Please try the URL privacy information features enabled by clicking the flashlight icon above. They are described in the news page. Please let the website maintainer know if you find this useful or not. As a RISKS reader, you will probably not be surprised by what is revealed…
Eric Nalder *San Francisco Chronical*, 8 Mar 2001, pp. A1/A6 http://www.sfgate.com/cgi-bin/article.cgi?f=/c/a/2011/03/07/MNDF1I5JA3.DTL&tsp=1 [This article should be of considerable interest to RISKS readers who are used to items on the difficulties of placing blame that it turns out is typically widely distributed. In the San Bruno CA case, faulty maintenance or the lack of maintenance were initially blamed for the aging pipe junction exploding. Newly released federal documents describe a convoluted sequence of events prior to the explosion, beginning with a `screwed-up' repair to a PG&E control station in Milpitas causing increased gas-transmission line pressures to rise 50 minutes before the explosion and a succeeding “chain of unforeseen problems and blunders''. including an (accidental?) electrical shutdown in Milpitas, two backup power supplies that failed, and lost communications between the San Francisco control center and the Milpitas control station. It appears to have been a decidedly nonconstructive Rube Goldberg sequence of events. PGN]
[From Dave Farber's IP distribution. PGN] A nice decision today rejecting an argument that would have seriously undermined the FOIA [Freedom of Information Act] Paul Alan Levy, Public Citizen Litigation Group, 1600 - 20th Street, N.W. Washington, D.C. 20009, (202) 588-1000 http://www.citizen.org/litigation PUBLIC CITIZEN PRESS RELEASE, Dorry Samuels 1 Mar 2011 firstname.lastname@example.org Contact: Dorry Samuels (202) 588-7742 Angela Bradbery (202) 588-7741 U.S. Supreme Court Victory: Decision Rejects Theory That Corporations Have Personal Privacy Rights Under FOIA Statement of Adina Rosenbaum, Attorney, Public Citizen Note: Public Citizens Adina Rosenbaum was co-counsel for the FOIA requester CompTel in the U.S. Supreme Court. We applaud the U.S. Supreme Court for its decision this morning in Federal Communications Commission v. AT&T holding that corporations do not have personal privacy rights under the Freedom of Information Act (FOIA). As the Supreme Court recognized, personal privacy is not a term that is used to refer to corporate interests. The Supreme Courts decision is an important victory for government transparency. If records could be withheld on the theory that they would embarrass a corporation, as AT&T had argued, the public would be deprived of important information about corporate wrongdoing and the governments response to it. We are pleased that FOIA will be able to continue to be used as intended, as an important tool for democracy and accountability, and that corporations cannot block disclosure by claiming release of records would harm their personal privacy. The case stems from a FOIA request for records relating to an investigation by the FCC into alleged overbilling of the government by telecommunications provider AT&T. AT&T had argued that all of the records relating to the investigation should be exempt from disclosure under a FOIA exemption that applies to law enforcement records whose release would constitute an unwarranted invasion of personal privacy. Although the exemption had always been understood to apply only to individuals privacy, the U.S. Court of Appeals for the Third Circuit had sided with AT&T in a decision last year. Today, the Supreme Court reversed. Writing for a unanimous court, Chief Justice John Roberts stated that personal privacy suggests a type of privacy evocative of human concerns - not the sort usually associated with an entity like, say, AT&T. The fact that person is defined for FOIA purposes to include corporations does not change the meaning of personal. As the court pointed out, the word corny has little to do with corn, and the word crabby does not refer either to a crustacean or an apple. To read more about this case, visit: http://www.citizen.org/litigation/forms/cases/getlinkforcase.cfm?cID=606 . Public Citizen is a national, nonprofit consumer advocacy organization based in Washington, D.C. For more information, please visit www.citizen.org .
Jack Spine: "Air traffic control technology being implemented in one of the major transport hubs in the UK is 'not safe,' according to air traffic controllers. The electronic flight data system (EFD) being phased in at Glasgow Prestwick Airport is too slow to handle real-time inputs, and could not cope with an outage that isolated it from the main air traffic system. Controllers had to scramble to handle the situation. Good luck if you're traveling to the UK anytime soon." https://news.slashdot.org/story/11/03/03/1825221/UK-Controllers-Say-Air-Traffic-System-Not-Safe?from=newsletter#commentlisting http://www.zdnet.co.uk/ http://www.zdnet.co.uk/news/security-threats/2011/03/02/air-traffic-control-system-is-not-safe-say-uk-controllers-40091970/
[Thanks to Llew Roberts. Long item, severely PGN-ed.] [Source: Eric Lichtblau and James Risen, Hiding Details of Dubious Deal, U.S. Invokes National Security, *The New York Times*, 19 Feb 2011] http://www.nytimes.com/2011/02/20/us/politics/20data.html For eight years, government officials turned to Dennis Montgomery, a California computer programmer, for eye-popping technology that he said could catch terrorists. Now, federal officials want nothing to do with him and are going to extraordinary lengths to ensure that his dealings with Washington stay secret. The Justice Department, which in the last few months has gotten protective orders from two federal judges keeping details of the technology out of court, says it is guarding state secrets that would threaten national security if disclosed. But others involved in the case say that what the government is trying to avoid is public embarrassment over evidence that Mr. Montgomery bamboozled federal officials. C.I.A. officials ... came to believe that Mr. Montgomery's technology was fake in 2003, but their conclusions apparently were not relayed to the military's Special Operations Command ...
The Indiana Secretary of State, Charlie White, the state's highest election official, has been indicted for seven felony counts, including voter fraud. http://www.indystar.com/article/20110303/NEWS/110303019/Indiana-Secretary-State-White-indicted-faces-7-felony-counts?odyssey=tab%7Ctopnews%7Ctext%7CIndyStar.com http://tpmmuckraker.talkingpointsmemo.com/2011/03/indiana_secretary_of_state_indicted_on_voter_fraud.php?ref=fpi
Troy Hooper: Saguache County election fraud case goes to a grand jury *Colorado Independent*, http://coloradoindependent.com/77154/saguache-county-election-fraud-case-goes-to-a-grand-jury This is another very convoluted case, and deserves much greater exposure. For those of you interested in ongoing sagas of election fraud, including the Kentucky convictions (RISKS-26.76-77) and check out the following URLs. Given the lack of meaningful oversight and audit trails, many cases are difficult to detect, much less to prosecute. http://www.sos.state.co.us/pubs/elections/VotingSystems/files/ESSPROJECTOVERVIEWA5.pdf http://www.glassballotbox.org/storage/SaguacheCB.pdf http://www.glassballotbox.org/journal/2010/12/5/saguache-county-colorado-2010-election-irregularities.html
IPv6 on home routers and DSL/cable modems: FAIL http://j.mp/fA9xLR (Network World) "Most devices certified as IPv6-compliant by the IPv6 Forum are full of implementation bugs, experts say."
[Noted by Michael Lesk] *The New York Times*, 3 Mar 2011 Includes a story about China including: "The project, which would make use of global positioning technology [and cell phone tower data], aims to monitor all Beijing residents who use mobile phones—some 20 million people—to detect unusually large gatherings. One official said the primary use would be to detect and ease traffic and subway congestion. But Chinese media reports said government officials could use the data to detect and prevent protests."
Intel, one of DARPA'S partners on the research has suggested the technology could one day go further, making it able to "mimic the shape and appearance of a person or object being imaged in real time." http://www.wired.com/dangerroom/2011/03/navy-robot-apocalypse/ So these mechanical swarms might eventually be capable of building other, shape-shifting robots? What could possibly go wrong?"
This appeared in the March 3, 2011 issue of "The Daily News", Kamloops, British Columbia, Canada's daily newspaper. It is from The Canadian Press. "Candidate rebuffs request for social media passwords VANCOUVER—B.C.'s New Democrats [New Democratic Party (abbrev: NDP)] are asking potential leadership candidates to hand over the keys to their online lives, apparently looking for any compromising photos or controversial postings that could come back to bit the party. Political parties routinely subject candidates to extensive vetting, requiring them to disclose anything about their personal lives that could prove embarrassing during a campaign. But the NDP has gone one step further, demanding candidates who want to be on the ballot for the April 17 vote provide the passwords to their social media profiles—a request leadership hopeful Nicholas Simons says goes too far. Simons, who has represented the party in the legislature since 2005, says he handed in his nomination package without giving the party access to poke around his Facebook account. "Our civil liberties and privacy, they don't just go away overnight, they get eroded gradually. At what point are they going to be satisfied that my character is such that I won't bring disrepute to the party? I've been an MLA [Member of the Legislative Assembly] for six years."
InfoWorld Home / Notes from the Field, 7 Mar 2011 http://www.infoworld.com/t/social-networking/facebook-comments-the-death-web-anonymity-653 Facebook Comments: The death of Web anonymity; Facebook wants to manage the comments on your blog (and a million others). Say hello to the Facebookization of the Web and good-bye to online anonymity Don't look now, but Facebook is spreading its kudzulike tendrils into yet another part of the Web: the comments field. Last week, the Uber Social Network introduced a free plug-in that replaces the software a site uses to manage its comments with one built by Facebook. The implications of this are larger than they may appear. If widely adopted, Facebook Comments could kick online trolls to the curb while pounding yet another nail into the coffin of Web anonymity. Log into a site that uses Facebook Comments and a few things happen. One is that you'll be able to use Facebook as a universal one-time log-in for any site that uses its plug-in—no more logging in multiple times to different sites each day. Deux, your Facebook profile pic will appear alongside the comments—in fact, the whole comments field will look like a chunk of Facebook has been plopped down at the end of each story. Trey, you'll see less spam, thanks to Facebook's built-in filters. Quatro, if you leave the "Post to Facebook" box checked, your pithy witticisms, incisive analysis, or (in my case) sophomoric jokes will also appear on your Facebook wall—and any replies your friends make on your Facebook page will also appear under your comments on that third-party site. In other words, your friends' Facebook mugshots could end up on sites they've never visited –- though they'd have a heck of a time proving that to the rest of the world. So be careful when responding to comments on AdultMenInDiapers.com, or you might have some 'splaining to do. [...]
No wonder my bad friends seem much more louder these days :-) http://www.huffingtonpost.com/2011/03/07/eli-pariser-facebook-google-ted_n_832198.html ...he has always made an effort to befriend both liberals and conservatives on Facebook so he could keep track of the issues each group was discussing. Over time, however, something strange happened, Pariser said: his conservative Facebook friends disappeared from his news feed. He realized that Facebook's algorithm had "edited them out" because Pariser was clicking more on links from liberal friends than conservative ones. Google is also guilty of tweaking what it shows users based on past online behavior. Pariser highlighted how two users can receive drastically different Google search results after querying the same term because the search engine monitors 57 signals to tweak and personalize results. "There is no standard Google anymore," Pariser noted. "This moves us very quickly toward a world in which the Internet is showing us what it thinks we want to see, but not necessarily what we need to see," Pariser said of editing via algorithms. Because of algorithms that determine what we see online based on our browsing, reading, and clicking history, we risk being exposed to fewer viewpoints and a more limited array of opinions, content sources, and viewpoints, Pariser argued. "If you take all of these filters together, all of these algorithms you get what I call a filter bubble. Your filter bubble is your own personal unique universe of information that you live in online," he said. "What's in your filter bubble depends on who you are and it depends on what you do you, but the thing is that you don't decide what gets in...and more importantly you don't actually see what gets edited out."
A Quebec medical student who spent three days stuck on a remote logging road in New Brunswick says she was ready to hunker down in her snowbound car until spring. Three snowmobilers found Stephanie Parent, 22, on Wednesday near Wayerton, N.B., in a heavily forested area several kilometres northwest of Miramichi. The Sherbrooke, Que., native ended up there Sunday night after following instructions from her GPS on her way for an internship at a Bathurst hospital. Her parents notified police on Monday when she failed to show up at the hospital or contact them. Ms. Parent recounted her ordeal Thursday and blamed the GPS for leading her down an unpaved road where her car got stuck in the snow. Her cellphone failed to work in the remote area. http://www.nationalpost.com/todays-paper/Student+stranded+snowed+days/4381140/story.html
http://www.huffingtonpost.com/bob-bowdon/why-has-google-been-colle_b_825754.html Bob Bowdon, Director of "The Cartel," a documentary about corruption in American public education. 21 Feb 2011 BIO Become a Fan Why Has Google Been Collecting Kids' Social Security Numbers Under the Guise of an Art Contest? opening paragraphs: As the director of The Cartel documentary, one of the things I learned was how poorly the traditional news media cover issues pertaining to children, in that case corruption in public education. Since the film's release, I often get contacted about other aspects of child protection that I would have never imagined—stories that don't seem to get attention elsewhere. Like this. What you're about to read hasn't been reported anywhere, and when it was brought to my attention, I could hardly believe it. It turns out that the company sporting the motto "don't be evil" has been asking parents nationwide to disclose their children's personal information, including Social Security Numbers, and recruiting schools to help them do it -- all under the guise of an art contest. It's called, "Doodle-4-Google," a rather catchy, kid-friendly name if I do say so myself. The company is even offering prize money to schools to enlist their help with the promotion. Doesn't it sound like fun? Don't you want your kid to enter too? What could be wrong with filling out a few entry forms? A national, commercial database of names and addresses of American children, especially one that includes their dates of birth and SSNs, would be worth many millions to marketing firms and retailers. Of course, data collection is not the reason Google gives for doing this competition. Their FAQ says it's because "We love to encourage and celebrate the creativity of young people..." etc. If that's so, then why on earth would the contest's original Parent Consent Form ask for the child's city of birth, date of birth and last four digits of the child's SSN? Along with complete contact info of the parents. You see what Google knows and many parents don't know is that a person's city of birth and year of birth can be used to make a statistical guess about the first five digits of his/her social security number. Then, if you can somehow obtain those last four SSN digits explicitly—voila, you've unlocked countless troves of personal information from people who didn't even understand that such a disclosure was happening.
Whilst managing my millions, I peeked into my brokerage mailbox: Your secure e-mail messages are listed below. All messages will be deleted after 60 days. "Secure" as in "Linus van Pelt's security blanket".
"Hello, We recently experienced a directed attack on SourceForge infrastructure ( http://sourceforge.net/blog/sourceforge-net-attack/ ) and so we are resetting all passwords in the sf.net database ... as a proactive measure we've invalidated your SourceForge.net account password. To access the site again, you'll need to go through the email recovery process and choose a shiny new password: https://sourcef..." No English mistakes, so it must be legit. But I'm asking my mom first just to be on the safe side.
Mark Thorson's prediction that cloud computing will some day be "completely discredited" strikes me as a clear overreaction to the recent loss of some users' Gmail data, especially given that Google was apparently able to restore the data from offline backups. If the far worse T-Moble Sidekick incident in October 2009 (RISKS <http://catless.ncl.ac.uk/Risks/25.81.html>) didn't derail people's willingness to store data in the cloud, this incident certainly won't either. Even before the cloud computing fad, most users had been storing their email on somebody else's servers for many years. The risk of somebody else losing your data is neither new with cloud computing nor particularly novel. Storing your data in the cloud is no different from storing it on your hard drive. Regardless of where the "master" is, people and businesses who have common sense and care about their data back them up in different locations on different types of media. If they don't, and their data is lost, and they don't have a usable backup, they have only themselves to blame. (By the way, there are numerous tools available for backing up your Gmail account.) I run my own mail server "in the cloud" (in a VPS at OpenHosting.com) which is backed up daily to my home server. My home server is backed up daily to Amazon S3, and the ~30GB of data I have backed up there costs me <$5 per month. It's well worth the price for the peace of mind I derive from knowing that even if OpenHosting.com disappears and my house burns down in the same week, all of my financial records, digital photos, email archives going back over two decades, current email, etc. will be preserved, and that should any one of the three locations holding my data lose them, I can restore from the other two. My set-up is home-grown, but there are many commercial products on the market to enable people who are not like me to backup up their data just as securely as I do. Cloud computing has its problems, but this really isn't one of them, and I really don't think spreading F.U.D. helps anybody. [With cloud computing, as usual, the risks are ubiquitous, the problems are inherently complex, and the proponents tend to grossly oversimplify. I never seem to get tired of spouting the same general conclusions here, but they seem to be applicable to cloud computing in spades. Caveat emptor. PGN]
I have sympathy for Matt's position, but there's a fairly basic money problem. Producing a journal, particularly peer reviewed and professionally produced journals like the IEEE publishes, costs a lot of money, before the first copy is printed or downloaded. If they can't recover the costs from subscriptions, where's the money going to come from? This is basically the same as the e-book problem. Since the cost of providing a download over the net is trivial, how come publishers charge nearly as much for an e-book as for a printed book? Because most of the cost of the book is the publication and distribution process. Publishing a trade computer book is very labor intensive and costs upwards of $100,000, mostly for the skilled editors and production people who turn a manuscript into a well edited and produced book. (To see the difference between a manuscript and a book, look at the typical quality of self-published stuff.) If you buy a $30 book, about half of that goes to distribution (store and wholesaler), maybe $3 to the author, and the rest goes toward covering the production cost. If they sell a lot of copies, the publisher makes money. If as often happens they don't, they lose money. So while I'm all in favor of making scholarly papers widely available, I'm also in favor of having publishers that produce stuff that's worth reading. If you want the first, you need either to explain how to pay for the second, or what's going to take their place. John Levine, email@example.com, Primary Perpetrator of "The Internet for Dummies", Please consider the environment before reading this e-mail. http://jl.ly [“Follow the money.'' “Money is the root of all evil.'' “There are (at least) two sides to every issue.'' This case is no exception. PGN]
Another trouble with RAID disks is that they are usually purchased at the same time, and more than one fail at once. An institution I used to work at had a storage array where all eggs were in the same basket, and guess what happened - several disks failed following a UPS failure, all that data was lost, and since it deemed impossible to lose the data, no backups!
Re: Lauren Weinstein's comments about access to the undeleted copies. The original paper makes it clear that access to the 'overwritten' copies at this level requires destruction of the SSD as it is necessary to gain direct electrical access to the storage chips instead of using the normal electrical interface and access chips built into the SSD. A concern if your device was stolen, but not if you are going through US Customs with commercially sensitive material. Andrew Waugh Senior Technical Advisor T 03 9348 5724 | M 0407 262 417 | F 03 9348 5656 firstname.lastname@example.org Please note that I do not work on Thursdays Public Record Office Victoria (PROV) Victorian Archives Centre 99 Shiel St North Melbourne VIC 3051 Good Records Good Business Good Governance You must not copy, disclose, distribute, store or otherwise use this material without permission. Any personal information in this email must be handled in accordance with the Information Privacy Act 2000 (Vic) and applicable laws. If you are not the intended recipient, please notify the sender immediately and destroy all copies of this email and any attachments. The State does not accept liability in connection with computer viruses, data corruption, delay, interruption, unauthorised access or use.
Carl Hewitt, Looming private information fiasco versus the new cloud business model: Internet bill of rights http://fiasco.carlhewitt.info http://CarlHewitt.info Smartphones are going to have it all: proprietary business strategies, chiseling on taxes and expenses, Roman Catholic confessions, political activities, abortions, personnel decision making, love trysts, STD, mental illness, and cancer diagnoses and treatments, etc. Stored in data centers this information will have to be tightly regulated with respect to how it can be used in marketing, personnel decisions, etc. Government officials will become increasingly knowledgeable about the treasure-trove of intimate personal information and proprietary business information stored in data centers. Then security officials will be forced to recognize the value of this information for preventing terrorism. Since it is politically necessary to do everything possible to prevent terrorism, means will be developed for security officials to analyze all this information in real time. Thus we have reached an existential moment for the fate of our proprietary business and intimate personal information (analogous to the rise of Nazism in Germany). The next generation will ask us "Where were you when this was going down?" The alternative new cloud business model is different: Perform computation using customer equipment because * It's less expensive than data center computation because of lower communications cost and because customers subsidize equipment cost * Many-core architectures will provide plenty of computing capacity, even on smartphones * Response time can be faster than data center computation for new collaborative natural language interfaces (=E0 la Kinect, etc.) * Store private information in data centers that can be decrypted only using the customers' private keys because it's cheaper and more reliable to use multiple data center storage vendors incorporated in different countries. (For efficiency, information will be cached on customer equipment.) * Service advertising using customer equipment because advertising can be better targeted on customer equipment (without violating customer private information) than data centers since customer equipment has complete information as opposed to the partial information of a data center vendor. * Perform social computing using customer equipment because it can be more customizable and flexible when not restricted by vendor data centers (e.g. Facebook). The new cloud business model supports an Internet bill of rights.
Please report problems with the web pages to the maintainer