RISKS Forum mailing list archives
Risks Digest 33.50
From: RISKS List Owner <risko () csl sri com>
Date: Tue, 1 Nov 2022 17:55:57 PDT
RISKS-LIST: Risks-Forum Digest Tuesday 1 November 2022 Volume 33 : Issue 50 ACM FORUM ON RISKS TO THE PUBLIC IN COMPUTERS AND RELATED SYSTEMS (comp.risks) Peter G. Neumann, founder and still moderator ***** See last item for further information, disclaimers, caveats, etc. ***** This issue is archived at <http://www.risks.org> as <http://catless.ncl.ac.uk/Risks/33.50> The current issue can also be found at <http://www.csl.sri.com/users/risko/risks.txt> Contents: Tesla under US criminal investigation over self-driving claims, (The Guardian) Science Has a Nasty Photoshopping Problem (Elisabeth Bik) 'Deepfakes' of Celebrities Appearing in Ads (Patrick Coffee) Musk, Twitter, and Disinformation (Lauren Weinstein via PGN)a Facebook's Ad-Delivery Algorithm Discriminates Based on Race, Gender, Age (Northeastern) Confirming Election Results with Risk-Limiting Audits (Rice U.) Self-Driving Cars Face Uncertain Path to U.S. Deployment (Reuters) One month aftermath of the Nord Stream pipeline explosion (Switch-Plan) Square sells access to your inbox. No one seems toknow if the law cares. (Protocol) Steve Bannon and democracy? (Lauren W., PGN retitled) Many UFO Reports Are Just Spy Drones or Airborne Trash (NYTimes) Re: NYC's Emerg. Med. Svc 911 system was crippled 'cuz (Dick Mills) Re: GPS interference caused the FAA to reroute Texas air traffic. (Richard S. Russell) Re: Iran Hackers Behind Attempt on US Election Are Still Active (Steve Bacher) Abridged info on RISKS (comp.risks) ---------------------------------------------------------------------- Date: Wed, 26 Oct 2022 13:57:31 -0700 From: Lauren Weinstein <lauren () vortex com> Subject: Tesla under US criminal investigation over self-driving claims, (The Guardian) https://www.theguardian.com/technology/2022/oct/26/tesla-criminal-investigation-self-driving-claims-sources ------------------------------ Date: Mon, 31 Oct 2022 00:25:31 +0000 From: Henry Baker <hbaker1 () pipeline com> Subject: Science Has a Nasty Photoshopping Problem (Elisabeth Bik) Elisabeth Bik, *The New York Times*, 29 Oct 2022 If this 'scientific disinformation' problem isn't stopped quickly, the recent rejections of COVID science will seem a walk in the park. https://www.nytimes.com/interactive/2022/10/29/opinion/science-fraud-image-manipulation-photoshop.html One evening in January 2014, I sat at my computer at home, sifting through scientific papers. Being a microbiologist, this wasn't unusual, although I certainly didn't expect to find what I did that night. These particular papers were write-ups of medical research, with many including photographs of biological samples, like tissue. One picture caught my eye. Was there something familiar about it? Curious, I quickly scrolled back through other papers by the same authors, checking their images against each other. There it was. A section of the same photo being used in two different papers to represent results from three entirely different experiments. What's more, the authors seemed to be deliberately covering their tracks. Although the photos were of the same sample, one appeared to have been flipped back-to-front, while the other appeared to have been stretched and cropped differently. Although this was eight years ago, I distinctly recall how angry it made me. This was cheating, pure and simple. By editing an image to produce a desired result, a scientist can manufacture proof for a favored hypothesis, or create a signal out of noise. Scientists must rely on and build on one another's work. Cheating is a transgression against everything that science should be. If scientific papers contain errors or -- much worse -- fraudulent data and fabricated imagery, other researchers are likely to waste time and grant money chasing theories based on made-up results. But were those duplicated images just an isolated case? With little clue about how big this would get, I began searching for suspicious figures in biomedical journals. [...[ By day I went to my job in a lab at Stanford University, but I was soon spending every evening and most weekends looking for suspicious images. In 2016, I published an analysis of 20,621 peer-reviewed papers, discovering problematic images in *no fewer than one in 25*. Half of these appeared to have been manipulated deliberately — rotated, flipped, stretched or otherwise photoshopped. With a sense of unease about how much bad science might be in journals, I quit my full-time job in 2019 so that I could devote myself to finding and reporting more cases of scientific fraud. [Elisabeth appears to be a very gifted sleuth-sayer!] ------------------------------ Date: Wed, 26 Oct 2022 12:03:32 -0400 (EDT) From: ACM TechNews <technews-editor () acm org> Subject: 'Deepfakes' of Celebrities Appearing in Ads (Patrick Coffee) Patrick Coffee, *The Wall Street Journal*, 25 Oct 2022, via ACM TechNews; 26 Oct 2022 Deepfakes of celebrities have started to appear in ads, with and without their consent. Experts say the growing use of deepfake software could change the marketing industry significantly while raising new legal and ethical issues, making it difficult for celebrities to rein in unauthorized digital reproductions and brand manipulation. U.S. legislative efforts to contain deepfakes include criminalization of their use in revenge porn in Virginia, and a Texas ban on their use in political campaigns. However, experts cite a lack of legislation addressing deepfake usage in commercials, and anticipate as a result deepfakes will become increasingly popular in advertising. [The annoying orange-hosting URLs will henceforth be expunged.] ------------------------------ Date: Wed, 26 Oct 2022 21:27:17 -0700 From: Lauren Weinstein <lauren () vortex com> Subject: Musk, Twitter, and Disinformation [PGN compilation of various comments over 6 days, in approximate chronological order.] 1. How to part fools from their money, Twitter goes big on NFTs! Of course. Crypto. How to part fools from their money. The new Twitter. https://decrypt.co/113007/twitter-buy-sell-nfts-tweets-magic-eden-dapper-rarible 2. How to report hate speech, etc. on Twitter to Google Play Store https://support.google.com/googleplay/answer/2853570?hl=en&co=GENIE.Platform%3DAndroid 3. In all seriousness, I wish only the best for @Twitter -- and despite Musk's dramatic flare the most interesting thing to watch will be the degree to which he acknowledges his lack of experience in this area and reaches out to experts who understand the national and global implications. -L 4. Musk starts firing execs, having them thrown out of the offices REPORT: CEO, CFO, top legal and policy exec, and general counsel fired, one "escorted" out of the office. Unclear if he was handcuffed. [Twitter informs me that news stories claiming firing of data engineering team are FALSE. -L] 5. EU Official Warns Elon Musk After Twitter Deal: 'The Bird Will Fly by Our Rules' https://www.wsj.com/articles/eu-official-warns-elon-musk-after-he-buys-twitter-the-bird-will-fly-by-our-rules-11666963706 6. Elon Musk's Twitter 'bird will fly by EU rules,' Brussels warns after billionaire takes control https://www.euronews.com/next/2022/10/28/done-deal-elon-musk-now-has-control-of-twitter-and-has-already-fired-its-top-executives 7. Twitter Debates Musk's Proposed 'Moderation Council' as Users Volunteer https://www.newsweek.com/twitter-debates-musks-proposed-moderation-council-users-volunteer-1755546 9. My sense at the moment is that Twitter under Musk would continue to moderate hate speech per se pretty much as they have, but tend to let disinformation run amok. The latter has much more potential to have political impact, and "fits the profile" so to speak. -L 9. [Sen] Murphy calls for national security review of foreign investors in Musk Twitter acquisition consortium https://thehill.com/policy/technology/3712679-murphy-calls-for-national-security-review-of-foreign-investors-in-musk-twitter-acquisition-consortium/ 10. Elon Musk tells Europe that Twitter will comply with bloc's illegal speech rules https://techcrunch.com/2022/10/31/elon-musk-twitter-dsa-comply/ 11. Hate speech vs. disinformation There is of course a hazy gray area between hate speech and disinformation, and it can be assumed that this will be exploited to the maximal extent possible for evil. -L 12. Revenue idea for Elon's Twitter! Revenue idea for @Twitter - charge per original tweet sent & number of followers. Charging algorithm will add 100x weight for each blue check recipient. Average tweet across platform would cost ~$5. You can rake it in Elon! Tesla & SpaceX will be revenue babes in comparison! -L 13. Bailing out Elon Keep in mind the bottom line. Musk has admitted that he overpaid for @Twitter -- and now he wants us to pay for it and essentially bail out the richest man on the planet. What's wrong with this picture? [Also: Gabe Goldberg: Elon Musk Takes Twitter, and Tech Deals, to Another Level. Silicon Valley moguls used to buy yachts and islands. Now they are rich enough, and perhaps arrogant enough, to acquire companies they fancy. https://www.nytimes.com/2022/10/28/technology/twitter-deal-musk-tech-companies.html PGN] ------------------------------ Date: Wed, 26 Oct 2022 12:03:32 -0400 (EDT) From: ACM TechNews <technews-editor () acm org> Subject: Facebook's Ad-Delivery Algorithm Discriminates Based on Race, Gender, Age (Northeastern) Cody Mello-Klein, News@Northeastern, 25 Oct 2022, via ACM TechNews; 26 Oct 2022 Northeastern University researchers found Facebook's ad-delivery algorithm sends advertising to users based on their race, gender, and age. For example, "When you choose to include a picture of a woman versus a man, in general it will go more to women, except images of young women, which go more to older men," explained Northeastern's Alan Mislove. Facebook's algorithm is trained on the data parent company Meta has collected from all ads run on the platform and the responses those ads received. Northeastern's Piotr Sapiezynski said the algorithm uses race, gender, and age to make "very crude" estimations about where to transmit ads. ------------------------------ Date: Wed, 26 Oct 2022 12:03:32 -0400 (EDT) From: ACM TechNews <technews-editor () acm org> Subject: Confirming Election Results with Risk-Limiting Audits (Rice U.) Mike Williams, Rice University News, 24 Oct 2022, via ACM TechNews; 26 Oct 2022 Rice University's Dan Wallach, working with Matthew Bernhard at nonprofit VotingWorks, found risk-limiting audits (RLAs) can be used to confirm election outcomes. Bernhard said RLAs offer "a high degree of accuracy and transparency without the enormous undertaking that is counting every contest on every ballot by hand." The researchers said most scenarios would fit one of three RLA levels. Ballot comparison audits, described as most efficient and precise, involve paper ballots being individually numbered by the ballot scanner, so auditors can verify the corresponding electronic record. Less precise are ballot-polling audits, which compare a random sample of ballots to electronic totals, and batch comparison audits, which compare groups of ballots. ------------------------------ Date: Mon, 31 Oct 2022 11:47:02 -0400 (EDT) From: ACM TechNews <technews-editor () acm org> Subject: Self-Driving Cars Face Uncertain Path to U.S. Deployment (Reuters) David Shepardson, Reuters. 28 Oct 2022, via ACM TechNews, 31 Oct 2022 The difficult path to deploying autonomous vehicles (AVs) was highlighted by an announcement on Oct. 26 that Ford Motor Co. and Volkswagen AG would close their self-driving startup Argo AI, citing the fact that the technology is still a long way off. This comes as legislation to amend regulations to include self-driving cars remains stalled in Congress, and officials at the U.S. National Highway Traffic Safety Administration (NHTSA) have not revealed when they might act on petitions to grant initial approval to self-driving vehicles without human controls. Meanwhile, lawmakers and industry representatives have called on U.S. Transportation Secretary Pete Buttigieg to develop a comprehensive federal framework for AVs to ensure the nation remains competitive, especially as China has made substantial investments in autonomous and connected vehicle technologies. ------------------------------ Date: Wed, 26 Oct 2022 08:53:56 +0000 From: kendall.clarke () papernest com Subject: One month aftermath of the Nord Stream pipeline explosion (Switch-Plan) The Aftermath of the Nord Stream Pipeline <https://www.switch-plan.co.uk/news/nord-stream-pipeline/> This covers topics from what the Nord Stream Pipeline is and who is behind the explosion. I'm the content manager working with Switch Plan, a major player in the UK telecommunications market. Please avoid problems with copywriting and plagiarism defined by Google [by not posting the entire article]. ------------------------------ Date: Thu, 27 Oct 2022 14:06:16 -0400 From: Gabe Goldberg <gabe () gabegold com> Subject: Square sells access to your inbox. No one seems to know if the law cares. (Protocol) When his work inbox got flooded with reminders of his most twee shopping habits, he found out the Block-owned service throws up obstacles to getting out of its marketing business. https://www.protocol.com/policy/block-square-privacy Interesting, in that I use Square a lot -- mostly farmers market vendors, though some brick/mortar stores too -- and Square-originated email I get is almost exclusively receipts. ------------------------------ Date: Thu, 27 Oct 2022 16:54:10 -0700 From: Lauren Weinstein <lauren () vortex com> Subject: Steve Bannon and democracy? [PGN retitled] Steve Bannon promises to threaten "every member of Congress" "by bayonet" if they don't fall in line https://www.mediamatters.org/steve-bannon/steve-bannon-promises-threaten-every-member-congress-bayonet-if-they-dont-fall-line ------------------------------ Date: Sun, 30 Oct 2022 16:10:21 -0400 From: Gabe Goldberg <gabe () gabegold com> Subject: Many UFO Reports Are Just Spy Drones or Airborne Trash (NYTimes) Forget space aliens or hypersonic technology; classified assessments show that many episodes have ordinary explanations. https://www.nytimes.com/2022/10/28/us/politics/ufo-military-reports.html Surprise. Well, no. ------------------------------ Date: Sun, 30 Oct 2022 16:40:33 -0400 From: "Dick Mills" <dickandlibbymills () gmail com> Subject: Re: NYC's Emerg. Med. Svc 911 system was crippled 'cuz ... (RISKS-33.49) This type of snafu was much more common prior to (guess what) Y2K? In the years 1998 and 1999, countless computer systems, and their backups were re-evaluated. In many cases, they were replaced. Y2K was a grand excuse for IT departments to receive generous funding for modernization. Prior to then, they had to live with "If it ain't broke, don't fix it." Prior to 2000, backups were so poorly designed and poorly tested, that comedic outcomes were almost the norm. After 2000 less so. The pinnacle of success came on 9/11/2001, when the operations centers of hundreds of vial companies were destroyed. Every one of them, without exception, transferred to off-site backups within seconds. I'm sure that if the attack had happened prior to 1998, the outcome would have been very different. The power grid also was able to contain blackouts to the destroyed city blocks. There were zero cascading failures. Of course, prior to 2000 we had companies like Tandem Computers and Digital Equipment Corporation that offered superbly reliable computers able to fail over to backups including off-site backups. However, those technologies were only used in a tiny fraction of all installations. If the NYC 911 center was truly modern, that EPO button would have been pressed dozens of times during acceptance testing, and probably once per month during testing of fail over to backups. ------------------------------ Date: Sat, 29 Oct 2022 17:21:57 -0500 From: "Richard S. Russell" <RichardSRussell () tds net> Subject: Re: GPS interference caused the FAA to reroute Texas air traffic. (RISKS-33.49)
The advisory read in part: ATTN ALL AIRCRAFT. GPS REPORTED UNRELIABLE WITHIN 40 NM OF DFW.
[This is the perl unscrambling.] And of course, when you issue your advisories in ALL CAPS (What, are they still using TeleTypes, which don't even recognize the â¢â%â@â alone the ââ¬ât tell the difference between a nautical mile and a nano metre. [This is the original received text.] And of course, when you issue your advisories in ALL CAPS (What, are they still using TeleTypes, which don't even recognize the =E2=80=9C=C2=A2=E2=80=9D, =E2=80=9C%=E2=80=9D, or =E2=80=9C@=E2=80=9D characters, let alone the =E2=80=9C=E2=82=AC=E2=80=9D?), you can't tell the difference between a nautical mile and a nanometre. [I think you get the idea. PGN] If the FAA's technology is that obsolete, it;s a wonder we don't have a major air disaster every other day. ------------------------------ Date: Wed, 26 Oct 2022 18:30:53 +0000 (UTC) From: Steve Bacher <sebmb1 () verizon net> Subject: Re: Iran Hackers Behind Attempt on US Election Are Still Active (RISKS-33.49) "The group has a preference for websites and online portals running PHP code or those with externally accessible mySQL databases. It uses open-source penetration testing tools such as SQLmap and Acunetix." Have the RISKS of open-source penetration testing tools been discussed here? [They have, but probably too long ago. TNX for reopening it up. PGN] ------------------------------ Date: Mon, 1 Aug 2020 11:11:11 -0800 From: RISKS-request () csl sri com Subject: Abridged info on RISKS (comp.risks) The ACM RISKS Forum is a MODERATED digest. Its Usenet manifestation is comp.risks, the feed for which is donated by panix.com as of June 2011. => SUBSCRIPTIONS: The mailman Web interface can be used directly to subscribe and unsubscribe: http://mls.csl.sri.com/mailman/listinfo/risks => SUBMISSIONS: to risks () CSL sri com with meaningful SUBJECT: line that includes the string `notsp'. Otherwise your message may not be read. *** This attention-string has never changed, but might if spammers use it. => SPAM challenge-responses will not be honored. Instead, use an alternative address from which you never send mail where the address becomes public! => The complete INFO file (submissions, default disclaimers, archive sites, copyright policy, etc.) is online. <http://www.CSL.sri.com/risksinfo.html> *** Contributors are assumed to have read the full info file for guidelines! => OFFICIAL ARCHIVES: http://www.risks.org takes you to Lindsay Marshall's searchable html archive at newcastle: http://catless.ncl.ac.uk/Risks/VL.IS --> VoLume, ISsue. Also, ftp://ftp.sri.com/risks for the current volume/previous directories or ftp://ftp.sri.com/VL/risks-VL.IS for previous VoLume If none of those work for you, the most recent issue is always at http://www.csl.sri.com/users/risko/risks.txt, and index at /risks-33.00 ALTERNATIVE ARCHIVES: http://seclists.org/risks/ (only since mid-2001) *** NOTE: If a cited URL fails, we do not try to update them. Try browsing on the keywords in the subject line or cited article leads. Apologies for what Office365 and SafeLinks may have done to URLs. ==> Special Offer to Join ACM for readers of the ACM RISKS Forum: <http://www.acm.org/joinacm1> ------------------------------ End of RISKS-FORUM Digest 33.50 ************************
Current thread:
- Risks Digest 33.50 RISKS List Owner (Nov 01)