RISKS Forum mailing list archives

Previous By Date Next
Previous By Thread Next

Risks Digest 31.69

From: RISKS List Owner <risko () csl sri com>
Date: Mon, 20 Apr 2020 15:58:13 PDT
RISKS-LIST: Risks-Forum Digest  Monday 20 April 2020  Volume 31 : Issue 69

ACM FORUM ON RISKS TO THE PUBLIC IN COMPUTERS AND RELATED SYSTEMS (comp.risks)
Peter G. Neumann, founder and still moderator

***** See last item for further information, disclaimers, caveats, etc. *****
This issue is archived at <http://www.risks.org> as
  <http://catless.ncl.ac.uk/Risks/31.69>
The current issue can also be found at
  <http://www.csl.sri.com/users/risko/risks.txt>

  Contents:
A $1,300 smart crib was discovered to be vulnerable to a hack that would
  rapidly rock babies back and forth (Business Insider)
Planned obsolescence: the outrage of our electronic waste mountain
  (The Guardian)
ICANN delays .org sale again after scathing letter from California AG
  (Ars Technica)
This Is No Time for an Internet Blackout (Slate)
Zoom's Security Woes Were No Secret to Business Partners Like Dropbox
  (NYTimes)
Anti-Asian Zoombombing at Newton South High School (Village14)
Buyer beware--that 2TB-6TB "NAS" drive you've been eyeing might be SMR
  (Ars Technica)
"ACM Reports Best Practices for Virtual Conferences" (HPCwire)
Is BGP Safe Yet? (WiReD)
COVID-19 Internet Usage Update (Jason Livingood)
Raspberry Pi-Powered Ventilator to Be Tested in Colombia (BBC)
Sipping from the Coronavirus Domain Firehose (Krebs on Security)
Australian Government proposes to distribute Coronavirus App (John Colville)
Rise in video conferencing use spells big trouble for ISPs
  (Lauren Weinstein)
More states finally paying $600 extra in unemployment aide (apnews)
More on COVID-19 Digital Rights Tracker (Lauren Weinstein)
Capitalists or Cronyists? (Scott Galloway)
The world after coronavirus (Yuval Noah Harari)
Re: How Coronavirus Is Eroding Privacy (Amos Shapir)
Re: New CDC Study Shows Coronavirus Can Survive For Hours On (Rex Sanders)
Abridged info on RISKS (comp.risks)

----------------------------------------------------------------------

Date: Fri, 17 Apr 2020 09:12:00 -1000
From: geoff goodfellow <geoff () iconia com>
Subject: A $1,300 smart crib was discovered to be vulnerable to a hack
  that would rapidly rock babies back and forth (Business Insider)

   - Security researchers hacked into the Snoo Smart Bassinet in a lab
   setting and exploited vulnerabilities to take over its motor and speaker
   systems.
   - The $1,300 Internet-connected crib is designed to be as safe as
   possible for babies and comes with built-in features that reduce the risk
   of sudden infant death syndrome.
   - The new findings show the security perils associated with
   Internet-enabled smart devices.
   - Happiest Baby, the company that sells the Snoo Smart Bassinet, says it
   patched the vulnerabilities after they were flagged by researchers from
   Red Balloon Security.
   - There are no known reports of hackers exploiting the vulnerabilities
   or of babies being injured in a Snoo device.

Researchers with Red Balloon Security discovered several vulnerabilities
with the Snoo last year after digging into its firmware, Red Balloon founder
and CEO Ang Cui told *Business Insider*. By connecting to the crib using the
same WiFi network, researchers were able to take control of its microphones,
speaker, and motor. Red Balloon's findings were first reported by Wired on
Thursday.
<https://www.wired.com/story/snoo-smart-bassinet-vulnerabilities-shaking-loud-noise/>

https://www.businessinsider.com/snoo-smart-crib-hacked-security-researchers-shake-at-dangerous-speeds-2020-4

  [Knock Knock!  "Who's there?"
  Snoo. "What's snoo?"
  It's a risk that your baby gets from being on The Internet.
    -- ORIGINAL RESPONSE, FOR NEWBIES: I dunno.  What's snoo with you?  PGN]

------------------------------

Date: Fri, 17 Apr 2020 09:14:00 -1000
From: geoff goodfellow <geoff () iconia com>
Subject: Planned obsolescence: the outrage of our electronic waste mountain
  (The Guardian)

*Unrepairable phones and laptops are one of the scandals of our throwaway
society. But the pushback is building -- and the coronavirus crisis has
added more pressure for change*

EXCERPT:

  Imagine you showed someone a smartphone 20 years ago. You said: ``Here's
  this thing, it's going to be awesome, and it'll cost $1,000. But the
  manufacturers are going to glue the battery in, and you're supposed to get
  rid of it when the battery wears out.'' You would have thought that notion
  was completely bananas.

Nathan Proctor is talking via Google Hangouts from Boston, Massachusetts,
about an allegedly central feature of modern manufacturing known as planned
obsolescence.  This is the idea that some of the world's biggest companies
have been selling us products either knowing full well that they will only
last a couple of years, or having deliberately built a short lifespan into
the item or its software.
<https://www.theguardian.com/sustainable-business/2015/mar/23/were-are-all-losers-to-gadget-industry-built-on-planned-obsolescence>

It is a charge the companies would reject, but we all have everyday
knowledge of what he is talking about -- the suddenly dead or `bricked' --
made as useless as a brick -- phone, discarded printer or broken laptop.
Most of us dismiss the phenomenon as an irritating but unavoidable feature
of modern life. But Proctor is the director of the Right to Repair campaign
spawned by the U.S.'s Public Interest Research Group founded in 1971 by the
celebrated activist Ralph Nader, and he wants us to see things very
differently.
<https://www.theguardian.com/world/2004/oct/22/uselections2004.usa>)
<https://www.theguardian.com/world/2020/mar/11/eu-brings-in-right-to-repair-rules-for-phones-and-tablets>
<https://uspirg.org/feature/usp/about-us>

As we throw away machines and devices damned as out of date, the result is a
growing mountain of e-waste. Last year alone, it was reckoned that more than
50m tonnes of it were generated globally, with only around 20% of it
officially recycled. Half of the 50m tonnes represented large household
appliances, and heating and cooling equipment. The remainder was TVs,
computers, smartphones and tablets.  [...]

------------------------------

Date: April 19, 2020 at 9:47:58 AM GMT+9
From: geoff goodfellow <geoff () iconia com>
Subject: ICANN delays .org sale again after scathing letter from California AG
  (Ars Technica)

The controversial deal would saddle the .org registry with $300 million in
debt.

ICANN, the nonprofit that oversees the Internet's domain name system, has
given itself another two weeks to decide whether to allow control of the
.org domain to be sold to private equity firm Ethos Capital. The decision
comes after ICANN received a blizzard of letters from people opposed to the
transaction, including California Attorney General Xavier Becerra.

Becerra's letter was significant because ICANN is incorporated in
California. That means it's Becerra's job to make sure that ICANN is living
up to the commitments in its articles of incorporation, which promise that
ICANN will operate "for the benefit of the Internet community as a whole."

Becerra questioned whether ICANN was really doing that. "There is mounting
concern that ICANN is no longer responsive to the needs of its
stakeholders," he wrote.

A secretive buyer and a lot of debt

California's attorney general pointed to several specific concerns about the
transaction. One was the shadowy nature of the proposed buyer, Ethos
Capital. "Little is known about Ethos Capital and its multiple proposed
subsidiaries," Becerra writes. Ethos Capital, he said, has "refused to
produce responses to many critical questions posted by the public and
Internet community."

Ethos Capital's plan is to buy the Public Interest Registry (PIR) from its
current parent organization, the nonprofit Internet Society. To help finance
the sale, Ethos will saddle PIR with $300 million in debt -- a common tactic
in the world of leveraged buyouts. Becerra warns that this tactic could
endanger the financial viability of the PIR -- especially in light of the
economic uncertainty created by the coronavirus.

"If the sale goes through and PIR's business model fails to meet
expectations, it may have to make significant cuts in operations," Becerra
warns. "Such cuts would undoubtedly affect the stability of the .org
registry."

Becerra also blasts the Internet Society for considering the sale in the
first place. "ISOC purports to support the Internet, yet its actions, from
the secretive nature of the transaction, to actively seeking to transfer the
.org registry to an unknown entity, are contrary to its mission and
potentially disruptive to the same system it claims to champion and
support," he writes.

Becerra ends his letter with a warning: "This office will continue to
evaluate this matter, and will take whatever action necessary to protect
Californians and the nonprofit community."

Totally inappropriate

Becerra is far from the only critic of the .org deal. On Monday, ICANN's
first CEO, Michael Roberts, and original board chair Esther Dyson penned a
letter blasting the transaction and their successors at ICANN. [...]
https://arstechnica.com/tech-policy/2020/04/icann-delays-org-sale-again-after-scathing-letter-from-california-ag/

------------------------------

Date: Mon, 20 Apr 2020 09:57:49 -0700
From: Lauren Weinstein <lauren () vortex com>
Subject: This Is No Time for an Internet Blackout (Slate)

https://slate.com/technology/2020/04/pandemic-internet-shutdown-danger.html

------------------------------

Date: Mon, 20 Apr 2020 13:10:02 -0400
From: Gabe Goldberg <gabe () gabegold com>
Subject: Zoom's Security Woes Were No Secret to Business Partners Like Dropbox
  (NYTimes)

Dropbox privately paid top hackers to find bugs in software by the

videoconferencing company Zoom, then pressed it to fix them.

https://www.nytimes.com/2020/04/20/technology/zoom-security-dropbox-hackers.html

------------------------------

Date: Mon, 20 Apr 2020 12:08:32 PDT
From: "Peter G. Neumann" <neumann () csl sri com>
Subject: Anti-Asian Zoombombing at Newton South High School (Village14)

  [From a colleague]

https://village14.com/2020/04/15/anti-asian-zoombombing-at-newton-south-high-school/ 
<https://village14.com/2020/04/15/anti-asian-zoombombing-at-newton-south-high-school/>

Anti-Asian Zoombombing at Newton South High School

Guest post by Amy Xiao <https://village14.com/author/jerreilly/>
This guest post submitted by Newton South senior Amy Xiao

On the morning of 15 Apr, nearly thirty unknown hackers infiltrated a Newton
South AP Chinese class. Despite the school-mandated password protection on
the meeting, these individuals subjected the class to a slew of racist
insults for over five minutes. They were not simply being vulgar and
offensive -- they specifically targeted the students and the teacher through
racial slurs and loud mock-Chinese.

Unfortunately, while individuals in the class contacted the administration
of this event, Newton South has yet to inform the greater school community
of this hate crime. We are disappointed by Newton South's lack of
transparency; just because this type of event is happening in other school
settings across the country does not mean that we cannot be outraged.

This incidence of *zoombombing* is a reflection of a larger wave of
Anti-Asian sentiment surging across the globe. As evidenced by everything
from the physical assaults against Asian individuals to the popularization
of the term *China Virus*, it is no longer an option to simply gloss over
racism being directed toward Asians and Asian-Americans. People within our
community have been viciously attacked for their race -- and it is critical
that we acknowledge that.

In the likely case we cannot track down these hackers, we as a community
should take this opportunity to gain a better understanding of the scope and
intensity of the hate pervading our society.

------------------------------

Date: Sun, 19 Apr 2020 20:35:08 -0700
From: Lauren Weinstein <lauren () vortex com>
Subject: Buyer beware--that 2TB-6TB "NAS" drive you've been eyeing might be
  SMR (Ars Technica)

https://arstechnica.com/gadgets/2020/04/caveat-emptor-smr-disks-are-being-submarined-into-unexpected-channels/

Here's more:

https://blocksandfiles.com/2020/04/15/shingled-drives-have-non-shingled-zones-for-caching-writes/

and this is more tutorial:

https://www.reddit.com/r/DataHoarder/comments/57eosc/smr_drives_aka_archive_drives_a_word_of_caution/

------------------------------

Date: Mon, 20 Apr 2020 12:24:19 -0400 (EDT)
From: ACM TechNews <technews-editor () acm org>
Subject: "ACM Reports Best Practices for Virtual Conferences" (HPCwire)

HPCwire, 16 Apr 2020 via ACM TechNews, Monday, April 20, 2020

A new report from ACM outlines best practices for replacing live science and
technology conferences with virtual ones during the COVID-19 pandemic. The
report is a practical guide covering a wide range of topics that conference
organizers contend with, including required technology, high-level planning,
accessibility, nurturing social interaction, navigation, and finances. The
guide was created by a task force that included ACM members with experience
organizing online conferences and conducting virtual planning sessions. The
task force will periodically update and revise the report, and organizers
are encouraged to share their own experiences, or make comments or
queries. ACM president Cherri M. Pancake said, "Our hope is that the report
will also encourage conference organizers to think about reducing their
reliance on face-to-face meetings in the future."
https://orange.hosting.lsoft.com/trk/click?ref=3Dznwrbbrs9_6-24cf4x221ac3x069225&;

------------------------------

Date: Mon, 20 Apr 2020 00:20:30 -0400
From: Gabe Goldberg <gabe () gabegold com>
Subject: Is BGP Safe Yet? (WiReD)

``Is BGP Safe Yet' is a new site that names and shames internet service
providers that don't tend to their routing.

https://www.wired.com/story/cloudflare-bgp-routing-safe-yet/

------------------------------

Date: April 17, 2020 at 4:47:37 AM GMT+9
From: "Livingood, Jason" <Jason_Livingood () comcast com>
Subject: COVID-19 Internet Usage Update

  [Via Dave Farber]

We (at Comcast) just updated our COVID19 network update page at
https://corporate.comcast.com/covid-19/network. Some data points of note:

Network growth has slowed substantially and in many areas has plateaued,
especially in the cities that started stay-at-home orders earlier. This is
likely an indicator that, given currently available apps, all the people
that can work/study from home are and they are at their maximum daily usage
of screens/devices.

Peak has increased since March 1, +32% in upstream traffic & +18% in
downstream.

Downstream peak used to start at 9 PM, now starts earlier - between 7 PM and
8 PM.

Upstream peak used to start 9 PM, now starts between 8 AM and 6 PM in most
cities. (This is a significant change, driven by video conferencing and work
VPN usage.)

Video/voice conferencing +228%
VPN +40%
Video streaming +77%
For our MVNO: -19% LTE usage, +49% WiFi usage

Also NCTA (cable-based ISPs) updated their page at
https://www.ncta.com/whats-new/peak-broadband-traffic-continues-remain-steady

Network Augmentation: Once engineers identify areas that need attention,
technicians install additional hardware, extend fiber and more to ensure the
network is performing well. For some cable providers, these efforts are up
as much as 300% in a given week.

Downstream & upstream peak growth flat for 2nd consecutive week.

------------------------------

Date: Mon, 20 Apr 2020 12:24:19 -0400 (EDT)
From: ACM TechNews <technews-editor () acm org>
Subject: Raspberry Pi-Powered Ventilator to Be Tested in Colombia (BBC)

Zoe Thomas, BBC News, 13 Apr 2020, via ACM TechNews, 20 Apr 2020

Marco Mascorro, a robotics engineer with no prior experience creating
medical equipment, developed and posted online plans for a ventilator made
from a Raspberry Pi computer and easy-to-source parts. Now, researchers at
Columbia's University Hospital of the Pontifical Xavierian University and
Los Andes University are preparing to put the machine through a fast-tracked
round of tests so that it may be used to help combat the COVID-19
pandemic. The Raspberry Pi computer is critical to the control of the
ventilator; it regulates air pressure, opens and closes valves, and can
determine whether a patient needs full or partial breathing assistance. Said
Mascorro, "The beauty of developing a software-centric system is we can make
changes to the processes without doing much to the hardware."
https://orange.hosting.lsoft.com/trk/click?ref=3Dznwrbbrs9_6-24cf4x221ac4x069225&;

------------------------------

Date: Fri, 17 Apr 2020 00:59:49 -0400
From: Gabe Goldberg <gabe () gabegold com>
Subject: Sipping from the Coronavirus Domain Firehose (Krebs on Security)

Security experts are poring over thousands of new Coronavirus-themed domain
names registered each day, but this often manual effort struggles to keep
pace with the flood of domains invoking the virus to promote malware and
phishing sites, as well as non-existent healthcare products and charities.
As a result, domain name registrars are under increasing pressure to do more
to combat scams and misinformation during the COVID-19 pandemic.

By most measures, the volume of new domain registrations that include the
words Coronavirus or Covid has closely tracked the spread of the deadly
virus.  The Cyber Threat Coalition (CTC), a group of several thousand
security experts volunteering their time to fight COVID-related criminal
activity online, recently published data showing the rapid rise in new
domains began in the last week of February, around the same time the Centers
for Disease Control began publicly warning that a severe global pandemic was
probably inevitable.

https://krebsonsecurity.com/2020/04/sipping-from-the-coronavirus-domain-firehose/

------------------------------

Date: Sun, 19 Apr 2020 04:30:08 +0000
From: John Colville <John.Colville () uts edu au>
Subject: Australian Government proposes to distribute Coronavirus App

Within two weeks, the Australian Government proposes to distribute a App
which uses Bluetooth to help identify contacts of people who have been
identified as having novel Coronavirus (COVID-19).

Conditions about its distribution are changing rapidly. Initially the
Government said that it was going to be based on the Singapore App. There it
is based on centralised collection of the data.

In Singapore, it was taken up by 20% of the population. In Australia it
would not be considered successful unless 40% of the population added it to
their mobile phones i.e. cell phones. It was also said that if uptake was
not sufficient it might be made compulsory to load the App.  Since then, the
prime Minister, Scott Morrison, has ruled out compulsory loading.

https://www.abc.net.au/news/2020-04-18/prime-minister-rules-out-making-coronavirus-app-mandatory/12161126

Also the Minister responsible for the legislation, Stuart Roberts, has now
said that the code will be open to scrutiny. He has also described a model
which is similar to what has been proposed by Apple and Google, where the
information is stored on the local phone. It will then only be swapped with
neighboring phones when a COVID-19 positive person is within 1.5m of another
phone for more than 15 minutes.

------------------------------

Date: Sat, 18 Apr 2020 09:02:11 -0700
From: Lauren Weinstein <lauren () vortex com>
Subject: Rise in video conferencing use spells big trouble for ISPs

With the exception of persons on symmetric fiber connections, most Internet
last-mile connections (including mobile) are highly asymmetric. This is
especially true for cable and other typical consumer, small-business grade
wireline circuits. Cable systems can be the worst of the bunch, since they
have been routinely designed to vastly favor downstream traffic toward users
(e.g., typical web browsing, watching videos, etc.)

Now with the rise of videoconferencing for schools and work at home, the
impact on many cable systems is dramatic, with upstream speeds (usually
anemic compared with downstream even under normal conditions) being
massively negatively impacted in many cases, since videoconferencing uses
similar bandwidth in both directions.

For many years ISPs have neglected upstream speeds, now this neglect is
coming home to roost, big time.

------------------------------

Date: Mon, 20 Apr 2020 11:03:09 +0800
From: Richard Stein <rmstein () ieee org>
Subject: More states finally paying $600 extra in unemployment aide
  (apnews.com)

https://apnews.com/827d97d1facdaadea86902f0cf11683b via Doug Hosking

"Connecticut's labor officials are scrambling to reprogram their computers
to handle the additional unemployment payouts. Its decades-old system can
process weekly payments only in the hundreds of dollars, or three
digits. Problem is, the additional $600 from the federal government extends
the payments into four digits."

"...the slow and fitful distribution of payments points to the antiquated
information technology that many states still rely upon for unemployment
payments. Roughly two-thirds use a near-obsolete programming language,
COBOL, that dates to the 1970s."

Jurassic-age technical debt interferes with change management revision and
solution deployment.

------------------------------

Date: Sat, 18 Apr 2020 08:50:49 -0700
From: Lauren Weinstein <lauren () vortex com>
Subject: More on COVID-19 Digital Rights Tracker

ALL HAPPENING RIGHT NOW IN VARIOUS COUNTRIES:

License plate tracking! Credit card and bank card tracking! Smartphone
tracking! Wrist and ankle tracking bracelets! Government access to
smartphone cameras. The creation of a global surveillance juggernaut that
governments will never willingly give up or restrict solely to public health
situations! -LW

https://www.top10vpn.com/news/surveillance/covid-19-digital-rights-tracker/

------------------------------

Date: April 18, 2020 19:38:39 JST
From: Dewayne Hendricks <dewayne () warpspeed com>
Subject: Capitalists or Cronyists? (Scott Galloway)

  [Note:  This item comes from friend David Rosenthal.  DLH]

Scott Galloway, Capitalists or Cronyists?, 10 Apr 2020
<https://www.profgalloway.com/capitalists-or-cronyists>

Lenin said nothing can happen for decades, and then decades can happen in
weeks. Yes, a pandemic pulls the future forward, and there's a lot to learn.
Another phenomenon that forms rain clouds of perspective is, wait for it
... death. Or, specifically, being close to it.

My father is approaching 90, recently divorced (for the fourth time), and
spends his days watching replays of Maple Leafs games and abusing Xanax. His
affinity for Xanies is a feature, not a bug, since at the end of your life
*long-term effects* lose meaning. He's near the end, exceptionally
intelligent, and high. In sum, he's my Yoda.

Our calls are mostly me yelling short questions (HOW ARE THE LEAFS LOOKING
FOR NEXT YEAR?) and waiting for something profound in return. Occasionally
he delivers.

You must unlearn what you have learned!

Just kidding, Yoda did actually say that. But when I asked him what he
thinks makes America different, he said:

America is a terrible place to be stupid.

That's why he immigrated here. A pillar of capitalism is you can't reward
the winners without punishing the losers. I worry our government has been
co-opted by the wealthy and is focused on protecting the previous generation
of winners, even if it means reducing future generations' ability to
win. Aren't we borrowing against our children's prosperity to protect the
wealth of the top 10, if not 1, percent

In Depression-era Scotland, my dad was physically abused by his father. His
mother spent the money he sent home from the Royal Navy on whiskey and
cigarettes. He took a huge risk and came to America. My mom took a similar
risk, leaving her two youngest siblings in an orphanage (her mom and dad had
both died in their early fifties), and bought a ticket on a steamship. She
had a small suitcase and 110 quid that she hid in both socks. Why? Because
they wanted to work their asses off and be rewarded for the risks they were
willing to take. This is capitalism, a beacon of hope for people who are
smart, hard working, and comfortable with risk, promising a greater share of
the spoils than those who are not.

However, no more. Modern-day capitalism in America is to flatten the risk
curve for people who already have money, by borrowing from future
generations with debt-fueled bailouts for companies. We have consciously
decided to reduce the downside for the wealthy, thereby limiting the upside
for future generations.

CNBC guest: Equity holders deserve to get wiped out.
CNBC host: Why does anybody deserve to get wiped out in a crisis like this? This is a natural disaster, why does 
anybody deserve to get wiped out? Wouldn't that be immoral in and of itself?

Immoral, here we go. Morality for CNBC, and the current administration, is
not capitalism but the worst type of socialism, cronyism. Rugged
individualism and capitalism on the way up, privatizing the gains -- and
then socialism/cronyism on the way down as we socialize the losses with
bailouts.

Red Envelope

In 1999, the firm I co-founded, Red Envelope, was drafting an S-1 in
anticipation of an IPO. At 31, I stood to register $30-60 million on the
IPO. The bursting of the bubble damaged us, but the injuries weren't fatal,
and we were the only retail IPO of 2002. In 2008, a longshoreman strike left
all our holiday merchandise hostage on a cargo ship 8 miles off the shores
of the port of Long Beach. Then, as the credit crisis began to take hold, a
prescient analyst at Wells Fargo decided to pull our credit facility. Within
90 days we were Chapter 11. That event, combined with divorce, reduced my
net worth 97%.

I didn't deserve to lose near-everything. What happened wasn't my fault --
ok, maybe the divorce. Regardless, was this fair or (im)moral? Just as
there's no crying in baseball, there's no fairness in shareholder accretion
or destruction. Looking at jets at 31 wasn't moral or fair either. So, what
happened?  Exactly what's supposed to happen in a market economy -- downside
registered against commensurate upside.

Red Envelope went through something also uniquely American -- and productive
-- bankruptcy. The equity holders (e.g., yours truly) were wiped out
(#bummer). However, we did our duty as board members and found a buyer,
Liberty Media, who paid our vendors and kept the employees. No job loss, all
debtors paid. When a 31-year-old is shopping for jets in November, part of
the agreement with the invisible hand is he may lose most/all of it by
March. There's a word for that: capitalism.

The capital structure of private firms is meant to balance upside and
downside. CNBC/Trump want to protect current equity holders at the expense
of future generations with rescue packages that explode the deficit. They
also want to protect airlines, who spent $45 billion on buybacks and now
want a $54 billion bailout, disincentivizing other firms (e.g., Berkshire
Hathaway) that have built huge cash piles foregoing current returns.

The rescue package should protect people, not businesses. From 2017 to 2019,
the CEOs of Delta, American, United, and Carnival Cruises earned over $150
million in compensation. But, now, ``We're in this together'' (i.e., bail
our asses out).

And what happens if they (gasp!), go out of business? Simple, the equity
holders, and unsecured debt holders, get wiped out. These are the cohorts
who, despite the recent meltdown, have registered a 3.3x increase in the Dow
since the lows of 2008.

As long as they keep making old people, and younger people want to take
their kids to Disney's Galaxy's Edge, there will be cruise lines and
airlines. Since 2000, US airlines have declared bankruptcy 66 times. Despite
the obvious vulnerability of the sector, boards/CEOs of the six largest
airlines have spent 96% of their free cash flow on share buybacks,
bolstering the share price and compensation of management -- who now want a
bailout. They should be allowed to fail. Bondholders will own the firms.
Ships and planes will continue to float and fly, and there will still be a
steel tube with recirculated air waiting for you post molestation by Roy
from TSA.

The Lie

Trump/CNBC have adopted a narrative that this is about protecting the most
vulnerable. No, it's about buttressing the most wealthy. Pandemics typically
result in higher wages over the next several decades as we recognize that
essential workers (the gal/guy delivering your Greek yogurt and placing your
Indian food in the backseat of your car) should be paid more. A good thing.
[...]

------------------------------

Date: April 19, 2020 18:39:21 JST
From: Dewayne Hendricks <dewayne () warpspeed com>
Subject: The world after coronavirus (Yuval Noah Harari)

Yuval Noah Harari, 20 Mar 2020
This storm will pass. But the choices we make now could change our lives for years to come
<https://www.ft.com/content/19d90308-6858-11ea-a3c9-1fe6fedcca75>

Humankind is now facing a global crisis. Perhaps the biggest crisis of our
generation. The decisions people and governments take in the next few weeks
will probably shape the world for years to come. They will shape not just
our healthcare systems but also our economy, politics and culture. We must
act quickly and decisively. We should also take into account the long-term
consequences of our actions. When choosing between alternatives, we should
ask ourselves not only how to overcome the immediate threat, but also what
kind of world we will inhabit once the storm passes. Yes, the storm will
pass, humankind will survive, most of us will still be alive -- but we will
inhabit a different world.

Many short-term emergency measures will become a fixture of life. That is
the nature of emergencies. They fast-forward historical processes. Decisions
that in normal times could take years of deliberation are passed in a matter
of hours. Immature and even dangerous technologies are pressed into service,
because the risks of doing nothing are bigger. Entire countries serve as
guinea-pigs in large-scale social experiments. What happens when everybody
works from home and communicates only at a distance? What happens when
entire schools and universities go online? In normal times, governments,
businesses and educational boards would never agree to conduct such
experiments. But these aren't normal times.

In this time of crisis, we face two particularly important choices. The
first is between totalitarian surveillance and citizen empowerment. The
second is between nationalist isolation and global solidarity.

Under-the-skin surveillance

In order to stop the epidemic, entire populations need to comply with
certain guidelines. There are two main ways of achieving this. One method is
for the government to monitor people, and punish those who break the
rules. Today, for the first time in human history, technology makes it
possible to monitor everyone all the time. Fifty years ago, the KGB couldn't
follow 240m Soviet citizens 24 hours a day, nor could the KGB hope to
effectively process all the information gathered. The KGB relied on human
agents and analysts, and it just couldn't place a human agent to follow
every citizen. But now governments can rely on ubiquitous sensors and
powerful algorithms instead of flesh-and-blood spooks.

In their battle against the coronavirus epidemic several governments have
already deployed the new surveillance tools. The most notable case is
China. By closely monitoring people's smartphones, making use of hundreds of
millions of face-recognising cameras, and obliging people to check and
report their body temperature and medical condition, the Chinese authorities
can not only quickly identify suspected coronavirus carriers, but also track
their movements and identify anyone they came into contact with. A range of
mobile apps warn citizens about their proximity to infected patients.

This kind of technology is not limited to east Asia. Prime Minister Benjamin
Netanyahu of Israel recently authorised the Israel Security Agency to deploy
surveillance technology normally reserved for battling terrorists to track
coronavirus patients. When the relevant parliamentary subcommittee refused
to authorise the measure, Netanyahu rammed it through with an *emergency
decree*.

You might argue that there is nothing new about all this. In recent years
both governments and corporations have been using ever more sophisticated
technologies to track, monitor and manipulate people. Yet if we are not
careful, the epidemic might nevertheless mark an important watershed in the
history of surveillance. Not only because it might normalise the deployment
of mass surveillance tools in countries that have so far rejected them, but
even more so because it signifies a dramatic transition from *over the skin*
to *under the skin* surveillance.

Hitherto, when your finger touched the screen of your smartphone and clicked
on a link, the government wanted to know what exactly your finger was
clicking on. But with coronavirus, the focus of interest shifts. Now the
government wants to know the temperature of your finger and the
blood-pressure under its skin.

The emergency pudding

One of the problems we face in working out where we stand on surveillance is
that none of us know exactly how we are being surveilled, and what the
coming years might bring. Surveillance technology is developing at breakneck
speed, and what seemed science-fiction 10 years ago is today old news. As a
thought experiment, consider a hypothetical government that demands that
every citizen wears a biometric bracelet that monitors body temperature and
heart-rate 24 hours a day. The resulting data is hoarded and analysed by
government algorithms. The algorithms will know that you are sick even
before you know it, and they will also know where you have been, and who you
have met. The chains of infection could be drastically shortened, and even
cut altogether. Such a system could arguably stop the epidemic in its tracks
within days. Sounds wonderful, right?

The downside is, of course, that this would give legitimacy to a terrifying
new surveillance system. If you know, for example, that I clicked on a Fox
News link rather than a CNN link, that can teach you something about my
political views and perhaps even my personality. But if you can monitor what
happens to my body temperature, blood pressure and heart-rate as I watch the
video clip, you can learn what makes me laugh, what makes me cry, and what
makes me really, really angry.

It is crucial to remember that anger, joy, boredom and love are biological
phenomena just like fever and a cough. The same technology that identifies
coughs could also identify laughs. If corporations and governments start
harvesting our biometric data en masse, they can get to know us far better
than we know ourselves, and they can then not just predict our feelings but
also manipulate our feelings and sell us anything they want -- be it a
product or a politician. Biometric monitoring would make Cambridge
Analytica's data hacking tactics look like something from the Stone
Age. Imagine North Korea in 2030, when every citizen has to wear a biometric
bracelet 24 hours a day. If you listen to a speech by the Great Leader and
the bracelet picks up the tell-tale signs of anger, you are done for.

You could, of course, make the case for biometric surveillance as a
temporary measure taken during a state of emergency. It would go away once
the emergency is over. But temporary measures have a nasty habit of
outlasting emergencies, especially as there is always a new emergency
lurking on the horizon. My home country of Israel, for example, declared a
state of emergency during its 1948 War of Independence, which justified a
range of temporary measures from press censorship and land confiscation to
special regulations for making pudding (I kid you not). The War of
Independence has long been won, but Israel never declared the emergency
over, and has failed to abolish many of the *temporary* measures of 1948
(the emergency pudding decree was mercifully abolished in 2011).

Even when infections from coronavirus are down to zero, some data-hungry
governments could argue they needed to keep the biometric surveillance
systems in place because they fear a second wave of coronavirus, or because
there is a new Ebola strain evolving in central Africa, or because ..., you
get the idea. A big battle has been raging in recent years over our
privacy. The coronavirus crisis could be the battle's tipping point. For
when people are given a choice between privacy and health, they will usually
choose health.

The soap police

Asking people to choose between privacy and health is, in fact, the very
root of the problem. Because this is a false choice. We can and should enjoy
both privacy and health. We can choose to protect our health and stop the
coronavirus epidemic not by instituting totalitarian surveillance regimes,
but rather by empowering citizens. In recent weeks, some of the most
successful efforts to contain the coronavirus epidemic were orchestrated by
South Korea, Taiwan and Singapore. While these countries have made some use
of tracking applications, they have relied far more on extensive testing, on
honest reporting, and on the willing co-operation of a well-informed public.

Centralised monitoring and harsh punishments aren't the only way to make
people comply with beneficial guidelines. When people are told the
scientific facts, and when people trust public authorities to tell them
these facts, citizens can do the right thing even without a Big Brother
watching over their shoulders. A self-motivated and well-informed population
is usually far more powerful and effective than a policed, ignorant
population.

Consider, for example, washing your hands with soap. This has been one of
the greatest advances ever in human hygiene. This simple action saves
millions of lives every year. While we take it for granted, it was only in
the 19th century that scientists discovered the importance of washing hands
with soap. Previously, even doctors and nurses proceeded from one surgical
operation to the next without washing their hands. Today billions of people
daily wash their hands, not because they are afraid of the soap police, but
rather because they understand the facts. I wash my hands with soap because
I have heard of viruses and bacteria, I understand that these tiny organisms
cause diseases, and I know that soap can remove them.

------------------------------

Date: Sat, 18 Apr 2020 13:41:10 +0300
From: Amos Shapir <amos083 () gmail com
Subject: Re: How Coronavirus Is Eroding Privacy (RISKS-31.68)

So now it's official knowledge: Advertising companies are following us
around and know where we are and what we are doing, all the time (as if we
had any doubts).  What privacy?  We never had that on the net, and never
will.

------------------------------

Date: Sat, 18 Apr 2020 13:09:12 -0700
From: "Rex Sanders" <rex.sanders () usa net>
Subject: Re: New CDC Study Shows Coronavirus Can Survive For Hours On ...
  (RISKS-31.68)

Quoting the CDC article:

  "Our study has 2 limitations. First, the results of the nucleic acid test
   do not indicate the amount of viable virus. Second, for the unknown
   minimal infectious dose, the aerosol transmission distance cannot be
   strictly determined."

I like to use this analogy with friends and family: Someone gets murdered in a home. Police find a suspect's 
fingerprints everywhere inside the home, but haven't actually looked for the murderer.

Is the home still dangerous? We don't know. All we have are fingerprints.

In the CDC study, the researchers found genetic fingerprints of the virus,
but have no idea if what they found could infect people. They even said so
in the article!

Unfortunately I see this fingerprint/murderer confusion in far too many coronavirus news reports - including this one.

------------------------------

Date: Mon, 14 Jan 2019 11:11:11 -0800
From: RISKS-request () csl sri com
Subject: Abridged info on RISKS (comp.risks)

 The ACM RISKS Forum is a MODERATED digest.  Its Usenet manifestation is
 comp.risks, the feed for which is donated by panix.com as of June 2011.
=> SUBSCRIPTIONS: The mailman Web interface can be used directly to
 subscribe and unsubscribe:
   http://mls.csl.sri.com/mailman/listinfo/risks

=> SUBMISSIONS: to risks () CSL sri com with meaningful SUBJECT: line that
   includes the string `notsp'.  Otherwise your message may not be read.
 *** This attention-string has never changed, but might if spammers use it.
=> SPAM challenge-responses will not be honored.  Instead, use an alternative
 address from which you never send mail where the address becomes public!
=> The complete INFO file (submissions, default disclaimers, archive sites,
 copyright policy, etc.) is online.
   <http://www.CSL.sri.com/risksinfo.html>
 *** Contributors are assumed to have read the full info file for guidelines!

=> OFFICIAL ARCHIVES:  http://www.risks.org takes you to Lindsay Marshall's
    searchable html archive at newcastle:
  http://catless.ncl.ac.uk/Risks/VL.IS --> VoLume, ISsue.
  Also,  ftp://ftp.sri.com/risks for the current volume
     or ftp://ftp.sri.com/VL/risks-VL.IS for previous VoLume
  If none of those work for you, the most recent issue is always at
     http://www.csl.sri.com/users/risko/risks.txt, and index at /risks-31.00
  Lindsay has also added to the Newcastle catless site a palmtop version
  of the most recent RISKS issue and a WAP version that works for many but
  not all telephones: http://catless.ncl.ac.uk/w/r
  ALTERNATIVE ARCHIVES: http://seclists.org/risks/ (only since mid-2001)
 *** NOTE: If a cited URL fails, we do not try to update them.  Try
  browsing on the keywords in the subject line or cited article leads.
  Apologies for what Office365 and SafeLinks may have done to URLs.
==> Special Offer to Join ACM for readers of the ACM RISKS Forum:
    <http://www.acm.org/joinacm1>

------------------------------

End of RISKS-FORUM Digest 31.69
************************
Previous By Date Next
Previous By Thread Next

Current thread: