Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit precedence: bulk Subject: Risks Digest 32.05 RISKS-LIST: Risks-Forum Digest Saturday 27 June 2020 Volume 32 : Issue 05 ACM FORUM ON RISKS TO THE PUBLIC IN COMPUTERS AND RELATED SYSTEMS (comp.risks) Peter G. Neumann, founder and still moderator ***** See last item for further information, disclaimers, caveats, etc. ***** This issue is archived at as The current issue can also be found at Contents: A New Normal: Siberian heat wave is a 'warning cry' from the Arctic, climate scientists say (Reuters) `PizzaGate' Conspiracy Theory Thrives Anew in the TikTok Era (NYTimes) EBay's Critics Faced an Extreme Case of an Old Silicon Valley Habit (NYTimes) Physicists Just Quantum Teleported Information Between Particles of Matter (Science Alert) Apple Watch Quote/Thread of The Day (Casey Newton) California University Paid $1.14 Million After Ransomware Attack (Bloomberg) Russian Criminal Group Finds New Target: Americans Working at Home (NYTimes) Smells Fishy? The Fish That Prevent Iran From Hacking Israel's Water System (Yeshiva World, Geoff Kuenning) Re: The Army will soon allow users to access classified info from home (Bob Wilson) Re: How Thousands of Misplaced Emails Took Over This Engineer's Inbox (Paul Wexelblat) Re: IP Protection for AI-generated and AI-assisted works (Henry Baker) Re: Wrongfully Accused by an Algorithm (Bella, Michael Bacon) Scientists just beginning to understand the many health problems caused by COVID-19 (Reuters) The number of new cases of COVID-19 is misleading (Mark Thorson) Re: 0.5% of coronavirus stimulus checks went to dead people (John Levine, Gabe Goldberg, John Levine, Gabe Goldberg) Abridged info on RISKS (comp.risks) ---------------------------------------------------------------------- Date: Fri, 26 Jun 2020 14:45:05 -1000 From: geoff goodfellow Subject: A New Normal: Siberian heat wave is a 'warning cry' from the Arctic, climate scientists say (Reuters) Pine trees are bursting into flames. Boggy peatlands are tinderbox dry. And towns in northern Russia are sweltering under conditions more typical of the tropics. Reports of record-breaking Arctic heat -- registered at more than 100 Fahrenheit (38 Celsius) in the Siberian town of Verkhoyansk on June 20 -- are still being verified by the World Meteorological Organization. But even without that confirmation, experts at the global weather agency are worried by satellite images showing that much of the Russian Arctic is in the red. That extreme heat is fanning the unusual extent of wildfires across the remote, boreal forest and tundra that blankets northern Russia. Those blazes have in turn ignited normally waterlogged peatlands. Scientists fear the blazes are early signs of drier conditions to come, with more frequent wildfires releasing stores of carbon from peatland and forests that will increase the amount of planet-warming greenhouse gases in the air. Thomas Smith, an environmental geographer at the London School of Economics: ``This is what this heat wave is doing: It makes much more fuel available to burn, not just vegetation, but the soil as well. It's one of many vicious circles that we see in the Arctic that exacerbate climate change.'' Satellite records for the region starting in 2003 suggest there has been a dramatic jump in emissions from Arctic fires during just the last two summers, with the combined emissions released in June 2019 and June 2020 greater than during all of the June months in 2003-2018 put together, Smith said. Atmospheric records dating back more than a century show Arctic air temperatures also reaching new highs in recent years. That leads Smith to believe the scale of the fires could be unprecedented as well. ``What we're seeing happening right now is the consequence of the past industrial emissions. What will happen in 40 years' time is already locked in. We can't do anything about that. That's why we should be concerned; it can only get worse.'' Although peatland covers only 3% of the Earth's land surface, those deposits contain twice as much carbon as all the world's forests together. *A NEW NORMAL*... [...] https://www.reuters.com/article/us-climate-change-arctic/siberian-heat-wave-is-a-warning-cry-from-the-arctic-climate-scientists-say-idUSKBN23V2W7 ------------------------------ Date: Sat, 27 Jun 2020 08:37:05 -0400 From: Monty Solomon Subject: `PizzaGate' Conspiracy Theory Thrives Anew in the TikTok Era (NYTimes) The false theory targeting Democrats, now fueled by QAnon and teenagers on TikTok, is entangling new targets like Justin Bieber. https://www.nytimes.com/2020/06/27/technology/pizzagate-justin-bieber-qanon-tiktok.html ------------------------------ Date: Sat, 27 Jun 2020 09:04:19 -0400 From: Monty Solomon Subject: EBay's Critics Faced an Extreme Case of an Old Silicon Valley Habit (NYTimes) Six former employees were recently named in federal charges that were an indication of the lengths some companies will go to hit back at detractors. https://www.nytimes.com/2020/06/27/technology/ebay-silicon-valley-security-reputation.html ------------------------------ Date: Sat, 27 Jun 2020 08:31:06 -1000 From: geoff goodfellow Subject: Physicists Just Quantum Teleported Information Between Particles of Matter (Science Alert) By making use of the 'spooky' laws behind quantum entanglement, physicists think have found a way to make information leap between a pair of electrons separated by distance. Teleporting fundamental states between photons massless particles of light -- is quickly becoming old news, a trick we are still learning to exploit in computing and encrypted communications technology. But what the latest research has achieved is quantum teleportation between particles of matter -- electrons -- something that could help connect quantum computing with the more traditional electronic kind. "We provide evidence for 'entanglement swapping,' in which we create entanglement between two electrons even though the particles never interact, and 'quantum gate teleportation,' a potentially useful technique for quantum computing using teleportation," says physicist John Nichol from the University of Rochester in New York. "Our work shows that this can be done even without photons." Entanglement is physics jargon for what seems like a pretty straightforward concept. [...] https://www.sciencealert.com/physicists-have-teleported-information-between-particles-of-matter-for-the-first-time ------------------------------ Date: Fri, 26 Jun 2020 14:40:04 -1000 From: geoff goodfellow Subject: Apple Watch Quote/Thread of The Day (Casey Newton) *"If Apple Watch can detect hand washing now then it can probably detect other activities involving vigorous hand motions and I for one would like to know what Apple is doing with the data"* https://twitter.com/CaseyNewton/status/1275177758188949504 ------------------------------ Date: Sat, 27 Jun 2020 08:29:05 -1000 From: geoff goodfellow Subject: California University Paid $1.14 Million After Ransomware Attack (Bloomberg) The hackers encrypted data on servers inside the school of medicine, the university said Friday. While researchers at UCSF are among those leading coronavirus-related antibody testing, the attack didn't impede its Covid-19 work, it said. The university is working with a team of cybersecurity contractors to restore the hampered servers *soon*. ``The data that was encrypted is important to some of the academic work we pursue as a university serving the public good. We therefore made the difficult decision to pay some portion of the ransom.'' . The intrusion was detected as recently as June 1, and UCSF said the actors were halted during the attack. Yet using malware known as Netwalker, the hackers obtained and revealed data that prompted UCSF to engage in ransomware negotiations, which ultimately followed with payment. [...] , https://www.bloomberg.com/news/articles/2020-06-27/california-university-paid-1-14-million-after-ransomware-attack ------------------------------ Date: Fri, 26 Jun 2020 10:42:05 +0900 From: Dave Farber Subject: Russian Criminal Group Finds New Target: Americans Working at Home (NYTimes) https://www.nytimes.com/2020/06/25/us/politics/russia-ransomware-coronavirus-work-home.html?referringSource=articleShare ------------------------------ Date: Fri, 26 Jun 2020 14:43:05 -1000 From: geoff goodfellow Subject: Smells Fishy? The Fish That Prevent Iran From Hacking Israel's Water System (Yeshiva World) Following Iran's unprecedented attack on Israel's civilian infrastructure by its attempt to hack into Israel's water system to raise the chlorine to dangerous levels, the National Cyber Directorate took responsibility for protecting Israel's water system, *Channel 12 News* reported on Monday. The report added an intriguing detail about the protection of Israel's water system -- the employment of dozens of fish in ensuring the safety of Israel's water supply. Twelve aquariums filled with drinking water at the Eshkol water purification site in Be'er Sheva each house several fish who happily swim around as fish do. The fish are closely monitored 24/7 to ensure they stay happy and healthy. Even the slightest signs of changes in their behavior are regarded as *fishy* by those responsible for the safety of Israel's drinking water. [...] https://www.theyeshivaworld.com/news/headlines-breaking-stories/1876329/smells-fishy-the-fish-that-prevent-iran-from-hacking-israels-water-system.html ------------------------------ Date: Fri, Jun 26, 2020 at 9:52 PM From: Geoff Kuenning Subject: Smells Fishy? The Fish That Prevent Iran From Hacking Israel's Water System (RISKS-32.04) [via geoff goodfellow] * Have you ever been in a swimming pool and accidentally swallowed some of the water? * Have you ever gotten sick from doing so? * Have you ever been in a swimming pool where you could NOT smell and taste the chlorine? Even if we assume a cyberattack could have raised chlorine "to dangerous levels", Israeli citizens would have smelled and tasted it long before they consumed enough to fall ill. Something smells fishy indeed. I can believe that there are fish who serve as canaries in the water system's "coal mine", because there might be poisons that could be introduced in more traditional ways. But I don't buy the part about a cyberattack trying to release chlorine to make people sick. [This seems like a Canary Row? (both words mispronounced, with apologies to Steinbeck). But maybe it was not chlorine that was *being admitted* into the water systems (and which is not *being admitted* for intelligence reasons)? PGN] ------------------------------ Date: Fri, 26 Jun 2020 17:35:33 -0500 From: Bob Wilson Subject: Re: The Army will soon allow users to access classified info from home (RISKS-32.04) This should really make important things a lot easier! Back when I was involved with "Orange Book" style security, we always referred to example data that was to be securely protected as "The General's Whisky List". The list he wanted an orderly to go out and procure. Now when we have to shop from home, we can make that real again! Bob Wilson [What comes around goes around. The same is true of all of the zealots who want backdoors for law enforcement surveillance. It (once again!) reminds me of the old George Price cartoon in The New Yorker, with the vine having already wrapped itself around the house: Look out, Fred! Here it comes again! PGN] ------------------------------ Date: Fri, 26 Jun 2020 20:49:06 -0400 From: wexelblat@gmail.com Subject: Re: How Thousands of Misplaced Emails Took Over This Engineer's Inbox (RISKS-32.04) Some years while teaching a Comp Sci course at UMass Lowell we got talking about spam and bogus email. As part of an exercise I registered bogus-address.com so we could just watch and see what was coming in. Afterwards I pretty much ignored it, and had the messages automatically forward to dev/null (for the last 18 years or so). Your posting piqued my interest, and I think I'll turn it back on, so I can see what's going on. Got not much better to do while hunkering. (To answer your question, (why did I keep it?) I dunno, but periodically GoDaddy has a *special* that allows me to renew it for practically nothing. ------------------------------ Date: Fri, 26 Jun 2020 15:32:53 -0700 From: Henry Baker Subject: Re: IP Protection for AI-generated and AI-assisted works (RISKS-32.04) U.S. Constitution, Art. 1, Sect. 8, gives Congress the power "to promote the Progress of Science and Useful arts, by securing, for ***limited*** Times, to ***Authors*** and ***Inventors***, the exclusive Right to ***their*** respective Writings and Discoveries". The meaning of 'limited' has been twisted by Disney to mean 'limited only by the imagination of highly paid Hollywood lawyers'; by a curious coincidence, the limit always gets extended whenever a Disney copyright is in danger of expiration. Copyright is currently "author's life plus 70 years" (or should that read "Disney Company's life plus 70 years"?), so when, exactly, does the 'life' of an AI end? What could possibly go wrong? Here's what Disney's own web site has to say: "We are working to endow computers and robots with many of the qualities long associated with living, thinking beings -- from perception and action to reasoning, problem solving, and even ***creativity***! Here we are going beyond simply building the next generation of smart tools and are instead finding new ways to bring our treasured characters to ***life***." https://studios.disneyresearch.com/artificial-intelligence/ The plain meaning of 'their' in the Constitution is a *human* reference; otherwise, the Constitution would have said 'its'. PS. The 'Trans Pacific Partnership', which Trump pulled out of the moment he was sworn into office in 2017, would have taken copyright out of the hands of Congress and placed it under the control of an international trade organization. Like a stopped clock, Trump happened to do the right thing this one time. ------------------------------ Date: Sat, 27 Jun 2020 11:28:27 +0000 (UTC) From: Bella Subject: Re: Wrongfully Accused by an Algorithm (RISKS-32.04) While I do not know which facial recognition software the Detroit Police Department has chosen to use, people know that NIST's Vendor Recognition Test found that pretty much all of them had a much higher rate of false-positive matches when looking at people of colour. Considering how large a market sample NIST tested; not only do I expect we'll see significant bias in false-positive arrests, I also expect we'll probably see similar results if other police departments follow suit, regardless of the software they select. https://www.nist.gov/programs-projects/face-recognition-vendor-test-frvt-ongoing I wonder if potential gender or racial biases was even a factor in DPD's selection panel? ------------------------------ Date: Sat, 27 Jun 2020 13:01:24 +0100 From: Michael Bacon Subject: Re: Wrongfully Accused by an Algorithm (Risks-32.04) Only Sort of. These days, a mismatch between a headline and the body of the article is not at all unusual. It used to be that newspaper headlines were accurate, albeit those in the "red top" tabloids in particular have always used a unique form of grammar, but sadly, no longer. Just the other day, a leading British broadsheet headlined a mandatory requirement, but reduced that to a "might have to" in the article itself; and throughout the past months the UK media (and government) has referred to "Rules" in headlines, but then qualified them lower down as being merely "guidance" and "advice". Even some UK police forces have been ignorant of the limits of the "Rules" and have misapplied the law. There is a strong argument of course in this situation, that trading on the ignorance and laziness of Jo Public might not be a "bad thing", but I suspect it's largely an accidental abuse of the language (I'm thinking Hanlon's Razor). Nevertheless, extreme headlines abound, and the very evident RISK is that far too many people read no further than the big print (few read the subheading, fewer still the first paragraphs of the article, and there seem to be almost none at all who read "below the fold" ... and then they re-broadcast the hyperbole on social media where it gains new life. For over 300 years it's been said that: "A lie gets halfway around the world before the truth has a chance to get its pants on" (or similar), and Shakespeare had Puck say, in a Midsummer Night's Dream: "I'll put a girdle round the Earth in forty minutes." Today the "lie" travels around the globe in 40 milliseconds, and is solidified by, and enhanced in, each retelling. ------------------------------ Date: Fri, 26 Jun 2020 14:41:05 -1000 From: geoff goodfellow Subject: Scientists just beginning to understand the many health problems caused by COVID-19 (Reuters) ... some may have lingering effects on patients and health systems for years to come, according to doctors and infectious disease experts. Besides the respiratory issues that leave patients gasping for breath, the virus that causes COVID-19 attacks many organ systems, in some cases causing catastrophic damage. ``We thought this was only a respiratory virus. Turns out, it goes after the pancreas. It goes after the heart. It goes after the liver, the brain, the kidney and other organs. We didn't appreciate that in the beginning,'' said Dr. Eric Topol, a cardiologist and director of the Scripps Research Translational Institute in La Jolla, California. In addition to respiratory distress, patients with COVID-19 can experience blood clotting disorders that can lead to strokes, and extreme inflammation that attacks multiple organ systems. The virus can also cause neurological complications that range from headache, dizziness and loss of taste or smell to seizures and confusion. And recovery can be slow, incomplete and costly, with a huge impact on quality of life. The broad and diverse manifestations of COVID-19 are somewhat unique, said Dr. Sadiya Khan, a cardiologist at Northwestern Medicine in Chicago. [...] https://www.reuters.com/article/us-health-coronavirus-effects/scientists-just-beginning-to-understand-the-many-health-problems-caused-by-covid-19-idUSKBN23X1BZ ------------------------------ Date: Fri, 26 Jun 2020 15:55:22 -0700 From: Mark Thorson Subject: The number of new cases of COVID-19 is misleading (Wordpress) New cases might be people who are asymptomatic, recovered, or cross-reactive to one of the mostly harmless coronavirus strains that cause an estimated 5-15% of the common cold. What counts are a) hospitalizations and b) deaths. https://luysii.wordpress.com/2020/06/25/death-rates-from-coronavirus-drop-in-half-2-months-after-georgia-loossens-lockdown-restrictions/ ------------------------------ Date: 26 Jun 2020 22:29:59 -0400 From: "John Levine" Subject: Re: 0.5% of coronavirus stimulus checks went to dead people according to the GAO (Goldberg, RISKS-32.04) > No time to check for dead recipients -- what could go wrong? I would have hoped the WaPo would have better political and arithmetic skills than this article shows. The $1.4 billion that went to dead people sounds like a lot until you remember that the total was $270 billion so we're talking about 0.5% of the total. The point of the stimulus was to get money to people as quickly as possible so that money generally went to the dead peoples' family members who as likely as not were happy to have to to pay for rent, food, and all the other stuff the stimulus was intended to support. Imagine you're in an office in D.C., you know that as things stand you'll send half a percent of the money to dead people, and it would take (making up a number here) half a week to arrange to compare the payment file to the death records. Knowing that you'll still send money to some dead people (the records are always out of date since people die every day), is it worth the extra delay to fix a half percent error when the law says to send the money s "as rapidly as possible"? What would you say? I'd say of course not, ship it. My father died last year and he did indeed get a stimulus payment directly into the estate's bank account, followed by a letter from the Leader to DEC'D. We don't need it so it's sitting in the bank waiting to see if they're going to take it back. If they don't, I'll send it to the local food bank who can sure use the money. ------------------------------ Date: Sat, 27 Jun 2020 01:30:05 -0400 From: Gabe Goldberg Subject: Re: 0.5% of coronavirus stimulus checks went to dead people according to the GAO (Levine, RISKS-32.05) IRS has access to Social Security Death Master File https://en.wikipedia.org/wiki/Death_Master_File to verify payments. But, quoting the article: However, IRS counsel determined they did not have the legal authority to deny payments to people who had filed a return, even if they were deceased at the time of payment. ...so it wasn't a technical problem or a week's potential delay, it was set up to deliver improper payments. And WaPo columnist now advises against recovering improper payments. Because ... well, that's not clear. What's the arithmetic skills failure to which you refer? You're likely right that family members appreciated incorrect payments. So, likely, do people receiving undeserved tax refunds. A billion here, a billion there, out of trillions here, trillions there, still amounts to substantial waste. ------------------------------ Date: 27 Jun 2020 12:24:33 -0400 From: "John R. Levine" Subject: Re: 0.5% of coronavirus stimulus checks went to dead people according to the GAO (Goldberg, RISKS-32.05) Unfortunately, it's right there in your paragraph. A billion and a trillion are not the same thing, and an 0.5% error is not a big one. I would also take issue with calling this mistake "waste", but see my previous message about that. ------------------------------ Date: Sat, 27 Jun 2020 13:57:17 -0400 From: Gabe Goldberg Subject: Re: 0.5% of coronavirus stimulus checks went to dead people according to the GAO (Levine, RISKS-32.05) That seems opinion or perspective than arithmetic. A small percentage of a giant number can be a big number. A billion dollars is a terrible thing to waste. Paying people who weren't intended to be paid -- no matter how happy they are to receive the payment -- is a waste. Let's end here. [I agree. PGN] ------------------------------ Date: Mon, 1 Jun 2020 11:11:11 -0800 From: RISKS-request@csl.sri.com Subject: Abridged info on RISKS (comp.risks) The ACM RISKS Forum is a MODERATED digest. Its Usenet manifestation is comp.risks, the feed for which is donated by panix.com as of June 2011. => SUBSCRIPTIONS: The mailman Web interface can be used directly to subscribe and unsubscribe: http://mls.csl.sri.com/mailman/listinfo/risks => SUBMISSIONS: to risks@CSL.sri.com with meaningful SUBJECT: line that includes the string `notsp'. Otherwise your message may not be read. *** This attention-string has never changed, but might if spammers use it. => SPAM challenge-responses will not be honored. Instead, use an alternative address from which you never send mail where the address becomes public! => The complete INFO file (submissions, default disclaimers, archive sites, copyright policy, etc.) is online. *** Contributors are assumed to have read the full info file for guidelines! => OFFICIAL ARCHIVES: http://www.risks.org takes you to Lindsay Marshall's searchable html archive at newcastle: http://catless.ncl.ac.uk/Risks/VL.IS --> VoLume, ISsue. Also, ftp://ftp.sri.com/risks for the current volume or ftp://ftp.sri.com/VL/risks-VL.IS for previous VoLume If none of those work for you, the most recent issue is always at http://www.csl.sri.com/users/risko/risks.txt, and index at /risks-32.00 ALTERNATIVE ARCHIVES: http://seclists.org/risks/ (only since mid-2001) *** NOTE: If a cited URL fails, we do not try to update them. Try browsing on the keywords in the subject line or cited article leads. Apologies for what Office365 and SafeLinks may have done to URLs. ==> Special Offer to Join ACM for readers of the ACM RISKS Forum: ------------------------------ End of RISKS-FORUM Digest 32.05 ************************