Path: gmdzi!unido!math.fu-berlin.de!fauern!ira.uka.de!sol.ctr.columbia.edu!
spool.mu.edu!think.com!zaphod.mps.ohio-state.edu!cis.ohio-state.edu!ucbvax!
CSL.SRI.COM!risks
From: ri...@CSL.SRI.COM (RISKS Forum)
Newsgroups: comp.risks
Subject: RISKS DIGEST 11.86
Message-ID: <CMM.0.90.1.676655116.risks@chiron.csl.sri.com>
Date: 11 Jun 91 15:45:16 GMT
Sender: dae...@ucbvax.BERKELEY.EDU
Reply-To: ri...@csl.sri.com
Organization: The Internet
Lines: 370
Approved: ri...@csl.sri.com

RISKS-LIST: RISKS-FORUM Digest  Tuesday 11 June 1991  Volume 11 : Issue 86

        FORUM ON RISKS TO THE PUBLIC IN COMPUTERS AND RELATED SYSTEMS 
   ACM Committee on Computers and Public Policy, Peter G. Neumann, moderator

  Contents:
The RISKS of political correctness in computer science (Ed Nilges)
There's a Ford in your future (and your past!) (John Moore)
Public Key Crypto Freeware Protects E-MAIL (Philip Zimmermann)
Airbus offers autothrottle option (Robert Dorsett)
More on Thrust Reversal Accidents (Russ Teasdale)
Computer Privacy (cont'd) -- Letter to The Economist (Marc Rotenberg)
Freedom, Privacy & Technology SIG (Judi Clark via Lance J. Hoffman)

 The RISKS Forum is moderated.  Contributions should be relevant, sound, in 
 good taste, objective, coherent, concise, and nonrepetitious.  Diversity is
 welcome.  CONTRIBUTIONS to RI...@CSL.SRI.COM, with relevant, substantive 
 "Subject:" line.  Others ignored!  REQUESTS to RISKS-...@CSL.SRI.COM.  For
 vol i issue j, type "FTP CRVAX.SRI.COM<CR>login anonymous<CR>AnyNonNullPW<CR>
 CD RISKS:<CR>GET RISKS-i.j<CR>" (where i=1 to 11, j always TWO digits).  Vol i
 summaries in j=00; "dir risks-*.*<CR>" gives directory; "bye<CR>" logs out.
 The COLON in "CD RISKS:" is essential.  "CRVAX.SRI.COM" = "128.18.10.1".
 <CR>=CarriageReturn; FTPs may differ; UNIX prompts for username, password.
 ALL CONTRIBUTIONS CONSIDERED AS PERSONAL COMMENTS; USUAL DISCLAIMERS APPLY.
 Relevant contributions may appear in the RISKS section of regular issues
 of ACM SIGSOFT's SOFTWARE ENGINEERING NOTES, unless you state otherwise.

----------------------------------------------------------------------

Date:         Sun, 09 Jun 91 00:36:11 EDT
From: Ed Nilges <EGNI...@pucc.princeton.edu>
Subject:      The RISKS of political correctness in computer science

An article in Communications of the ACM for November 1990, "Women and
Computing", by Karen A. Frankel, cites Danielle Bernstein of the Kean College
of New Jersey on Edsger Dijkstra's comments in Communications for December
1989.  In the Dijkstra article, "On the Cruelty of Really Teaching Computer
Science", Professor Dijkstra argued for a reform in computer science education,
basing it on formal mathematics and logic rather than on early exposure to the
computer.  Bernstein, according to Frankel, feels that Dijkstra is being
sexist!  This is because, Bernstein claims, that women prefer experimentation
and teamwork to the sort of solitary abstract thinking that Dijkstra emphasizes
in all of his work.

Bernstein is echoing other feminist authors on logic and mathematics, including
Andrea Nye.  Nye's "feminist reading of the history of logic", Words and Power,
"deconstructs", if you please, the history of logic from the pre-Socratics to
Gottlob Frege (the 19th century German mathematician who attempted to found
mathematics on logic.)  Nye, and apparently Bernstein, believe that solitary
abstract thinking is a typically male activity and to force women to engage in
it is sexist.

Nye presents a rather vicious caricature of Frege as a solitary old man.  Nye
avoids any mention of Frege's intellectual honesty when the young Bertrand
Russell presented him with evidence that his theory was so flawed (by the
paradoxes of set theory) as to be unusable.

Unfortunately, if comp.risks is any guide, Dijkstra is right and Nye and
Bernstein are wrong.  Given the scale and potential for disaster in errors in
software, programmers need to do MORE solitary and abstract thinking...not
less.

I teach the C programming language as a consultant at a major midwest financial
firm from time to time.  In my classes, I have two distinct groups of students:
Americans and Russian emigres.  The Russian students are significantly more
adept, although they are programmers originally educated in Soviet technical
institutes and universities that lag far behind American schools in computer
technology.  When I talked to the Soviet students, I learned that they had
greatly benefited from a mathematical background that included calculus in
grade school.  Add to this the UNavailability of machine time in the Soviet
Union (waits of a week for time on batch systems not unheard of), and these
programmers became skilled at the solitary, highly abstract, and distinctly
non-experimental activity of writing carefully designed programs and of desk
checking code.

Meanwhile, many of my American students, educated in the regimes of
experimentation and of teamwork that Bernstein recommends, are confused and
bored by the C programming language, with its more structured syntax, its
lvalues, and its rather difficult semantics.  I admit to using a rather
formalist approach to teaching including railroad diagrams of syntax and
playing computer, but I do try to liven things up with jokes described by some
students (alas) as "corny."

I find NO sex differences.  Russian emigre women in these classes are just as
adept as their male counterparts, whereas the American women by and large had
more difficulty.  [There were American exceptions, students just as able as the
emigres, but NO outlier Russians: no Russians were confused by the course.]

It is true that teamwork can sometimes lead to better software. But Gerald
Weinberg et al. introduced the notion of "structured walkthrough" in the late
Sixties NOT as a way to design software, but as a way to review software, and
"typically male" solitary and abstract thinking a la Frege (not to mention
Frege's intellectual honesty) is an excellent preparation for the most grueling
structured walkthrough.  Also, the results of group CREATIVE effort (as opposed
to group review effort) can often resemble the famous camel: "a horse designed
by committee".  The history of software is littered with the bleached bones of
such camels, including Cobol.

It's sad that political correctness should find its way into formal computer
science where MATHEMATICAL correctness is what is needed.  Anti-racist,
anti-war, anti-sexist "political correctness" is needed nowadays, and I am
doing some work in the applicability of "critical theory" (the philosophical
background of political correctness) to software creation.  But forcing
teachers of introductory computer science to be "politically correct" and avoid
hard subjects in order not to be sexist does a disservice to the profession and
to women computer scientists.

------------------------------

Date: Sat, 8 Jun 91 8:30:26 MST
From: anasaz!qip....@asuvax.eas.asu.edu (John Moore)
Subject: There's a Ford in your future (and your past!)

CNN has been running a story about a Ford Motor Co. "customer flight recorder."
This is a device that is installed in a car when a customer has an intermittent
problem. Mechanics can later read it out and attempt to diagnose the problem.

There seems to be some risk to this. If one has an accident while this
is installed, the data in the machine might be used in a subsequent
lawsuit or prosecution. Presumably it is recording speed and other
operating parameters. 

John Moore, 7525 Clearwater Pkwy, Scottsdale, AZ 85253   (602) 951-9326
HAM:NJ7E    ...{asuvax,mcdphx}!anasaz!john or john@anasaz.UUCP

------------------------------

Date: Fri, 7 Jun 91 11:39:59 MDT
From: Philip Zimmermann <p...@sage.cgd.ucar.EDU>
Subject: Public Key Crypto Freeware Protects E-MAIL
 
At a time when the Government seems bent on keeping the public from having
access to electronic privacy technology, there is now a freeware MSDOS software
application that protects E-mail and files via public key cryptography.  Philip
Zimmermann's program, PGP (Pretty Good Privacy), provides privacy and
authentication without the hassles of managing keys associated with
conventional cryptographic software.  No secure channels are needed for users
to exchange keys.  PGP combines the convenience of RSA public key cryptography
with the speed of conventional cryptography, fast message digests for
signatures, data compression, and sophisticated key management.  And PGP
performs the RSA functions relatively fast.  PGP is RSA public key cryptography
for the masses.
 
PGP version 1.0 is now available through electronic distribution for MSDOS in
the compressed archive file PGP10.ZIP, containing the executable binary and
user documentation.  This release file can be found on BIX, Compuserve,
FidoNet, in comp.binaries.ibm.pc and alt.sources on Internet, the WELL,
PeaceNet, EcoNet, EXEC-PC, and many other BBS systems.  A separate file,
PGP10SRC.ZIP, contains all the C source code and can be found on most of these
same networks.

--Philip Zimmermann, Author of PGP (Pretty Good Privacy)

[Added postscript:] The manual directs end users to contact PKP for patent
licensing, and gives their phone number, and warns of their patent.  I also
warn of probable export restrictions.  Source code is under FSF Copyleft, which
makes it hard to make any commercial proprietary derivations from the source
code.  I'd like to make this additional statement:

PGP is an educational effort.  I want people to know how they can protect the
privacy of their personal electronic communications and confidential
information.  PGP provides an educational example; an independently-developed
working prototype that illustrates how it can be done.  I want to guarantee
that the detailed knowledge of, and access to, this technology cannot be
suppressed by Government.  Once people know that real security and privacy is
possible, I hope that they will make lawful use of it in accordance with patent
law.
 
The inventors and patent holders of the RSA cryptosystem deserve renumeration
for their brilliant contribution to cryptography.  I strongly urge end users of
PGP to obtain licensing of the RSA algorithm from Public Key Partners.  The
"PGP User's Guide" provides more detailed patent information and how to contact
PKP.
 
------------------------------

Date: Sun, 9 Jun 91 18:49:45 CDT
From: r...@cactus.org (Robert Dorsett)
Subject: Airbus offers autothrottle option, from FLIGHT INTERNATIONAL

RISKers may recall a threat by Airbus Industry (documented in "Airbus May Add
to A320 Safeguards, Act to Counter Crew 'Overconfidence'", AVIATION WEEK &
SPACE TECHNOLOGY, April 30, 1990, p. 50) to extend flight-path protections,
following the crash of an Airbus A320 in Bangalore in early 1990.  In that
crash, it was believed that the pilot had kept his energy state too low.  Thus,
even though the aircraft was said to be "protecting" the pilot from a stall, it
was still too slow to recover from the steep glide path.  The following article
by Julian Moxon appeared in the May 1, 1991 FLIGHT INTERNATIONAL.

"Airbus Industrie has decided on an optional change to the A320 autothrottle
software, which is designed to prevent pilots allowing the aircraft to crash
because it has insufficient flying energy.

"The modification, to be offered to all A320 operators, follows an earlier,
Airbus mandated, autothrottle update resulting from the 1991 crash of an Indian
Airlines A320.

"In that incident, the pilots allowed the aircraft's speed to decrease below
flying speed.  The mandatory software changes cause an automatic, small,
increase in engine thrust enabling the engines to spool up faster if the pilot
has to advance the throttle suddenly.

The software update is designed to warn pilots who are hand-flying the aircraft
that its flying energy is becoming dangerously low.  This could occur with the
autothrottle switched off and the aircraft in an excessively nose-high
attitude.

"'The A320 is stall protected,' says Airbus engineering vice-president Bernard
Ziegler, 'but not against lack of sufficient energy.  So we're introducing a
new concept: to provide the crew with a warning about the aircraft's energy
status.'

"Ziegler says the modifications are the only ones that have had to be made to
the A320 flight control software since the aircraft was introduced.  He says
there will be no change to the flight control laws of the A330/A340, '...which
proves we got it right from the beginning.'"

As a historical note, Ziegler was a point man in Airbus's scam to clean up the
controversy after the Habsheim crash.  Only pilots make mistakes, see...

Robert Dorsett    r...@cactus.org    ...cs.utexas.edu!cactus.org!rdd

------------------------------

Date: Tue, 11 Jun 1991 04:22:33 GMT
From: rtea...@polyslo.CalPoly.EDU (Falconer)
Subject: More on Thrust Reversal Accidents

	The loss of an aircraft due to an uncommanded thrust reverser
activation is not unknown. Earlier this year, a USAF C-5A transport was
destroyed on takeoff at Ramstein AFB in Germany, during a Desert Shield
deployment flight. The accident was blamed on the mechanical failure of a
thrust reverser detent, which took place during full-thrust climbout.  The C-5
became uncontrollable and crashed seconds after wheels-up, with complete loss
of life. It is quite fortunate that the big bird was not serving as a troop
carrier at the time; as it was, I believe that about twenty lives were lost,
all of them aircrew or supernumerary passengers.

Russ Teasdale -- rtea...@polyslo.CalPoly.EDU  --  (Falconer)

------------------------------

Date: Mon, 10 Jun 91 16:45:04 PDT
From: cdp!mrote...@labrea.Stanford.EDU
Subject: Computer Privacy (cont'd) -- Letter to The Economist

Ed Ravin (11.63) and Paul Johnson (11.66) noted the recent article in The
Economist on Computers and Privacy.  The article is particularly important
because the Europeans are now considering an extensive directive on data
protection in anticipation of the formalization of the European Community in
1992.

I sent the following letter to The Economist which appeared this week (June 8).
I post it here because there continues to be some confusion about the
opposition to Lotus Marketplace.

   Sir- Your raise important questions about computers and privacy
   (May 4th).  In the United States, consumers and privacy advocates
   joined forces to oppose the release of Lotus Marketplace, which 
   would have provided information about consumers' income and
   buying habits.  This was not, as you suggest, because small
   organizations might obtain information available to larger
   organizations.  We opposed Marketplace because information
   that was provided for the purpose of obtaining personal credit
   was going to be sold for direct marketing without any effective
   mechanism for consumers to opt out.  This practice may well be
   illegal under the Fair Credit Reporting Act, and was clearly
   unethical.

   It is generally true, as you say, that more information is better.
   The problem with the sale of personal information is that it 
   often occurs without the knowledge or consent of the individual
   involved.  It is a form of unjust enrichment that accrues in
   greatest measure to those organizations that are most deceptive
   in their collection of personal information.  To condone this
   practice is foolhardy.

        Marc Rotenberg, Washington DC, 
        Computer Professionals for Social Responsibility

------------------------------

Date: Tue, 11 Jun 91 8:55:37 EDT
From: hof...@eesun.gwu.edu (Lance J. Hoffman)
Subject: Freedom, Privacy & Technology SIG 

[Forwarded by Professor Lance J. Hoffman, Department of Electrical Engineering
and Computer Science, The George Washington University, Washington, D. C. 20052
(202) 994-4955 fax: (202) 994-0227]

BMUG, Inc. 	Computer Professionals for Social Responsibility
      .     .     .     .     .     .     .     Berkeley Chapter

Special Interest Group on Freedom, Privacy and Technology
Formed by BMUG and CPSR/Berkeley

The "Special Interest Group on Freedom, Privacy and Technology" has been formed
in a unique effort by the Berkeley Macintosh User Group (BMUG) and the Berkeley
chapter of Computer Professionals for Social Responsibility (CPSR/Berkeley).

Judi Clark, principal organizer of the interest group for BMUG/CPSR-B, said it
will hold free monthly meetings, open to the public, on Sunday afternoons, at
the BMUG office, 2055 Center St., Berkeley - a half block from the Berkeley
BART station.

The inaugural meeting will begin at 2 p.m. on Sunday, June 30, 1991.  It will
feature a discussion of "Current Freedom and Privacy," by Alameda County
Assistant District Attorney Don Ingraham and futures columnist and computer
entrepreneur Jim Warren. The comments will focus on protecting personal
privacy, personal property and traditional constitutional freedoms in the
"Information Age." It will include issues raised at the recent First Conference
on Computers, Freedom and Privacy, a landmark event that received extensive
national press and was described by one television reporter as the
"constitutional convention of cyberspace."  Mr. Warren chaired that Conference,
and Mr. Ingraham served on its Program Committee.

Ms. Clark said it will be the first in an ongoing series of presentations on
electronic freedom and privacy issues, cosponsored by BMUG and CPSR/Berkeley as
part of the formation of a unique "special interest group" on such issues.

"We will encourage public consideration of the current issues in our changing
technology - issues that will inevitably affect all our lives, whether or not
we personally use computers," Clark said.

The group will begin with a series of free presentations by professionals from
the fields of telecommunications, law, marketing and information management,
with plenty of time for questions and discussion, she said.

Clark said the decade of the 1990's will be pivotal in terms of laws,
regulations and policies relating to increasingly pervasive electronic media:
Individuals, organizations and governments are increasingly dependent upon
computers, databases and telephone-line networks.

"The collection of information into databases and libraries has a legitimate
and often commercial value," she said. "Most of this information needs to be
readily available to enhance sound decision-making by individuals,
organizations and governments."

"However, such unbridled public access to vast amounts of often personal
information will prompt growing concerns about privacy, and these concerns need
to be considered early in the policy making process, before they get lost,"
Clark said.

Some specific issues to be addressed in coming months include:

o   How the Constitution's Bill of Rights defines "freedom" and
    "privacy" in the First, Fifth and Sixth amendments - a
    particularly timely issue during the 200th anniversary year
    of the Bill of Rights.

o   How the legal system will deal with the new technology, such as
    the NCIC 2000, a nationally accessed database system used by
    the FBI, police departments and their patrols, and others.

o   What do the terms "secondary use" and "search and seizure" mean
    in terms of computerized data and network information?

o   What role credit companies, utilities, and medical facilities
    might play in the future.

Please feel free to post this release anywhere you wish.  Thank you for your
interest and support.

For more information, contact Judi Clark, 549-2684 (BMUG), 261-3718 (direct),
fax: 261-1869 (direct) or e-mail ju...@well.sf.ca.us June 5, 1991

------------------------------

End of RISKS-FORUM Digest 11.86
************************