|
Risks Digest 10.26
NOTICE: TO ALL CONCERNED Certain text files and messages contained on this site deal with activities and devices which would be in violation of various Federal, State, and local laws if actually carried out or constructed. The webmasters of this site do not advocate the breaking of any law. Our text files and message bases are for informational purposes only. We recommend that you contact your local law enforcement officials before undertaking any project based upon any information obtained from this or any other web site. We do not guarantee that any of the information contained on this system is correct, workable, or factual. We are not responsible for, nor do we assume any liability for, damages resulting from the use of any information on this site.
/** comp.risks: 16.0 **/
** Topic: RISKS DIGEST 10.26 **
** Written 4:01 pm Aug 29, 1990 by risks in cdp:comp.risks **
RISKS-LIST: RISKS-FORUM Digest Wednesday 29 August 1990 Volume
10 : Issue 26
FORUM ON RISKS TO THE PUBLIC IN COMPUTERS AND RELATED
SYSTEMS
ACM Committee on Computers and Public Policy, Peter G. Neumann,
moderator
Contents:
Stonefish - the software strikes back? (Pete Mellor)
Computers at the Campus Bookstore (Gary McClelland)
Reverse Engineering - not always a copyright issue (Joe Morris)
Re: Electronic house arrest units (Martin Minow)
Re: Proposed ban on critical computerized systems (Perry Morrison
MATH)
Caller ID Discussion List Started (Bruce Klopfenstein)
The RISKS Forum is moderated. Contributions should be relevant,
sound, in good
taste, objective, coherent, concise, and nonrepetitious. Diversity
is welcome.
CONTRIBUTIONS to [email protected], with relevant, substantive "Subject:" line
(otherwise they may be ignored). REQUESTS to [email protected].
TO FTP VOL i ISSUE j: ftp CRVAX.sri.com<CR>login anonymous<CR>AnyNonNullPW<CR>
cd sys$user2:[risks]<CR>GET RISKS-i.j <CR>; j is TWO digits. Vol summaries in
risks-i.00 (j=0); "dir risks-*.*<CR>" gives directory listing of back issues.
ALL CONTRIBUTIONS ARE CONSIDERED AS PERSONAL COMMENTS; USUAL DISCLAIMERS APPLY.
THE MOST RELEVANT CONTRIBUTIONS MAY APPEAR IN THE RISKS SECTION OF REGULAR
ISSUES OF ACM SIGSOFT's SOFTWARE ENGINEERING NOTES, UNLESS YOU STATE OTHERWISE.
----------------------------------------------------------------------
Date: Wed, 29 Aug 90 22:40:52 PDT
From: Pete Mellor <[email protected]>
Subject: Stonefish - the software strikes back?
>From Channel 4 news last night (Tue. 28th Aug.):
It is reported that Iraq may be deploying some of the Royal Navy's latest
high-tech weaponry. Apparently this is causing US commanders to be reluctant
to send aircraft carriers into the northern area of the Gulf.
The villain of the piece is the smart mine 'Stonefish', developed by Marconi
Underwater Systems under contract to the Royal Navy. This little charmer is
so cute it listens to the engine noise of ships passing overhead, and can tell
what type of vessel is within range. It 'hides' from minesweepers, and
blows the backside off anything else.
At the heart of the system is (you've guessed it!) 'highly sophisticated and
classified' *software*.
The Channel 4 investigators have in their possession the 'Technical Description
and Specification' of Stonefish. The cover sheet and first few pages of this
document were actually shown on screen, and looked pretty authentic, with the
Marconi logo and classification 'UK restricted: commercial in confidence'
clearly visible.
C4's copy, however, comes not from Marconi's Watford HQ, but from a source not
a million miles removed from Cardoen International, a Chilean firm (no boring
restrictions on arms sales there!) described by an expert from Jane's as being
specialists in the 'laundering' of military technology for the benefit of third
world countries (at least, those with adequate oil revenues to pay for it).
Cardoen has well-established links with Iraq.
The implication is not that Stonefish has been sold bundled to Iraq, but enough
technical information is in dubious hands for the Iraqis to have a good go at
building a look-alike.
Carlos Cardoen, filmed at a news conference, said that he had a very close
relationship with Marconi, and some of their guys had visited him.
Marconi said 'We have no relationship with Cardoen.' and refused to be
interviewed.
An expert from an outfit called something like 'Naval Weapons Review' gave it
as his opinion that Iraq probably has 'a limited number of quite sophisticated
mines', but implied that we shouldn't worry too much, since 'the Navy would
not let a UK contractor simply hand over the software for a weapons system'.
So there you have it. Saddam Hussein is in the Stonefish plug-compatible
market, but our Navies are safe provided he can't get his hands on the
operating system.
All of which prompts me to wonder:-
1. If the Iraqis have the software for a 'limited number' of mines, why
haven't they got enough for an unlimited number?
(Perhaps the blockade is working, and they haven't got enough floppy disks
to make the copies. :-)
2. How does Stonefish 'hide' from a minesweeper? The cylindrical object shown
in the newsreel shots doesn't look as though it is capable of crawling
under a rock. Perhaps it just switches off its disk drive to stop the noise
and pretends to be an oil-drum. :-)
3. How reliably can Stonefish identify ships by their engine noise signature?
What happens if your cruiser's big ends are rattling?
4. Does Stonefish rely on some sort of sonar transponder
to distinguish friend from foe? (Remember the Falklands helicopter!)
5. What are the chances that Iraq already has the software? (After all, we all
know Arabs can't write programs, and software is rather difficult to
smuggle through customs. :-)
6. The sophistication of Stonefish's recognition system argues for some kind
of artificial intelligence. If it's that smart, would it know who was
winning and change sides accordingly? :-)
7. Isn't it time that Jane's produced 'All the World's Software'?
Peter Mellor, Centre for Software Reliability, City University, Northampton Sq.
London EC1V 0HB +44(0)71-253-4399 Ext. 4162/3/1 [email protected] (JANET)
------------------------------
Date: 28 Aug 90 22:49:00 MDT
From: "Gary McClelland" <[email protected]>
Subject: Computers at the Campus Bookstore
RISKS readers will recognize this as an old risk but it made this
academic chuckle as we begin another semester. The computer at the
campus bookstore prints out a tag for each required textbook
indicating the course number, instructor, number of copies ordered,
etc. Given that textbooks are often used by more than one course, the
computer kindly prints out a cross-list of other courses using the
same text. One card caught my eye with its unusually long list of
cross-listings. Curious as to what textbook was so popular this term,
I looked closer to see the title. Being an author I had hopes that
maybe it was mine :-) Alas, the title of this very popular text was
NO TEXT REQUIRED. I wonder who gets the royalties on that textbook? :-)
--Gary McClelland, U. of Colorado
------------------------------
Date: Mon, 27 Aug 90 15:43:04 EDT
From: Joe Morris <[email protected].org>
Subject: Reverse Engineering - not always a copyright issue
There have been several RISKS submissions recently discussing the legal
status of reverse-engineering of copyrighted material. Reading them, however,
one could easily conclude that copyright law is the only governing issue
involved. It isn't: in fact, most of the products I've seen (both mainframe
and personal computer) assert not only copyright but also contract rights.
For example, IBM's FY90 GSA schedule in Special Item 132-30, section 4(a)6
(page 44) includes the item:
(6) The Government shall not reverse assemble or reverse compile the
licensed programs in whole or in part.
Almost all vendors have a corresponding clause in their software license
agreements, so the question of copyright law permitting reverse engineering
is usually moot. Of course, we now have the issue of deciding which
parts of the contract are legally enforcable. (Cf. Vault v. Quaid, in
which my memory says the court held that the shrink-wrap "license contract"
in PC software was unenforcable.)
Shakespeare was right: shoot all the lawyers.
------------------------------
Date: Mon, 27 Aug 90 13:02:55 PDT
From: "Martin Minow, ML3-5/U26 27-Aug-1990 1421" <[email protected]>
Subject: re: Electronic house arrest units
It was somewhat disturbing to discover that all of the people who took time
to comment on the "electronic house arrest" units focussed on the technology,
and none apparently noticed that this is a safety-critical application.
I.e., failure of the system may lead to the re-incarcenation of a parolee.
I would feel more comfortable if our court/prison/parole system were funded in
such a way as to permit personal contact between the parolee and parole
officer.
Martin Minow
------------------------------
Date: 28 Aug 90 04:33:45 GMT
From: [email protected].oz.au (Perry Morrison MATH)
Subject: Proposed ban on critical computerized systems (Cameron, RISKS-10.24)
Organization: Uni. of New England, Armidale, NSW.
#On page 63 of the August 1990 _World_Press_Review_:
#"Unreliable Computers", by Nick Nuttall, "The Times," London
#Two Australian scientists are calling for a world-wide ban on the use of
#computers in sensitive areas, such as hospital intensive-care wards, the
#nuclear-power industry, air-traffic control stations, and early-warning defense
#systems.
The reference is- Forester, T., & Morrison, P. Computer Unreliability and
Social Vulnerability, Futures, June 1990, pages 462-474.
# 22 fatal crashes of the Black Hawk helicopter --
#which flies by computer -- used by the U. S. Air Force
We refer to the death of 22 *servicemen* in *5* blackhawk crashes since 1982.
Our reference is B. Cooper and D. Newkirk, Risks, November 1987. We didn't
have a vol or issue no.
If this is incorrect, please let us know.
Perry Morrison
[The item was from RISKS-5.58 (15 November 1987). It reappeared in
in Software Engineering Notes, vol 13, no 1 (January 1988), page 7.
The original source was a wire service report from 12 November 1987.
The RISKS issues on the Black Hawk also included RISKS-5.56 (9 Nov 87),
5.59 (16 Nov 87), and 5.60 (18 Nov 87). I hope that helps. PGN]
------------------------------
Date: 23 Aug 90 00:55:15 GMT
From: [email protected] (Bruce Klopfenstein)
Subject: Caller ID Discussion List Started
Newsgroups: comp.risks,comp.society.futures,misc.legal
Date: Tue, 21 Aug 90 9:31:25 EDT
From: Telecom Privacy List Moderator <[email protected]>
To: [email protected]
Subject: Telecom Privacy List
Hello, Everyone. The caller id list is now up and running. I have
anout 35 names on it currently. The address is
[email protected] Currently, the list will not be moderated or
digestified. This might change due to volume.
On Caller-Id ....
I believe it should be available, however the following should apply:
1) It should be blockable at no charge for any number.
2) Name or address (or the fact it is a pay phone) should be made available.
3) Actual calling number should be used not billing number.
4) Under no circumstances should a third number be used shown as the
actual calling number (i.e. Law Enforcement Officer dailing from one
number having the id number showing up as a different number).
Optional - Show if number is listed as residental or business.
Dennis
--
Bruce C. Klopfenstein | [email protected]
Radio-TV-Film Department | klopfenstein@bgsuopie.bitnet
318 West Hall | [email protected]
Bowling Green State University | (419) 372-2138; 372-8690
Bowling Green, OH 43403 | fax (419) 372-2300
[We've probably had enough on this issue in RISKS, so here is a new
outlet. I've also been rejecting ATM and Electronic house arrest items
unless they are particularly cogent. PGN]
------------------------------
End of RISKS-FORUM Digest 10.26
************************
** End of text from cdp:comp.risks **
|
|
