Please try the URL privacy information feature enabled by clicking the flashlight icon above. This will reveal two icons after each link the body of the digest. The shield takes you to a breakdown of Terms of Service for the site - however only a small number of sites are covered at the moment. The flashlight take you to an analysis of the various trackers etc. that the linked site delivers. Please let the website maintainer know if you find this useful or not. As a RISKS reader, you will probably not be surprised by what is revealed…
Re: Rieden and Garret (RISKS-25.40) I don't think it helps to suggest that the manoeuvre would be something passengers are "unlikely to have noticed" (Rieden) or "typical" (Garret). It's not the vertical speed that mattered, it is the acceleration used to get there. The vertical acceleration was -0.8g according to the Airbus All-Operators-Telex, enough to throw unbelted people against the ceiling (but with not quite their full weight) and 14 people were injured seriously enough to be transported by medical helicopter to hospital. The ATSB has classified it as an accident. Their preliminary report is on their WWW site. It was more than a "terrifying plunge", it was one sufficient to break people's bones. Peter Bernard Ladkin, Causalis Limited and University of Bielefeld www.causalis.com www.rvs.uni-bielefeld.de [We received a slew of messages on this topic. The following three are more or less representative of different key points. PGN]
> Rieden: Perhaps this should be re-titled "Risk of Inflammatory reporting". Or perhaps "risk of becoming so cynical that you dismiss the story out of hand instead of doing your own research and finding out that the reporter left out a zero, and that more than forty passengers sustained injuries, fifteen of them serious, in a 6,500-foot drop". Dag-Erling Smørgrav - firstname.lastname@example.org
What does not appear to be considered is that descent during the 20 seconds may not have been linear. There may have been an initial rapid descent followed by a recovery phase. I know that if I were sitting in my airliner seat and suddenly found the cabin seat coming down to meet me at 22mph I'd be pretty scared! Guy Dawson, I.T. Systems Manager, Crossflight Ltd email@example.com
In reply to both Peter and Ron, it seems that while misreporting is to blame here, it is merely vaguely imprecise rather than deliberately misleading. At a press conference, the Australian Transport Safety Bureau played an animation of the incident — based on recorded flight data. It clearly shows that while the entire incident lasted about 20 seconds, the most severe event was a change in the aircraft's pitch from +2.1 degrees to -8.3 degrees over a period of approximately 1 second.
[RISKS has previously reported on the overly aggressive name matching in use of the no-fly list (e.g. David Nelson and Senator Kennedy, RISKS-22.80 22.81, 25.15). This might minimize those problems. However, any error in the databases used for matching may now be even more difficult to surmount in time to catch your plane.] The Department of Homeland Security will take over responsibility for checking airline passenger names against government watch lists beginning in January, and will require travelers for the first time to provide their full name, birth date and gender as a condition for boarding commercial flights, U.S. officials said Wednesday. Security officials say the additional personal information — which will be given to airlines to forward to the federal agency in charge — will dramatically cut down on cases of mistaken identity, in which people with names similar to those on watch lists are wrongly barred or delayed from flights. The changes, to be phased in next year, will apply to 2 million daily passengers aboard all domestic flights and international flights to, from or over the United States. By transferring the screening duty from the airlines to the federal government, the Secure Flight program marks the Bush administration's long-delayed fulfillment of a top aviation security priority after the Sept. 11, 2001, terrorist attacks. Homeland Security Secretary Michael Chertoff and Transportation Security Administration (TSA) chief Kip Hawley said yesterday that, except in rare situations, passengers who do not provide the additional information will not be given boarding passes. ... DHS has received more than 43,500 requests for redress since February 2007 and has completed 24,000 of them, with the rest under review or awaiting more documentation, TSA spokesman Christopher White said. But the number of people who actually match the names on the watch lists is minuscule, officials acknowledged. On average, DHS screeners discover a person who is actually on the no-fly list about once a month, usually overseas, and actual selectees daily, Hawley said. To bolster their case for the new program, U.S. officials for their first time disclosed that the no-fly list includes fewer than 2,500 individuals and the selectee list fewer than 16,000. Ten percent of those named on the no-fly list and fewer than half on the selectee list are U.S. citizens, Chertoff said. [Source: Spencer S. Hsu, *The Washington Post*, 23 Oct 2008; PGN-ed] [Of course, if the TSA database information is as riddled with errors and other variations as are the voter registration databases, the employment eligibility verification databases, and so on, there will still be many false positives on would-be fliers.]
I just received a note saying that my review of a submitted paper that was due on 22 Nov 2006 was now overdue. To make matters worse, when I tried to bring up the details on their website, my browser found itself an an infinite loop. I clearly thought I had submitted my evaluation two years ago, and queried Elizabeth Bretz — who does an excellent job overseeing the review process. This is her response: ``Peter — no worries. They upgraded the peer review system, and a queue of old papers suddenly sprang to life. There's no need for you to do anything, except disregard the e-mails. Apologies for the interruption and aggravation. Elizabeth'' As the RISKS graybeard, I feel Upgrayeded by just one more example of an upgrade that did not work as expected.
See Dan Wallach's analysis of vote-flipping in the Hart Intercivic e-slate systems. http://accurate-voting.org/2008/10/22/vote-flipping-on-hart-intercivic-eslate-systems/
Remember that many of the problems with elections are not directly related to the voting systems themselves. For example, two reports were released yesterday that should be of interest to those of you who are not fed up with risks in voting, relating to deceptive campaign practices: E-Deceptive Campaign Practices Electronic Privacy Information Center and The Century Foundation 20 Oct 2008 http://votingintegrity.org/pdf/edeceptive_report.pdf Deceptive Practices 2.0: Legal and Policy Responses Common Cause, The Lawyers Committee for Civil Rights under Law, and the Century Foundation 20 Oct 2008 http://www.tcf.org/print.asp?type=PR&pubid=149
[This is forwarded by Leonard from someone else, who says:] Lest any of you think this is a hoax, i just checked and it is verified as TRUE on Snopes-- <http://www.snopes.com/politics/ballot/straightticket.asp> http://www.snopes.com/politics/ballot/straightticket.asp Unbelievable! I rarely like to pass on stuff but this one i encourage everyone to pass on to EVERYONE so we don't have another 8 years of DISASTER. just got this from a friend of mine, pass it on: "Straight Party Voting" Trap. Here are the details and what to do about it: THE PROBLEM: "Straight party voting" on voting machines is revealing a bad pattern of miscounting and omitting your vote, especially if you are a Democrat. Most recently (Oct. 2008), a firm called Automated Election Services was found to have miscoded the system in heavily Democratic Santa Fe County, New Mexico such that straight party voters would not have their presidential votes counted. STRAIGHT PARTY VOTING is allowed in 15 states. Basically, it means that you can take a shortcut to actually looking at who you are voting for and instead just select a party preference. Then the voting machine makes your candidate choices, supposedly for the party you requested. HOW TO PROTECT THE COUNT against the Straight Party Vote trap: 1) NEVER CHOOSE THE STRAIGHT PARTY VOTE OPTION, because it alerts the computer as to your party preference and allows software code to trigger whatever function the programmer has designed. 2) SEND THIS INFORMATION OUT TO AS MANY PEOPLE AS YOU CAN, blog it, root n' toot it out there to get the word out. 3) ESPECIALLY GET THE WORD OUT TO PEOPLE IN THE FOLLOWING STATES, which have straight party voting options: Alabama, Indiana, Iowa, Kentucky, Michigan, New Mexico, North Carolina, Oklahoma, Pennsylvania, Rhode Island, South Carolina, Texas, Utah, West Virginia, Wisconsin 4) DEMAND COMPLETE AND CAREFUL TESTING OF THE STRAIGHT PARTY OPTION IN LOGIC & ACCURACY TESTS 5) LOOK FOR UNDERVOTES (high profile races with lower-than-average number of votes cast) and flag them, post them, bring them to the attention of others for additional scrutiny. Voting machine miscounts of straight party votes were proven by California researcher Judy Alter in the 2004 New Mexico presidential election; in Alabama Democrat straight party votes were caught going to a Republican, and Wisconsin a whole slew of straight party votes disappeared altogether. Both DRE and optical scan machines are vulnerable. Private contractors are involved; private firms like LHS Associates, Automated Election Services, Harp Enterprises, Casto & Harris and others will program almost all systems in the USA this November. ES&S scanners were involved in examples cited, but Diebold has also issued a cryptic Product Advisory Notice in 2006 about unexpected results from certain Straight Party option programming practices. [Incidentally, I wandered into a voting station in Vancouver, Canada, a couple of weeks ago. They use paper ballots; I asked if they're counted manually, reply "you bet ". They handled more people much more expeditiously than in my PA, USA station, 'cos we have only a couple of voting machines, and they had effectively lots more, and simpler ones...aka ballot boxes. And results were available certainly by next morning (and prob. earlier). LF] Leonard X. Finegold, Physics, Drexel University, 3141 Chestnut Street Phila. PA 19104 1-215.895.2740 L@drexel.edu
Social Security Numbers Are Widely Available in Bulk and Online Records, but Changes to Enhance Security Are Occurring GAO-08-1009R September 19, 2008 http://www.gao.gov/products/GAO-08-1009R Summary Various public records in the United States contain Social Security numbers (SSN) and other personal identifying information that could be used to commit fraud and identity theft. For the purposes of this report, public records are generally defined as government agency-held records made available to the public in their entirety for inspection, such as property and court records. Although public records were traditionally accessed locally in county courthouses and government records centers, public record keepers in some states and localities have more recently been maintaining electronic images of their records. In electronic format, records can be made available through the Internet or easily transferred to other parties in bulk quantities. Although we previously reported on the types of public records that contain SSNs and access to those records, less is known about the extent to which public records containing personal identifying information such as SSNs are made available to private third parties through bulk sales. In light of these developments, you asked us to examine (1) to what extent, for what reasons, and to whom are public records that may contain SSNs available for bulk purchase and online, and (2) what measures have been taken to protect SSNs that may be contained in these records. To answer these questions, we collected and analyzed information from a variety of sources. Specifically, we conducted a survey of county record keepers on the extent and reasons for which they make records available in bulk or online, the types of records that they make available, and the types of entities (e.g., private businesses or individuals) that obtain their records. We focused on county record keepers because, in scoping our review, we determined that records with SSNs are most likely to be made available in bulk or online at the county level. We surveyed a sample of 247 counties--including the 97 largest counties by population and a random sample of 150 of the remaining counties, received responses from 89 percent, and used this information to generate national estimates to the extent possible. Our survey covered 45 states and the District of Columbia, excluding five states where recording of documents is not performed at the county level (Alaska, Connecticut, Hawaii, Rhode Island, and Vermont). We used the information gathered in this survey to calculate estimates about the entire population of county record keepers. Many counties make public records that may contain Social Security numbers (SSNs) available in bulk to businesses and individuals in response to state open records laws, and also because private companies often request access to these records to support their business operations. Our sample allows us to estimate that 85 percent of the largest counties make records with full or partial SSNs available in bulk or online, 3 while smaller counties are less likely to do so (41 percent). According to county officials and businesses we interviewed, SSNs are generally found in certain types of records such as property liens and appear relatively infrequently. However, because millions of records are available, many SSNs may be displayed. Counties in our survey cited state laws as the primary reason for making records available, and requests from companies may also drive availability, as several told us they need bulk records to support their businesses models. Counties generally do not control how records are used. Of counties that make records available in bulk or online, only about 16 percent place any restrictions on the types of entities that can obtain these records. We found that title companies are the most frequent recipients of these records, but others such as mortgage companies and data resellers that collect and aggregate personal information often obtain records as well. Private companies we interviewed told us they obtain records to help them conduct their business, including using SSNs as a unique identifier. For example, a title company or data reseller may use the SSN to ensure that a lien is associated with the correct individual, given that many people have the same name. Information from these records may also be used by companies to build and maintain databases or resold to other businesses. Businesses we contacted told us they have various safeguards in place to secure information they obtain from public records, including computer systems that restrict employees' access to records. In some cases, information from these public records is sent overseas for processing, a practice referred to as offshoring. We were not able to determine the extent of offshoring, but both record keepers and large companies that obtain records in bulk told us that it is a common practice. In the course of our work, we found that public records data are commonly sent to at least two countries--India and the Philippines. State and local governments, as well as the federal government, are taking various actions to safeguard SSNs in public records, but these actions are a recent phenomenon. Based on our survey, we estimate that about 12 percent of counties have completed redacting or truncating SSNs that are in public records-- that is, removing the full SSN from display or showing only part of it--and another 26 percent are in the process of doing so. Some are responding to state laws requiring redaction or truncation, but others have acted on their own based on concerns about the potential for identity theft. For example, California and Florida recently passed laws that require record keepers to truncate or redact SSNs in their publicly available documents, while one clerk in Texas told us that in response to public concern about the vulnerability of SSNs to misuse, the county is redacting SSNs from records on its own initiative. In recent years, 25 states have enacted some form of statutory restriction on displaying SSNs in public records. Some states have also enacted laws allowing individuals to request that their SSNs be removed from certain records such as military discharge papers.
In response to the Civil Air Patrol example and the statement "This is YOUR government at work, folks."... The vast majority of the Civil Air Patrol is made up of volunteers. The few paid employees that exist work for CAP the non-profit corporation and are not government employees. That doesn't excuse any of the errors described during the password reset process; just that they weren't committed by the government in this case.
> ... an Amazon user does not have a 1:1 mapping of e-mail->userID. Counterpoint: back when PayPal was created, they came up with 1:1 mapping of credit card number->userID. Guess how that works for people with joint bank accounts. (OK, we're weird: my wife kept her maiden name and we don't have 8 credit cards, we only have one. And has the same number for two different cardholder names, unlike our one debit card. Still, we can't be the only two people on the net with a joint visa account.) I wonder if an analysis of my wife's PayPal/Ebay purchase history would get her diagnosed with multiple personality disorder...
Amazon's approach to allow multiple accounts with the same e-mail address has advantages when it comes to e-mail address changes. A customer returning to Amazon years later can still login with the original account data, getting access to purchase history, gift certificates, reviews etc. and change the e-mail address from there even when another customer has used the same e-mail address in the meantime. The downside is that a customer can easily end up with multiple accounts, and merging those later requires manual intervention by Amazon staff. Klaus Johannes Rusch KlausRusch@atmedia.net http://www.atmedia.net/KlausRusch/
In RISKS-25.37, Mark F wrote: "I've been on commercial flights that weren't permitted to take off because they had only 2 of 3 navigational devices functioning." It was standard practice to equip sailing ships with three chronometers. This requirement forms a pivot for the plot in *Michael, Brother of Jerry*, a very bad and justly obscure 1915 novel by Jack London (better known for *The Call of the Wild*). Here's a key passage (with ethnic slurs redacted). (Needless to say the voyage ends in disaster due to the shipowner's pennypinching ways). "It's a pity," he would suggest to Captain Doane, "that you have only one chronometer. The entire fault may be with the chronometer. Why did you sail with only one chronometer?" "But I WAS willing for two," the owner would defend. "You know that, Grimshaw?" The wheat-farmer would nod reluctantly and Captain would snap: "But not for three chronometers." "But if two was no better than one, as you said so yourself and as Grimshaw will bear witness, then three was no better than two except for an expense." "But if you only have two chronometers, how can you tell which has gone wrong?" Captain Doane would demand. "Search me," would come the pawnbroker's retort, accompanied by an incredulous shrug of the shoulders. "If you can't tell which is wrong of two, then how much harder must it be to tell which is wrong of two dozen? With only two, it's a fifty-fifty split that one or the other is wrong." "But don't you realize--" "I realize that it's all a great foolishness, all this highbrow stuff about navigation. I've got clerks fourteen years old in my offices that can figure circles all around you and your navigation. Ask them that if two chronometers ain't better than one, then how can two thousand be better than one? And they'd answer quick, snap, like that, that if two dollars ain't any better than one dollar, then two thousand dollars ain't any better than one dollar. That's common sense."
Please report problems with the web pages to the maintainer