The RISKS Digest
Volume 26 Issue 37

Wednesday, 9th March 2011

Forum on Risks to the Public in Computers and Related Systems

ACM Committee on Computers and Public Policy, Peter G. Neumann, moderator

Please try the URL privacy information feature enabled by clicking the flashlight icon above. This will reveal two icons after each link the body of the digest. The shield takes you to a breakdown of Terms of Service for the site - however only a small number of sites are covered at the moment. The flashlight take you to an analysis of the various trackers etc. that the linked site delivers. Please let the website maintainer know if you find this useful or not. As a RISKS reader, you will probably not be surprised by what is revealed…


The PG&E San Bruno gas pipeline disaster
Eric Nalder via Jim Haynes-PGN
Supreme Court rejects "personal privacy" for corporations
Paul Levy
UK Controllers Say Air Traffic System 'Not Safe'
Jack Spine via PGN
Hiding Details of Dubious Deal, U.S. Invokes National Security
Eric Lichtblau and James Risen
Indiana vote fraud indictment
More election e-fraud: Colorado
IPv6 on home routers and DSL/cable modems: FAIL
Lauren Weinstein
China monitoring mobile phones—to detect large crowds?
Is the Navy Trying to Start the Robot Apocalypse?
Matthew Kruk
Social Media Password Request
Gene Wirchenko
Facebook Comments: The death of Web anonymity
Gene Wirchenko
Facebook, Google Giving Us Information Junk Food
Safari JavaScript date bug
J R Stockton
Student stranded in snowed-in car 3 days
Matthew Kruk
Google: Nosy Questions
Gene Wirchenko
Your "secure" e-mail messages will be deleted after 60 days
jidanni passwords reset
Re: Raining on cloud computing: Gmail outage
Jonathan Kamens
Re: Matt Blaze: "Shaking Down Science"
John Levine
Re: Raid disks
Turgut Kalfaoglu
Re: SSD Erasure Unreliable
Andrew Waugh
Next generation will ask, "Where were you when this was going down?"
Carl Hewitt
Info on RISKS (comp.risks)

The PG&E San Bruno gas pipeline disaster

Jim Haynes <>
Tue, 8 Mar 2011 12:09:58 -0600 (CST)

Eric Nalder  *San Francisco Chronical*, 8 Mar 2001, pp. A1/A6

  [This article should be of considerable interest to RISKS readers who are
  used to items on the difficulties of placing blame that it turns out is
  typically widely distributed.  In the San Bruno CA case, faulty
  maintenance or the lack of maintenance were initially blamed for the aging
  pipe junction exploding.  Newly released federal documents describe a
  convoluted sequence of events prior to the explosion, beginning with a
  `screwed-up' repair to a PG&E control station in Milpitas causing
  increased gas-transmission line pressures to rise 50 minutes before the
  explosion and a succeeding “chain of unforeseen problems and blunders''.
  including an (accidental?) electrical shutdown in Milpitas, two backup
  power supplies that failed, and lost communications between the San
  Francisco control center and the Milpitas control station.  It appears to
  have been a decidedly nonconstructive Rube Goldberg sequence of events.

Supreme Court rejects "personal privacy" for corporations

Paul Levy <>
March 1, 2011 12:44:40 PM EST

  [From Dave Farber's IP distribution.  PGN]

A nice decision today rejecting an argument that would have seriously
undermined the FOIA [Freedom of Information Act]

Paul Alan Levy, Public Citizen Litigation Group, 1600 - 20th Street, N.W.
Washington, D.C. 20009, (202) 588-1000

Contact: Dorry Samuels (202) 588-7742 Angela Bradbery (202) 588-7741

U.S. Supreme Court Victory: Decision Rejects Theory That Corporations Have Personal Privacy Rights Under FOIA

Statement of Adina Rosenbaum, Attorney, Public Citizen

Note: Public Citizens Adina Rosenbaum was co-counsel for the FOIA requester
CompTel in the U.S. Supreme Court.

We applaud the U.S. Supreme Court for its decision this morning in Federal
Communications Commission v. AT&T holding that corporations do not have
personal privacy rights under the Freedom of Information Act (FOIA). As the
Supreme Court recognized, personal privacy is not a term that is used to
refer to corporate interests.

The Supreme Courts decision is an important victory for government

If records could be withheld on the theory that they would embarrass a
corporation, as AT&T had argued, the public would be deprived of important
information about corporate wrongdoing and the governments response to it.

We are pleased that FOIA will be able to continue to be used as intended, as
an important tool for democracy and accountability, and that corporations
cannot block disclosure by claiming release of records would harm their
personal privacy.

The case stems from a FOIA request for records relating to an investigation
by the FCC into alleged overbilling of the government by telecommunications
provider AT&T.

AT&T had argued that all of the records relating to the investigation should
be exempt from disclosure under a FOIA exemption that applies to law
enforcement records whose release would constitute an unwarranted invasion
of personal privacy. Although the exemption had always been understood to
apply only to individuals privacy, the U.S. Court of Appeals for the Third
Circuit had sided with AT&T in a decision last year.

Today, the Supreme Court reversed. Writing for a unanimous court, Chief
Justice John Roberts stated that personal privacy suggests a type of privacy
evocative of human concerns - not the sort usually associated with an entity
like, say, AT&T.

The fact that person is defined for FOIA purposes to include corporations
does not change the meaning of personal. As the court pointed out, the word
corny has little to do with corn, and the word crabby does not refer either
to a crustacean or an apple.

To read more about this case, visit: .

Public Citizen is a national, nonprofit consumer advocacy organization based
in Washington, D.C. For more information, please visit .

UK Controllers Say Air Traffic System 'Not Safe'

"Peter G. Neumann" <>
Fri, 4 Mar 2011 20:15:00 PST

Jack Spine: "Air traffic control technology being implemented in one of the
major transport hubs in the UK is 'not safe,' according to air traffic
controllers. The electronic flight data system (EFD) being phased in at
Glasgow Prestwick Airport is [1]too slow to handle real-time inputs, and
could not cope with an outage that isolated it from the main air traffic
system. Controllers had to scramble to handle the situation. Good luck if
you're traveling to the UK anytime soon."

Hiding Details of Dubious Deal, U.S. Invokes National Security (NYT)

"Peter G. Neumann" <>
Sun, 6 Mar 2011 18:53:22 PST

  [Thanks to Llew Roberts.  Long item, severely PGN-ed.]

[Source: Eric Lichtblau and James Risen, Hiding Details of Dubious Deal,
U.S. Invokes National Security, *The New York Times*, 19 Feb 2011]

For eight years, government officials turned to Dennis Montgomery, a
California computer programmer, for eye-popping technology that he said
could catch terrorists. Now, federal officials want nothing to do with him
and are going to extraordinary lengths to ensure that his dealings with
Washington stay secret.

The Justice Department, which in the last few months has gotten protective
orders from two federal judges keeping details of the technology out of
court, says it is guarding state secrets that would threaten national
security if disclosed. But others involved in the case say that what the
government is trying to avoid is public embarrassment over evidence that
Mr. Montgomery bamboozled federal officials.

C.I.A. officials ... came to believe that Mr. Montgomery's technology was
fake in 2003, but their conclusions apparently were not relayed to the
military's Special Operations Command ...

Indiana vote fraud indictment

"Peter G. Neumann" <>
Thu, 3 Mar 2011 21:00:18 PST

The Indiana Secretary of State, Charlie White, the state's highest election
official, has been indicted for seven felony counts, including voter fraud.

More election e-fraud: Colorado

"Peter G. Neumann" <>
Wed, 2 Mar 2011 9:11:37 PST

Troy Hooper: Saguache County election fraud case goes to a grand jury
*Colorado Independent*,

This is another very convoluted case, and deserves much greater exposure.
For those of you interested in ongoing sagas of election fraud, including
the Kentucky convictions (RISKS-26.76-77) and check out the following URLs.
Given the lack of meaningful oversight and audit trails, many cases are
difficult to detect, much less to prosecute.

IPv6 on home routers and DSL/cable modems: FAIL

Lauren Weinstein <>
Fri, 4 Mar 2011 16:31:00 -0800

IPv6 on home routers and DSL/cable modems: FAIL  (Network World)

  "Most devices certified as IPv6-compliant by the IPv6 Forum are full of
  implementation bugs, experts say."

China monitoring mobile phones—to detect large crowds?

"Peter G. Neumann" <>
Thu, 3 Mar 2011 14:05:56 PST

  [Noted by Michael Lesk]

*The New York Times*, 3 Mar 2011 Includes a story about China including:

"The project, which would make use of global positioning technology [and
cell phone tower data], aims to monitor all Beijing residents who use
mobile phones—some 20 million people—to detect unusually large
gatherings.  One official said the primary use would be to detect and ease
traffic and subway congestion.  But Chinese media reports said government
officials could use the data to detect and prevent protests."

Is the Navy Trying to Start the Robot Apocalypse?

"Matthew Kruk" <>
Mon, 7 Mar 2011 00:21:30 -0700

Intel, one of DARPA'S partners on the research has suggested the technology
could one day go further, making it able to "mimic the shape and appearance
of a person or object being imaged in real time."

  So these mechanical swarms might eventually be capable of building other,
  shape-shifting robots? What could possibly go wrong?"

Social Media Password Request

Gene Wirchenko <>
Sat, 05 Mar 2011 17:03:05 -0800

This appeared in the March 3, 2011 issue of "The Daily News", Kamloops,
British Columbia, Canada's daily newspaper.  It is from The Canadian Press.

"Candidate rebuffs request for social media passwords

VANCOUVER—B.C.'s New Democrats [New Democratic Party (abbrev: NDP)] are
asking potential leadership candidates to hand over the keys to their online
lives, apparently looking for any compromising photos or controversial
postings that could come back to bit the party.

Political parties routinely subject candidates to extensive vetting,
requiring them to disclose anything about their personal lives that could
prove embarrassing during a campaign.

But the NDP has gone one step further, demanding candidates who want to be
on the ballot for the April 17 vote provide the passwords to their social
media profiles—a request leadership hopeful Nicholas Simons says goes too

Simons, who has represented the party in the legislature since 2005, says he
handed in his nomination package without giving the party access to poke
around his Facebook account.  "Our civil liberties and privacy, they don't
just go away overnight, they get eroded gradually.  At what point are they
going to be satisfied that my character is such that I won't bring disrepute
to the party?  I've been an MLA [Member of the Legislative Assembly] for six

Facebook Comments: The death of Web anonymity

Gene Wirchenko <>
Mon, 07 Mar 2011 11:27:46 -0800

InfoWorld Home / Notes from the Field, 7 Mar 2011

Facebook Comments: The death of Web anonymity; Facebook wants to manage the
comments on your blog (and a million others). Say hello to the
Facebookization of the Web and good-bye to online anonymity

Don't look now, but Facebook is spreading its kudzulike tendrils into yet
another part of the Web: the comments field. Last week, the Uber Social
Network introduced a free plug-in that replaces the software a site uses to
manage its comments with one built by Facebook.

The implications of this are larger than they may appear. If widely adopted,
Facebook Comments could kick online trolls to the curb while pounding yet
another nail into the coffin of Web anonymity.

Log into a site that uses Facebook Comments and a few things happen. One is
that you'll be able to use Facebook as a universal one-time log-in for any
site that uses its plug-in—no more logging in multiple times to different
sites each day.  Deux, your Facebook profile pic will appear alongside the
comments—in fact, the whole comments field will look like a chunk of
Facebook has been plopped down at the end of each story.  Trey, you'll see
less spam, thanks to Facebook's built-in filters. Quatro, if you leave the
"Post to Facebook" box checked, your pithy witticisms, incisive analysis, or
(in my case) sophomoric jokes will also appear on your Facebook wall—and
any replies your friends make on your Facebook page will also appear under
your comments on that third-party site.

In other words, your friends' Facebook mugshots could end up on sites
they've never visited - though they'd have a heck of a time proving that
to the rest of the world. So be careful when responding to comments on, or you might have some 'splaining to do.  [...]

Facebook, Google Giving Us Information Junk Food

Tue, 08 Mar 2011 09:03:27 +0800

No wonder my bad friends seem much more louder these days :-)
...he has always made an effort to befriend both liberals and
conservatives on Facebook so he could keep track of the issues each
group was discussing. Over time, however, something strange happened,
Pariser said: his conservative Facebook friends disappeared from his
news feed. He realized that Facebook's algorithm had "edited them out"
because Pariser was clicking more on links from liberal friends than
conservative ones.

Google is also guilty of tweaking what it shows users based on past
online behavior. Pariser highlighted how two users can receive
drastically different Google search results after querying the same term
because the search engine monitors 57 signals to tweak and personalize
results. "There is no standard Google anymore," Pariser noted.

"This moves us very quickly toward a world in which the Internet is
showing us what it thinks we want to see, but not necessarily what we
need to see," Pariser said of editing via algorithms.

Because of algorithms that determine what we see online based on our
browsing, reading, and clicking history, we risk being exposed to fewer
viewpoints and a more limited array of opinions, content sources, and
viewpoints, Pariser argued.

"If you take all of these filters together, all of these algorithms you
get what I call a filter bubble. Your filter bubble is your own personal
unique universe of information that you live in online," he said.
"What's in your filter bubble depends on who you are and it depends on
what you do you, but the thing is that you don't decide what gets
in...and more importantly you don't actually see what gets edited out."

Safari JavaScript date bug

Dr J R Stockton <>
Thu, 3 Mar 2011 20:51:14 +0000

It appears to me that browser Safari version 5.0.3, the current release,
has a JavaScript date bug such that, when 'new Date()' is given a valid
date string in the inclusive ranges
                "0167/03/01 GMT" to "0200/02/28 GMT"
                "0434/03/01 GMT" to "0500/02/28 GMT"
                and at 400-year intervals thereafter,
the result is in error by one day.  The error does not affect current
dates, but it will for 2034/03/01 and successive dates up to and
including 2100/02/28.

The GMT was used for test, but I believe local dates are similarly affected.

A test form is at <>.

John Stockton, nr London, UK.    ?

Student stranded in snowed-in car 3 days

"Matthew Kruk" <>
Fri, 4 Mar 2011 16:42:46 -0700

A Quebec medical student who spent three days stuck on a remote logging road
in New Brunswick says she was ready to hunker down in her snowbound car
until spring.  Three snowmobilers found Stephanie Parent, 22, on Wednesday
near Wayerton, N.B., in a heavily forested area several kilometres northwest
of Miramichi.  The Sherbrooke, Que., native ended up there Sunday night
after following instructions from her GPS on her way for an internship at a
Bathurst hospital. Her parents notified police on Monday when she failed to
show up at the hospital or contact them.  Ms. Parent recounted her ordeal
Thursday and blamed the GPS for leading her down an unpaved road where her
car got stuck in the snow.  Her cellphone failed to work in the remote area.

Google: Nosy Questions

Gene Wirchenko <>
Sun, 06 Mar 2011 16:50:45 -0800

Bob Bowdon, Director of "The Cartel," a documentary about corruption in
American public education. 21 Feb 2011
BIO Become a Fan
Why Has Google Been Collecting Kids' Social Security Numbers Under
the Guise of an Art Contest?

opening paragraphs:

As the director of The Cartel documentary, one of the things I learned was
how poorly the traditional news media cover issues pertaining to children,
in that case corruption in public education.  Since the film's release, I
often get contacted about other aspects of child protection that I would
have never imagined—stories that don't seem to get attention elsewhere.
Like this.

What you're about to read hasn't been reported anywhere, and when it was
brought to my attention, I could hardly believe it.

It turns out that the company sporting the motto "don't be evil" has been
asking parents nationwide to disclose their children's personal information,
including Social Security Numbers, and recruiting schools to help them do it
-- all under the guise of an art contest.  It's called, "Doodle-4-Google," a
rather catchy, kid-friendly name if I do say so myself. The company is even
offering prize money to schools to enlist their help with the
promotion. Doesn't it sound like fun?  Don't you want your kid to enter too?

What could be wrong with filling out a few entry forms?

A national, commercial database of names and addresses of American children,
especially one that includes their dates of birth and SSNs, would be worth
many millions to marketing firms and retailers.

Of course, data collection is not the reason Google gives for doing this
competition. Their FAQ says it's because "We love to encourage and celebrate
the creativity of young people..." etc. If that's so, then why on earth
would the contest's original Parent Consent Form ask for the child's city of
birth, date of birth and last four digits of the child's SSN?  Along with
complete contact info of the parents.

You see what Google knows and many parents don't know is that a person's
city of birth and year of birth can be used to make a statistical guess
about the first five digits of his/her social security number.  Then, if you
can somehow obtain those last four SSN digits explicitly—voila, you've
unlocked countless troves of personal information from people who didn't
even understand that such a disclosure was happening.

Your "secure" e-mail messages will be deleted after 60 days

Sat, 05 Mar 2011 20:15:03 +0800

Whilst managing my millions, I peeked into my brokerage mailbox:
  Your secure e-mail messages are listed below. All messages will
  be deleted after 60 days.
"Secure" as in "Linus van Pelt's security blanket". passwords reset

Sun, 30 Jan 2011 08:52:45 +0800

"Hello, We recently experienced a directed attack on SourceForge
infrastructure ( ) and
so we are resetting all passwords in the database ... as a proactive
measure we've invalidated your account password. To access
the site again, you'll need to go through the email recovery process and
choose a shiny new password: https://sourcef..."

No English mistakes, so it must be legit. But I'm asking my mom first
just to be on the safe side.

Re: Raining on cloud computing: Gmail outage (Thorson, RISKS-26.36)

Jonathan Kamens <>
Sun, 06 Mar 2011 00:56:26 -0500

Mark Thorson's prediction that cloud computing will some day be "completely
discredited" strikes me as a clear overreaction to the recent loss of some
users' Gmail data, especially given that Google was apparently able to
restore the data from offline backups.

If the far worse T-Moble Sidekick incident in October 2009 (RISKS
<>) didn't derail people's
willingness to store data in the cloud, this incident certainly won't

Even before the cloud computing fad, most users had been storing their email
on somebody else's servers for many years. The risk of somebody else losing
your data is neither new with cloud computing nor particularly novel.

Storing your data in the cloud is no different from storing it on your hard
drive. Regardless of where the "master" is, people and businesses who have
common sense and care about their data back them up in different locations
on different types of media. If they don't, and their data is lost, and they
don't have a usable backup, they have only themselves to blame.

(By the way, there are numerous tools available for backing up your Gmail

I run my own mail server "in the cloud" (in a VPS at which
is backed up daily to my home server. My home server is backed up daily to
Amazon S3, and the ~30GB of data I have backed up there costs me <$5 per
month. It's well worth the price for the peace of mind I derive from knowing
that even if disappears and my house burns down in the same
week, all of my financial records, digital photos, email archives going back
over two decades, current email, etc.  will be preserved, and that should
any one of the three locations holding my data lose them, I can restore from
the other two.

My set-up is home-grown, but there are many commercial products on the
market to enable people who are not like me to backup up their data just as
securely as I do.

Cloud computing has its problems, but this really isn't one of them, and I
really don't think spreading F.U.D. helps anybody.

  [With cloud computing, as usual, the risks are ubiquitous, the problems
  are inherently complex, and the proponents tend to grossly oversimplify.
  I never seem to get tired of spouting the same general conclusions here,
  but they seem to be applicable to cloud computing in spades.  Caveat
  emptor.  PGN]

Re: Matt Blaze: "Shaking Down Science" (RISKS-26.36)

John Levine <>
6 Mar 2011 00:29:42 -0000

I have sympathy for Matt's position, but there's a fairly basic money
problem.  Producing a journal, particularly peer reviewed and professionally
produced journals like the IEEE publishes, costs a lot of money, before the
first copy is printed or downloaded.  If they can't recover the costs from
subscriptions, where's the money going to come from?

This is basically the same as the e-book problem.  Since the cost of
providing a download over the net is trivial, how come publishers charge
nearly as much for an e-book as for a printed book?  Because most of the
cost of the book is the publication and distribution process.  Publishing a
trade computer book is very labor intensive and costs upwards of $100,000,
mostly for the skilled editors and production people who turn a manuscript
into a well edited and produced book.  (To see the difference between a
manuscript and a book, look at the typical quality of self-published stuff.)

If you buy a $30 book, about half of that goes to distribution (store and
wholesaler), maybe $3 to the author, and the rest goes toward covering the
production cost.  If they sell a lot of copies, the publisher makes
money. If as often happens they don't, they lose money.

So while I'm all in favor of making scholarly papers widely available, I'm
also in favor of having publishers that produce stuff that's worth reading.
If you want the first, you need either to explain how to pay for the second,
or what's going to take their place.

John Levine,, Primary Perpetrator of "The Internet for Dummies",
Please consider the environment before reading this e-mail.

  [“Follow the money.'' “Money is the root of all evil.''  “There are (at
  least) two sides to every issue.''  This case is no exception.  PGN]

Re: Raid disks

Turgut Kalfaoglu <>
Sun, 06 Mar 2011 07:35:55 +0200

Another trouble with RAID disks is that they are usually purchased at the
same time, and more than one fail at once. An institution I used to work at
had a storage array where all eggs were in the same basket, and guess what
happened - several disks failed following a UPS failure, all that data was
lost, and since it deemed impossible to lose the data, no backups!

Re: SSD Erasure Unreliable

Mon, 7 Mar 2011 17:17:57 +1100

Re: Lauren Weinstein's comments about access to the undeleted copies. The
original paper makes it clear that access to the 'overwritten' copies at
this level requires destruction of the SSD as it is necessary to gain direct
electrical access to the storage chips instead of using the normal
electrical interface and access chips built into the SSD. A concern if your
device was stolen, but not if you are going through US Customs with
commercially sensitive material.

Andrew Waugh
Senior Technical Advisor
T  03 9348 5724 | M 0407 262 417 | F 03 9348 5656

Please note that I do not work on Thursdays

Public Record Office Victoria (PROV)
Victorian Archives Centre 99 Shiel St North Melbourne VIC 3051

Good Records Good Business Good Governance

You must not copy, disclose, distribute, store or otherwise use this
material without permission. Any personal information in this email must be
handled in accordance with the Information Privacy Act 2000 (Vic) and
applicable laws. If you are not the intended recipient, please notify the
sender immediately and destroy all copies of this email and any
attachments. The State does not accept liability in connection with
computer viruses, data corruption, delay, interruption, unauthorised access
or use.

Next generation will ask, "Where were you when this was going down?"

Carl Hewitt <>
Sun, 6 Mar 2011 10:09:59 -0500

Carl Hewitt, Looming private information fiasco versus the new cloud
business model: Internet bill of rights

Smartphones are going to have it all: proprietary business strategies,
chiseling on taxes and expenses, Roman Catholic confessions, political
activities, abortions, personnel decision making, love trysts, STD, mental
illness, and cancer diagnoses and treatments, etc. Stored in data centers
this information will have to be tightly regulated with respect to how it
can be used in marketing, personnel decisions, etc. Government officials
will become increasingly knowledgeable about the treasure-trove of intimate
personal information and proprietary business information stored in data

Then security officials will be forced to recognize the value of this
information for preventing terrorism. Since it is politically necessary to
do everything possible to prevent terrorism, means will be developed for
security officials to analyze all this information in real time.

Thus we have reached an existential moment for the fate of our proprietary
business and intimate personal information (analogous to the rise of Nazism
in Germany). The next generation will ask us "Where were you when this was
going down?"

The alternative new cloud business model is different:

Perform computation using customer equipment because

* It's less expensive than data center computation because of lower
  communications cost and because customers subsidize equipment cost

* Many-core architectures will provide plenty of computing capacity, even on

* Response time can be faster than data center computation for new
  collaborative natural language interfaces (=E0 la Kinect, etc.)

* Store private information in data centers that can be decrypted only using
  the customers' private keys because it's cheaper and more reliable to use
  multiple data center storage vendors incorporated in different
  countries. (For efficiency, information will be cached on customer

* Service advertising using customer equipment because advertising can be
  better targeted on customer equipment (without violating customer private
  information) than data centers since customer equipment has complete
  information as opposed to the partial information of a data center vendor.

* Perform social computing using customer equipment because it can be
  more customizable and flexible when not restricted by vendor data centers
  (e.g. Facebook).

The new cloud business model supports an Internet bill of rights.

Please report problems with the web pages to the maintainer