Risk Factor iconRisk Factor

Software Unhorses Derby Bettors


There is an investigation by racing authorities in California over a "mysterious" software problem that affected some 7,000 BetJet horse wagering machines around the US. The problem surfaced, according to news reports, when an unidentified bettor at Bay Meadows Race Track put down 1,300 one-dollar quick pick superfecta bets (in which the first four finishers must be selected in the exact order of finish) on the Kentucky Derby on May 3rd. Not one of the computer-generated tickets included the eventual winner, Big Brown.

One story says that, "It was initially believed that the problem was limited to wagers such as the superfecta and multi-race bets like the Pick 4 or Pick 6, but it actually extended to all transactions involving the quick-pick key on both self-help and teller computer boards."

Scientific Games, the betting machine vendor, said that it couldn't say how long the problem had been going on or how many bettors had been affected, as it had no way of tracking quick pick tickets independently of the other tickets it sold.

When informed of this, California authorities indefinitely suspended quick pick betting at all racetracks in California.

Other news reports are saying that a top California horse racing official has suggested in a leaked e-mail that Scientific Games may have kept quiet about the malfunction for months. If so, the company can expect big trouble.

State politicians have already joined the fray, and are calling for an investigation by the California state auditor's office: "Certainly hundreds and potentially thousands of California consumers may have been defrauded," says one.

Now we'll get to see how good Scientific Games's software configuration management system is: the company should be able to easily see when the offending software was developed, tested, installed and if and when it was changed. If they can't do this, expect the company to get hammered, and rightly so, by racing authorities across the US.

Users Put Headlock on LifeLock

The company LifeLock, whose founder Todd Davis, dares criminals to try stealing his identity using his social security number (457-55-5462) in ads, is being sued by customers in Maryland, New Jersey and West Virginia who claim that his service is ineffective and doesn't work, according to an AP story.

Adding salt to the wound, they also claim that Davis himself has been scammed.

According to the story, "Davis acknowledged in an interview that his stunt has led to at least 87 instances in which people have tried to steal his identity, and one succeeded: a guy in Texas who duped an online payday loan operation last year into giving him $500, using Davis's Social Security number."

LifeLock charges customers $10 per month to set fraud alerts with credit bureaus. However, anyone can do it themselves for free.

Furthermore, the story notes that, "LifeLock is also being sued in Arizona over its $1 million service guarantee, which the plaintiffs claim is misleading because it only covers a defect in LifeLock's service, and in California by the Experian credit bureau. Experian accuses LifeLock of deceiving consumers about the breadth of its protection and abusing the system for attaching fraud alerts to credit reports."

This just reinforces the old adage about reading the fine print.

Moody's Software Rating Bug Gives Credit Where Credit Isn't Due


This morning's Financial Times of London (subscription may be required) has two interesting stories (here and here) about a software coding error that is causing some turmoil both within the rating company Moody's and the financial markets. Look for this story to have some long legs.

According to an investigation conducted by the FT:

"Moodyâ''s awarded incorrect triple-A ratings to billions of dollars worth of a type of complex debt product due to a bug in its computer models... "

The debt product goes by the name Constant Proportion Debt Obligations or more commonly CPDOs.

The FT goes on: "Internal Moodyâ''s documents seen by the FT show that some senior staff within the credit agency knew early in 2007 that products rated the previous year had received top-notch triple A ratings and that, after a computer coding error was corrected, their ratings should have been up to four notches lower."

"... While coding errors do occur there is no record of one being so significant."

When Moody's gave their AAA rating on CPDOs last year, many analysts thought the rating was too good to be true. Seems it was.

What makes this story even more interesting is the implication that Moody's wasn't exactly forthcoming in acknowledging its software error after it was found and may have even tried to hide it. The FT article states that:

"On discovering the error early in 2007, Moodyâ''s corrected the coding glitch and instituted methodology changes. One document seen by the FT says 'the impact of our code issue after those improvements in the model is then reduced'. The products remained triple A until January this year when, amid general market declines, they were downgraded several notches."

Moody's responded to the FT article this way: "Moodyâ''s regularly changes its analytical models and enhances its methodologies for a variety of reasons, including to reflect changing credit conditions and outlooks. In addition, Moodyâ''s has adjusted its analytical models on the infrequent occasions that errors have been detected."

â''However, it would be inconsistent with Moodyâ''s analytical standards and company policies to change methodologies in an effort to mask errors. The integrity of our ratings and rating methodologies is extremely important to us, and we take seriously the questions raised about European CPDOs. We are therefore conducting a thorough review of this matter.â''

In other words, Moody's really, really, really hopes that the decisions to change the rating methodology and the fixes to the coding problem were taken independently, but if they weren't, its reputation is likely going to take a very, very big hit, on top of its rather undistinguished showing in the sub-prime and credit debacle. Earlier this month, Moody's President and COO "decided" to retire, which was seen by financial observers as an admission that the company performed poorly last year in assessing risk.

This fall-out from this small coding error should be be entertaining to watch. Reminds me a little in terms of both cause and impact of the AT&T switch software problem of 1990.

CCTV Doesn't Reduce Crime in UK


I wrote awhile back about the seeming rush the UK government is in to create a Big Brother surveillance society. One aspect of this is the extensive use of CCTV cameras, with an estimated 4.2 million now in operation in the UK.

As noted in a story by the London Guardian, a presentation from Detective Chief Inspector Mick Neville, head of the Visual Images, Identifications and Detections Office (Viido) at New Scotland Yard indicates that, "Massive investment in CCTV cameras to prevent crime in the UK has failed to have a significant impact, despite billions of pounds spent on the new technology, a senior police officer piloting a new database has warned. Only 3% of street robberies in London were solved using CCTV images, despite the fact that Britain has more security cameras than any other country in Europe."

This does not mean, however, that CCTV cameras will be reduced in numbers. More likely, even more will be put up as a means to increase their effectiveness.

Supporters of additional CCTV cameras can just point as justification the aftermath of the Uefa Cup final held in Manchester last week and the CCTV images produced.

Google Gagga Over Personal Health Records


After a year and a half of development, Google announced yesterday that it was now offering personal health records on-line.

According to Google's Health website, "Google Health allows you to store and manage all of your health information in one central place. And it's completely free. All you need to get started is a Google username and password.

"Google believes that you own your medical records and should have easy access to them. The way we see it, it's your information; why shouldn't you control it?"

"With Google Health, you manage your health information â'' not your health insurance plan or your employer. You can access your information anywhere, at any time."

So, why is Google doing this?

â''Itâ''s what we do. Our corporate mission is to organize the worldâ''s information and make it universally accessible and useful. Health information is very fragmented today, and we think we can help.â''

Google has partnered with over two dozen organizations, including hospitals (Beth Israel Deaconess Medical Center, The Cleveland Clinic), pharmacies ( Longs Drugs, Medco Health Solutions, RxAmerica, Walgreens), diagnostic laboratories (Quest Diagnostics) and medical information providers (SafeMed, Heathgrades) which have agreed to provide electronic copies of medical information (or help interpret the information) to add to your Google personal medical record. You can go here to get profiles of Google's partners.

Google also promises to keep your medical information private:

"You should know two main things up front:"

"1. We will never sell your personal health information or data"

"2. We will not share your health data with individuals or third parties unless you explicitly tell us to do so or except in certain limited circumstances described in our privacy policy."

"We make it a point to let you know what information we collect when you use Google Health, how we use it, and how we keep it safe."

I personally would take this assurance with a grain of salt. A person's Google health record is not covered by HIPAA (Health Insurance Portability and Accountability Act of 1996).

So how is Google going to make money on the effort if it is free? It says:

â''Much like other Google products we offer, Google Health is free to anyone who uses it. There are no ads in Google Health. Our primary focus is providing a good user experience and meeting our users' needs.â''

That is a good, very coy, non-answer if I ever saw one. I will remain skeptical, if you don't mind, about Google not deciding in the future to change its, â''We will never sell your personal health information or dataâ'' tune to one more like â''We will never sell your personally-identifiable health information or data.â'' Aggregated health data is seen as a gold mine by medical researchers, pharmaceutical companies, and the government alike.

Of course, the value of the data depends on how accurate it is. Google makes a big deal that the individual is in charge of their medical record; that the individual decides how much is actually going to be disclosed to whom, and; that the individual can edit their medical information as well.

This is where it gets interesting to me. How much will doctors trust Google (or Microsoftâ''s or anyone else's) personal health records if they start encountering a number of patients who are wholesale editing their personal medical information? Or do doctors just assume that the information provided is incomplete or biased?

It occurs now with paper-records, but I wonder if the perception of selective editing of medical records will change with an electronic health record.

Also, will insurance companies start demanding that patients disclose to them all their Google-stored information if the patient wants to get a doctorâ''s visit paid for? And what happens when an insurance company finds a record that is edited?

Lawsuit Comet Hits Project Jupiter


The London Times reports that British Gas is suing Accenture for £182 million ($365 million) over an IT system project called Project Jupiter "it claims reduced British Gasâ''s customer-billing process to a shambles."

British Gas, according to the story, says the billing project "was the cause of the appalling customer service that lost British Gas hundreds of thousands of customers, a High Court writ from Centrica [the parent company of British Gas] says."

British Gas claims that it had to employ 2,500 extra staff to help resolve the billing problems created.

The story goes on, "The writ says the problems could be traced back to 2002, when Centrica engaged Accenture to provide a new IT system. Project Jupiter was to bring together British Gasâ''s electricity and gas-billing schemes into one system capable of handling 250,000 meter readings and 200,000 bills a day. The price was £317m, with Accenture being paid from the £397m in savings that British Gas expected from the new system over a decade."

"Various glitches arose, but the two sides agreed a revised contract in March 2006 under which Accenture provided guarantees that a software upgrade would work. According to Centrica, it did not," the story says.

An older article on the issues involved as reported in Computing can be found here.

The Times story also includes Accenture's response:

"An Accenture spokesman said that Centrica 'conducted extensive testing' on the system before it was handed over. He added: 'We are confident, based on the facts of the situation, that this claim is baseless and without merit. Accenture will vigorously defend the High Court proceedings.' "

â''Accenture delivered the system at the end of 2005. The system we delivered met all of our commitments and the specifications that Centrica set; it was delivered on the agreed timeline and budget.â''

I doubt this will ever make it to court. More likely is an out of court settlement with no fault being assigned to either party.

Spam's 30th Anniversary


I don't know how I missed it, but the 30th anniversary of the first recorded instance of spam happened on the 3rd of May.

According to a story in the Wall Street Journal, Gary Thuerk, who at the time worked for Digital Equipment Corp., sent what is believed to be the first spam message, an invitation to an open house for a new DEC computer (a VAX 11/780?) that he sent to 400 of the 2,600 or so people who had email accounts on the ARPANET at the time.

Thuerk claims that his email generated about $12 million in new sales. However, many people who received his email also got highly irritated, complained to US Defense Department ( which operated the net) which in turn told him never to do it again. Thuerk says he never did, either.

Thuerk also said in the story that "people have one of three reactions when they meet him: Some are excited to meet someone with an unusual claim to fame; some want to beat him up on the spot; and others just avoid him like the plague."

Unfortunately, if it hadn't been Thuerk, it would have just been someone else. I am surprised, to be honest, that it is only the 30th anniversary of spam. I would have guessed someone would have tried doing it before 1978.

Robotic Suit for the Army Being Tested


There was an AP story last week on the Army's "exoskeleton" robotic suit being developed by Sarcos Inc (now owned by Raytheon) that potentially will "multiply a person's strength and endurance as many as 20 times."

"Jack Obusek, a former colonel now with the Armyâ''s Soldier Research Development and Engineering Center in the Boston suburb of Natick, foresees robot-suited soldiers unloading heavy ammunition boxes from helicopters, lugging hundreds of pounds of gear over rough terrain or even relying on the suit to make repairs to tanks that break down in inconvenient locations," according to the story.

The suit is still not practical: it is very expensive, and the suitâ''s battery life currently lasts only 30 minutes.

I got a little more insight into some of the military mission drivers behind this suit last week when I was at the third annual iRobot payload conference. Ellen Purdy, Director - Joint Ground Robotics Enterprise, US Department of Defense, gave the keynote address describing some of the robotic efforts the DoD is supporting.

In one example, Mrs. Purdy spoke about the problems involved in developing "robotic convoy" capabilities. It's one thing to say I want an autonomous convoy capability, it is quite another to implement it, she said. On top of the detailed technical issues of actually developing an autonomous vehicle, there are a number of mission issues that immediately arise as well.

For instance, how many vehicles does one designate autonomous versus being manned to ensure there is adequate security for the convoy? How far should each vehicle be separated from one another to maintain safety margins, especially if it is at night or in bad weather? Does every vehicle also need to be able to be driven manually if the convoy is attacked or if a vehicle breaks down?

The robotic suit comes into play in that, say you have an autonomous convoy showing up that has few if any soldiers accompanying it, who is going to unload it? A small number of soldiers, each wearing a suit, will be able to do the work of many more than otherwise would be needed for that task, Mrs. Purdy said.

What Mrs. Purdy pointed out was that each decision to use robots has other implications that are not always obvious and need to be thought through. As she remarked, "The Army doesn't know what it doesn't know about robots."

Over the week, I'll write up a bit more about what I heard at the conference, which for me not being a "robot guy," I found pretty interesting.

Japan, Like US, Suffering From Rikei Banare


I have written a few times about the declining enrollment computer science and engineering students in the US and Canada. Looks like Japan is having similar problems.

A story in the New York Times over the weekend about Japan running out of engineers. The article says:

"After years of fretting over coming shortages, the country is actually facing a dwindling number of young people entering engineering and technology-related fields. Universities call it 'rikei banare,' or 'flight from science.' The decline is growing so drastic that industry has begun advertising campaigns intended to make engineering look sexy and cool, and companies are slowly starting to import foreign workers, or sending jobs to where the engineers are, in Vietnam and India."

The story goes on, "But according to educators, executives and young Japanese themselves, the young here are behaving more like Americans: choosing better-paying fields like finance and medicine, or more purely creative careers, like the arts, rather than following their salaryman fathers into the unglamorous world of manufacturing."

Estimates are that Japan is short 500K engineers in its digital technology industries.

It is may be very hard for Japan to reverse the decline from just demographics factors alone.

A story in April appearing in the Japan Times says that Japan is facing a "labor shortage of 4.27 million people in 2025 on the back of the declining birthrate and mass retirement of baby boomers."

The story goes on, however, to say that the work of 3.5 million Japanese workers could be covered if advanced robots become popular. One estimate, for instance, is that robots "could take over about 970,000 jobs in medical and nursing care services."

That is assuming, of course, there are enough Japanese computer scientists and engineers still around to build and program the robots required.

Robotics is looking more and more like a good career field.

The Crazy Ants That May Eat NASA


There are various news reports this week concerning a tiny reddish-brown ant by the name of paratrenicha species near pubens (or more commonly crazy rasberry ants) that has infested five counties of Houston. It turns out these ants like to eat electronic equipment.

As noted in a story in the London Times,

"Computers, burglar alarm systems, gas and electricity meters, iPods, telephone exchanges â'' all are considered food by the flea-sized ants, for reasons that have left scientists baffled."

They are now on the march towards Houston's Hobby Airport and NASA's Johnson Space Center.

The ants are so well-established now, they are likely impossible to fully eradicate. Worse, they are resistant to over-the-counter poisons. Furthermore, colonies apparently have multiple queens, so killing one doesn't do the job.

The ants apparently got to Houston via a cargo ship from the Caribbean about six years ago. Their only redeeming value is that they eat fire-ants.

There is a story here from ComputerWorld that talks about some of the damage to electronics they have caused.


Risk Factor

IEEE Spectrum's risk analysis blog, featuring daily news, updates and analysis on computing and IT projects, software and systems failures, successes and innovations, security threats, and more.

Willie D. Jones
Load More