Risk Factor iconRisk Factor

Déjà vu - Sensitive Canadian Data Missing in Post

It is being reported by CTV.CA that private medical information on 140 British Columbia and 480 New Brunswick residents contained on four unencrypted magnetic tapes disappeared. Information on the tapes includes names, Medical Services Plan numbers, birth dates and possibly some description of services rendered and the costs of those services.

The information was "misplaced" on October 5, but New Brunswick medicare authorities were not made aware of the loss until Oct. 25. The province's director of medicare operations did not know about the vanished information until Nov. 29.

B.C. Information and Privacy Commissioner David Loukidelis who is investigating the loss said that he was "appalled that health information is being transmitted in such an insecure way."

Who Speaks For Humans?

alien-mask-3.gif In today's Wall Street Journal, there was a note regarding a story that is in Seed science magazine regarding the question:

"If aliens are out there, how should Earthlings go about getting in touch with them?"

"The question has provoked arcane but furious debate among scientists searching for extraterrestrials. Because scientists haven't picked up signs of alien life near Earth, the debate is essentially philosophical, revolving around such issues as who rightly speaks for humanity and whether humans want to draw the attention of possibly hostile life forms."

"A dispute erupted recently among scientists over an effort to draft a protocol for messages going from Earth into space, reports David Grinspoon in Seed, a science magazine. Several scientists who believe that governments and other scientists should be consulted prior to any space-bound communications resigned in protest from a prominent study group on extraterrestrial intelligence."

This got me to thinking about my earlier post on Microsoft's error reporting, and my joking reference about it possibility being a search for artificial intelligence. However, what happens if a computer does indeed become self aware? Who speaks for the human race, and does the first self-aware computer speak for ones that come after it?

UK Data Scandal Was Predicted Years Ago

CD_Object.gif Last week, Forbes reported that Prime Minister Gordon Brown disagreed with the acting chairman of the HM Revenue and Customs (HMRC) David Hartnett's portrayal that the numerous HMRC data breaches over the past few years "may well" indicate a systemic operational failure.

"I don't accept that that is what the chairman ...said," said Brown.

Okay, I guess he didn't say it.

Over the weekend, the Sunday Telegraph published a story that said senior HMRC officials were warned by auditors in March 2004 that, ".. letting junior staff have access to the entire system was a recipe for disaster." The auditors also said, "... mistakes would not be detected and that the system was open to fraud."

Hmm, again I am left to wonder what actually does constitute a systemic operational failure in the eyes of senior UK government officials?

Phishing for Cyberlove with Robo-Lovers

heart.gif According to the London Telegraph, "flirting robots" are invading Russian dating websites with the aim of gaining personal information from unsuspecting victims. CyberLover is one such robot that masquerades as a person seeking love on-line, according to the story. It interacts with a potential victim asking questions like, "When's your birthday? Where can I send you a Valentine's Day card?" and so on. The fear is that these robo-lovers could soon be invading popular social networks phishing for information.

I wonder what happens when one robo-lover encounters another on-line? Do they exchange code words so they know that the other is one of their own? Or do they just keep chatting one another up forever?

Microsoft Error Reporting: Really A Search for Artificial Life?

In historian Felipe Fernández-Armesto's survey book Ideas that Changed the World, there is a section entitled "Impossibilism." In it, he reviews some of the paradoxes that philosophers like William of Ockhamâ''s raised for contentious debate in the 14th century, such as â''God can order you to commit murderâ'' or â''God can reward good with evil.â''

If William of Ockham were alive today, he would probably coin something appropriate about Microsoftâ''s problem reporting.

As I noted a few weeks ago, Microsoft captures and analyzes those errors that unfortunately but not unexpectedly pop up every so often, which on some days provides Microsoft with 50 gigabytes worth of problem data.

I was recently sent a link to a screen shot of an error message that I have never encountered:

Windows Problem Reporting Has Stopped Working

A problem caused the program to stop working correctly. Windows will close the program and notify you if a solution is available.

As the comments at the link note, this error message poses some very interesting philosophical paradoxes and implications. For instance, how can a solution be sent if the problem reporting scheme is not working? How can a solution even be available if the problem is not reported? Or does it really indicate that Windows has developed HAL-like self-awareness? This could help explain Microsoft's Potty Mouth Santa.

All this made me wonder whether:

a) Microsoft has another error monitoring program to watch for when its Windowâ''s Problem Reporting code has an error, and whether there is another one to watch for that one to have an error, and so on: all this watch watching might explain why its operating systems are so large, and;

b) if (a) above is not true, does the Microsoft error analyst team have a category for this specific types of error, waiting in hopes of an error turning up some day indicating that in fact Windows is now self-aware, kind of like the SETI folks do in waiting for that special signal from space to appear?

SBInet Lives!

lemon-halves.gif If some convenient major news event isn't happening, then government officials like to use Friday afternoons to bury bad news or to make announcements that they don't want looked at too closely.

As I wrote on Friday, things were pretty quiet on the SBInet front, when, lo and behold, the Department of Homeland Security (DHS) announced Friday afternoon that it had conditionally accepted Boeing's border-surveillance system. DHS Secretary Michael Chertoff said that it was now going to run a 45-day operational system stress test before giving final acceptance.

However, I doubt that the stress test will result in failure, regardless of the real results. Along with this "conditional acceptance" Boeing was awarded a $64 million task order to design, develop and test an upgraded "common operating picture software system" for the Custom and Border Protection (CBP) command centers and agent vehicles to make the system more user friendly. Don't you think if there was any real doubt about accepting the system, the contract award would have been delayed for six weeks?

More likely, the system stress test is meant more to fend off Congressional criticism than as a means of generating information on which to make a final acceptance decision: i.e., dressing up the lemon.

As the Arizona Daily Star reported (subscription may be required), "After the 45 days, officials will put in orders for additional changes, Chertoff said. Full acceptance of the system depends on the results of the test run."

Furthermore, the paper said, that despite the lengthy delays and the doubling of costs in the launch of Boeing's pilot project, Chertoff said that DHS "isn't worried about Boeing designing and implementing similar systems along the rest of the border. 'We picked a particularly demanding area of the border, with a lot of ground clutter,' Chertoff said. 'So it should be a good kind of challenge,and some other parts of the border should be easy.' " I guess Chertoff nor the DHS have ever heard of software system scalability problems especially in using commercial-off-the-shelf (COTS) components.

Boeing was also quoted as saying that that the company "learned valuable lessons" during the work that will reduce future risk. Of course, the whole project was sold as being low risk from the beginning, but who keeps track of those promises, right?

LAUSD Payroll Repayments - A Little Slack for Employees

stop.gif The LA Times last week reported that Los Angeles Unified School District (LAUSD) has decided to extend its deadline to recoup most of the $53 million that it believes to have been overpaid to about 32,000 employees because of its faulty payroll system.

The Times writes that the LAUSD had originally "set a Nov. 26 deadline for workers to decide whether to repay the entire amount they had reportedly received, repay only the amount they believe they were overpaid, or refuse to pay anything. Employees were also warned that if repayments were not made by Dec. 10, they would also have to repay additional money withheld by the district for state and federal taxes."

The new dates for employees were the December 7th regarding how they wished to proceed, and now they have until Dec. 17 to make any repayments.

About 2,400 LAUSD employees have decided to contest the district's claims and are refusing to pay some or all of the amounts demanded, because they don't trust the figures the LAUSD has provided to them.

The LAUSD is putting none too subtle pressure on those 2,400 to accept the amount they are said to owe nevertheless.

As the Times reports, "those disagreements won't be discussed until next year, when district and union officials can set up a resolution process. But by then the district will have paid taxes on over-payments, and employees will be faced with the prospect of seeking refunds for themselves from tax agencies."

LAUSD officials believe that most of their payroll problems are behind them, but if a large number of its 2,400 employees who are contesting their alleged over-payments are shown to be indeed correct in their suspicions, the mess will have only just begun.

Small Typo, Big Problems in Carver County, Minnesota

accounting.gif You may have seen the small typo problem in Georgia where Joe Martins recently closed his account at Wachovia Bank, paid off an outstanding check, and then got a letter about the account closure and his final balance -- a minus $211,010,028,257,303.00. Wachovia apologized to Martins, and promptly blamed the letter and the erroneous amount on a word processing error - the number supposedly owed actually matched the gentleman's bank account number.

A similar computer typo problem, but with real side-effects happened last week in Carver County, Minnesota. Eric Mattson received a real estate assessment notice stating that his 4,400 square foot vacant lot was being assessed at a market value of $189,000,000 (or $42,955 per square foot) and would he please fork over the $2.5 million in property tax he owed. Since is about 10 times the value of prime property in London, which is the most expensive property in the world ($4,585 per square foot), Mattson had a good laugh and called the assessor's office about the obvious error.

The assessor's office wasn't laughing. It was indeed an error, but the County had already budgeted and spent the money.

According to the story in the Minnesota Star Tribune, there was change in the property's status which required a change in its tax status. In August, a "clerk filled in the $18,900 proposed valuation, but then mistakenly hit the key to exit the program. The computer added four zeros to fill out the nine numerical spaces required by the software, thus indicating the value was $189,000,000."

Several officials questioned the windfall, but the tax office assured everyone that it was true; that is, until Mattson complained.

Now the County is trying to figure out how to make up for the shortfall, like cutting back on services to raising taxes. The issue will be debated at a meeting on Tuesday.

The tax folks say they have instituted new procedures to ensure this problem never happens again. Of course.

Oh Where Oh Where is SBInet?

Lemon_Object.gif

The status of Boeing's Secure Border Initiative (SBI) Project 28 seems to be in limbo. System verification testing of the "virtual fence" was completed at the end of last month, and the US Customs and Border Protection (CBP) agency was expected to quickly make a decision as to accept or reject the project.

In September, Department of Homeland Security (DHS) Secretary Michael Chertoff said successful acceptance testing of the trouble plagued project was critical because he didn't want to get stuck with a lemon.

The Chairman of the House Homeland Security Committee Bernie Thompson fired a warning shot across Chertoff's bow in a letter he released this week, holding him to his "no lemon" pledge:

"If, as it now appears, the technological problems encountered are such that Project 28 has become more of a technology "test bed" than a new operational tool for the Border Patrol, the Department needs to address this directly. Frankly, I am as disturbed about this apparent lack of candor and the attempt to "spin" Project 28's troubles as I am by the technical difficulties you have encountered with the initiative. Technological problems can be fixed. Credibility, once lost, is unlikely ever to be regained."

"To be clear, I strongly support the use of technology to secure our border. I do not, however, support accepting a deliverable that does not provide the Border Patrol with the promised improvements in operational capability. Again, I urge you to defer accepting Project 28 until you can provide this Committee and the American people with an assurance that it does so."

Of course, if SBInet has to be canceled, then CBP can always turn to the Arizona-based Techno Patriots who are putting up their own home-grown version of SBInet.

Smart Cars: Coming to a Showroom Near You

The New York Times this week had an article on smart cars and how one will "soon" be in a showroom near you. It quotes Dr. Sebastian Thrun, a computer scientist who heads up Stanford's Artificial Intelligence Lab, as saying, "Within five years, itâ''s totally feasible to build an autonomous car that will work reliably in several limited domains."

Furthermore, the article says, "In 20 years, Dr. Thrun figures half of new cars sold will offer drivers the option of turning over these chores to a computer, but he acknowledges thatâ''s just an educated guess. While he doesnâ''t doubt cars will be able to drive themselves, heâ''s not sure how many humans will let them."

It will be interesting to see what happens when the first smart car crashes into one driven by a plain old human driver and results in a severe injury or death. Will the smart car's software be blamed? Will the argument be that the human driver has to be at fault since the smart car is assumed to be more carefully driven? And will the case be argued by "smart lawyers," a term that seems somehow oxymoronic to me?

Advertisement

Risk Factor

IEEE Spectrum's risk analysis blog, featuring daily news, updates and analysis on computing and IT projects, software and systems failures, successes and innovations, security threats, and more.

Contributor
Willie D. Jones
 
Load More