University Studies 3
Freshman Seminar:
Risks in Pervasive Computing: Why Quality Matters?

(aka Risks in Computer Software)
Spring 2003

Time: Monday, 2:00 PM - 2:50PM
Location: ICS2 136
Professor: Debra Richardson, Dean ICS, CS 444, 824-7405
Email: djr@ics.uci.edu
Course web page: www.ics.uci.edu/~djr/classes/s03-Risks.html

Goals

Requirements
Grading
Discussant/Respondent

Resources
Risks Forum and Risks Digest
Illustrative Risks to the Public

Schedule

Course Goals and Description

The intent of this freshman seminar is to discuss issues involving risks in the use of computing. In this age of pervasive computing, the risk to the public is clear. We will examine the multitude of problems arising from computer use, specifically focusing on whether & how critical requirements for software quality – including safety, reliability, fault tolerance, security, privacy, integrity, and guaranteed service – are met, and how the attempted fulfillment or ignorance of those requirements may imply risks to the public. In the course of this seminar, we can expect to explore both deficiencies in existing systems and techniques for developing better computer systems – as well as the implications of using computer systems in highly critical environments.

The seminar series is designed for freshman either majoring in ICS or interested in finding out more about what computing is all about and the inherent risks, although it is open to any UCI undergraduate who wishes to enroll. This course will require a high amount of student involvement and interaction. No prior knowledge or experience with computers is assumed or necessary, although an open mind and willingness to share your thoughts on the subject is essential.

Computer-related risks have been well-documented by Peter G. Neumann of SRI International Computer Science Laboratory. Several resources are provided below to frame our discussions.

Course Requirements

Class attendance and participation is required - you can miss one class without excuse during the quarter. When you speak in class, please say your name so that everyone (including me) gets to know everyone in class by name.

A short paper due at the end of the quarter - details forthcoming.

In addition, each student will lead the discussion about one or more computer-related risk(s) from a particular category. Each student will also serve as the official respondent for another. Please note that this will only be an informal presentation - more details on what is expected will be provided at the second class meeting. Thus both discussant and respondent will need to be well-versed on the particular risk. All students are expected to participate in each discussion, however. If possible, the actual risks to be discussed will be provided beforehand so that all students can read up on the risks prior to class.

Further, each student is required to meet with me once throughout the quarter (for approximately half an hour). This will be strictly an informal meeting, and we'll talk about anything that seems appropriate (not necessarily about computer-related risks). This is another hard requirement - that is, if you fail to meet with me, your grade will be reduced accordingly.

Grading

Just to give you an idea of how you will be graded, here is an expected breakdown (note that the 100% on attendance/meeting indicates that these are above and beyond ... and required):

30%    Classroom Participation
30%    Discussant
10%    Respondent
30%    Paper

100%   Attendance/Meeting

Discussant/Respondent

Students shall choose one of the categories provided below, pick a risk from the "Illustrative Risks to the Public" categorized list (see description below), and lead the discussion on that particular risk in class. Ideally, each student will pick a different category. Please send me an email during the first week indicating your prioritized list of choice categories - please choose at least three categories, and I will try to give everyone their first or second choice. At the second class period, you will be informed of which category each student "won", and dates will be selected at random for your discussion (starting with the third class period). If you already know of a class you will be unavailable, please let me know by email along with your prioritized category list. Once the categories for discussion have been selected, you will also be asked to pick the category to which you'd like to "respond", or if necessary, respondents will be picked at random.

*    Items Related to 11 Sep 2001 and Its Aftermath
*    Space
*    Defense
*    Military Aviation
*    Commercial Aviation
*    Rail, Bus, and Other Public Transit
*    Automobiles
*    Motor-Vehicle and Related Database Problems
*    Electrical Power (nuclear and other) and Energy
*    Medical, Health, and Safety Risks
*    Other Environmental Risks
*    Robots and Artificial Intelligence
*    Other Control-System Problems
*    Other Computer-Aided-Design Problems
*    Accidental Financial Losses, Errors, Outages
*    Financial Frauds and Intentionally Caused Losses
*    Stock-Market Phenomena
*    Telephone Frauds
*    Other Telephone and Communication Problems
*    Election Problems
*    Insurance Frauds
*    Security Problems
*    Cryptography
*    April Foolery and Spoofs
*    Privacy Problems
*    Spamming, Junkmail, and Related Annoyances:
*    Other Unintentional Denials of Service:
*    Law Enforcement Abuses, False Arrests, etc..
*    Identity Theft, Mistakes, Related Problems
*    Other Legal Implications
*    Other Aggravation
*    Calendar/Date/Clock Problems including Y2K
*    The Game of Chess
*   Miscellaneous Hardware/Software Problems

Resources

The Risks Forum Newsgroup
Peter Neumann moderates an email newsletters, also known as comp.risks in the USENET community, under the sponsorship of the ACM Committee on Computers and Public Policy (CCPP). This is a great way to keep up with the latest information on computer risks. The current issue is accessible at http://www.csl.sri.com/~risko/risks.txt, and the last item of each regular issue contains further info about the newsgroup. To subscribe, send e-mail to the automated list server at risks-request@csl.sri.com with a single line of text, "subscribe" -- or if you wish to subscribe at an address other than your From: address, include that address after "subscribe". This newsletters is posted on the web, so you do not necessarily HAVE to subscribe, but you will need to remember to check the web periodically for updates. Since these newsletters involve security information that is of immediate need to some subscribers, the email method is best in order to be informed of events "as they happen."

The Risks Digest
Archives of back issues of the Risks Forum Newsgroup (beginning with volume 1 number 1 on 1 Aug 1985) available at ftp.sri.com/risks or http://catless.ncl.ac.uk/Risks (courtesy of Lindsay Marshall at Newcastle).

Illustrative Risks to the Public in the Use of Computer Systems and Related Technology
This ever-growing document summarizes as one-liners most of the interesting cases over the past decades. It can be browsed or ftped in PostScript form from ftp.sri.com or from csl.sri.com. It is also available in pdf form from csl.sri.com. This is the document where you'll find the risks categorized and can choose one for your discussion.

"Computer-Related Risks" by Peter G. Neumann (not required):
Published by ACM Press / Addison Wesley, 1995, ISBN 0-201-55805-X, 384pp. paperback.
$24.75 (Telephone orders 1-800-447-2226)
$22.25 for ACM members; ACM Order #704943 (1-800-342-6626)

This sobering description of many computer-related failures throughout our world deflates the hype and hubris of the industry. Peter Neumann analyzes the failure modes, recommends sequences for prevention and ends his unique book with some broadening reflections on the future -- Ralph Nader, Consumer Advocate

Inside Risks
Peter Neumann contributes a monthly column in the Communications of the ACM, inside the back cover, called Inside Risks, the most recent columns of which are accessible on-line at http://www.csl.sri.com/neumann/insiderisks.html