RISKS Forum mailing list archives
Risks Digest 31.68
From: RISKS List Owner <risko () csl sri com>
Date: Fri, 17 Apr 2020 11:50:46 PDT
RISKS-LIST: Risks-Forum Digest Friday 17 April 2020 Volume 31 : Issue 68 ACM FORUM ON RISKS TO THE PUBLIC IN COMPUTERS AND RELATED SYSTEMS (comp.risks) Peter G. Neumann, founder and still moderator ***** See last item for further information, disclaimers, caveats, etc. ***** This issue is archived at <http://www.risks.org> as <http://catless.ncl.ac.uk/Risks/31.68> The current issue can also be found at <http://www.csl.sri.com/users/risko/risks.txt> Contents: US Senate tells members not to use Zoom (Ars Technica) Over 500,000 Zoom Accounts Sold on the Dark Web and Hacker Forums (MacRumors) Man accidentally ejects himself from fighter jet during surprise flight (The Guardian) Do Some Surgical Implants Do More Harm Than Good? (The New Yorker) Seeking Software That Hears Better (Scientific American) Reese Witherspoon's Fashion Line Offered Free Dresses to Teachers but Didn't Mean Every Teacher (NYTimes) The Pentagon Hasn't Fixed Basic Cybersecurity Blind Spots (WiReD) Interactive exhibit mapping corruption (Prospect) Linux Security: Chinese State Hackers May Have Compromised 'Holy Grail' Targets Since 2012 (Davey Winde) The US Is Waging War on Digital Trade Barriers (WiReD) California Allows Startup Nuro to Test Driverless Delivery Vehicles (Reuters) Couple Fined For Violating Lockdown After Posting Old Vacation Photos to Facebook (Gizmodo) Fertility apps can be 'misleading' for women, review finds (cnn.com) Legit email/websites considered harmful, or RISKs in the time of COVID-19 (Cris Pedregal Martin) Rotimatic -- the robotic roti-maker (Richard Stein) Cell Network Outage - Baltimore/Washington DC Area (Gabe Goldberg) Messaging App Signal Threatens to Dump US Market if Anti-Encryption Bill Passes (PCMag) Efficacy of location surveillance (Ross Anderson) Keeping the DNS Secure During the Coronavirus Pandemic (ICANN) Getting Back To Normal: Big Tech's SolutionDepends On Public Trust (npr.org) COVID-Tech: Emergency responses to COVID-19 must not extend beyond the crisis AND COVID-19 pandemic adversely affects digital rights in the Balkans (EDRi-gram 18.7 via Diego Latella) Your COVID-19 Internet problems might be COVID-19 Wi-Fi problems (Ars Technica) New CDC Study Shows Coronavirus Can Survive For Hours On Floors, Walls, Shoes (Typer Durden) How Coronavirus Is Eroding Privacy (WSJ) Coronavirus Rumor Control (FEMA) Risks of mass announcements in a Corona environment (danny burstein) UK government using confidential patient data in coronavirus response (The Guardian) Error rates and CoVID-19 antibody tests (Rob Slade) Re: Masking the CoVID-19 problem (Robert Weaver) Re: Can Legislatures Safely Vote by Internet? (Chuck Petras) Re: Should we teach children about quantum computing? (John Levine) Abridged info on RISKS (comp.risks) ---------------------------------------------------------------------- Date: Sat, 11 Apr 2020 17:00:52 -0400 From: Monty Solomon <monty () roscom com> Subject: US Senate tells members not to use Zoom (Ars Technica) https://arstechnica.com/tech-policy/2020/04/us-senate-tells-members-not-to-use-zoom/ [We hope they are using zoom.gov, not zoom (with some of its servers in China) ------------------------------ Date: Tue, 14 Apr 2020 14:57:05 -0400 From: Monty Solomon <monty () roscom com> Subject: Over 500,000 Zoom Accounts Sold on the Dark Web and Hacker Forums (MacRumors) https://www.macrumors.com/2020/04/14/zoom-accounts-sold-on-dark-web-hacker-forums/ ------------------------------ Date: Tue, 14 Apr 2020 17:53:58 -0400 From: Monty Solomon <monty () roscom com> Subject: Man accidentally ejects himself from fighter jet during surprise flight (The Guardian) Sixty-four-year-old lands in field after grabbing ejection handle to steady himself, French air investigators find https://www.theguardian.com/world/2020/apr/14/man-accidentally-ejects-himself-from-fighter-jet-during-surprise-flight ------------------------------ Date: Wed, 15 Apr 2020 15:01:23 +0800 From: Richard Stein <rmstein () ieee org> Subject: Do Some Surgical Implants Do More Harm Than Good? (The New Yorker) https://www.newyorker.com/magazine/2020/04/20/do-some-surgical-implants-do-more-harm-than-good A sobering read on a frequently reported comp.risks subject. Caveat emptor, especially for those in the US subject to an overly corporate-friendly medical device regulatory system. Best to read up on the device your surgeon advocates BEFORE undergoing elective surgery. Ask questions about device implant safety: infection risk, tissue perforation risk, historical injury or malfunction trends, any monetary incentive they receive for promoting the recommended device, etc. Any evidence of historical device efficacy and patient outcome NOT prepared or sponsored by the manufacturer? ------------------------------ Date: Wed, 15 Apr 2020 23:13:17 +0800 From: Richard Stein <rmstein () ieee org> Subject: Seeking Software That Hears Better (Scientific American) Wade Rousch, Scientific American, May 2020, p.26 "In the speech-recognition business, 95 percent accuracy might as well be zero." That's 1 of every 20 words erroneously transcribed automatically. 'ASR systems may never reach 100 percent accuracy. After all, humans do not always speak fluently, even in their native languages. And speech is so full of homophones that comprehension always depends on context. (I have seen transcription services render `iOS' as `ayahuasca' -- and `your podcast' as `your punk ass'. A misplaced comma in a business document can dramatically affect legal judgment. Proofreading remains an important editorial function. (see https://www.bbc.com/worklife/article/20180723-the-commas-that-cost-companies-millions .) Risk: Over-reliance on ASRaaSWP -- automated speech recognition as a service without proofreading. In contrast to ASR, https://www.nytimes.com/2020/04/08/technology/ai-transcription-human-services.html testifies to the effectiveness of human-driven transcription. Subject matter comprehension, contextual awareness, and conversational immersion elevate transcription quality. These factors are substantially out-of-reach for ASR. The technological race to improve ASR, and retire human transcription, reminds me of "John Henry" per https://en.wikipedia.org/wiki/John_Henry_(folklore). Perhaps an undiscovered Agatha Christie story entitled "Death by Transcription" offers a post-mortem? ------------------------------ Date: Wed, 15 Apr 2020 14:32:44 -0400 From: Monty Solomon <monty () roscom com> Subject: Reese Witherspoon's Fashion Line Offered Free Dresses to Teachers but Didn't Mean Every Teacher (NYTimes) Draper James had a well-intentioned giveaway. But it went very wrong. https://www.nytimes.com/2020/04/15/fashion/reese-witherspoon-draper-james-coronavirus.html ------------------------------ Date: Wed, 15 Apr 2020 18:34:18 -0400 From: Gabe Goldberg <gabe () gabegold com> Subject: The Pentagon Hasn't Fixed Basic Cybersecurity Blind Spots (WiReD) Five years ago, the Department of Defense set dozens of security hygiene goals. A new report finds that it has abandoned or lost track of most of them. https://www.wired.com/story/pentagon-cybersecurity-blind-spots/ ------------------------------ Date: Mon, 13 Apr 2020 10:54:52 -0700 From: "Peter G. Neumann" <neumann () csl sri com> Subject: Interactive exhibit mapping corruption (Prospect) [A colleague sent this to me. It seems relevant in our quest in RISKS for transparency and integrity. PGN] https://prospect.org/mapping-corruption-interactive The Trump administration has brought its brand of corruption and self-dealing to every agency in the federal government, and it's hard for anyone to keep on top of it all. We've mapped it out for you. Click on any agency building below, and unlock an extensive dossier of the activities happening inside. Accompanying article by Jim Lardner, April 9, 2020: https://prospect.org/power/mapping-corruption-donald-trump-executive-branch/ ------------------------------ Date: Mon, 13 Apr 2020 12:23:40 -0400 (EDT) From: ACM TechNews <technews-editor () acm org> Subject: Linux Security: Chinese State Hackers May Have Compromised 'Holy Grail' Targets Since 2012 (Davey Winde) Davey Winde, Forbes 7 Apr 2020 via ACM TechNews, 13 Apr 2020 A BlackBerry research and intelligence team said five Chinese advanced persistent threat groups have long been attacking Linux servers that "comprise the backbone of the majority of large data centers responsible for the some of the most sensitive enterprise network operations." Particularly worrying is evidence of the attackers using a previously undocumented Linux malware toolkit including at least two kernel-level rootkits and three backdoors, actively deployed since March 13, 2012. Analysis associated this toolkit with one of the largest Linux botnets ever found, with a significant number of organizations likely infected. Targets include Red Hat Enterprise, CentOS, and Ubuntu Linux environments for purposes of cyber-espionage and intellectual property theft, with researchers describing Linux defensive capabilities as immature at best. Former U.K. Military Intelligence Colonel Philip Ingram said mitigating such exploits entails "treating [the threats] as if they are ... as much a threat as any other operating system." https://orange.hosting.lsoft.com/trk/click?ref=3Dznwrbbrs9_6-24b68x22187fx068278&; ------------------------------ Date: Sat, 11 Apr 2020 19:43:57 -0400 From: Gabe Goldberg <gabe () gabegold com> Subject: The US Is Waging War on Digital Trade Barriers (WiReD) As Washington tries to take China, Russia, and India to task, these nations are mounting defenses in the name of `cybersovereignty'. The US and other democratic states don't engage in many of the Chinese or Russian activities that so worry policymakers in Washington, like intellectual property theft. Clearly, these behaviors directly contradict what many countries deem to be fair trade practices. But some issues, like data localization mandates and data security regulations, are bound to receive more domestic focus from the US and its democratic allies and partners. How American policymakers reconcile these facts when addressing perceived digital trade barriers elsewhere -- all the while combatting [*] false equivalencies is crucial for digital diplomacy and trade going forward. https://www.wired.com/story/the-us-is-waging-war-on-digital-trade-barriers/ [* The official spelling in RISKS is "combatting" as in batting averages and cotton batting, and "the internet" is The Internet -- in case you wondered. I note that COVID-19, CoVID-19, and Covid are all likely to appear, and recently it seems often to be novel coronavirus, or just coronavirus (oversimplified). PGN] ------------------------------ Date: Mon, 13 Apr 2020 12:23:40 -0400 (EDT) From: ACM TechNews <technews-editor () acm org> Subject: California Allows Startup Nuro to Test Driverless Delivery Vehicles (Reuters) Munsif Vengattil and Ayanti Bera, Reuters, 7 Apr 2020 via ACM TechNews, 13 Apr 2020 California's Department of Motor Vehicles has authorized an autonomous technology startup to test two driverless delivery vehicles in nine cities. Startup Nuro will use its driverless low-speed R2 vehicle to begin conducting deliveries with local retail partners. The startup has been testing autonomous vehicles with safety drivers on the state's roads since 2017. Said Nuro's David Estrada, "Our R2 fleet is custom-designed to change the very nature of driving, and the movement of goods, by allowing people to remain safely at home while their groceries, medicines, and packages, are brought to them." In February, Nuro was granted permission by the National Highway Traffic Safety Administration to deploy up to 5,000 low-speed electric delivery vehicles without any human controls in Houston. https://orange.hosting.lsoft.com/trk/click?ref=3Dznwrbbrs9_6-24b68x221883x068278&; ------------------------------ Date: Tue, 14 Apr 2020 14:45:35 -0400 From: Monty Solomon <monty () roscom com> Subject: Couple Fined For Violating Lockdown After Posting Old Vacation Photos to Facebook (Gizmodo) https://gizmodo.com/couple-fined-for-violating-lockdown-after-posting-old-v-1842855076 ------------------------------ Date: Sun, 12 Apr 2020 10:14:13 +0800 From: Richard Stein <rmstein () ieee org> Subject: Fertility apps can be 'misleading' for women, review finds (cnn.com) https://edition.cnn.com/2020/04/06/health/fertility-period-contraceptive-apps-trackers-wellness/index.html Without calibrated biochemical sensor input and feedback, trusting this app to accurately calculate and/or predict a biological function is more like roulette. As Mad Magazine's Alfred E. Neuman profoundly stated, "What, me worry?" ------------------------------ Date: Tue, 14 Apr 2020 19:18:56 -0700 From: Cris Pedregal Martin <cris () acm org> Subject: Legit email/websites considered harmful, or RISKs in the time of COVID-19 Earlier this month I received an email purporting to be an offer from UCSF (a premier medical school/hospital in on the US West Coast) to access information about COVID-19 through a third party (Emmi Solutions, LLC -- emmi in the sequel). Clicking on the appropriate "personalized code" button landed on a sparse webpage that demanded my date of birth (DOB), so I stopped. Being about COVID-19, and associated with UCSF, this seems to be nice example of the counterpart of a typical RISK: the legitimate email/website causes more harm than if they were malicious! To wit: (1) The DOB requirement in the emmi landing page is a red flag, so many *recipients will refrain from going further and actually receiving the information* (like I did). (2) The style and content of the email message *train recipients into vulnerability to malicious emails/websites,* by exposing them to red flags that turn out to be harmless. Red flags include: (i) Design language (if we can call it that!) / *branding inconsistent with the UCSF branding* - looks as if someone pasted a logo on something designed in 2005; (ii) The *URLs contained in the email *lie*: the button says startemmi.com, but actually links to my-emmi.com. ("my-ucsf.com", anyone?) (iii) I found no mention of this email campaign or emmi resources of in the UCSF COVID-19 page <https://coronavirus.ucsf.edu/>; *the emmi webpage looks unrelated to UCSF. (iv) the aforementioned DOB requirement at the emmi landing page. (3) The campaign *unnecessarily enables emmi to associate DOBs with IP and MAC addresses* (at least). Why is this necessary? This *undermines trust patients have in UCSF. (4) By allowing emmi to collect DOBs, the campaign exposes emmi and through emmi UCSF, and importantly, recipients of the email, aka UCSF* patients, to* the risk of *unauthorized disclosures of personally identifiable data (PII). Given the association of email address to the specific code, there is a strong likelihood the information matched via the website landing includes a lot more PII and is stored by emmi. ------------------------------ Date: Thu, 16 Apr 2020 12:59:34 +0800 From: Richard Stein <rmstein () ieee org> Subject: Rotimatic -- the robotic roti-maker https://rotimatic.com/ Roti is a South Asian, Indian subcontinent flat bread usually stuffed with curry. Delicious. This robot stamps them out, fully baked and ready-to-eat on command. According to the manufacturer's website, The Rotimatic is "The world's most popular food robot." Why is this kitchen gizmo WiFi-enabled? Convenience? To sustain business revenue via subscription maintenance? Risks: Botnet co-option and kitchen fire from thermal runaway-initiated malware sabotage. ------------------------------ Date: Thu, 16 Apr 2020 13:47:00 -0400 From: Gabe Goldberg <gabe () gabegold com> Subject: Cell Network Outage - Baltimore/Washington DC Area This is a message from Fairfax (VA) Alerts There are reports of intermittent issues making wireless calls with all wireless carriers within the last hour. If you receive a busy signal when you use your wireless phone for an emergency call, you can send a text to 911 message, or use a landline phone. You can continue to try and make contact with your wireless phone also. ------------------------------ Date: April 10, 2020 at 11:43:26 AM GMT+9 From: Richard Forno <rforno () infowarrior org> Subject: Messaging App Signal Threatens to Dump US Market if Anti-Encryption Bill Passes (PCMag) [via Dave Farber] https://uk.pcmag.com/security-5/125569/messaging-app-signal-threatens-to-dump-us-market-if-anti-encryption-bill-passes ------------------------------ Date: Sun, 12 Apr 2020 16:04:43 +0100 From: Ross Anderson <Ross.Anderson () cl cam ac uk> Subject: Efficacy of location surveillance Having seen the reality of the app proposed for our [UK] NHS, and the great distance between our public health folks' assumptions and those of assorted tech companies and academics proposing private contact tracing, I blogged about the issue: https://www.lightbluetouchpaper.org/2020/04/12/contact-tracing-in-the-real-world/ The time for contact tracing is past, for this wave. If we're going to use it next wave then the 5,000 public-health officers on the UK local government payroll won't be anything like enough. But we have a couple of million people being paid by the government to do nothing. If we follow the South Korean / Taiwanese example we'll want to start training lots of them. It's important not to distract policymakers from that decision by offering techno-magical promises on which we cannot deliver. There have recently been several proposals for pseudonymous contact tracing, including from Apple and Google. To both cryptographers and privacy advocates, this might seem the obvious way to protect public health and privacy at the same time. Meanwhile other cryptographers have been pointing out some of the flaws. There are also real systems being built by governments. Singapore has already deployedand open-sourced one that uses contact tracing based on bluetooth beacons. Most of the academic and tech industry proposals follow this strategy, as the *obvious* way to tell who's been within a few metres of you and for how long. The UK's National Health Service is working on one too, and I'm one of a group of people being consulted on the privacy and security. [...] ------------------------------ Date: April 13, 2020 6:43:01 JST From: Lauren Weinstein <lauren () vortex com> Subject: Keeping the DNS Secure During the Coronavirus Pandemic (ICANN) https://www.icann.org/news/blog/keeping-the-dns-secure-during-the-coronavirus-pandemic The role of the ICANN community, Board, and organization in maintaining a secure, stable, and unified Internet has always been important, but at this time, when reliance on the Internet has skyrocketed, our collective role has become all the more vital. ICANN's mission frames our concern about cybercriminals who are exploiting the pandemic by perpetrating scams and victimizing Internet users. Some are selling phony cures, treatments, and vaccines. Some are using domain names as part of their efforts to prey on people at this time when many are experiencing anxiety, fear, and loneliness. ------------------------------ Date: Wed, 15 Apr 2020 11:19:41 +0800 From: Richard Stein <rmstein () ieee org> Subject: Getting Back To Normal: Big Tech's SolutionDepends On Public Trust (npr.org) https://www.npr.org/2020/04/14/834460127/apple-google-team-up-to-develop-cellphone-data-contact-tracing 'Weitzner said the Bluetooth concept works by identifying proximity, not location. "We don't need to know where you were close to someone, just that you were close to someone," he said."' Common wisdom says that 'close' only counts for horseshoes and tossing hand grenades. Pandemic contact tracing, and proximity notification alerts, relies on human civility and restraint. People are timorous, and on high-alert given community spread potential. While social distancing protocols are generally deployed and enforced, there's little risk of a riot. A crowd of people protesting lock-down or other confinement restriction who receive a proximity alert notification, given COVID-19 serological test latency or a false-positive test result, might turn ugly very quickly. ------------------------------ Date: Thu, 16 Apr 2020 10:38:17 +0200 From: Diego Latella <DIego.Latella () isti cnr it> Subject: COVID-Tech: Emergency responses to COVID-19 must not extend beyond the crisis AND COVID-19 pandemic adversely affects digital rights in the Balkans (EDRi-gram 18.7) EDRi-gram 18.7, 15 April 2020 https://edri.org/emergency-responses-to-covid-19-must-not-extend-beyond-the-crisis/ Among other things you read: "On 19 March 2020, the [Poland] efforts to tackle the spread of coronavirus received widespread attention when the government announced the use of a 'Civil Quarantine' app which they explained would require people in quarantine to send geo-located selfies within 20 minutes of receiving an alert - or face a visit from the police. according to the announcement, the app even uses controversial facial recognition technology to scan the selfies. Early in April, the Polish government looked to make the use of the app mandatory" and "The UK's Coronavirus Act was passed on 25 March 2020, giving the UK government a suite of extraordinary powers for a period of 2 years. [ ... ] The UK has also come under fire for the sharp rise in disproportionate police responses since the introduction of the Bill, including stopping people from using their own gardens or using drones to chastise dog walkers. If not properly limited by law, these powers (and their abuse) have the potential to continue in ordinary times, further feeding the government's surveillance machine." COVID-19 pandemic adversely affects digital rights in the Balkans https://edri.org/covid-19-pandemic-adversely-affects-digital-rights-in-the-balkans/ Among other things you read: "Governments in Montenegro and Moldova made public the personal health data of people infected with COVID-19, while official websites and hospital computer systems suffered cyber-attacks in Croatia and Romania. Some countries like Slovakia are considering lifting rights enshrined under the EU General Data Protection Regulation (GDPR), while Serbia imposed surveillance and phone tracking to limit freedom of movement." and "In neighboring Montenegro, the National Coordination Body for Infectious Diseases decided to publish the names and surnames of people who must undergo quarantine online, after it determined that certain persons violated the measure, and as a result "exposing the whole Montenegro to risk."" ------------------------------ From: Dave Farber <farber () gmail com> Date: Fri, 17 Apr 2020 08:05:36 +0900 Subject: Your COVID-19 Internet problems might be COVID-19 Wi-Fi problems | (Ars Technica) https://arstechnica.com/gadgets/2020/04/remote-work-lagging-if-you-cant-plug-it-in-upgrade-to-mesh/ ------------------------------ Date: April 13, 2020 22:00:59 JST From: Dewayne Hendricks <dewayne () warpspeed com> Subject: New CDC Study Shows Coronavirus Can Survive For Hours On Floors, Walls, Shoes (Typer Durden) Tyler Durden, ZeroHedge, 13 Apr 2020 <https://www.zerohedge.com/geopolitical/new-cdc-study-shows-coronavirus-can-survive-hours-floors-walls-shoes> A preview of a new study: <https://wwwnc.cdc.gov/eid/article/26/7/20-0885_article> by the US Centers for Disease Control and Prevention - the CDC, for short - released last night offers some distressing news for health-care workers, as well as their families, partners and friends: New research suggests that nurses, doctors and others can track the virus out of the ward and into another - perhaps a more public, or less well-protected - environment, helping to spread the disease in a new way that public health officials haven't really considered. The study, entitled "Aerosol and Surface Distribution of Severe Acute Respiratory Syndrome Coronavirus 2 in Hospital Wards, Wuhan, China, 2020", was conducted in two wards at Wuhan's Huoshenshan Hospital by large team of Chinese researchers back in February and March. Though the team insisted that "respiratory droplets and close contact" remain the primary vectors for the disease, the possibility for hospital workers to transmit the virus on their shoes and clothes wasn't really well understood, until now. And unfortunately, if the data are confirmed, it would suggest that wards where coronavirus patients are treated are literally crawling with the virus, placing these health-care workers at extremely high risk for infection. According to the research, "94% of swabs taken from the ICU floor and 100% of swabs taken from one of the general wards used to treat patients with severe symptoms tested positive for coronavirus." Here's a summary of the research that describes how the GW and ICU were found to have the highest levels of the virus present on the floors and walls, as well as in the air. The rate of positivity was higher for the ICU than the GW, which makes sense. Even samples taken from the floor in the nearby hospital pharmacy showed 'weak positive' for the virus. Patients are not allowed in the pharmacy, meaning there's only one way the samples could have gotten there.
From February 19 through March 2, 2020, we collected swab samples from
potentially contaminated objects in the ICU and GW as described previously. The ICU housed 15 patients with severe disease and the GW housed 24 patients with milder disease. We also sampled indoor air and the air outlets to detect aerosol exposure. Air samples were collected by using a SASS 2300 Wetted Wall Cyclone Sampler at 300 L/min for of 30 min. We used sterile premoistened swabs to sample the floors, computer mice, trash cans, sickbed handrails, patient masks, personal protective equipment, and air outlets. We tested air and surface samples for the open reading frame (ORF) 1ab and nucleoprotein (N) genes of SARS-CoV-2 by quantitative real-time PCR. Almost all positive results were concentrated in the contaminated areas (ICU 54/57, 94.7%; GW 9/9, 100%); the rate of positivity was much higher for the ICU (54/124, 43.5%) than for the GW (9/114, 7.9%) (Tables 1, 2). The rate of positivity was relatively high for floor swab samples (ICU 7/10, 70%; GW 2/13, 15.4%), perhaps because of gravity and air flow causing most virus droplets to float to the ground. In addition, as medical staff walk around the ward, the virus can be tracked all over the floor, as indicated by the 100% rate of positivity from the floor in the pharmacy, where there were no patients. Furthermore, half of the samples from the soles of the ICU medical staff shoes tested positive. Therefore, the soles of medical staff shoes might function as carriers. The 3 weak positive results from the floor of dressing room 4 might also arise from these carriers. We highly recommend that persons disinfect shoe soles before walking out of wards containing COVID-19 patients. The authors suggested that "air flow" and the forces of gravity might be responsible for moving the samples to the floors and the walls.But this certainly doesn't bode well for anybody arguing that the subway and restaurants will be able to go quickly back to normal, since an asymptomatic diner can leave the virus at their table for the next customer to pick up even if the table sits empty for hours - or even overnight. ------------------------------ Date: Fri, 17 Apr 2020 12:17:16 -0400 (EDT) From: ACM TechNews <technews-editor () acm org> Subject: How Coronavirus Is Eroding Privacy (WSJ) Liza Lin, Timothy W. Martin, Dasl Yoon, et al., *The Wall Street Journal*, 15 Apr 2020, via ACM TechNews, Friday, April 17, 2020 Governments worldwide are using digital surveillance technologies to track the spread of the coronavirus pandemic, raising concerns about the erosion of privacy. Many Asian governments are tracking people through their cellphones to identify those suspected of being infected with COVID-19, without prior consent. European countries are tracking citizens' movements via telecommunications data that they claim conceals individuals' identities; American officials are drawing cellphone location data from mobile advertising firms to monitor crowds, but not individuals. The biggest privacy debate concerns involuntary use of smartphones and other digital data to identify everyone with whom the infected had recent contact, then testing and quarantining at-risk individuals to halt the further spread of the disease. Public health officials say surveillance will be necessary in the months ahead, as quarantines are relaxed and the virus remains a threat while a vaccine is developed. https://orange.hosting.lsoft.com/trk/click?ref=3Dznwrbbrs9_6-24c74x221a65x068377&; ------------------------------ Date: Thu, 9 Apr 2020 13:52:34 -1000 From: geoff goodfellow <geoff () iconia com> Subject: Coronavirus Rumor Control (FEMA) EXCERPT: The purpose of this FEMA page is to help the public distinguish between rumors and facts regarding the response to coronavirus (COVID-19) pandemic. Rumors can easily circulate within communities during a crisis. Do your part to the stop the spread of disinformation by doing three easy things: 1. Don't believe the rumors. 2. Don't pass them along. 3. Go to trusted sources of information to get the facts about the federal (COVID-19) response. Always go to trusted sources of information like coronavirus.gov or your state and local government's official websites or social media accounts for instructions and information specific to your community. For more information on the coronavirus, please visit coronavirus.gov <https://www.coronavirus.gov/>. You can also visit our coronavirus (COVID-19) response <https://www.fema.gov/coronavirus> page for more updates on the federal response. Follow state and local officials as well for instructions and information specific to your community. [...] https://www.fema.gov/coronavirus-rumor-control [Unfortunately, `trust' is in the eye of the beholder. Some people trust CNN, some people trust Fox News. PGN] ------------------------------ Date: Wed, 15 Apr 2020 16:34:36 -0400 (EDT) From: danny burstein <dannyb () panix com> Subject: Risks of mass announcements in a Corona environment So I just got a robot call from the NYC Department of Health in regards to C-19. Aside from the misleading info in it, and no way to ask it to "repeat", and lots of fadeouts... T-Mobile flagged it as a "scam likely". Yes. Really photo of the Caller ID/Name: http://www.dburstein.com/images/nyc-doh.jpg about 3 meg ------------------------------ Date: Mon, 13 Apr 2020 11:05:57 +0900 From: Dave Farber <farber () gmail com> Subject: UK government using confidential patient data in coronavirus response (The Guardian) https://www.theguardian.com/world/2020/apr/12/uk-government-using-confidential-patient-data-in-coronavirus-response ------------------------------ Date: Wed, 15 Apr 2020 18:13:12 -0700 From: Rob Slade <rmslade () shaw ca> Subject: Error rates and CoVID-19 antibody tests In security, we know that there are errors that are false positives, and errors that are false negatives, and that both can create problems. At the moment, everybody is eagerly looking forward to serology tests for CoVID-19. These are tests (usually blood tests) that determine if you have antigens or antibodies related to defence against the SARS-CoV-2 virus. At least, they *try* to determine that. Because, well, errors. A good article on this is available at NPR. https://www.npr.org/sections/health-shots/2020/04/15/834497497/antibody-tests- for-coronavirus-can-miss-the-mark If you want the tl:dr version: If the test has 99% specificity, and you live in an area where only 1% of the population is actually infected, then when you get a "positive" test, and are reassured that you are immune, you actually only have a 50/50 chance that you encountered the virus, and do have any defence. (In BC, where I live, the infection rate is about .03%, so the chance that a positive test is of any use at all is far worse.) ------------------------------ Date: Sat, 11 Apr 2020 17:28:28 -0400 (EDT) From: Robert Weaver <woody.weaver () comcast net> Subject: Re: Masking the CoVID-19 problem (Slade, RISKS-31.65) The purpose of contrarian writing is to promote discussion. Slade has certainly done so, and thus perhaps it has achieved its purpose. In particular, it is important to question significant controls proposed by major bodies based upon scientific fact (with the caveat, that Julian Bradfield < jcb () inf ed ac uk mailto:jcb () inf ed ac uk > observed, "in so far as there any "facts" in such a fast-moving situation".) I would also like to call into question the "six feet of separation" rule. I get that we are talking large droplet transmission, and sneezing runs the risk of transmission of droplets onto the clothes or other surfaces -- but then, we are touching possibly contaminated surfaces anyways. Are there studies to support this, or is this just tied to a convenient number similar to 'six feet under'? It seems like these are good questions to ask and resolve for the *next* pandemic. ------------------------------ Date: Mon, 13 Apr 2020 17:24:43 +0000 From: Chuck Petras <Chuck_Petras () selinc com> Subject: Re: Can Legislatures Safely Vote by Internet? (Andrew Appel) I'd imagine that the political class is terrified by the prospect of immediate transparency. It seems that the legislative process has been designed to hide their more despicable actions behind voice votes. Doing things remotely would require them to actually cast a vote (aye or nay) which would be recorded and immediately visible to their constituency. It's my understanding that a favorite ploy in the US Congress, especially for unpopular legislation, is to do it late on a Friday night right before a recess, with only a few members (maybe 3) present in the chamber and the gallery (both public and press) empty. If a majority then voice vote aye it passes. Then there is when a bill is passed, a clerk walks the original (marked up with any floor passed amendments) to somewhere where it will be printed. Apparently at this point its not unheard of for additional pages to be inserted. Once it's been printed as a law, someone (press or public) notes these new provisions and asks where they came from, with the typical response being we don't know. Over the years I've read news reports describing the above, but google isn't cooperating in locating them. ------------------------------ Date: 11 Apr 2020 21:36:24 -0400 From: "John Levine" <johnl () iecc com> Subject: Re: Should we teach children about quantum computing? (bbc.com)
Nothing wrong with stimulating curiosity in young people. Imagine a 13-year-old from Poughkeepsie, NY who could author a quantum programming language solution that calculates the Fermi surface of iron! "That's my little girl!"
I've been to Poughkeepsie. Would that be the daughter of an IBM computer design engineer, or an unusually young Vassar student? [Most likely. PGN] ------------------------------ Date: Mon, 14 Jan 2019 11:11:11 -0800 From: RISKS-request () csl sri com Subject: Abridged info on RISKS (comp.risks) The ACM RISKS Forum is a MODERATED digest. Its Usenet manifestation is comp.risks, the feed for which is donated by panix.com as of June 2011. => SUBSCRIPTIONS: The mailman Web interface can be used directly to subscribe and unsubscribe: http://mls.csl.sri.com/mailman/listinfo/risks => SUBMISSIONS: to risks () CSL sri com with meaningful SUBJECT: line that includes the string `notsp'. Otherwise your message may not be read. *** This attention-string has never changed, but might if spammers use it. => SPAM challenge-responses will not be honored. Instead, use an alternative address from which you never send mail where the address becomes public! => The complete INFO file (submissions, default disclaimers, archive sites, copyright policy, etc.) is online. <http://www.CSL.sri.com/risksinfo.html> *** Contributors are assumed to have read the full info file for guidelines! => OFFICIAL ARCHIVES: http://www.risks.org takes you to Lindsay Marshall's searchable html archive at newcastle: http://catless.ncl.ac.uk/Risks/VL.IS --> VoLume, ISsue. Also, ftp://ftp.sri.com/risks for the current volume or ftp://ftp.sri.com/VL/risks-VL.IS for previous VoLume If none of those work for you, the most recent issue is always at http://www.csl.sri.com/users/risko/risks.txt, and index at /risks-31.00 Lindsay has also added to the Newcastle catless site a palmtop version of the most recent RISKS issue and a WAP version that works for many but not all telephones: http://catless.ncl.ac.uk/w/r ALTERNATIVE ARCHIVES: http://seclists.org/risks/ (only since mid-2001) *** NOTE: If a cited URL fails, we do not try to update them. Try browsing on the keywords in the subject line or cited article leads. Apologies for what Office365 and SafeLinks may have done to URLs. ==> Special Offer to Join ACM for readers of the ACM RISKS Forum: <http://www.acm.org/joinacm1> ------------------------------ End of RISKS-FORUM Digest 31.68 ************************
Current thread:
- Risks Digest 31.68 RISKS List Owner (Apr 17)