Risk Factor iconRisk Factor

IT Hiccups of the Week: Red Bull Racing Gets Apology from McLaren Over ECU Software Issues

Last week produced another potpourri of IT-related snags, snarls and snafus. We start off this week with a software issue that impacted Formula One's kick-off race in Australia.

McLaren Apologizes for Software Issue in its ECU

McLaren Electronics Systems, which supplies all the Electronic Control Units (ECU) for Formula 1 racing teams (as well as for NASCAR and IndyCar) apologized last week to the Infinite-Red Bull Racing team for a software problem that affected driver Mark Webber’s car at the start of the Australian Grand Prix on 17 March, AutoWeek reported.  The ECU, which McLaren says [in an entertaining Sky Sports video] is the “brains of the car,” controls the engine, clutch, gearbox, differential, fuel system and the drag reduction system, and provides critical performance telemetry to the racing crew.

This year, McLaren introduced an upgraded ECU in anticipation of the turbo V6 engine to be used starting in the 2014 season; that engine, racing officials hope, will draw fans back to Formula One racing.  However, in February’s preseason winter testing in Barcelona, several racing teams were bedeviled by software “glitches” that resulted in problems such as the loss of communications between race cars and racing crews and malfunctioning of the cars’ kinetic energy recovery systems (KERS). The problems were so severe that McLaren reportedly had to revert for a time to the previous ECU software version, which has apparently worked reliably since it was introduced in 2008.

McLaren was confident enough that it had fixed the preseason ECU problems that the new software version was used for the inaugural Formula One Grand Prix race in Melbourne. While no problems were discovered during pre-race qualifying, at the beginning of the race, the second fastest qualifying car, driven by Webber, experienced an ECU problem that cut the Red Bull Racing team's ability to monitor the car and shut down the car’s KERS system. The team was forced to reset the system, which cost the Webber valuable time. The KERS system wasn't restored to full functionality until lap 20.

Read More

This Week in Cybercrime: What Do We Know about the South Korean Cyberattack?

Clues But No Conclusive Evidence

What do we know about this week's cyber-attack on South Korean broadcasters and banks? We know that it was a coordinated attack that hit roughly 32 000 computers on 20 March at 2pm local time. We know that it took several hours to restore online banking services for Nonghyup Bank and two other banks and to get the companies’ ATMs up and running. And although TV broadcasts by YTN, a 24-hour news channel, and two other networks were not affected by the attack, the networks’ computer servers may have suffered severe damage. Researchers have also figured out that the malware was programmed so that when the clock struck two, it would disable a machine’s security software, determine which version of Windows its host was running, and begin corrupting the hard drive. According to researchers at FireEye, the malicious code then overwrote all the hard drive contents. After wiping the hard drives and master boot record, the program forced a reboot that turned the computers into high-tech paperweights. According to a Wired article, the malware “also included a module for deleting data from remote Linux machines. The malware searched for remote connections and used stored credentials to access Linux servers and wipe their master boot record.”

Another piece of the puzzle, provided by security firm Trend Micro, indicates that its researchers detected a phishing email sent to South Korean organizations on the day before the attack. That come-on, ostensibly from a bank, had an attachment laced with a Trojan. This leads Trend Micro to think that the hackers had taken advantage of their own form of just-in-time delivery.

What we don’t know for sure is where the attack originated. The knee-jerk conclusion most observers jumped to is that North Korea had begun to make good on the threats it had been issuing since it was hit with UN sanctions following a nuclear test in February. It wasn’t long before China became the focus of suspicion. But as investigators dug deeper, South Korean government officials who initially said they traced the attack to a Chinese IP address had to admit a certain level of uncertainty. The IP address turned out to be one used internally by NongHyup Bank, one of the victims of the attack. South Korea’s Communications Commission said it belatedly discovered that by a freak coincidence, the address matched one registered in China. But South Korea still hasn’t taken North Korea off its list of suspects because this wouldn’t be the first time its neighbor to the north targeted the country’s media, banks, and government agencies. Seoul is still smarting from the so-called “Ten Days of Rain,” a 2011 denial of service attack for which it blames the Pyongyang government; the attack is said to have been an elaborate scan of South Korea's computer defenses.

Read More

Computer Technology Impact on 2013 Society as Predicted in 1962 and 1988

I am always on the lookout for stories featuring past predictions of the future impacts of technology on society and how closely they mirrored reality. So I was quite happy to find a couple of recent articles, one in BusinessWeek and the other in the LA Times, discussing technology predictions made by the CIA in 1962 and by a group of futurologists in 1988.

The CIA predictions involved a speculative piece, recently released, concerning how computers might impact future U.S. intelligence gathering, data processing and analysis. The paper was written by CIA analyst Orrin Clotworthy and entitled, “Some Far-out Thoughts on Computers” which was originally published in the agency’s Studies in Intelligence in 1962. In his paper, Clotworthy wrote that there was “rising optimism” to think that behavioral scientists would someday be able to use computers “to foretell the behavior of large groups of people within reasonable limits, given accurate and timely measures of certain telltale factors.”

Clotworthy also speculates that computers could be programmed by the year 2000 to perform as a “stand-in brain” that could test out different scenarios and make predictions of the behaviors of foreign leaders. He goes on to note while storage of the information needed for such a “stand-in brain” might pose a difficult problem, getting all the data required could be “obtained with relative ease.”

Makes one think about how much access the CIA had to personal, corporate and governmental data domestic and foreign back then. As a side note, Reuters reported two weeks ago that the Obama Administration is drawing up plans to allow “all U.S. spy agencies full access to a massive database that contains financial data on American citizens and others who bank in the country.”

Read More

IT Hiccups of the Week: Hundreds of Thousands Hit By U.S. Tax Filing Glitches

We had another interesting mixture of IT-related glitches, snarls, and snafus to choose from last week. We start off with U.S. taxpayers who will be waiting for their tax refund checks a bit longer than expected because of problems with some companies’ tax software products.

H&R Block and Other Tax Software Product Problems Delay Tax Refunds for Over 600 000

According to several news reports, H&R Block, one of the world's largest tax services providers, which files about 1 in 7 U.S. tax returns, announced on its blog that there was “a disconnect in the transmission of form 8863 from our delivery system to the IRS [Internal Revenue Service] E-file system”. That disconnect caused a delay in its customers getting their tax refunds. Federal Form 8863 (American Opportunity and Lifetime Learning Credits) is used to claim two higher education credits. Over 600 000 H&R Block customers who had their forms filed between 14 February 22 February  are said to be affected, a story at the Washington Post reports.

Part of the problem lay with the IRS – or more specifically actions by the U.S. Congress – which delayed this year’s filing period and required changes to Form 8863. Both actions apparently caught H&R Block and “a limited number of software company” product developers off-guard, the IRS said. The tax software problems have reportedly been fixed, but refunds might be delayed by up to 8 weeks in some cases.

In another problem, about 10 days ago, Minnesota tax officials said that anyone using Intuit’s TurboTax software to file their state tax returns could be filing erroneous tax returns. At first, Intuit downplayed the errors claiming that they affected only non-obligatory tax issues such as donating $5 to a political party, but state officials countered last Monday by saying that there were about a dozen problems with the TurboTax software, most affecting tax computations, Minnesota Public Radio (MPR) reported.

Within a few days of the state's announcement, Intuit claimed that its tax software was fixed and said that only 10 000 filers were affected. However, state tax officials told MPR that as of Friday, “it still isn't sure flaws in Intuit's TurboTax tax preparation software have been fixed.” The state is still telling residents not to use TurboTax until it has fully tested out the software. It also said that some14 000 tax returns using the software have been found to contain software-related errors.

Intuit says that it “will issue refunds to affected Minnesota state TurboTax customers for the full amount of their tax preparation fees.” Somehow, I don't think that will appease many filers who will now need to file amended returns.

Billing Problem Affect 145 000 Customers of EnergyAustralia

The Australian reported last week that problems with the introduction of EnergyAustralia's new IBM developed billing system has meant that some 145 000 customers have not been billed for their electricity or gas usage on time, including 21 000 that have not been billed at all. The Australian says errors in the new billing system are apparently higher than anyone expected.

The Australian quotes a source as saying, “The backlog is caused by IBM middleware (software) unable to handle sales files sent by third parties such as distributors. Due to inadequate validity checking, errors are created and the IBM team in India is woefully undermanned to handle the workload. These errors have to be manually fixed, which has resulted in a growth in the backlog.”

EnergyAustralia acknowledges the system is undergoing “teething problems” and that IBM has doubled its support staff to handle the problems. The energy company also insists, however, that it’s only a “small number of customers who haven’t had the best experience.”

EnergyAustralia has about 1.25 million residential and business customers.

Montreal Métro System Shuts Down

Last Wednesday, as feared, all four lines of Montreal’s Métro System shut down completely over the lunch hour because of known software problem in a critical main computer system server. According to a story in the Montreal Gazette, a series of Métro System shut-downs early last summer revealed that a there was an “unstable server” which is “part of the main computer system used to operate the métro.” The server is used to send and receive information from “most of the systems in the métro,” Montreal’s transit agency officials stated.

A software patch was installed last July, but métro engineers determined in October that a “more complex patch” was required.  The patch has been under-development since then and is scheduled to be installed late this month or early in April.

However, on Wednesday morning,  engineers noticed that the server’s software was becoming unstable again and was passing “bad data” to the main computer system. The engineers planned a controlled shutdown of the métro a little after noon for about 10 minutes in order to go to the back-up system. Unfortunately, the métro’s main computer system shut itself down before the engineers did as the “server gave bad data to the system and saturated the memory” of the computer. This uncontrolled shutdown complicated things, transit agency officials said.

It took over an hour to restore finally service.

Montreal’s transit agency officials apologized once again to métro riders, who have suffered outages in January and February as well. Agency officials promise the system will be better once the new software patch is put into place.

Yet Another Tesco Pricing Glitch

Given their regularity, it almost seems that U.K. retailer Tesco is deliberately creating pricing glitches to attract customers to its stores. As reported by the Telegraph, the latest pricing glitch “allowed shoppers to buy one product and get three free on 500g packs of I Can't Believe It's Not Butter (ICBNB) and multipacks of Danone Onykos yogurts.” According to the Telegraph, the pricing error worked both in the store and on-line. One shopper claimed to have paid just £9 for yogurt worth £133.

A Tesco spokesperson said that it was supposed to “be a simple buy one get one free offer” but an “IT error” was responsible for the unintended “unbeatable value.”

Last month, another Tesco pricing error showed up on in-store ads in relation to Thorton’s Premium Collection Chocolates. Here, however, the error turned a 50 percent off a £7 box deal instead into a final price of £7.35 a box.

You win some, you lose some.

Woman Arrested After Spending Money Due to Pay Error

There was a story from radio station WTAQ Wisconsin about a woman in Wisconsin being arrested for spending some $10 000 paid to her by mistake by her former employer.

According to WTAQ, the woman worked for the Stein Garden Center in the City of Oconomowoc and normally earned $8.25 an hour for her labors. However, a computer error changed it to $88.25 an hour.  Apparently, on receiving a windfall of $10 000, she decided to quit her job rather than tell her employer of the error.

About a month after she quit, her employer found the error and wanted the money back. The woman allegedly told the company she didn’t know anything about an error in her pay. When a police detective was called in to investigate, she then told him that she “thought the money had come from her aunt and she had already spent it on a new roof for her home.”

She later acknowledged receiving the money in error, but that “she had no intention of repaying it” since “it was the company’s mistake – not hers.”

The woman was charged, I assume with felony theft, and faces six years in prison if convicted, WTAQ reported.

Connectivity Problems Shut Down Newly Opened NHS Trust Surgery

In a bit of an oddball story, the UK press last week reported on a brand new £300 000 National Helath Service (NHS) Trust doctors' surgery in Westbury-on-Severn, Gloucestershire that was shut down four hours after it opened 14 January because of “serious computer connectivity problems.” The  problem remains unsolved as of today.  According to the BBC, an NHS Gloucestershire spokesperson said, “Both the practice and NHS Gloucestershire have been making every effort to resolve the situation as quickly as possible, and the PCT's IT team has been working with to establish the cause of the problems. We are now very close to resolving the connectivity issues and the [Primary Care Trust] will be meeting with the surgery next week to finalise the options.”

What wasn’t explained in any of the press stories is how such a “connectivity problem” was somehow overlooked before the surgery was opened.

Glitches for Sale

Art based on digital glitches has been around for a while. Now, you can buy a storage unit that looks like it is suffering from a really big glitch. Created by designer Ferruccio Laviani and sold by Italian furniture supplier Fratelli Boff, the “good vibrations” storage unit is said to reflect “a balance between the past and the future, blending the harmony and magniloquence of the classical with the charm and allure of the contemporary” as well as to exemplify “the harmonious juxtaposition of the languages and cultures it is based upon.”

“Echoes of faraway places and Oriental elements are glimpsed in the ‘disorienting’ design of this storage unit, which seems to have been ‘deformed’ by a strong jolt or by swaying movements. Although it appears to depart from the aesthetics of the past, in fact it draws upon ancient knowledge in the use of carving and fine wood workmanship. The appeal of this extraordinary piece of furniture lies in its ability to overturn and question classical stylistic principles such as purity, cleanness and symmetry, while evoking a comforting feeling of deja-vù and a sort of primitiveness, matched by unquestionable craftsmanship.”

Okay, then… to each their own (although I must admit that I harbored some thoughts about this just being an elaborate publicity stunt).

If glitch furniture doesn’t appeal, you can always buy some limited edition US $350 Glitch Textile blankets. The blankets’ patterns, the company says, “are generated using images taken with short circuited cameras and other unorthodox digital techniques.”

These I find much more appealing.

Photo: Scott Eelis/Bloomberg/Getty Images

This Week in Cybercrime: Hackers More Dangerous than Al Qaeda?

U.S.: Hackers More Dangerous than Al Qaeda

It seems that cybercriminals and politically motivated cyberattackers have vaulted to the top of the list of security threats to the United States. On Tuesday, James R. Clapper, the nation’s director of national intelligence told a Senate committee that hackers not affiliated (or at least not directly linked) with another nation-state could very well infiltrate the raft of poorly secured U.S. networks that control critical infrastructure such as power generation facilities. To impress upon the legislators the seriousness of the threat, he ranked cyberattacks ahead of the brand of terrorism practiced by Al Qaeda. Later in the week, Gen. Keith Alexander, the head of the Defense Department's new U.S. Cyber Command told another collection of senators that his group is setting up its own hacker teams equipped to retaliate in the event of a major cyberattack on U.S. networks. Coincidence? Not likely, says a Tech News World article that considers the congressional testimony to be part of a shift in U.S. military strategy “pointing toward a renewed emphasis on the nation's digital defenses.” The coordinated meet and greets, say some observers, simply indicate a rejiggering of the executive branch’s funding wish list.

“The problem is not so much that cyberattacks are suddenly worse than they've been, but rather that [online attacks’] relative standing as a threat continues to rise as Al Qaeda is further dismantled,” Andrew Braunberg, a research director at information security research firm NSS Labs, told Tech News World.

U.S. Cyberattack Sentry Shut Down

Also just in time to make the U.S. government's point about the cyberattacks was the revelation this week that the NIST National Vulnerability Database (NVD), the government’s clearinghouse for information on malware and cyberattacks, was hacked and has been out of commission since last Friday. Security researchers apparently found malware on two NVD servers. But in an ironic twist, the site, which is set up to issue warnings when new viruses are propagating across the Internet, failed to sound the alarm about its own security problem.

According to a Business Insider article, Finnish security researcher Kim Halavakosk wondered why it has taken so long to get the site back up, so he e-mailed NIST to find out. He posted a response from a NIST PR rep to his Google+ account. The reply e-mail summed up the situation but offered few details regarding how the hackers got in. But the PR person was quick to assure the public that:

“Currently there is no evidence that NVD or any other NIST public pages contained or were used to deliver malware to users of these NIST Web sites. NIST continually works to maintain the integrity of its IT infrastructure and acts to limit the impact of malware on its systems. We regret the impact this has had on our services.”

Is Your Android App Spying on You?

On Wednesday, the Data Center of China Internet (DCCI) released a report that should make all Android phone users suspicious of what’s lurking inside their handsets. According to the report, roughly 35 percent of Android apps sold in China secretly steal user data even when the information has not in any way related to the app’s function. Although the 1400 apps the research institute looked at were mostly sold at Chinese app markets that Google doesn’t control, it still illustrates cybercrooks’ focus on Android as well as the operating system’s vulnerability (especially the myriad jury-rigged versions that are steadily taking over China’s mobile device market).

Apparently up-to-the-minute information on where people are is becoming a big quarry for cybercriminals. DCCI found that more than half of the apps tracked users’ locations. More than 20 percent rifled through users’ address books, while others read call records, and text histories. But the most unnerving thing may be the capability of some of the apps DCCI looked at to secretly send texts and make calls right under the user’s nose.

Ovum analyst Shiv Putcha summed it up best when he noted in a blog post that, “Android is fragmenting beyond Google’s control, and Google’s Android strategy is rapidly coming undone in China with no immediate prospects for correction.”

Major Phishing Campaign Targets Australian Banking Customers

Early Thursday morning, hundreds of thousands of Australians woke up to malware-laced e-mails in their inboxes. The message, crafted to seem like it came from Westpac, Australia’s oldest bank, carried the subject line "Westpac Secure Email Notification" and the sender address "secure.mail@westpac.com.au". It instructed recipients to open an attachment that would unleash a virus. Security firm MailGuard, which identified the e-mails as fraudulent by 9:30 that morning, told the Sydney Morning Herald that by the middle of that afternoon, it had blocked more than 300 000 of the bogus alerts routed to its clients' inboxes. The first wave of messages went largely undetected, says MailGuard, because they originated from more than a thousand unique source IP addresses—many of them outside Australia.

Photo: Peter Dazeley/Getty Images

If At First You Don’t Succeed, Recall Your Product

Heaven forbid you’re cruising down the road in your new car and discover at the worst possible time that the passenger side airbag is inoperable. To avoid having its customers suffer that fate, Nissan is recalling thousands of vehicles across several model lines. The automaker filed a document with the U.S. National Highway Traffic Safety Administration (NHTSA) on 13 March indicating its plans to have drivers of 2013 model year Altimas, Pathfinders, Sentras, the Nissan Leaf electric vehicle, and the JX35 crossover SUV (from the automaker’s Infiniti luxury marque) bring them into dealers to have them inspected.

Nissan told NHTSA that the problem stems from improperly made sensors that are part of the occupant detection system that tells the airbag whether or not the passenger seat is empty—or that the passenger is a child or small adult, in which case it shouldn't fire because they might be seriously injured by the force of the bag inflating. The sensors are, in other words, essential to the airbag's do-no-harm mandate, a flawed sensor may improperly indicate that the airbag's deployment conditions have been met.

According to an article in USA Today, Nissan says it discovered the problem at its Tennessee manufacturing plant, where some vehicles rolling off of assembly lines had airbag warning lights illuminated.

Here's another thing you don't want happening as you cruise down the highway: sudden braking without your having pressed the pedal, or hard braking when you intend only to slow down slightly.

Within a day of Nissan’s recall announcement, Honda revealed that it is recalling nearly a quarter million vehicles because of an electrical problem that causes those very conditions. Honda was pushed into issuing the recall after a NHTSA investigative report said the likely culprit of the unintended braking is an electrical capacitor [pdf] that causes the brake assist feature of Honda cars’ stability control system to randomly kick in. Brake assist, a safety feature intended to reduce stopping distance in emergency braking situations, is integrated with traction and stability control, which selectively apply torque and braking to each of the vehicle’s wheels.

Read More

IT Hiccups of the Week: Royal Bank of Scotland Angers Customers Yet Again

There was wide variety of IT-related snafus, glitches and uffdas this past week. We start off with an oldie but goodie: another IT glitch at the Royal Bank of Scotland and its subsidiaries.

Hardware Fault Affects Customers of Royal Bank of Scotland Group

Last summer, you may recall, a software update that went awry took out the IT systems supporting the Royal Bank of Scotland and its subsidiaries, NatWest and the Bank of Ulster, for quite some time; in the case of Ulster Bank, nearly two months went by before its IT systems were finally stabilized and customers had unfettered access to all their accounts. Needless to say, RBS Group customers were not amused by the long “disruption and inconvenience” as RBS Group chairman Stephen Hester called it. RBS promised its customers as well as the government that it would take steps improve the reliability of its Banking systems. Some £175 million (US $263 million) was eventually spent on customer compensation and system improvements.

Well, RBS Group managed once more to inconvenience its customers, which number 17.5 million, last Wednesday evening when a “hardware fault” disrupted access to all customer accounts. According to various news outlets such as the Financial Times, all three banks’ customers could not access ATMs, use RBS Group issued credit cards, or access any online or telephone banking services.  Some customers, the BBC reported, alleged that the ATM machines ate their banking cards as well.

RBS claimed that the hardware error—which it says was not related to the 2012 event—was fixed within about three hours, although some customers were still complaining of problems with accessing their bank accounts well into Thursday morning. RBS, which is getting very practiced at it, issued an apology Thursday morning “for the disruption our customers experienced” and promised to help customers who faced any problems because of the outage.

The apology hardly mollified RBS Group customers, especially when, in a bit of bad timing, it was disclosed on Thursday morning that RBS Chairman Hester would be receiving a bonus worth £700,000. Many customers were angrily asking, “For what?”

Three States Experience DMV Issues

Last week, the Motor Vehicles Departments in Georgia, Texas,  and Kansas all reported having IT problems.

Read More

This Week in Cybercrime: Judge Upholds LinkedIn's "If You Put It on Our Site, Don't Blame Us If It Gets Out"

LinkedIn Not Liable

Earlier this week, a U.S. District Court in Northern California dismissed a class action lawsuit accusing LinkedIn of failing to deliver the level of security the plaintiffs say the social networking site’s privacy policy promised. A June 2012 data breach resulted in more than 6 million LinkedIn passwords being posted online. A few weeks later, a woman from Illinois and a woman from Virginia filed the suit—after learning that LinkedIn had encrypted the passwords with an outdated algorithm. Judge Edward Davila noted that the suit should not proceed to trial for several reasons. The plaintiffs, he said, wrongfully assumed that by paying for the site’s premium upgrade, they were entitled to a higher level of encryption for their data than users of the free version. Davila pointed out that, although the accusers admittedly never read the site’s privacy policy, it read,

“…we cannot ensure or warrant the security of any information you transmit to LinkedIn. There is no guarantee that information may not be accessed, disclosed, altered, or destroyed by breach of any of our physical, technical, or managerial safeguards. It is your responsibility to protect the security of your login information.”

The judge also failed to see how the posting of the passwords had, as the plaintiffs claimed, caused any economic harm or put them at future risk of identity theft.

Google’s Ups and Downs

It seems that the one-year anniversary of Google Play is not turning out to be the auspicious occasion Google had likely imagined. On Wednesday, the KrebsonSecurity.com blog reported that a new botkit is being used to trick Android users into downloading fraudulent banking apps capable of intercepting multifactor authentication messages from banks. The apps then send text messages with the purloined login credentials to the phony apps’ creators. That news appeared in the context of data that Google itself released on the Android developer blog showing that Android users can’t help but be plagued by malware. Google admitted that, based on data gleaned from mobile devices that accessed its app store during the two-week period that ended on Monday, only 16 percent of Android users have bothered to update their operating systems to the newest, safest versions. More than 40 percent of people with Android mobile devices still run a two-year old version known as Gingerbread. Kaspersky Lab, which keeps track of attempted malware installations on Android, reported that as of the end of 2012, Gingerbread was the most commonly targeted version of Google’s OS. (A SecurityLedger.com article notes that Apple, by contrast, has no such migration problems with its gadgets; 98 percent of all iPhone and iPad users run one or the other of the latest two iterations of iOS.)

The news isn't all bad about Google, though. The search-and-now-just-about-everything-else company did something this week for which it should be lauded. It struck a blow against the U.S. government surveillance program that has expanded rapidly since the passage of special laws that allow agencies such as the FBI to much more easily demand information from Internet service providers, credit bureaus, banks, and businesses like Google—all without a warrant. The demands for information, called National Security Letters (NSLs), come with a built-in gag order barring the companies receiving them form even mentioning that they’ve received them. But on Tuesday, Google became the first company to give a hint of the extent to which the FBI uses this authority. It published a document giving ballpark figures for the number of accounts for which it turned over information in a given year. For instance, it reported that in 2010 it divulged information on “2000–2999” customers; in 2009, 2011, and 2012, the range was “1000–1999.”

Although the U.S. Congress requires the FBI to disclose the number of times it issues NSLs (it sent out more than 16 000 in 2011), Google didn’t report exact numbers. “This is to address concerns raised by the FBI, Justice Department and other agencies that releasing exact numbers might reveal information about investigations,” Richard Salgado, a Google legal director, wrote in a blog post. But at least the existence of the NSLs and the potential for abuse is out in the open. The FBI continues to have this power to say information about you is “relevant” to an investigation and get unquestioned access to records—even after a 2007 Justice Department inquiry revealed that after the September 2001 terrorist attacks, the FBI regularly ran afoul of the relaxed rules regarding the acquisition of evidence.

U. S. Electronic Health Record Initiative: A Backlash Growing?

There seems to be a slow but steady backlash growing among healthcare providers against the U.S. government’s $30 billion initiative to get all its citizens an electronic health record, initially set to happen by 2014 but now looking at 2020 or beyond. The backlash isn’t so much about the need for, or eventual benefits of, electronic health records but more about the perceived (and real) difficulties caused by the government's incentive program and a growing realization of the actual financial and operational costs involved in rolling out, using, and paying for EHR systems.

The backlash began to publicly surface last September when the U.S. government accused healthcare providers of “upcoding,” i.e., claiming with a single click on a field in a electronic health record to have provided a medical service or procedure when it wasn’t really performed. Kathleen Sebelius, the current HHS Secretary, and Eric Holder, the Attorney General, sent a letter to five major hospital trade associations (pdf) warning them that electronic health records were not to be used to “game the system” and “possibly” obtain “illegal payments” from Medicare. The letter said that Medicare billing is being scrutinized for fraud, and implied that those using EHRs to bill Medicare will be scrutinized even more carefully.

Healthcare providers were outraged by accusations in the letter, and said that the reason for the increased billing was that EHRs facilitated billing for services they used to provide to the government without charging for them.

About the same time, professors Stephen Soumerai from Harvard Medical School and Ross Koppel from the University of Pennsylvania wrote an article for the Wall Street Journal contending that EHRs don’t save money as claimed. They wrote that, “…. the most rigorous studies to date contradict the widely broadcast claims that the national investment in health IT—some $1 trillion will be spent, by our estimate—will pay off in reducing medical costs. Those studies that do claim savings rarely include the full cost of installation, training and maintenance—a large chunk of that trillion dollars—for the nation's nearly 6000 hospitals and more than 600 000 physicians. But by the time these health-care providers find out that the promised cost savings are an illusion, it will be too late. Having spent hundreds of millions on the technology, they won't be able to afford to throw it out like a defective toaster.”

The professors went on to say that, “We fully share the hope that health IT will achieve the promised cost and quality benefits. As applied researchers and evaluators, we actively work to realize both goals. But this will require an accurate appraisal of the technology's successes and failures, not a mixture of cheerleading and financial pressure by government agencies based on unsubstantiated promises.”

Read More

IT Hiccups of the Week: NASA Rover Curiosity Placed Into Safe Mode

It’s been a fairly quiet week in regard to IT glitches of any major significance. That said, there were still a sufficient number of snarls, snafus and errors to interfere with work as well as generally upset, annoy and outrage a lot of people. We start off this week's review with an issue affecting NASA’s $2.5 billion Mars rover mission.

NASA Curiosity Goes into Safe Mode Due to Memory Issue

Responding to a problem it detected Wednesday morning with the data coming from the Mars rover Curiosity, NASA announced on Thursday that it had “switched the rover to a redundant onboard computer in response to a memory issue on the computer that had been active.”

NASA said that it will shift the rover from its current “safe mode” operation to full operational status over the next few days as well as troubleshoot what is causing the “glitch in flash memory linked to the other, now-inactive, computer.”

The NASA press release stated that on Wednesday the rover communicated "at all scheduled communication windows…but it did not send recorded data, only current status information. The status information revealed that the computer had not switched to the usual daily ‘sleep’ mode when planned. Diagnostic work in a testing simulation at JPL indicates the situation involved corrupted memory at an A-side memory location used for addressing memory files.”

A detailed story at CNET quoted Curiosity Project Manager Richard Cook as telling CBS News that, “We were in a state where the software was partially working and partially not, and we wanted to switch from that state to a pristine version of the software running on a pristine set of hardware.”

The project team thinks that space radiation, while a remote possibility, may in fact be to blame, CNET said. Again quoting Cook:

“In general, there are lots of layers of protection, the memory is self correcting and the software is supposed to be tolerant to it…But what we are theorizing happened is that we got what's called a double bit error, where you get an uncorrectable memory error in a particularly sensitive place, which is where the directory for the whole memory was sitting…So you essentially lost knowledge of where everything was. Again, software is supposed to be tolerant of that...But it looks like there was potentially a problem where software kind of got into a confused state where parts of the software were working fine but other parts of software were kind of waiting on the memory to do something...and the hardware was confused as to where things were.”

Cook indicated that, in essence, a reboot of the inactive computer should clear things up, but that the team will do a lot of analysis before that happens to make sure that there isn’t anything more troublesome lurking about.

Read More

Risk Factor

IEEE Spectrum's risk analysis blog, featuring daily news, updates and analysis on computing and IT projects, software and systems failures, successes and innovations, security threats, and more.

Willie D. Jones
Load More