RISKS Forum mailing list archives
Risks Digest 31.67
From: RISKS List Owner <risko () csl sri com>
Date: Sat, 11 Apr 2020 13:01:26 PDT
RISKS-LIST: Risks-Forum Digest Saturday 11 April 2020 Volume 31 : Issue 67 ACM FORUM ON RISKS TO THE PUBLIC IN COMPUTERS AND RELATED SYSTEMS (comp.risks) Peter G. Neumann, founder and still moderator ***** See last item for further information, disclaimers, caveats, etc. ***** This issue is archived at <http://www.risks.org> as <http://catless.ncl.ac.uk/Risks/31.67> The current issue can also be found at <http://www.csl.sri.com/users/risko/risks.txt> Contents: COVID-19 needs some big-picture thinking (PGN) Apple-Google Proposal for Contact Tracing (Marc Rotenberg) Can Legislatures Safely Vote by Internet? (Andrew Appel) Citing BGP hijacks and hack attacks, feds want China Telecom out of the U.S. (Ars Technica) Should we teach children about quantum computing? (bbc.com) Re: Boeing 787s must power cycle every 51 days (Amos Shapir) Re: Masking the CoVID-19 problem (Gregory Carvalho, Amos Shapir, Julian Bradfield) Abridged info on RISKS (comp.risks) ---------------------------------------------------------------------- Date: Sat, 11 Apr 2020 11:26:27 PDT From: "Peter G. Neumann" <neumann () csl sri com> Subject: COVID-19 needs some big-picture thinking (PGN) Overall, COVID-19 is eventually going to offer us many lessons in retrospect, if we are paying enough attention. Advanced planning for realistic scenarios has often been eschewed. There are divergent models with incomparable assumptions, not enough testing, not enough equipment and personnel, disrespect and disregard for science and clear evidence, and much more. But some increased predictability is emerging, and sheltering in place seems to be `flattening the curve'. Above all, centralized leadership is critical. Ultimately, we need to consider this crossroads as as an opportunity for our civilation to reflect on what must change in the future, particularly regarding health care and long-term instead of short-term optimization. However, hucksters are trying to capitalize on fear, with new creative forms of fraud and deception. Misinformation abounds. This morning's news includes an item on the risks of misinformation that is also relevant. A front-page article by Adam Satariano and Davey Alba, Britons Set Fire to Cell Towers, Driven by False Theory on Virus. in *The New York Times* today is relevant here, which "some government officials call an Internet Conspiracy Theory" that links 5G emanations with increased susceptability to COVID-19. This has resulted in the UK in more than 30 acts of arson and vandalism against wireless towers. "In roughly 80 other episodes in other countries, telecom technicians have been harassed on the job." Misinformation is also becoming viral, and evidently pandemic as well. These are stressful times, but I seem to be stepping up the frequency of RISKS issues, rather than getting way behind and playing catchup with huge issues. This will keep the issues more timely, as things are changing rapidly. RISKS remains an open forum for discourse, so we welcome constructive criticism and always value corrections. End of my own rant for now. I have other things to do. PGN ------------------------------ Date: Fri, 10 Apr 2020 16:19:00 -0400 From: Marc Rotenberg <rotenberg () epic org> Subject: Apple-Google Proposal for Contact Tracing [Google and Apple are working together to enable bluetooth-based privacy-preserving contact tracing app development. There seem to be some huge problems with privacy, as noted in the previous issue of RISKS-31.66: Privacy Cannot Be a Casualty of the Coronavirus (NYTimes). Here are two items on the Apple-Google project underway. https://www.wired.com/story/apple-google-bluetooth-contact-tracing-covid-19/ https://www.washingtonpost.com/technology/2020/04/10/apple-google-tracking-coronavirus/ At my request, Marc Rotenberg, founder and head of the Electronic Privacy Information Center, provided this timely and topical item. PGN] https://epic.org/2020/04/apple-and-google-propose-conta.html <https://www.apple.com/newsroom/2020/04/apple-and-google-partner-on-covid-19-contact-tracing-technology/> EPIC: Apple and Google Propose Contact Tracing App Apple and Google announced today "a joint effort to enable the use of Bluetooth technology to help governments and health agencies reduce the spread of the virus, with user privacy and security central to the design." The companies are proposing "Privacy-Preserving Contact Tracing." <https://www.apple.com/covid19/contacttracing/> EPIC has previously testified <https://epic.org/privacy/testimony_0301.html> in Congress in support of genuine Privacy Enhancing Techniques, which EPIC President Marc Rotenberg has defined <https://heinonline.org/HOL/LandingPage?handle=3Dhein.journals/stantlr2001&div=3D2&id=3D&page=3D> as technologies that "minimize or eliminate the collection of personally identifiable information." But EPIC has also warned <https://epic.org/privacy/wiretap/Rotenberg-CEBP-9-16.pdf> that these techniques must be "robust, scaleable and provable." And EPIC has repeatedly stated that notice and consent is not the basis of data protection. [Note: This is a presentation Marc did a few years ago for the National Academies on evidence-based policy and privacy law. https://epic.org/privacy/wiretap/Rotenberg-CEBP-9-16.pdf https://youtu.be/B016UpD-a4w PGN] ------------------------------ Date: Fri, 10 Apr 2020 11:29:32 PDT From: "Peter G. Neumann" <neumann () csl sri com> Subject: Can Legislatures Safely Vote by Internet? (Andrew Appel) Andrew Appel has just published a short blog article: [ https://freedom-to-tinker.com/2020/04/10/can-legislatures-safely-vote-by-internet/ ------------------------------ Date: Sat, 11 Apr 2020 08:05:12 -1000 From: the keyboard of geoff goodfellow <geoff () iconia com> Subject: Citing BGP hijacks and hack attacks, feds want China Telecom out of the U.S. (Ars Technica) *With a history of cyber-attacks, Chinese-owned telecom is a threat, officials say* EXCERPT: Citing the misrouting of US Internet traffic, malicious hacking and control by the Chinese government, a group of US executive agencies are recommending the FCC revoke the license authorizing China Telecom to provide international telecommunications services to and from the United States. The recommendation comes amid an escalation in tensions between the US and China over a host of issues, including trade, disagreements about the handling of the novel coronavirus, and hacking. Thursday's move comes as part of a review the FCC disclosed last year, when the agency barred China Mobile Limited from the US market. The federal government has also designated both Huawei and ZTE as national security threats. <https://www.bloomberg.com/news/articles/2019-05-09/china-mobile-barred-from-the-u-s-market-over-espionage-concerns> ``The security of our government and professional communications, as well as of our most private data, depends on our use of trusted partners from nations that share our values and our aspirations for humanity,'' John C. Demers, assistant attorney general for national security, said in a release. ``Today's action is but our next step in ensuring the integrity of America's telecommunications systems.'' <https://www.justice.gov/opa/pr/executive-branch-agencies-recommend-fcc-revoke-and-terminate-china-telecom-s-authorizations> The state-owned China Telecom says it's the county's second-biggest mobile operator with about 336 million subscribers about 153 million wireline broadband subscribers, and about 111 million access lines. China Telecom Americas, the subsidiary that operates in the US, received authorization from the FCC in 2002, according to this timeline. China Telecom Americas has had a compounded and impressive annual revenue growth rate of 68% since 2005, the timeline added. <https://www.ctamericas.com/company/history/> Hijacking huge swaths of the Internet. [...] https://arstechnica.com/tech-policy/2020/04/citing-bgp-hijacks-and-hack-attacks-feds-want-china-telecom-out-of-the-us/ ------------------------------ Date: Sat, 11 Apr 2020 10:07:31 +0800 From: Richard Stein <rmstein () ieee org> Subject: Should we teach children about quantum computing? (bbc.com) https://www.bbc.com/news/business-51644033 Nothing wrong with stimulating curiosity in young people. Imagine a 13-year-old from Poughkeepsie, NY who could author a quantum programming language solution that calculates the Fermi surface of iron! "That's my little girl!" If quantum computation becomes commercially viable -- feed a credit card to a cloud supplier for access to a 1Mqubit virtual quantum computer with a guaranteed multi-minute decoherence-mitigated computation wall clock window -- then ethics should enter the curriculum. ------------------------------ Date: Sat, 11 Apr 2020 13:57:27 +0300 From: Amos Shapir <amos083 () gmail com> Subject: Re: Boeing 787s must power cycle every 51 days (RISKS-31.65) I wonder what new problems may be discovered when many planes which may have been mothballed for more than 51 days (and even twice that) would be put back into action? [Hopefully, a reboot would reset the clock cycle. But maybe not... PGN] ------------------------------ Date: Fri, 10 Apr 2020 20:59:21 -0700 From: Gregory Carvalho <GregoryC () stcinc com> Subject: Re: Masking the CoVID-19 problem (Slade, RISKS-31.65) A nice read. With reports of the respiratory problems associated with COVID-19, it seems counterintuitive to instruct people to contain exhaled carbon dioxide in the confined space of homemade double layer fabric masks. Whether a person is healthy or exposed, it seems that potential for weakening the state of the individual would exist in such an environment. [Gregory, This is really a very important point. The basic respirator is good at helping inhalation, but less good at helping exhaling. The death of an ALS patient I knew well was attributed to CO2 toxicity. PGN] ------------------------------ From: Amos Shapir <amos083 () gmail com> Date: Sat, 11 Apr 2020 12:55:21 +0300 Subject: Re: Masking the CoVID-19 problem (Slade, RISKS-31.65) Starting tomorrow, emergency decrees issued by Israel's Ministry of Health require the wearing of respiratory face masks in all public places. Now, who may I believe -- the official decrees, which are likely backed by advice of medical experts; or a Risks post, which mostly makes sense, but whose author's only stated qualifications are "grandpa of Ryan, Trevor, Devon & Hannah"? ------------------------------ Date: Sat, 11 Apr 2020 10:47:38 +0100 From: Julian Bradfield <jcb () inf ed ac uk> Subject: Re: Masking the CoVID-19 problem (Slade, RISKS-31.65) RISKS-31.65 contains another hectoring rant by Rob Slade on masks. Slade is not qualified in any appropriate area (neither am I), and appears not to have done even the basic step of searching PubMed, as he doesn't refer to any of (limited but not non-existent) available research on masks outside healthcare settings, including on the efficacy of homemade masks. Perhaps more importantly, he fails to consider the important fact (in so far as there any "facts" in such a fast-moving situation), which has been agreed for a couple of weeks at least, that SARS-Cov-2 appears to have significant asymptomatic and presymptomatic infectious capability. The current WHO (et al.) recommendations seem to be primarily aimed at getting the limited supply of masks to those who need them most -- I don't think anybody disagrees with Slade that healthworkers get first dibs on the supply. And, as always with WHO, its recommendations move slowly. Those who would prefer to read an up-to-date analysis (including a survey of prior research) from people who are qualified in relevant areas should read: https://www.bmj.com/content/369/bmj.m1435 ------------------------------ Date: Mon, 14 Jan 2019 11:11:11 -0800 From: RISKS-request () csl sri com Subject: Abridged info on RISKS (comp.risks) The ACM RISKS Forum is a MODERATED digest. Its Usenet manifestation is comp.risks, the feed for which is donated by panix.com as of June 2011. => SUBSCRIPTIONS: The mailman Web interface can be used directly to subscribe and unsubscribe: http://mls.csl.sri.com/mailman/listinfo/risks => SUBMISSIONS: to risks () CSL sri com with meaningful SUBJECT: line that includes the string `notsp'. Otherwise your message may not be read. *** This attention-string has never changed, but might if spammers use it. => SPAM challenge-responses will not be honored. Instead, use an alternative address from which you never send mail where the address becomes public! => The complete INFO file (submissions, default disclaimers, archive sites, copyright policy, etc.) is online. <http://www.CSL.sri.com/risksinfo.html> *** Contributors are assumed to have read the full info file for guidelines! => OFFICIAL ARCHIVES: http://www.risks.org takes you to Lindsay Marshall's searchable html archive at newcastle: http://catless.ncl.ac.uk/Risks/VL.IS --> VoLume, ISsue. Also, ftp://ftp.sri.com/risks for the current volume or ftp://ftp.sri.com/VL/risks-VL.IS for previous VoLume If none of those work for you, the most recent issue is always at http://www.csl.sri.com/users/risko/risks.txt, and index at /risks-31.00 Lindsay has also added to the Newcastle catless site a palmtop version of the most recent RISKS issue and a WAP version that works for many but not all telephones: http://catless.ncl.ac.uk/w/r ALTERNATIVE ARCHIVES: http://seclists.org/risks/ (only since mid-2001) *** NOTE: If a cited URL fails, we do not try to update them. Try browsing on the keywords in the subject line or cited article leads. Apologies for what Office365 and SafeLinks may have done to URLs. ==> Special Offer to Join ACM for readers of the ACM RISKS Forum: <http://www.acm.org/joinacm1> ------------------------------ End of RISKS-FORUM Digest 31.67 ************************
Current thread:
- Risks Digest 31.67 RISKS List Owner (Apr 11)