Please try the URL privacy information feature enabled by clicking the flashlight icon above. This will reveal two icons after each link the body of the digest. The shield takes you to a breakdown of Terms of Service for the site - however only a small number of sites are covered at the moment. The flashlight take you to an analysis of the various trackers etc. that the linked site delivers. Please let the website maintainer know if you find this useful or not. As a RISKS reader, you will probably not be surprised by what is revealed…
—whither the U.S. National Healthcare IT Initiative? [Source: "Payroll system beset from Day 1: Poor management, software failures and breakdowns in training led to a yearlong crisis at L.A. Unified." Joel Rubin, *Los Angeles Times*, 11 Feb 2008] http://www.latimes.com/news/local/los_angeles_metro/la-me-payroll11feb11,1,4656862.story?page=1 Painful experience with Los Angeles' 95 million US$ attempt to computerize its school payroll is reviewed in the referenced article. Predictable, of course, but, to quote an old protest song, "we were knee deep in the big muddy and the big fool said to push on." The spectacular failure is particularly remarkable because it involved what should have been a rather mundane project: the computerization of payroll for 36,000 employees. That such a project should go so badly wrong should, perhaps, make us more reluctant to embrace much larger efforts. The present U.S. administration committed US$100 million to a vaguely outlined project to catalyze the introduction of immediately available electronic medical records for healthcare in the U.S. The scale of the project is perhaps three to five orders of magnitude larger than the one that failed in LA but the sum committed to the endeavor is about the same. The efforts to introduce interoperable electronic medical records have been far more expensive and much less successful than anyone is willing to admit. A private review of two major hospital systems showed that the overruns are on the order of 3 to 5 times (sic) the initially proposed price but also that the systems are delayed years beyond the plan horizon and the implementations are radically stripped-down versions of what had been proposed. Many of the high end features that were touted as bringing increased efficiency and safety to healthcare delivery have been scrapped or put off until later versions of the system. Senior management in these IT efforts are routinely replace every few years as schedules slip and costs increase. Somewhat surprisingly, hospital administrators remain optimistic regarding the future of these systems—insisting that the problems encountered are the result of inevitable "growing pains" or narrowly technical flaws rather than inadequate planning, goal setting, design, or implementation. (One facility recognized that the project could not be made to work on the planned platform and essentially scrapped its entire effort and started over.) The similarities between the experiences with healthcare IT and the LA system's evolution are disturbing. What is particularly troubling about the LA school system story is the willingness and ability of the system vendors and a few senior managers to push forward despite many warnings that the project was far off course and out of control. Institutional needs and conflicts of interest created the problem and then sustained the fantasy that the system was going to work even as it was collapsing. The scale of the healthcare IT initiative might be estimated like this. The LA system apparently spent over $50 million before the failure became apparent—this is for 36K employees or about $1,400/employee. Taking the U.S. population at 300 million and assuming that the national effort is twice as efficient in implementation leads me to believe that about US$20 billion will be spent before people realize that things have gone badly wrong. As a sanity check on these numbers, the system reviews described above indicate that a single facility can easily spend $40 million in direct expenditures (just the hardware and software and associated IT people) before realizing that the IT system being built is going to fail. There are roughly 5000 U.S. hospitals, again giving a roughly US$20 billion loss estimate. Of course, the mileage you get may vary. Recommended reading: Brooks FP. The Mythical Man-Month: Essays on Software Engineering (2nd Edition). Addison-Wesley, 336 pages. ISBN-10: 0201835959
Here's what I put in my blog: A Technical Mistake 16 February 2008 http://www.cs.columbia.edu/~smb/blog/2008-02/2008-02-16.html The Electronic Frontier Foundation <http://www.eff.org/deeplinks/2008/02/foia-document-shows-improper-fbi-access-entire-domains-email> has obtained an FBI document <http://www.eff.org/files/090507_surge2.pdf> describing a mistake that was made in monitoring someone's email: the ISP sent the FBI all of the email for the entire domain, rather than just the suspect's email. It isn't surprising that something like this can happen. Matt Blaze <http://www.crypto.com> and I warned about configuration problems <http://www.crypto.com/papers/carnivore-risks.html> in surveillance systems several years ago: Needless to say, any wiretapping system (whether supplied by an ISP or the FBI) relied upon to extract legal evidence from a shared, public network link must be audited for correctness and must employ strong safeguards against failure and abuse. The stringent requirements for accuracy and operational robustness provide especially fertile ground for many familiar risks. First, there is the problem of extracting exactly (no more and no less) the intended traffic. The context then was Carnivore, but the problem is the same. On the same subject, Matt wrote More seriously, I suspect that the meat (so to speak) of any meaningful analysis of Carnivore's security and behavior lies not in its core source code but rather in the parameters used when it is actually configured and installed. In fact, errors by third parties are not uncommon. *The New York Times* report on this incident <http://www.nytimes.com/2008/02/17/washington/17fisa.html> makes it clear: Past violations by the government have also included continuing a wiretap for days or weeks beyond what was authorized by a court, or seeking records beyond what were authorized. The 2006 case appears to be a particularly egregious example of what intelligence officials refer to as "overproduction"—in which a telecommunications provider gives the government more data than it was ordered to provide. The problem of overproduction is particularly common, F.B.I. officials said. In testimony before Congress in March 2007 regarding abuses of national security letters, Valerie E. Caproni, the bureau's general counsel, said that in one small sample, 10 out of 20 violations were a result of "third-party error," in which a private company "provided the F.B.I. information we did not seek." From what has been released, the FBI did nothing wrong here. In fact, they say that they destroyed the unwanted (and unauthorized) emails when they noticed the problem. But mistakes /will/ happen. This is why I and others have warned <http://www.cs.columbia.edu/~smb/papers/j1lanFIN.pdf> about the dangers of too-close linkage to the telecommunications system: other plausible configuration errors could give malicious parties access to the network. Surveillance is difficult. Complexity and interconnections make it dangerous, too. [See Steve's blog for more. PGN]
Public Works and Government Services Canada (PWGSC), the procurement arm of the Canadian federal government, mailed out 138 CDs containing confidential government and commercial data in response to requests made under the Access to Information Act. The confidential portions of the information were blacked out, but this was not done properly so anyone in possession of a CD can easily restore the confidential information. The root cause is apparently government—mishandling of the new imaging software—used to process information access requests (insufficient user training?). The firms whose confidential commercial data has been compromised have been notified, but the government has refused to identify any of the recipients of the CDs on the basis that this would violate privacy laws. The Access to Information Act specifically exempts the government from civil liability for inadvertent disclosures made in good faith. The government has asked the 138 recipients of the CDs to return them, but so far only 28 have done so. Reported in the Globe and Mail: http://www.theglobeandmail.com/servlet/story/LAC.20080204.DISCS04/TPStory/
Some 190 current and former cabin attendants of Japan Airlines Corp. and their union sued the airline and its largest labor union on 11 Feb 2008, claiming 150 items of personal information on 9800 employees—including their DoB, home addresses, political beliefs, medical records, family status, physical descriptions, and internal job performance evaluations -- were collected without their consent, and seeking about 48 million yen in compensation. This was just recently discovered. [Source: Kyodo News, *The Japan Times*, 27 Nov 2007; PGN-ed] http://www.japantimes.co.jp/
A Japan Airlines jet carrying 446 passengers and crew members started heading down a runway without permission while another JAL aircraft was still moving on the runway after landing at New Chitose Airport on 16 Feb 2008, but was stopped short of rear-ending the other plane just in time by an air traffic controller. The pilot reportedly misunderstood the controller, who was speaking in English. [Presumably within the standard subset used internationally.] [Source: JAL plane attempts takeoff without permission in Hokkaido after English language mix-up, *Japan Today*, 18 Feb 2008; PGN-ed] http://www.japantoday.com/jp/news/428379 http://www.yomiuri.co.jp/dy/national/20080217TDY01304.htm
A bill designed to introduce electronic voting in national elections has been left up in the air due to worries about the system's reliability. The bill to revise the law on special provisions of the Public Offices Election Law has been carried over to the current Diet session at the House of Councillors after the House of Representatives passed it in the extraordinary Diet session. [...] E-voting began in Japan in Feb 2002 for some local governments, and has expanded slowly since then, locally. Past difficulties have apparently caused questions of credibility. In one municipal election in July 2003, all servers went down, affecting Kani's 29 polling stations; the Japanese Supreme Court invalidated the election. Another election in Nov 2003 had problems with communications and servers. [Source: Discussion needed to ease fears about touch-screen machines, Ryota Akatsu, Yomiuri Shimbun Staff Writer, the *Daily Yomiuri, 3 Feb 2008, PGN-ed] http://www.yomiuri.co.jp/dy/national/20080208TDY04302.htm
The Coast Guard says a problem with the computers that control the 933-foot Catalunya Spirit's tanker's boilers caused a loss of power that left it adrift off Cape Cod. Some power has been restored to the switchboards. The tanker, carrying liquefied natural gas, is being towed to an anchorage about seven miles offshore for further troubleshooting. The tanker was heading from Trinidad and Tobago to Boston when it lost power early Monday about 45 miles off the Cape. [Source: Associated Press item, *The Boston Globe*, online, 12 Feb 2008] Between the devil and the deep blue screen of death?
Bell Canada announced that basic personal data for 3.4 million customers in Ontario and Quebec has been stolen, discovered in electronic form in a Montreal home after a tip. The stolen subscriber data reportedly included names, addresses, telephone numbers, and services, but not financial information. However, roughly 5% of the phone numbers are unlisted, which may cause some consternation. [PGN-ed] http://www.reportonbusiness.com/servlet/story/RTGAM.20080212.wbelldata021=3/BNStory/Business/home
The Privacy Commissioner of Canada has censured the Royal Canadian Mounted Police (RCMP), Canada's national police force, for maintaining large numbers of secret files in violation of both RCMP policy and Canadian law. Summary: http://www.privcom.gc.ca/media/nr-c/2008/nr-c_080213_e.asp Full report: http://www.privcom.gc.ca/information/pub/ar-vr/rcmp_080213_e.pdf Backgrounder: http://www.privcom.gc.ca/media/nr-c/2008/nr-c_b-di_080213_e.asp The RCMP has been struggling with criticism on a number of fronts recently, and this report is likely to strengthen calls for stronger governance and management oversight. The RCMP have already committed to addressing the concerns raised by the Privacy Commissioner. The latter will be conducting a follow-up audit to verify compliance.
KC faulted after probe of IRS tapes missing from City Hall Lynn Horsley, *The Kansas City Star*, 19 Jan 2008 "A federal investigation of missing Internal Revenue Service tapes from City Hall in Kansas City has concluded that the city failed to follow 'proper safeguards for protecting federal tax return information.' That conclusion is contained in a heavily redacted report obtained recently by The Kansas City Star under a Freedom of Information Act request to the Treasury Department's inspector general for tax administration. The inspector general's investigation stemmed from the disappearance of 26 IRS computer tapes containing taxpayer information. The tapes, which have never been found, are normally used by the city to help enforce collection of the 1 percent city earnings tax paid by people who live or work in Kansas City." [ and for good measure ] "The IRS has never said what information was on the tapes, how many taxpayers were affected, or whether those taxpayers would ever be notified about the missing information." http://www.kansascity.com/news/politics/story/451282.html
http://www.theregister.co.uk/2008/02/15/ms_friendly_worm/ Microsoft are reportedly working on plans to distribute patches using techniques similar to those used by computer worms. Understandably, these plans are not popular amongst the security specialists. The idea is that patches can be distributed within subnets to machines that are likely to be configured in a similar way. This hopes to reduce the load on download servers that currently take a huge hit when patches are released. Of course, the process would be uncontrolled, and would never be secure enough for safe practical use. (We have had the "benign virus" appear RISKS before, of course. If I recall correctly, Cliff Stoll posted about a similar idea by Fred Cohen in RISKS-12.27. Chris) http://catless.ncl.ac.uk/Risks/12.27.html#subj13.1 )
BlackBerry messaging services were interrupted Monday afternoon (February 11) throughout North America due to an unspecified problem at the RIM data center in Canada through which all BlackBerry email messages are processed. Although RIM states the outage began at 3:30pm EST, this BlackBerry user also noticed message delays at various points earlier in the day. Jim Balsillie, RIM's co-CEO, speculated that the outage was caused by a system upgrade: "At the core virtually all these things tend to happen on service upgrades". This latest outage follows on the heels of another widespread outage last April, which was attributed to the introduction of a new feature that had been insufficiently tested. Reported in the Ottawa Citizen and elsewhere: http://www.canada.com/ottawacitizen/news/story.html?id=3D23a3b21b-3d52-4714-b232-b7098c9f4996 <http://www.canada.com/ottawacitizen/news/story.html?id=3D23a3b21b-3d52-4714-b232-b7098c9f4996&k=3D8706> &k=3D8706=20 [Also reported by Mike Hogsett. PGN]
The annual ''X-Force'' report, released on 12 Feb 2008 by Internet Security Systems, part of IBM Corp., says network and software vendors acknowledged 6,437 security flaws in 2007, down 5.4 percent from the prior year, but up from 4,824 the year before that. [Good news and bad news.] But the real bad news may be that a black market has emerged "that will pay up to $100,000 (euro68,766) to computer whizzes" who find vulnerabilities and sell the information to criminal gangs eager to exploit them. Thus, it is profitable NOT to publicly report previously undetected flaws. [Source: Web security report says known vulnerabilities fall because criminals pay to hide them, Associated Press item; PGN-ed] http://www.technologyreview.com/printer_friendly_article.aspx?id=20206 http://www.iss.net/documents/literature/x-force_2007_trend_statistics_report.pdf
On 8 Jan 2008 the GAO published a report that may be of interest for many RISKS readers: GAO-08-211 Information Security: IRS Needs to Address Pervasive Weaknesses http://searching.gao.gov/query.html?charset=iso-8859-1&ql=&rf=2&qt=GAO-08-211&Submit=Search Dott. Diego Latella - Senior Researcher - CNR/ISTI, I56124 Pisa (ITALY) http://www.isti.cnr.it/People/D.Latella - phone:+39 0503152982 [This is just one in a very long series of GAO reports on IRS computer problems. PGN]
All the anecdotes about how GPS has led people down the garden path, into
lakes and rivers, 300 miles out of the way, etc., are entertaining—I
consume them hungrily. But is the situation they represent really that new,
or really limited to technology?
The same thing can happen (and does) when people expect a printed map to be
a perfect reflection of the real-world things (roads, etc.) it symbolizes,
or to have complete information, or to be current. Some of the printed maps
in my car don't show the directions of one-way streets, so "relying" on them
can lead me around in circles. *None* of the printed maps in my car show
the locations of things like "no left turn" signs, bridge ramps that are
closed during rush hours, etc. And maps know even less about traffic
conditions than GPS does (or can, at least in theory). Someone who drives
frequently in the real world (or, for that matter, who does almost anything
in the real world) constantly has to contend with incomplete or imperfect
data, and constantly revise his or her mental map or action plan based on
new information. That is as true for us as it is for zebras in the wild
trying to keep from being eaten by lions.
With that as context, GPS navigation is nothing short of miraculous. To
someone who doesn't understand the underlying science (and I am *almost* in
that category, having only a basic conceptual grasp of how it works), it is
like magic—a magical black box that knows where you are, where you are
going, and how to get there, almost without limitation. When I bought my
basic no-frills consumer GPS navigation device six weeks ago, I was fully
prepared for an experience that fell short of my expectations. I
anticipated imprecision, the occasional inaccuracy, out-of-date road data.
But no. The thing has worked exactly as advertised from the moment I took
it out of the box in the parking lot of the store where I bought it.
In about 5,000 miles of driving, all across the congested New York region
and up and down the Eastern Seaboard, *not once* has the system steered me
wrong, aside from the two or three times that it was momentarily confused
about my location on startup. *Not once* has it so much as instructed me to
make an illegal turn, let alone an impossible one. Half a dozen times I
have thought "it must be mistaken, I'm going to ignore it and turn here
instead"—on every such occasion, it was right and I was wrong. When I
divert from the recommended route (for instance, because I as a human have
knowledge about traffic conditions that makes an alternate route
preferable), it notices what I am doing and recalculates a new route
automatically according to my wishes in about eight seconds. The sole
exception is that sometimes, in a complicated stack of highway ramps (as on
the approach to the Brooklyn-Battery Tunnel in lower Manhattan), it
momentarily gets confused about which level I'm on. But within a few
seconds, it rights itself again.
At least in this relatively densely populated part of the United States, it
appears to me to have *perfect* knowledge of every street, highway, ramp,
and access road—not *significant* knowledge, not *very good* knowledge,
but *perfect* knowledge. I say that knowing that it cannot be literally
true, but for all practical purposes, to me it might as well be. And on top
of that, it has a surprisingly complete and current database of business
addresses and phone numbers (want a bagel right now in an unfamiliar
neighborhood of Danbury, Connecticut? need to find a post office in a city
you have never set foot in until 5 minutes ago? It can tell you where).
The device doesn't obviate the need to have common-sense overview knowledge
of unfamiliar areas before heading into them ("if the GPS device stopped
working, what road would I ask directions to?"), nor the need to pay
attention to make sure that the real world conforms with the map on the
screen. But I would say that since getting the device, my driving paradigm
has permanently changed. I still carry a stack of maps and atlases in the
car, but now I only look at them when I'm heading somewhere completely new
for the first time. I leave the device on all the time, even when I'm not
heading anywhere in particular, so I have an overview map of my surroundings
right in front of me—which has frequently led to interesting detours I
never would have thought to make without it. I go anywhere I like, in any
direction, and never worry about getting lost. I freely detour from my
planned route whenever I feel like it, even in completely unfamiliar areas,
secure in the knowledge that I can easily find my way back (or find a more
efficient route from the stopover to my ultimate destination). It is
nothing short of miraculous.
[Reminder: RISKS is always short on success stories, so I am happy to run
this one. PGN]
News Story - WSMV Nashville http://www.wsmv.com/news/15315424/detail.html?taf=nash
(Lest we forget:) "The chief cause of problems is solutions." Eric Sevareid, 1970
Forwarded message: > From: <ntisa77@yahoo.com.au> > To: <wb8foz@panix.com> > Subject: I've visited your website http://www.csl.sri.com/~risko/risks.txt > Date: Mon, 11 Feb 2008 23:58:42 +1100 > > Hi, > > We've seen your website at http://www.csl.sri.com/~risko/risks.txt > and we love it! > > We see that your traffic rank is 0 > and your link popularity is 0. > Also, we see that you are online since <Online since>. > > With that kind of traffic, we will pay you up to $4,800/month > to advertise our links on your website. > > If you're interested, read our terms from this page: > http://www.contactthem.ws/hit.php?s=10&p=2&w=102122 > > Sincerely, > > Ngaupokoina Isamaela > The ContactThem Network > 61395628930 Why am I reminded of the line from Animal House: "And as for you, you don't even HAVE a grade point average! Zero point zero" [David, Ngaupo obviously wants to be your Auto-Mate manager. PGN]
Please report problems with the web pages to the maintainer