billion
Latin America $0.8 billion
Japan $1.9 billion
o BSA represents the leading U.S. software companies. BSA members are
Aldus Corp., Apple Computers Inc., Autodesk Inc., Computer Associates,
Intergraph Corp., Lotus Development Corp., Microsoft Corp., Novell Inc.,
WordPerfect Corp.
o "Untold numbers of U.S. jobs are lost to piracy," said Ann Woodliff,
associate general counsel for Aldus Corp. "The numbers are staggering,"
Woodliff said. "It's difficult to put a number around it. Our piracy losses
are over 40 million worldwide."
o "BSA operates 20 hotlines around the world for callers seeking
information about piracy or to report suspected incidents of software theft.
Nearly 250 per day are received on these lines, the BSA claims. The number in
the United States is 800-688-2721."
<<end summary>>
[MK comment: I wish we could convince the criminal-hacker, "Information Wants
to be Free" gang that encouraging software theft harms _people_ working in the
software industry. I think everyone who works in the software field should be
supporting or participating in local programs to reach schoolchildren and
their parents and explain why stealing software is a Bad Thing. I've recently
been asked to speak at a local school and am working with my synagogue to
introduce a discussion of the morality of cyberspace to our community.
Already, a friend has been so moved by my arguments that he has had
discussions with his teenaged sons and has thrown out years of stolen
software. When he was offered a stolen copy of a package last week, he turned
it down for the first time in his life and said, "If I need it, I'll buy it."
He told me he is getting used to the idea but feels good about it. "I
realized that I was setting a terrible example for my children."]
Michel E. Kabay, Ph.D. / Dir Education / Natl Computer Security Assn
[Sent to RISKS courtesy of John Rushby <RUSHBY@csl.sri.com>. PGN]
From an article by William Hartston, *Independent on Sunday*, 8th May 1994,
p.21 (numbers column)
A major accident in the Channel Tunnel resulting in 70 or more deaths will
happen once in 100,000 years, according to a report by Eurotunnel.
Impressive, but how was it calculated?
Give or take a few millenia, 100,000 years is the time homo sapiens has been
around; 10,000 years ago, you could walk from England to France without
getting your feet wet. So how did Eurotunnel look 100,000 years into the
future? It began with statistics from 1984-90, which showed a total of 313
people killed in railway accidents in Britain, including 99 at stations. With
268 billion passenger kilometres traveled, simple arithmetic yields figures
of 0.08 fatalities per 100 million passenger kilometres plus 0.95 fatalities
per 100 million passenger journeys (for those killed at stations). These
figures, and their French equivalents, were then combined and applied to the
tunnel, as though it were a randomly selected 50km stretch of track, with a
station at each end.
The figure may then be modified by the decreased likelihood of anyone throwing
himself in front of a moving train under the Channel. Fires and derailments,
however, (estimated at 4.4 per cent and 18.5 per cent respectively of the
"total system risk") are likely to have more serious consequences, which are,
in turn, balanced by more stringent safety procedures.
Eurotunnel concludes: 'The Channel Tunnel represents a significant advance in
railway safety' which may be true. But for all the precision, it is little
more than informed guesswork: 100,000 years is a long time on a train line.
The Titanic was unsinkable. Has Eurotunnel overlooked an iceberg too?"
[I believe Eurotunnel is planning for 10 trains/hour. I think that makes
one accident every 100,000 years a 10 ^ -10 claim..
I also heard something about an independent report that had been suppressed
that argued that the 10 trains/hour figure was unsustainable taking into
account factors such as gradients, length and weight of trains, time to
accelerate from stations, etc. Robert Stroud]
In RISKS-16.04, Mark Stalzer (stalzer@macaw.hrl.hac.com) wrote about his HMO
doctor's deliberate "misdiagnosis" of his baby daughter's rash as lupus, in
order to get past the HMO restrictions for referring her to a specialist. He
was understandably quite upset at having received notification of this
diagnosis in the mail, without any previous phone call or explanation from the
doctor or other HMO personnel.
In addition to the ridiculousness of the HMO doctor having to play games like
this just to refer a patient to a specialist that the doctor feels the patient
needs to see, there's another big risk in this story. In this age of
nation-wide computer databases like the Medical Information Bureau, this
little girl (and other people like her who were similarly "misdiagnosed" by
the HMO doctors) may now be listed somewhere in some database as having a
serious, pre-existing disease -- which could cause her to be unjustly rejected
sometime next century when she applies for life insurance, medical insurance,
a physically demanding job, college, or who knows what else. I won't try to
address whether this kind of database is fair or just even when the
information it contains is *accurate*, but it should be obvious to RISKS
readers that in this case (and many others) it could also contain inaccurate,
very damaging information.
-- Amy McNulty (amy_mcnulty@vos.stratus.com)
> The root cause of this crash seems to be a confused co-pilot.
I think you're being much too harsh on the copilot. He was trying to fly the
plane in a standard way, and the plane's auto-pilot did something
inexplicable. While perhaps the copilot could have responded better (but note
several other odd auto-pilot actions later), I would have to say the root
cause was the "go-around mode for unknown reasons".
Since people don't always diagnose unexpected behaviour correctly, it is
important to decrease the chances of their being confronted with some
unexpected behaviour in a time or place with little margin for error. The
question one has to ask about the rather sophisticated auto-pilots now in use
is not "are they perfect?" We know that they aren't. But, "How often do they
fail, and can pilots reasonably be expected to recover from the failures?" By
comparing the dangers of the new technology with the dangers of the old
technology, we can make an intelligent choice. Unfortunately, the vendors try
to convince us that their technology is perfect, which is clearly false.
--David Wittenberg dkw@cs.brandeis.edu
I won't name names, but another RISKS contributor suggested that copyright
owners or patent holders "MUST" license to all on reasonable terms. That is
not true. In general patents or copyrights may be licensed on any terms the
owner can get and the owner may pick and choose licensees at will. The
exceptions are few, and are related to antitrust issues that do not apply to
99.99% of situations. Some (other than the U.S.) countries have mandatory
licensing of various kinds of patents and copyrights (e.g., mandatory
licensing of educational textbook copyrights in India), but again, with a few
exceptions, the U.S. doesn't work that way. And for other pedants like me:
I'm not gonna launch into a discussion of "fair use," music-performance
situations, copyright collectives, weapon patents, and other stuff which would
explain some of the "exceptions" to the general rule I've alluded to.
Think about it. What competitive advantage would a patent confer if you had
to license it to anyone? Ditto copyrights. The whole point of such rights is
to limit the people who can exploit a certain work.
Mark Seecof <marks@latimes.com> Publishing Systems Dept. Los Angeles Times
TCI Cablevison of Washington often has a similar display with a Guru Error
(Amiga) for days on end on the Public Info channels. Also, Cablevision of
Terre Haute, IN used to have a Apple ][+ that would bomb out and draw random
lines on the PI channel. Terre Haute First National Bank built a new building
complete with 6 huge automated computer displays (light-bulb type) and they
often got out of sync, triggering an alarm that would display a very distinct
Commodore Basic prompt on all six signs all night.
long-morrow@cs.yale.edu (H Morrow Long)
writes about the error he noticed on his local cable channel recently.
Our local cable system and a couple of the surrounding ones use Commodore
Amigas for such things as the on-line cable guide (The Preview Guide), local
programming information screens, etc... My guess is that there is specialized
software available to the cable operator from whatever company broadcasts The
Preview Guide which is customizable by region, content or whatever (ad
packages come to mind).
A few years ago you could usually look forward to seeing the dreaded Amiga
'Guru Meditation Error' plastered on your cable guide screen whenever there
was a big storm or over a long holiday weekend. It was amusing at first, but
it soon became tiresome. Since it hasn't happened in the past couple of years
I'm assuming they've invested in a battery backup or better equipment. One
risk for them: Since Commodore has gone belly-up, what's going to happen to
their equipment when it dies. Will they be relegated to searching the
orphaned-computer parts bin at their local used computer store?
Paul
The existing 9 digit ZIP code already provides a path to your door -- in most
cases, it maps out to either an individual house, four or five houses,
apartment building, or cluster of floors in an apartment building.
So there's no new RISK with the 11 digit code -- as a matter of fact, it's
already in use on some barcoded mail (but the 11 digit ZIP is only used in the
barcode, so you haven't noticed it yet). The RISK is that zipcode bloat makes
addressing mail more and more complicated and error-prone for humans, or that
adding extra digits to the ZIP code is being touted instead of making better
use of the existing digits to make things easier for the bureaucrats in the
Post Office.
Ed Ravin, Prodigy Services Company, 445 Hamilton Avenue
White Plains, NY 10601 +1 914 448 4737 elr@wp.prodigy.com
[Similar comments were received from
PMDebenham@email.meto.govt.uk, who noted Britain's system is
often unique to 10 or 20 households,
grayjw <grayjw@helios.aston.ac.uk>, who noted the use of the
first few digits to determine insurance rates,
Chuck Weinstock <weinstoc@SEI.CMU.EDU>,
Frederick Wheeler <wheeler@ipl.rpi.edu>,
marty@beta.lanl.gov (Martin G. Halvorson),
msb@sq.sq.com (Mark Brader), who wondered about the (non)difference
between giving out a unique address and a unique ZIP, and
brown@wi.extrel.com (Vidiot), who noted that the U.S. Postal Service
is already using the 11 digits. PGN]
| This page was copied from: | http://catless.ncl.ac.uk/Risks/16.06.html |
| COPY! | |
| COPY! | |
|
by Michael Blume |