Forum on Risks to the Public in Computers and Related Systems
ACM Committee on Computers and Public Policy, Peter G. Neumann, moderator
Volume 26: Issue 82
Wednesday 9 May 2012
Contents
Nevada issues first license for a driverless car- Mark Thorson
-
The Campus Tsunami
- David Brooks
James Morris
-
Living Plan IT's Urban OS
- PGN
-
Judge: An IP-Address Doesn't Identify a Person—or BitTorrent Pirate
- Torrentfreak via Monty Solomon
-
How "Privacy Correctness" Is Leading Us Dangerously Astray
- Lauren Weinstein
-
Re: Fed report on that Southern California blackout
- Dick Mills
-
FBI Wants Backdoors in Facebook, Skype and Instant Messaging
- Lauren Weinstein
-
"Half of all Macs will lack access to security updates by summer"
- Gregg Keizer via Gene Wirchenko
-
Understanding the Net neutrality debate: Listening to stakeholders
- Lauren Weinstein
-
With Chen Guangcheng news on Twitter, China's censors lost control
- Lauren Weinstein
-
Re: The Power of Individual Voters to Transform Their Government
- Steve Wildstrom
Martyn Thomas
-
"Controlling Queue Delay" published—Re: Bufferbloat
- Jim Gettys
-
Info on RISKS (comp.risks)
Nevada issues first license for a driverless car
Mark Thorson
<eee@sonic.net>
Mon, 7 May 2012 22:51:47 -0700Google gets the license and a red plate with the infinity symbol. http://edition.cnn.com/2012/05/07/tech/nevada-driveless-car/index.html I wonder if the car can send text messages while driving. [Texting (and even sexting passengers in adjacent cars) should be really easy. The obvious follow-up question relates to whether existing and prospected laws would make it illegal for such driverless cars to send text messages or automated cellphone messages while in motion (or even when stopped)??? If so, to whom does the automated ticket get sent? Then, what about automated ticketing for illegal turns, running red lights, and so on? Automated violation detectors could certainly break down by causing failures of the automated driver face recognition software! Perhaps new laws will be needed to require a photographically correct dummy face and torso of a legally registered proxy for the driverless vehicle. (Of course, these issues might also have to apply to drone airplanes.) PGN]
The Campus Tsunami (David Brooks)
"Peter G. Neumann"
<neumann@csl.sri.com>
Fri, 4 May 2012 6:54:16 PDT[One of the most potentially profound changes in education may be occurring, inspired by the University of Phoenix, Stanford, others, and now MIT and Harvard and “other elite universities''. Avoiding lowest-common-denominator rote learning is clearly a major challenge, but dramatic possibilities exist for substantially raising the bar for a multitude of students and learners worldwide. PGN [David Brooks, The Campus Tsunami, *The New York Times*, 3 May 2012' PGN-ed] http://www.nytimes.com/2012/05/04/opinion/brooks-the-campus-tsunami.html http://topics.nytimes.com/top/opinion/editorialsandoped/oped/columnists/davidbrooks/index.html?inline=nyt-per http://topics.nytimes.com/top/reference/timestopics/organizations/h/harvard_university/index.html?inline=nyt-org http://topics.nytimes.com/top/reference/timestopics/organizations/m/massachusetts_institute_of_technology/index.html?inline=nyt-org> Excerpts: * What happened to the newspaper and magazine business is about to happen to higher education: a rescrambling around the Web. * Many of us view the coming change with trepidation. Will online learning diminish the face-to-face community that is the heart of the college experience? Will it elevate functional courses in business and marginalize subjects that are harder to digest in an online format, like philosophy? Will fast online browsing replace deep reading? * If a few star professors can lecture to millions, what happens to the rest of the faculty? Will academic standards be as rigorous? What happens to the students who don't have enough intrinsic motivation to stay glued to their laptop hour after hour? How much communication is lost—gesture, mood, eye contact—when you are not actually in a room with a passionate teacher and students? The doubts are justified, but there are more reasons to feel optimistic. In the first place, online learning will give millions of students access to the world's best teachers. Already, hundreds of thousands of students have taken accounting classes from Norman Nemrow of Brigham Young University, robotics classes from Sebastian Thrun of Stanford and physics from Walter Lewin of M.I.T. Online learning could extend the influence of American universities around the world. India alone hopes to build tens of thousands of colleges over the next decade. Curricula from American schools could permeate those institutions. Research into online learning suggests that it is roughly as effective as classroom learning. It's easier to tailor a learning experience to an individual student's pace and preferences. Online learning seems especially useful in language and remedial education. My guess is it will be easier to be a terrible university on the wide-open Web, but it will also be possible for the most committed schools and students to be better than ever.
The Campus Tsunami
<james.morris@cmu.edu>
May 8, 2012 3:07 PM[This is from Dave Farber's IP distribution, in response to an item that also appeared there, and is appended... PGN] I share Mark Stahlman's prediction (and unease) about the the explosion of knowledge; the richest and smartest are best able to use emerging knowledge to get richer and smarter faster. If you want to know where all this is going, up to the end of the Universe(!), read David Deutsch's *The Beginning of Infinity*. It is a bracing paean to Intelligence that takes little note of what happens to any of us. Some of his followers seem to be Ayn Rand fans--which awakened me to the collateral damage of exploding knowledge. > Yes, that is what EVERYONE is predicting (plus the part where today's > universities become largely "outsourced" corporate R&D centers, like > Hennessy's Stanford)—so it appears the plans are being executed! > However, what they don't "predict," as we shift into a world of *digital* > education, in which SOME people further distinguish themselves because they > can literally *teach themselves* (and accrue all the benefits), what > happens to the 30 (or 50 or 70%) of the population who don't quite "work" > this way? > > Vocational training? But for what? Modern manufacturing is highly > automated, so there are fewer and fewer "factory" jobs. > > Store clerks and burger-flippers? With everyone shopping on the Net and > trying to lose weight, what's the future in that? > > Rarely does anyone have the "guts" to think this all the way through. One > exception (?) was Michael Vlahos, then Senior Fellow at the Progress and > Freedom Foundation, the think-tank that brought us Newt Gingrich and also > the PFF "Aspen Summit" where the "digerati" converged starting in 1995. > > Vlahos, after trade-marking the term "Byte City," wrote an PFF White Paper > "ByteCity -or- Life After the Big Change," which then morphed into an > article in Washington Quarterly and then a DoD "information age" essay "The > War After Byte City." A book was in the works—however it never appeared > and the original essay is not longer online. > > Vlahos segmented the USA of 2020 in to 5% "Brain Lords," 20% "Upper > Servers and Agents," 50% "Service Workers," and 25% "The Lost." > > Perhaps he was optimistic? Be careful what you wish for . . . > > Mark Stahlman > Brooklyn NY
Living Plan IT's Urban OS
"Peter G. Neumann"
<neumann@csl.sri.com>
Fri, 4 May 2012 10:10:11 PDTLondon is preparing to test an operating system designed to power the smart cities of the future. Living Plan IT has developed Urban OS, which serves as a platform for connecting services such as water, transportation, and energy to citizens. "We are entering a phase when everything becomes connected, from healthcare to transportation," says Living Plan IT CEO Steve Lewis. Unlike traditional operating systems, Urban OS is designed to be extremely robust, considering critical services will be linked to the network—even an insulin pump. Living Plan IT plans to embed thousands of sensors that will monitor external and internal conditions to create smart lighting and heating systems in a newly built office block, and will test smart lamp posts on the roads. "They will be talking to each other, producing their own energy, raising lighting levels when cars are coming, and monitoring the movement of traffic," Lewis says. Living Plan IT also will test other technologies with the platform, such as smart vests that have microsensors embedded in them to monitor heart rates and other vital signs.
Judge: An IP-Address Doesn't Identify a Person—or BitTorrent Pirate
Monty Solomon
<monty@roscom.com>
Thu, 3 May 2012 09:17:54 -0400A landmark ruling in one of the many mass-BitTorrent lawsuits in the US has suffered a severe blow to a thus far lucrative business. Among other things, New York Judge Gary Brown explains in great detail why an IP-address is not sufficient evidence to identify copyright infringers. According to the Judge this lack of specific evidence means that many alleged BitTorrent pirates have been wrongfully accused by copyright holders. ... http://torrentfreak.com/judge-an-ip-address-doesnt-identify-a-person-120503/ Furious judge decries "blizzard" of copyright troll lawsuits http://arstechnica.com/tech-policy/news/2012/05/furious-judge-decries-blizzard-of-copyright-troll-lawsuits.ars New York judge blasts trolls' practices, recommends banning mass bittorrent lawsuits in the district http://fightcopyrighttrolls.com/ [No real surprise here to RISKS readers, but nice to see risks-aware judge. PGN]
How "Privacy Correctness" Is Leading Us Dangerously Astray
Lauren Weinstein
<lauren@vortex.com>
Sat, 5 May 2012 11:44:14 -0700
How "Privacy Correctness" Is Leading Us Dangerously Astray
http://lauren.vortex.com/archive/000955.html
You're probably familiar with the term "politically correct" and its
ramifications. Simply stated, "political correctness" relates to the
narrowing of discussions, often by focusing on specific examples of
"violations" (in a range of circumstances) that in reality do not have
notable intrinsic, relevant, or significant impacts.
Political correctness can be purposely used as a weapon to manipulate
debates, or it can be the result of genuine confusion regarding the actual
facts of a situation. Frequently, political correctness issues involve both
of these facets.
As we look at the almost daily parade of supposed "privacy problems" that
splash across the Web and other media, followed by calls for investigations,
massive fines, and sometimes large-scale governmental interventions—a
fundamental question arises.
To what extent are we concerned about actual, important, substantive privacy
concerns, and conversely, to what degree are we engaging in—perhaps to
coin a phrase in this context—unwise, counterproductive, manipulative,
and even potentially dangerous "privacy correctness."
At first glance, it might appear that the seeming sheer complexity of the
technology surrounding privacy these days would make such determinations
difficult.
Cookies and Flash, JavaScript and AJAX, encryption and targeted ads. And so
on. How can anyone be expected to untangle all this in terms of privacy
concerns?
In reality though, the complex nature of these technologies—many of which
are key to providing and helping to pay for services that users have come to
expect, usually without charge—offers a clue that we may be spending our
time looking in the wrong places.
One thing we can be absolutely sure about is that new, even more complex
technologies—many of which may have privacy-related ramifications—will
be arriving almost continually. To assume that everyday users of the Web
and other environments will have the time or inclination to understand the
functioning and external relationships of these underlying mechanisms seems
unrealistic at best.
In fact, as we've seen in recent cases involving Google and their use of Web
cookies ( http://j.mp/xGZRcT [Lauren's Blog] ) and collection of unencrypted
Wi-Fi data ( http://j.mp/9680wb [Lauren's Blog] ), even hard-core techies
and experts on these systems may at times become enmeshed in "privacy
correctness" quandaries, with various forces insisting that particular
actions represent serious privacy violations, while other observers see only
insignificant transgressions or none at all.
Cookies and Wi-Fi have been around for many years. What of new technologies
coming down the line? Are we going to go through these battles individually
and repeatedly, expecting consumers to incorporate such ever more intricate
complexities in their various combinations into their routine Internet usage
decisions?
And what of the impacts that considerations of genuine privacy concerns,
vis-a-vis "privacy correctness," will have on issues of great import to
society at large, such as calls for vast communications surveillance
regimes, expansive cybersecurity legislation, and so on?
There are some guidelines that I use in my own analysis of these issues
today, that may be generally useful in these respects.
First, like it or not, what's public is public. I say this a lot, and many
people don't really like the idea, but that doesn't change the underlying
truth.
It is foolhardy to pretend that something already out in the public sphere,
especially (but not necessarily) on the Internet, can then somehow be
effectively restricted or controlled. Trying to convince people otherwise
is quintessential "privacy correctness" and can dangerously lead to false
assumptions about what information is or is not actually available publicly.
Efforts to restrict information that is already public, ranging from
governmental data, to photographs easily taken from municipal streets, to
unencrypted Wi-Fi signals, can only serve to harass legitimate and innocent
usage, while "bad players" will find ways to continue essentially
unencumbered. Public is public. Period.
But what about data that isn't public, that has been shared with individual
entities perhaps? This is the category that sheds light on what I would
call true privacy problems, in contrast to generally false "privacy
correctness" issues.
Except where absolutely mandated by law, when personal information provided
to or collected by one organization is sold or otherwise provided to another
organization without the explicit permissions of the persons involved, a
significant privacy violation may well have occurred.
Health information, financial transaction data, communications addressing
and contents, Web search activities, and so on—these are all types of
data that users have a right to expect will routinely stay in the hands of
the entities they've chosen to trust. Genuine violations of that trust,
allowing user data to flow to third parties without user permissions or
valid court orders, can be devastating to users and ultimately to the
organizations involved as well.
On the other hand, cavil complaints about complex Web cookie handling,
especially in the course of providing services that users have requested,
and in the face of contradictory and confusing technical specifications,
appears to fall squarely back into the realm of disingenuous "privacy
correctness" machinations.
I mentioned trust earlier. In the final analysis, trust is a cardinal
aspect of our dealings in all aspects of our lives, online and offline.
On the Internet, on the Web, if we trust the organizations that we've chosen
to patronize—whether we're paying for their services or not—it makes
little sense to endlessly engage in an attempted micromanagement of their
underlying cookies, JavaScript, or other rapidly evolving technologies, or
to play a fundamentally exploitative form of "gotcha" when technical lapses
occur that do not have actual privacy-damaging characteristics as I noted
above.
And if you don't trust a firm enough to accept this, perhaps you should
consider taking your business elsewhere. If you insist on assuming that
most Web businesses are fundamentally evil, and can't be trusted regardless
of how well behaved they are today, then perhaps you should consider, for
your own peace of mind, not using the Internet at all.
Or, we can endeavor to see beyond the specious premises of "privacy
correctness," and concentrate instead on actual, genuine privacy problems
that are deserving of our serious attention.
What may seem at first to be "correct"—isn't always right.
Lauren Weinstein (lauren@vortex.com): http://www.vortex.com/lauren
People For Internet Responsibility: http://www.pfir.org
Data Wisdom Explorers League: http://www.dwel.org
Network Neutrality Squad: http://www.nnsquad.org Tel: +1 (818) 225-2800
Re: Fed report on that Southern California blackout (Burstein, R-26.81)
Dick Mills
<dickandlibbymills@gmail.com>
Sun, 6 May 2012 09:51:55 -0400The FERC report specifically mentioned the similarities in causes between the 2011 blackout in California and the 2003 blackout in the Northeast that affected 50 million people. Can't we ever learn? In 2003 in Ohio, they still relied on human operators to "dispatch around" trouble to relive overloads and to keep the state within security constraint boundaries. In Ohio, the operators even had to make phone calls to neighboring areas to marshal resources. That takes hours. Adequate response was needed in just minutes. Since the 1970s the State of New York decided that incorporating security constraints into dispatch needed to be automated. The New York grid, including New York City, was the most constrained and difficult to operate grid anywhere. They implemented automated security constrained dispatch that responds to contingencies in minutes rather than hours. Human operators are not required to "dispatch around" problems. Since then, the New York Power Pool (today the NYISO) continually expanded and refined that software, all the while maintaining full automation of the critical real time portions. In RISKS-26.81, Burstein said "had operators reviewed and heeded their Real Time Contingency Analysis results prior to the loss of the APS line, they could have taken corrective actions, such as dispatching additional generation or shedding load, to prevent a cascading outage." If correct, that suggests continued reliance on human operators in California. It baffles me why automated security constrained dispatch has never been mandated everywhere. Continued reliance on human operators to respond to highly complex grid security considerations is far from industry best practice. It seems plain to me that the 2003 blackout would have been nipped in the bud if Ohio had software similar to New York's. I'm less familiar with California but perhaps the same is true there.
FBI Wants Backdoors in Facebook, Skype and Instant Messaging
Lauren Weinstein
<lauren@vortex.com>
Fri, 4 May 2012 11:51:47 -0700http://j.mp/KAfboW (CNET, via NNSquad) "CNET learns the FBI is quietly pushing its plan to force surveillance backdoors on social networks, VoIP, and Web e-mail providers, and is asking Internet companies not to oppose a law making those backdoors mandatory." This is not new. It also continues to be (a) utterly unacceptable, and (b) ultimately useless
"Half of all Macs will lack access to security updates by summer"
Gene Wirchenko
<genew@ocis.net>
Tue, 08 May 2012 09:16:52 -0700(Gregg Keizer) Gregg Keizer, IT Business Half of all Macs will lack access to security updates by summer Mountain Lion's impending debut means Apple will stop supporting Snow Leopard, unless it changes a decade-old habit http://www.itbusiness.ca/IT/client/en/CDN/News.asp?id=67368 Unless Apple changes its security update practice, nearly half of all Mac users will be adrift without patches sometime this summer.
Understanding the Net neutrality debate: Listening to stakeholders
Lauren Weinstein
<lauren@vortex.com>
Mon, 7 May 2012 22:48:27 -0700"This paper focuses primarily on the net neutrality landscape in Canada and shows how an examination of the perspectives of Internet service providers, businesses, governments, and civil society can lead to a more informed discussion of the debate. While frequently these groups have tried to assert both their positions on net neutrality and their views about an appropriate future for the Internet, the controversial and complex nature of the debate means that progress towards reaching a consensus has been slow." http://j.mp/JShSW8 (First Monday, via NNSquad)
With Chen Guangcheng news on Twitter, China's censors lost control
Lauren Weinstein
<lauren@vortex.com>
Sun, 6 May 2012 08:36:56 -0700"'Total sea change' - Twitter and Weibo similarly became essential for journalists and overseas human rights activists who used it to pass along phone numbers and links to photographs of Chen in the hospital and of plainclothes officers keeping reporters and diplomats outside. When Chen's allies or supporters were detained, and when or if they resurfaced from police detention, word spread first on Twitter, often followed by text messages."
Re: The Power of Individual Voters to Transform Their Government
Steve Wildstrom
<steve@wildstrom.com>
Fri, 4 May 2012 16:57:38 -0400(RISKS-26.81) Mark E. Smith's attack on the process of vote counting is a political rant well short of the standards of RISKS. It asserts, with no evidence, widespread corruption among elections officials and its account of a very messy and complicated 2008 election in San Diego both glosses over facts and makes completely unsubstantiated charges. I share the concerns about voting procedures frequently discussed in RISKS posts, but these unsupported accusations do nothing to advance the case. Steve Wildstrom, steve@wildstrom.com Twitter: www.twitter.com/swildstrom Swildstrom on Facebook & LinkedIn www.wildstrom.com/steve [Steve's thoughts are also reflected in a few other comments I received. On reflection, I regret including Mark E. Smith's message in RISKS-26.81, although Steve's "unsupported" may perhaps be an overstatement in some instances. Overall, I would vastly prefer to see some sort of widespread universal enfranchisement rather than boycotting or today's pervasive selective disenfranchisements, but that might *also* be considered a political rant, so I shall not pursue it further here. PGN].
Re: The Power of Individual Voters to Transform Their Government
Martyn Thomas
<martyn@thomas-associates.co.uk>
Sat, 05 May 2012 18:15:46 +0100(Mark E Smith, RISKS-26.81) Mark E Smith > The only way to get honest elections is to refuse to vote until we do. If > you're willing to vote in elections where your vote doesn't have to be > counted and isn't verifiable, you have no leverage with which to demand > honest elections. Boycott 2012! This theme is central to the novel "Seeing" by Jose Saramago. I recommend it strongly.
"Controlling Queue Delay" published—Re: Bufferbloat
"Jim Gettys"
<jg@freedesktop.org>
May 8, 2012 7:00 AM[RE: Bufferbloat, RISKS-26.67,76, via Dave Farber's IP] Kathie Nichols and Van Jacobson published a new adaptive AQM algorithm today, which, we think, provides the missing piece to solve bufferbloat (rather than just mitigate the problem). See: http://queue.acm.org/detail.cfm?id=2209336 I highly recommend anyone working on TCP/IP networking read it, as it explains the "standing queue" phenomena by far better than I've seen before. I wrote a blog article to set a bit more context at: http://gettys.wordpress.com/2012/05/08/fundamental-progress-solving-bufferbloat/ Patches for Linux are available.
Report problems with the web pages to the maintainer