Risk Factor iconRisk Factor

Ada Still Lives On


There is a very well done story in Government Computer News on the update to the FAA En Route Automation Modernization System (ERAM) that was successfully completed by Lockheed Martin last October.

The ERAM update, which consisted of 1.2 million lines of code, was delivered on budget, six months ahead of schedule and met its technical requirements, which is unusual in this business. What makes it more interesting is that the software consisted of 1.2 million lines of Ada code.

In June of 1983, the Department of Defense (DoD) issued its first official policy on Ada directing its use for all DoD mission critical systems. This began the Ada-programming wars in earnest in the software engineering community, which ended in April 1997 when DOD reversed course and removed the Ada mandate.

While many defense programs moved quickly away from Ada, the language has continued to live on especially in the aviation/space software community and a few others where reliability (and now security) is important. For instance, nearly 90% of the code for the F-22 Raptor is in Ada, and it is used on the F-35 Lightening II, Boeing 777 and 787, and on the Airbus 380. Maybe someone out there has a more complete list.

I was once deeply involved with Ada in my early career in government and later as an employee of SofTech, so I felt a wave of nostalgia as I read the story. I doubt a revival of Ada is in the winds, but it is still a very worthy programming language that unfortunately never found sufficient support outside and especially within the government.

Taxdueday Headaches for LAUSD Employees


For those still working on their taxes, my sympathies. However, my real sympathies go out to those 3,400 LA Unified School District (LAUSD) employees who received incorrect W-2 forms. As I mentioned previously, the number of employees affected by the payroll system fiasco may be greater than 3,400 because many more employees than that have pay stubs that don't match their W-2s.

While the LA Daily News reports that the LAUSD promises to cover any additional costs incurred by employees because of the payroll problems, such as tax penalties because of an incorrect or late filing or fees for tax preparers, I doubt this has brought total peace of mind to LAUSD employees.

As a footnote, sometime this month a new estimate will be given on how much the LAUSD payroll system will cost over the next 15 years, which is the time frame they plan to key the system.

Less Punishment for Doctors Who Snoop In Electronic Medical Records?


The LA Times reports that the California Department of Public Health faulted the UCLA Medical Center in Westwood, its Resnick Neuropsychiatric Hospital and a sister hospital in Santa Monica for two privacy breaches involving Britney Spears. The first occurred when Spears gave birth to her first son in 2005 and again when she was hospitalized in Resnick's psychiatric unit earlier this year.

The Times said that "at least 53 UCLA staffers, including 14 physicians, sneaked a peek at Spears' medical records on the two occasions, even though they were not treating her, according to statistics from the state and UCLA officials."

As a result, 18 non-doctors resigned, retired or were dismissed after the snooping was discovered. However, not one of the 14 physicians resigned or were fired.

The Times asked why the staff were dismissed but the doctors allowed to stay on, "Kathleen Billingsley, deputy director for the California's health department's Center for Healthcare Quality, said, 'I can't speculate as to why.' "

The chief executive of the UCLA Hospital System, Dr. David Feinberg, promises that things will change in the future. He also promises that more security will be built into its electronic medical records system to protect patients' privacy.

As I noted in an earlier post, UCLA has claimed that such snooping on patients was rare, but in another LA Times story, it appears that snooping has been going on since at least 1995. The records of Tom Cruise, Mariah Carey, Dom DeLuise and George Harrison were among those looked at. Worse, the hospital knew about the unauthorized snooping, but senior management didn't see fit to take any decisive action to stop it.

Given its track record, any promises from UCLA hospital management to protect patient privacy have to be taken with a large grain of salt.

British Airways Burns Other Airlines and Lost Luggage


British Airways (BA) decided in consultation with BAA, the airport operator, to delay moving the remainder of its flights from Terminal 4 to Terminal 5 to June instead of from the end of this month as planned. According to press reports, the move would have meant the number of passengers handled at Terminal 5 doubling from 40,000 to 80,000 a day. BA and BAA felt that it wasn't ready to handle the expanded number of people just yet, as some elevators were still not working, and the baggage system still needed some "fine tuning."

Per usual, both BA and BAA apologized for the decision - something they have been doing a lot lately.

The other 54 airlines who were expecting to move among the other Heathrow terminals once BA vacated Terminal 4 in a game of complicated musical chairs are, to say the least, extremely unhappy.

There are still some 7,000 bags that have not yet rejoined their owners, and many may be burned, which has not made BA passengers happy, either. According to the Evening Standard, Giovanni Tinelli, from Onboard Express in Milan, which has a £5 million a year contract to sort lost BA bags, is quoted as saying, "All our BA bags that are untraceable are sent back to BA and then they are destroyed in an incinerator."

And just to make sure BA passengers stay unhappy for another few months, because BA had planned to have all of its Heathrow flights operating out of Terminal 5, BA designed its May 2008 onward schedule under that operating assumption. Thus, the new schedule assumed that less time would be needed for passengers transferring between BA flights since everyone would be arriving and departing at the same terminal.

Well, now, that assumptions has been knocked into a cocked hat. Some BA passengers transferring between flights, if they have to transfer between Terminals 4 and 5, now may not have adequate time to be able to make their flights. BA is offering to refund tickets or rebook the affected passengers.

It is going to be a longer summer at Heathrow.

The only good news is that Terminal 5 check-in and baggage systems seem to be now operating without any major disruptions.

RFID Attacks Liquor Shrinkage


"Liquor shrinkage" where bartenders "overpour" drinks or sell drinks for cash and pocketing the money is becoming harder at the MGM Mirage resorts and casinos in Las Vegas ComputerWorld reports. Seems that the Mirage has bought an RFID system that monitors the amount of each pour a bartender makes.

The RFID chip, which is embedded in those little liquor bottle pouring spouts, produces information on exactly what is being poured and when, as well as the time and date when the spout is placed on and taken off the bottle. Real-time analysis programs can then identify bartenders who are not pouring to company standards, or who are pouring drinks without recording it on the point of sale systems.

You can read about such a system produced by the company Capton which provides RFID solutions to the hospitality industry here.

Of course, this RFID produced information will be a bonanza for lawyers who are suing or defending a business that sells alcohol to someone who later causes the personal injury, death, or property damage to another. With very little work, the exact amount of liquor sold to someone and the time it was sold will be available. I wouldn't be surprised that in a couple of years, insurance companies will insist that any business that sells alcohol install these types of systems if they want insurance.

Wanted: Prime Minister Gordon Brown's Fingerprints


The Guardian had an article recently about Britain's leading civil liberties groups No2ID and Privacy International planning to offer a £1,000 reward for the lawfully obtained fingerprints of the Prime Minister Gordon Brown's or Home Secretary Jacqui Smith.

The two groups who are opposed to the UK government's planned ID card scheme, have launched the campaign to show the dangers of the collection of fingerprints into central government database, according to their websites. The article says that the groups are creating 10,000 pseudo 'Wanted' posters to be placed in tube stations and pub lavatories offering the cash for the fingerprints, saying that Brown and Smith are wanted for "planning to steal the fingerprints of the entire British population."

The groups stipulate on the poster that "the fingerprint must be obtained lawfully and can be located on a beer glass, doorknob or any object with a hard surface. Corroborating evidence is required to ascertain the identity of these thieves. The fingerprints will then be made publicly available."

The poster continues, "As fingerprint technology spreads, this government will essentially have back-door access to your computers, files, wallets and even cars and homes. We are offering this bounty to teach these individuals a lesson about personal information security."

Both No2ID and Privacy International are fully expecting to be prosecuted by the government for incitement.

Patient Information Accessed From Old Computers in Oz

The Australian Sunday Times ran a story last weekend claiming that old hospital computers containing confidential patient information were being dumped in an open trash container in a busy alleyway at Royal Perth Hospital. The paper claimed to have been able to recover some of the information, including patient names and addresses, dates of birth, medical conditions and patient numbers. According to the Times, some 500 computers have been dumped this way.

Royal Perth, however, claims that the computer hard drives were wiped clean, but the Times said regardless that it was able to access the information very easily. The hospital also said that the computers were being destroyed by the scrap metal contractors picking them up, but the Times said it had sources that said that the computers were sometimes being resold.

After the story was published, the hospital and others claimed that the only way the Sunday Times could have accessed the information is if the paper had stolen the computers. Jim McGinty, Western Australia's Health Minister, is accusing the paper of "stealing the computers and engaging a 'hacker' to access their contents" during its investigation into Royal Perth Hospital's security of patient information. McGinty has called the police to investigate both the journalist and the paper.

This should get interesting.

In a side note, Western Australia's Auditor-General Colin Murphy in March reported that â''personal details of public servants, including salaries, home addresses and tax file numbers, were being released to the public when second-hand State Government computers were sold for as little as $2.â'' This is what drove the Times to do the story, it said.

Computer Science AB Advanced Placement Course Bites the Dust


The Washington Post reported last week that the College Board will be dropping the Advanced Placement Computer Science AB course and exam (the curriculum is here) after the 2008-2009 academic year. The College Board says that with only 5,064 students and 1,163 teachers taking part there was not enough interest.

According to the College Board website, "Computer Science AB includes all the topics of Computer Science A, as well as a more formal and a more in-depth study of algorithms, data structures, and data abstraction. For example, binary trees are studied in Computer Science AB but not in Computer Science A. The use of recursive data structures and dynamically allocated structures is fundamental to Computer Science AB."

The Computer Science A course seems unaffected.

Data Fusion Centers Mushroom


The Washington Post has a story on the proliferation of data fusion centers that have sprung up in dozens of states after 9/11. The centers tap into various commercial information brokers such as Accurint, ChoicePoint's Autotrack and LexisNexis, which the Posts writes, provide, "Web-based services that deliver instant access to billions of records on individuals' homes, cars, phone numbers and other information."

The story notes that each the fusion centers operate under state-defined different rules, and much of the activity is not open to outside review. At least one center (in Rhode Island) also claims that it has access (through the FBI) to classified CIA databases. This gives a back door channel to the CIA to keep an eye on US residents, something that it can't do directly.

It is not known how much information that is captured is wrong, but given that the Treasury Department's terrorist watch list has on-going problems with inaccurate and outdated information, there is little doubt that much of the information in these centers is suspect.

Even if when the information is accurate, the Treasury Department says that many users of the information don't bother to use it correctly. No doubt this happens with the information in these data centers as well.

I wonder how long before RFID information is captured by these data fusion centers.

UK Bank Loses Customer Data Disc Holding 370K Records


London-headquartered HSBC Holdings Plc, Europe's biggest bank, admitted that it had lost a disc containing details of 370,000 customers, according to news reports.

The data disc went missing a month ago after being sent by unregistered mail from HSBC's offices in Folkestone, England to the Swiss Reinsurance Co. because HSBC's electronic wire system wasn't working.

There is nothing to be concerned about, HSBC insists.

According to HSBC, the disc was password-protected (but not encrypted) and contains details including customers' names, life-insurance cover levels, birth dates and smoking status. It doesn't contain clients' financial details or addresses.

Nevertheless, HSBC said that, "We are apologizing to our customers.''

Why does HSBC feel the need to apologize if there is no harm? I thought the official government sanctioned rule in the UK on data breaches was "no harm, no foul."

Anyway, this and the HMRC episode last year does make one wonder what is going on at the Royal Mail. Is there a sorting machine somewhere that senses when sensitive computer discs are in an unregistered mailer and snaps them up?


Risk Factor

IEEE Spectrum's risk analysis blog, featuring daily news, updates and analysis on computing and IT projects, software and systems failures, successes and innovations, security threats, and more.

Willie D. Jones
Load More