Information Technology Reference
In-Depth Information
voting off a cliff. Rather than demanding utopian machines and spreading conspiracy
theories for political gain, they should re-focus their energy in a way that actually helps
American voters” [46].
Nevertheless, some states are having second thoughts about DRE voting machines.
In May 2007, Florida's legislature voted to replace DRE voting machines with optical
scan ballots. Voters select candidates by filling in bubbles next to their names, and optical
scanning machines count the marked ballots. This approach leaves a paper audit trail
that makes possible manual recounts in disputed elections [47].
Soon after German physicist Wilhelm Roentgen discovered the X-ray in 1895, physi-
cians began using radiation to treat cancer. Today, between 50 and 60 percent of cancer
patients are treated with radiation, either to destroy cancer cells or relieve pain. Linear
accelerators create high-energy electron beams to treat shallow tumors and X-ray beams
to reach deeper tumors.
The Therac-25 linear accelerator was notoriously unreliable. It was not unusual for
the system to malfunction 40 times a day. We devote an entire section to telling the story
of the Therac-25 because it is a striking example of the harm that can be caused when
the safety of a system relies solely upon the quality of its embedded software.
In a 20-month period between June 1985 and January 1987, the Therac-25 adminis-
tered massive overdoses to six patients, causing the deaths of three of them. While 1987
may seem like the distant past to many of you, it does give us the advantage of 20/20
hindsight. The entire story has been thoroughly researched and documented [48]. Fail-
ures of computerized systems continue to this day, but they have not yet been fully played
out and analyzed.
Atomic Energy of Canada Limited (AECL) and the French corporation CGR cooperated
in the 1970s to build two linear accelerators: the Therac-6 and the Therac-20. Both the
Therac-6 and the Therac-20 were modernizations of older CGR linear accelerators. The
distinguishing feature of the Therac series was the use of a DEC PDP 11 minicomputer
as a “front end.” By adding the computer, the linear accelerators were easier to operate.
The Therac-6 and the Therac-20 were actually capable of working independently of the
PDP 11, and all of their safety features were built into the hardware.
After producing the Therac-20, AECL and CGR went their separate ways. AECL
moved ahead with the development and deployment of a next-generation linear accel-
erator called the Therac-25. Like the Therac-6 and the Therac-20, the Therac-25 made
use of a PDP 11. Unlike its predecessor machines, however, AECL designed the PDP
11 to be an integral part of the device; the linear accelerator was incapable of operating
without the computer. This design decision enabled AECL to reduce costs by replacing
some of the hardware safety features of the Therac-20 with software safety features in
the Therac-25.
