RISKS-LIST: Risks-Forum Digest Monday 14 December 2009 Volume 25 : Issue 86 ACM FORUM ON RISKS TO THE PUBLIC IN COMPUTERS AND RELATED SYSTEMS (comp.risks) Peter G. Neumann, moderator, chmn ACM Committee on Computers and Public Policy ***** See last item for further information, disclaimers, caveats, etc. ***** This issue is archived at <http://www.risks.org> as <http://catless.ncl.ac.uk/Risks/25.86.html> The current issue can be found at <http://www.csl.sri.com/users/risko/risks.txt> Contents: Stryker Operating Room System II Surgical Navigation System recall (Richard Cook) Northwest Flight 188 (Curt Sampson) Chase Quicken and MS Money bill pay broken for 2 weeks, no fix ETA (John Rivard) UK Digital Economy Bill -- Blocking Illegal Downloaders (Chris D.) Massive New UK Internet Wiretapping Plan Announced (Lauren Weinstein) Public servant fired over leak of private info of 14,000 (Gene Wirchenko) Farmer claims GPS led him to breed clams in the wrong place (Rob McCool) My mother regarding LED traffic lights and Wisconsin winters (Richard Cook) Were you talkin' to me? (Jerry Leichter) All the best efforts gone to naught... (Jeremy Epstein) Various Internet Issues, Succinctly Put (Peter Ladkin) Re: The Joy of satellite navigation failures (Jerry Leichter) Abridged info on RISKS (comp.risks) ---------------------------------------------------------------------- Date: Sun, 29 Nov 2009 20:09:05 -0600 From: Richard Cook <ri-cook_at_private> Subject: Stryker Operating Room System II Surgical Navigation System recall MedWatch - Stryker Operating Room System II Surgical Navigation System: Recall due to potential for the navigation PC SPC-1 component to stop working which could result in potential harms associated with this failure href="http://service.govdelivery.com/service/w3c/p3p.xml" First known recall of a computer-based surgical positioning system. Most surgical intervention takes place under direct observation. In these "open" procedures, the surgeon sees the anatomy and moves an instrument (e.g. scissors) under direct vision. The product line involved in this recall includes a positioning product that allows procedures to be performed under indirect observation. These instruments allow the surgeon to operate on deep, hidden structures in close proximity to critical points, e.g. in the sinuses close to the thin bone that separates them from the brain. The principle of operation is straightforward. Prior to the surgical procedure, a computed scan (e.g. spiral CT) is obtained while the patient wears a locater fiduciary, typically a headpiece that incorporates several easy to identify points. The patient wears the same device during surgery. The scan is imported into an operating room system that includes an array of sensors capable of detecting and triangulating the location of the fiduciary, special instruments that register with the sensors, and a high quality display that shows patient anatomy and instrument location. Depending on the application, the representation may be multiple "flat" cross-sections or a 3D reconstruction. The system displays the patient anatomy along with the location of the instruments in realtime The display is updated frequently to track the location of the instrument as it moves through the patient. This allows the surgeon to move the tip of the instrument and accomplish the surgical intervention by watching a representation rather than under direct observation. There are a variety of such instruments available for different applications. For neurovascular procedures, the system can use a contrast enhanced computed tomogram to map the arterial vascular tree in the head and then by digital subtraction to remove the non-vascular structures to allow realtime 3D display so that aneurysms can be embolized. The advantage of such an approach is that it entirely eliminates the need for a surgical craniotomy with its attendant risks, allowing the procedure to be accomplished from "the inside". The failure of this type of instrument would certainly get attention. The "Dear Doctor" letter (http://www.stryker.com/en-us/139059) notes that the system failure could result in: ``delay in surgery, reschedule of the procedure resulting in an additional surgery, risk of infection, increased morbidity, potential neurological deficits, or injury due to the surgeon operating in an area where they did not intend to operate. Depending on the type of surgery, these failures could potentially lead to serious adverse health consequences, including death. There have been no reports of injury.'' Based on the description of the failure and the specific serial numbers of instruments included in the recall, it is possible that the sensors are not detecting reliably the fiduciary or the instruments being used. Software faults are also possible, of course; the application, while simple in theory, is complicated in implementation. The FDA recall notice: MedWatch - The FDA Safety Information and Adverse Event Reporting Program Stryker Operating Room System II Surgical Navigation System: Recall due to potential for the navigation PC SPC-1 component to stop working... *Audience:* Hospital risk managers, surgical service managers Stryker and FDA notified healthcare professionals of a recall of 23 Operating Room System II Surgical Navigation Systems because there is a potential for the navigation PC SPC-1 component to stop working which could result in the screen freezing, the system updating at a slow rate, or not responding at all. The Navigation System II is a computer aided surgery platform that surgeons can use to perform Hip, Knee, Spine, Neuro and ENT surgical procedures and contains a computer workstation with the navigation System II software and various components necessary to run the system.The potential harms associated with this failure are: delay in surgery, reschedule of the procedure resulting in an additional surgery, risk of infection, increased morbidity, potential neurological deficits, or injury due to the surgeon operating in an area where they did not intend to operate. Depending on the type of surgery, these failures could potentially lead to serious adverse health consequences, including death. Hospitals that have product that corresponds to the catalog numbers above should immediately quarantine the product, label it as a recalled product and stop using the product. Read the complete MedWatch 2009 Safety summary including a link to the firm press release, at: <a class="moz-txt-link-freetext" href="http://www.fda.gov/Safety/MedWatch/SafetyInformation/SafetyAlertsforHumanMedicalProducts/ucm192105.htm">http://www.fda.gov/Safety/MedWatch/SafetyInformation/SafetyAlertsforHumanMedicalProducts/ucm192105.htm</a> Richard I. Cook, MD, Associate Professor, Department of Anesthesia and Critical Care, University of Chicago, <href="http://www.ctlab.org"> ------------------------------ Date: Tue, 8 Dec 2009 02:24:07 +0900 From: Curt Sampson <cjs_at_private> Subject: Northwest Flight 188 A blogger has posted what he says are "excerpts of an e-mail I received from a fellow airline pilot. It is a summary of another pilot's conversation with Tim Cheney, the Captain of NW Flight 188, that overflew MSP." http://thedonovan.com/archives/2009/11/about_that_nort.html It's hard to tell the veracity of this report, given that it's a friend of a friend thing, but it sounds quite plausible. Here's a summary. The flight had a 100 knot tailwind that appears to have shortened travel time considerably. (Though they left San Diego 35 minutes late due to an ATC flow restriction, even after overflying their destination, they arrived only 15 minutes late.) After passing Denver, the captain left the cockpit to go to the toilet. While he was out, the first officer (FO) received ATC instructions to move to a new frequency. However, for whatever reason, the FO changed to Winnipeg ATC rather than the correct frequency for Denver Center. Normally this would be caught quickly, but the FO apparently did not confirm communications on the new frequency. (Had he done so, and realized that he was talking to the wrong ATC, the standard procedure would be to go back to the previous frequency and confirm the new frequency he was being directed to use.) When the captain returned, the FO neglected to inform the captain of this change. Because there was chatter on the frequency, the captain didn't realize that they were not talking to the ATC that was supposed to be controlling them. When Denver Center couldn't contact the flight, they did have the airline send an ACARS message to the flight, but on the Airbus 320 apparently there's no audible signal upon receipt of an ACARS message, just a light that turns on for thirty seconds and turns off again. During this time, the captain mentioned that he was unhappy with the scheduling software, which was new to him, being Delta's software and he being a Northwest pilot. The FO offered to help, and they spent perhaps five minutes with laptops out dealing with this. Then, The F/As called the cockpit on the interphone...and asked when they will get there. They looked at their nav screens and were directly over MSP [the Minneapolis-Saint Paul International Airport]. Because they had their screens set on the max 320 nm setting, when the F/O called on the frequency, which of course was Winnipeg Center, he saw Eau Claire and Duluth on his screen. They asked where they were and the F/O told them over Eau Claire, which was not even close, but MSP had disappeared from the screen even though they were right over the city. ... They were, as you all know, vectored all over the sky to determine if they had control of the a/c and Tim kept telling the F/O to tell them they have control, they want to land at MSP, etc. They landed with 11,000 pounds of fuel (no, they did not come in on fumes, but had 2 hours in an A320).... ------------------------------ Date: Mon, 30 Nov 2009 10:10:00 -0500 From: John Rivard <jcr_at_private> Subject: Chase Quicken and MS Money bill pay broken for 2 weeks, no fix ETA I just got off the phone with a customer service agent at Chase online support. I was attempting to discover why electronic payments sent via the Quicken desktop application are failing with an error code. The error message recommends trying again later, and contacting your financial institution if the problem does not go away. The phone agent I spoke to said that since an upgrade to their system two weeks ago, both Quicken and Microsoft Money payments have been failing. Yes, you read that correctly, Chase is aware that this problem has been occurring for two weeks, but instead of notifying users of this by phone or e-mail (or even snail mail, since it has been two weeks), they have been waiting for them to call in, navigate the phone tree, and wait on hold to talk to an agent. Perhaps they have delayed informing users directly because they have no idea how to fix the problem. The agent also stated that there was no estimate available for when this problem. I was fairly incredulous, and pressed if there was any order-of-magnitude estimate available: would it be fixed in hours, days, another two weeks? There is no estimate available at all. ------------------------------ Date: Sat, 28 Nov 2009 19:51:49 +0000 From: "Chris D." <e767pmk_at_private> Subject: UK Digital Economy Bill -- Blocking Illegal Downloaders There have been reports in the news this week (late Nov 2009) about the UK Government's Digital Economy Bill which has started its course through Parliament. The main concern for RISKS readers is most likely the requirement for ISPs to throttle or suspend broadband connections for "persistent" illegal file-sharers and pass details over to copyright holders. I haven't seen anything about how such criminals are supposed to be identified or who arbitrates in the event of a dispute, but obviously it will all have to be paid for, and news reports comment that if ISPs have to start up whole departments to monitor traffic and handle violation claims then this may well increase Internet service bills. That's apart from the more-fundamental issue of ISPs moving away from just giving access to cyberspace, of course; looks like yet another case of governments legislating for the desired results. Talking of costs, the UK Government has pledged to offer everyone in the whole country (i.e. including remote rural areas) at least 2MBit/s broadband by 2012, funded by a proposed 6 pounds ($10) a year levy on fixed-line telephone rental, so another good reason to give up the landline and just use a cellphone. Chris Drewe, Essex County, UK, still on dial-up. ------------------------------ Date: Fri, 4 Dec 2009 18:43:18 -0800 From: Lauren Weinstein <pfir_at_private> Subject: Massive New UK Internet Wiretapping Plan Announced http://lauren.vortex.com/archive/000646.html Greetings. Remember the controversy over the UK's "Phorm" - "ISPs Spy on Users" Internet ad system? (http://bit.ly/91Yvgz [Lauren Weinstein's Blog]) Phorm was eventually beaten back, but it was small potatoes compared to what the surveillance-happy folks in Jolly Old England have got up their sleeves now. Britain's Virgin Media ISP has announced a stunning plan to actually spy on the data content of Internet users -- using law enforcement grade equipment -- in search of illegal file sharing ( http://bit.ly/80maxP [ZDNet] ). The scope of the plan is breathtaking. File sharing protocol packets will be opened and the contents run through music fingerprinting systems to try determine if files are licensed or not. At this stage of the plan, any positive "hits" will be anonymous, but one can imagine how long that aspect will remain in force. And of course, if this sort of system can be justified to "protect" the music and film industries, it's a small step to arguing that all traffic should be monitored for *any* Internet content considered to be suspicious, illicit, or inappropriate by Her Majesty's government -- it's basically just a matter of how much communications and processing power you're willing to throw at the task. There is no opt-out or opt-in. All files carried by any of the three primary file-sharing protocols are subject to inspection, with initially about 40% of subscribers being included in the "lucky" test group. And remember, these are *private* user-to-user Internet connections being monitored -- not postings on public Web sites where license fingerprinting can be reasonably justified. What Virgin has announced is essentially the same concept as monitoring telephone calls in hopes of overhearing something illegal being discussed. The question here isn't whether or not people should inappropriately trade licensed materials -- they shouldn't. The issue is Internet users -- including innocent, law-abiding subscribers -- being subjected to having their data content searched by whim of their ISPs, when such behavior would not (we assume!) be tolerated on conventional telephone calls (but what of VoIP phone calls traversing the Internet? A fascinating question of ever increasing importance ...) Notably, the answer to these dilemmas is contained in a single word, which you've seen me use many times before: *encrypt*! As far as I'm concerned, all Internet traffic should be routinely and pervasively encrypted, not just to protect civil rights, but to protect economic and business security as well. In fact, a spokesman related to the new Virgin ISP spying project notes that, "encryption of the data packet would defeat us." Sounds like good advice to me. Lauren Weinstein +1 (818) 225-2800 http://www.pfir.org/lauren People For Internet Responsibility - http://www.pfir.org Network Neutrality Squad - http://www.nnsquad.org PRIVACY Forum - http://www.vortex.com ------------------------------ Date: Sun, 29 Nov 2009 11:52:12 -0800 From: Gene Wirchenko <genew_at_private> Subject: Public servant fired over leak of private info of 14,000 This appeared in the 2009-11-27 issue of "The Daily News" of Kamloops, British Columbia, Canada on page A7: Second B.C. public servant fired over leak of private info on 14,000[1] people The B.C. government says two public servants have now been fired following a leak of the private information of 1,400 [1] welfare recipients. The NDP [2] claims the first person sacked was a man and the second was his wife, but Citizen Services Minister Ben Stewart would not confirm that, saying it was a personnel issue. The leak came to light after the personal information was found in the hands of a public servant under investigation by the RCMP's [3] commercial crime unit and the Insurance Corporation of B.C. on an unrelated matter. The NDP says that information included birth dates, social insurance numbers and other data. The controversy came up for the second day in question period in the legislature on Thursday, where the NDP once again demanded to know why it took seven months to warn the people affected and why Stewart wasn't told earlier about the breach. Stewart promised a full investigation into the issue, adding that the RCMP doesn't believe people's information was compromised. 1. The headline is apparently the error. All other coverage that I have seen has the number as being 1,400. 2. New Democratic Party. In B.C., they are currently the official opposition party. 3. Royal Canadian Mounted Police: Canada's national police force ------------------------------ Date: Thu, 10 Dec 2009 19:10:42 -0800 (PST) From: Rob McCool <robm_at_private> Subject: Farmer claims GPS led him to breed clams in the wrong place http://www.sfgate.com/cgi-bin/article.cgi?f=/n/a/2009/12/10/financial/f162026S49.DTL&tsp=1 An oyster farm in Marin County, California was fined recently for farming clams in an area designated as protected for the harbor seal. The owner of the operation claimed that a faulty GPS device led his employees to place the clam farm in the wrong place. ------------------------------ Date: Fri, 11 Dec 2009 11:20:07 -0600 From: Richard Cook <ri-cook_at_private> Subject: My mother regarding LED traffic lights and Wisconsin winters Mom wrote: "Interesting, some of the new traffic lights are LEDs and since they don't give off much heat, the snow sticks to the lights and drivers can't see the light. I was yelling at someone who drove through a red and scared me but when I came home, realized that I couldn't see the light. Now what? Richard I. Cook, MD, Assoc.Prof., Department of Anesthesia and Critical Care, U. Chicago, 5841 S. Maryland Ave MC4028, Chicago, IL 60637 773-702-4890 ------------------------------ Date: Sun, 29 Nov 2009 12:29:14 -0500 From: Jerry Leichter <leichter_at_private> Subject: Were you talkin' to me? Early last spring I received mail containing a textual date and time for an appointment. Apple's mail client implements "data detectors," which spot certain patterns in the text of messages and provide you with a pull-down to implement various natural operations. For example, the date and time in this message gave me the opportunity to either go to that date and time in iCal, the Mac calendar; or directly create a new event at that date and time. I chose the latter, and it worked as desired - even naming the appointment from the subject of the mail message. Except that ... the sender had specified the time zone with the date and time. And he specified it as EST. But this was on a date shortly after we switched over to EDT. iCal faithfully converted the time to EDT, and made the appointment an hour too late! (There is a setting in iCal - which I don't have enabled right now - in which the originating time zone is preserved. That might well have been even *more* confusing, as I suspect the numeric time in the calendar would have agreed with the numeric time I remembered from the mail message, keeping me from spotting the problem quickly - but the alarm would still have gone off an hour too late!) The risk: Increasingly, you really can't be sure when what you type (and, soon, say) will be interpreted by a human being or by a machine. Machines are getting better, but they remain much more literal in their interpretations than we expect humans to be. We'll need to be very careful in our use of language - as when we speak to someone from another culture - or misunderstandings will multiply. ------------------------------ Date: Mon, 30 Nov 2009 21:54:39 -0500 From: Jeremy Epstein <jeremy.j.epstein_at_private> Subject: All the best efforts gone to naught... For one of my volunteer activities (anyone wanna buy Girl Scout cookies?), I have a logon to a web site. Every year we have to get renewed, which is reasonable considering that the assignment changes annually. There's always gripes about setting a password for your account. Here's an excerpt from an e-mail I received today on using the site: "They will also have to change their password. If they want to go back to their original password, the next time they sign in they should complete the login and password but click the 3rd green bullet below the login and go back to that contact page for another password edit. This a little tricky - most people would like to keep their old password so here is what they can do - when they go to the 3rd bullet it will ask for a new password - just put in any kind of word - get out of that and go back to the login to the 3rd bullet and go through that procedure for the new password , put old password in and that way you will have your same password." In summary, people will go to far more effort to keep the old password than to set a new one.... But I guess it beats the message we got from my daughter's school telling us that all the kids were instructed to change their password from the default of "dragon" to the new password "dragons" - kids aren't allowed to pick their own passwords, because then the teachers can't give them access, I guess. Sounds like a system that's poorly designed if the teacher can't reset the students' passwords, so they ensure that all students have the same password... And we wonder why there are so many web account compromises?!?!?! ------------------------------ Date: Sun, 29 Nov 2009 08:20:24 +0100 From: "Prof. Dr. Peter Bernard Ladkin" <ladkin_at_private-bielefeld.de> Subject: Various Internet Issues, Succinctly Put Jeremy Clarkson is long-time host of the BBC's car-review program Top Gear, which (I find out from the link below) is the most illegally- downloaded television program from some unspecified sample. Clarkson is known for his biting wit, the Oscar Wilde of the Morris Mini. Like Garrison Keillor, he has crossed over from broadcast to print journalism and writes entertaining pieces for The Times/Sunday Times (Murdoch's News International), amongst others. Here is his take on a number of Internet problems. I only wish I could write so well: http://www.timesonline.co.uk/tol/comment/columnists/jeremy_clarkson/article6936087.ece Peter Bernard Ladkin, University of Bielefeld, 33594 Bielefeld, Germany www.rvs.uni-bielefeld.de +49 521 880 73 19 ------------------------------ Date: Sun, 29 Nov 2009 13:14:06 -0500 From: Jerry Leichter <leichter_at_private> Subject: Re: The Joy of satellite navigation failures In RISKS-25.85, Steve Loughran complains specifically about an ad in which a car will use GPS "to get you home" - and more generally about over-reliance on GPS. I find myself increasingly an old curmudgeon myself, and I'm bothered by the young whippersnappers who couldn't read a map to find their way down a midwestern plains highway - dead straight and level as far as the eye can see in both directions. But ... let's be a bit objective here. How accurate were paper maps? The period in which, even in the US and Western Europe, you could rely on maps to be more than approximations doesn't date back much more then 50 years or so. In most of the world, there have never been accurate road maps. I drove around Puerto Rico in the late 1970's. Hardly an undeveloped part of the world. And yet the maps were ... fanciful in places. Roads shown that were planned but not yet built. Roads that existed on the ground but somehow didn't make it onto the maps. Drive based just on the map - which in one spot showed a 4-lane highway - and find yourself in the middle of a sugar cane field. Are GPS maps up to date? How about the paper maps that used to fill glove boxes? Accurate road markers are of roughly the same vintage - and for historical reasons are often difficult to use for navigation. When I drove in England about 20 years ago, most road signs except on the largest roads (a) did *not* show you the compass direction; (b) named the next town down the road, not some larger city you might have heard of beyond that. One wrong turn and you could go many miles the wrong way without knowing it. (I did!) Were there complaints from experienced users of compasses and rough maps showing topographical features when people stopped learning how to use them and relied on street signs? When maps were introduced and people stopped observing what was around them? When compasses disconnected people from navigation by the sun and stars? Of course. And did this lead to some people getting lost because they had an old map, when someone of a previous era would have had no problem noticing that we couldn't possibly turn *there*, the topo maps shows that we should be going uphill? Sure. The fact is, GPS's get it right most of the time. They are much easier to use, much more reliable (when you consider the entire system, including the inexperienced map reader), much more accurate than any system we had before. People aren't going back, short of some kind of collapse that renders the systems inoperable. There's not much point in complaining. Do *inappropriately used* or *badly designed* GPS's cause problems? Sure, but just how new are those? People blindly followed maps, too - sometimes because the maps were wrong or simply omitted some information like "low bridge" (frankly, I've never seen a *consumer* road map with that piece of information on it, any more than consumer GPS's inappropriately used by truckers show this information), sometimes because most people never learned how to read more than the basic information from a map. We can certainly make the current systems better - and we are. But consider: Suppose you were driving somewhere unfamiliar, in a heavy thunderstorm, using your GPS - and I suddenly took it away from you and handed you some 4-year-old ratty, disintegrating map out of the glove box. Would you think I'd improved things for you? ------------------------------ Date: Thu, 29 May 2008 07:53:46 -0900 From: RISKS-request_at_private Subject: Abridged info on RISKS (comp.risks) The ACM RISKS Forum is a MODERATED digest, with Usenet equivalent comp.risks. => SUBSCRIPTIONS: PLEASE read RISKS as a newsgroup (comp.risks or equivalent) if possible and convenient for you. The mailman Web interface can be used directly to subscribe and unsubscribe: http://lists.csl.sri.com/mailman/listinfo/risks Alternatively, to subscribe or unsubscribe via e-mail to mailman your FROM: address, send a message to risks-request_at_private containing only the one-word text subscribe or unsubscribe. You may also specify a different receiving address: subscribe address= ... . You may short-circuit that process by sending directly to either risks-subscribe_at_private or risks-unsubscribe_at_private depending on which action is to be taken. Subscription and unsubscription requests require that you reply to a confirmation message sent to the subscribing mail address. Instructions are included in the confirmation message. Each issue of RISKS that you receive contains information on how to post, unsubscribe, etc. => The complete INFO file (submissions, default disclaimers, archive sites, copyright policy, etc.) is online. <http://www.CSL.sri.com/risksinfo.html> The full info file may appear now and then in RISKS issues. *** Contributors are assumed to have read the full info file for guidelines. => .UK users should contact <Lindsay.Marshall_at_private>. => SPAM challenge-responses will not be honored. Instead, use an alternative address from which you NEVER send mail! => SUBMISSIONS: to risks_at_private with meaningful SUBJECT: line. *** NOTE: Including the string "notsp" at the beginning or end of the subject *** line will be very helpful in separating real contributions from spam. *** This attention-string may change, so watch this space now and then. => ARCHIVES: ftp://ftp.sri.com/risks for current volume or ftp://ftp.sri.com/VL/risks for previous VoLume <http://www.risks.org> redirects you to Lindsay Marshall's Newcastle archive http://catless.ncl.ac.uk/Risks/VL.IS.html gets you VoLume, ISsue. Lindsay has also added to the Newcastle catless site a palmtop version of the most recent RISKS issue and a WAP version that works for many but not all telephones: http://catless.ncl.ac.uk/w/r <http://the.wiretapped.net/security/info/textfiles/risks-digest/> . ==> PGN's comprehensive historical Illustrative Risks summary of one liners: <http://www.csl.sri.com/illustrative.html> for browsing, <http://www.csl.sri.com/illustrative.pdf> or .ps for printing ==> Special Offer to Join ACM for readers of the ACM RISKS Forum: <http://www.acm.org/joinacm1> ------------------------------ End of RISKS-FORUM Digest 25.86 ************************Received on Mon Dec 14 2009 - 16:43:00 PST
This archive was generated by hypermail 2.2.0 : Mon Dec 14 2009 - 17:37:22 PST