The Risks Digest

The RISKS Digest

Forum on Risks to the Public in Computers and Related Systems

ACM Committee on Computers and Public Policy, Peter G. Neumann, moderator

Volume 26 Issue 82

Wednesday 9 May 2012


Nevada issues first license for a driverless car
Mark Thorson
The Campus Tsunami
David Brooks
James Morris
Living Plan IT's Urban OS
Judge: An IP-Address Doesn't Identify a Person—or BitTorrent Pirate
Torrentfreak via Monty Solomon
How "Privacy Correctness" Is Leading Us Dangerously Astray
Lauren Weinstein
Re: Fed report on that Southern California blackout
Dick Mills
FBI Wants Backdoors in Facebook, Skype and Instant Messaging
Lauren Weinstein
"Half of all Macs will lack access to security updates by summer"
Gregg Keizer via Gene Wirchenko
Understanding the Net neutrality debate: Listening to stakeholders
Lauren Weinstein
With Chen Guangcheng news on Twitter, China's censors lost control
Lauren Weinstein
Re: The Power of Individual Voters to Transform Their Government
Steve Wildstrom
Martyn Thomas
"Controlling Queue Delay" published—Re: Bufferbloat
Jim Gettys
Info on RISKS (comp.risks)

Nevada issues first license for a driverless car

Mark Thorson <>
Mon, 7 May 2012 22:51:47 -0700

Google gets the license and a red plate with the infinity symbol.

I wonder if the car can send text messages while driving.

   [Texting (and even sexting passengers in adjacent cars) should be really
   easy.  The obvious follow-up question relates to whether existing and
   prospected laws would make it illegal for such driverless cars to send
   text messages or automated cellphone messages while in motion (or even
   when stopped)???  If so, to whom does the automated ticket get sent?
   Then, what about automated ticketing for illegal turns, running red
   lights, and so on?  Automated violation detectors could certainly break
   down by causing failures of the automated driver face recognition
   software!  Perhaps new laws will be needed to require a photographically
   correct dummy face and torso of a legally registered proxy for the
   driverless vehicle.  (Of course, these issues might also have to apply to
   drone airplanes.)  PGN]

The Campus Tsunami (David Brooks)

"Peter G. Neumann" <>
Fri, 4 May 2012 6:54:16 PDT

  [One of the most potentially profound changes in education may be
  occurring, inspired by the University of Phoenix, Stanford, others, and
  now MIT and Harvard and “other elite universities''.  Avoiding
  lowest-common-denominator rote learning is clearly a major challenge, but
  dramatic possibilities exist for substantially raising the bar for a
  multitude of students and learners worldwide.  PGN

[David Brooks, The Campus Tsunami, *The New York Times*, 3 May 2012' PGN-ed]>


* What happened to the newspaper and magazine business is about to happen to
  higher education: a rescrambling around the Web.

* Many of us view the coming change with trepidation. Will online learning
  diminish the face-to-face community that is the heart of the college
  experience? Will it elevate functional courses in business and marginalize
  subjects that are harder to digest in an online format, like philosophy?
  Will fast online browsing replace deep reading?

* If a few star professors can lecture to millions, what happens to the rest
  of the faculty? Will academic standards be as rigorous? What happens to
  the students who don't have enough intrinsic motivation to stay glued to
  their laptop hour after hour? How much communication is lost—gesture,
  mood, eye contact—when you are not actually in a room with a passionate
  teacher and students?

The doubts are justified, but there are more reasons to feel optimistic. In
the first place, online learning will give millions of students access to
the world's best teachers. Already, hundreds of thousands of students have
taken accounting classes from Norman Nemrow of Brigham Young University,
robotics classes from Sebastian Thrun of Stanford and physics from Walter
Lewin of M.I.T.

Online learning could extend the influence of American universities around
the world. India alone hopes to build tens of thousands of colleges over
the next decade. Curricula from American schools could permeate those

Research into online learning suggests that it is roughly as effective as
classroom learning. It's easier to tailor a learning experience to an
individual student's pace and preferences. Online learning seems especially
useful in language and remedial education.

My guess is it will be easier to be a terrible university on the wide-open
Web, but it will also be possible for the most committed schools and
students to be better than ever.

The Campus Tsunami

May 8, 2012 3:07 PM

  [This is from Dave Farber's IP distribution, in response to an item that
  also appeared there, and is appended...  PGN]

I share Mark Stahlman's prediction (and unease) about the the explosion of
knowledge; the richest and smartest are best able to use emerging knowledge
to get richer and smarter faster. If you want to know where all this is
going, up to the end of the Universe(!), read David Deutsch's *The
Beginning of Infinity*. It is a bracing paean to Intelligence that takes
little note of what happens to any of us. Some of his followers seem to be
Ayn Rand fans--which awakened me to the collateral damage of exploding

> Yes, that is what EVERYONE is predicting (plus the part where today's
> universities become largely "outsourced" corporate R&D centers, like
> Hennessy's Stanford)—so it appears the plans are being executed!

> However, what they don't "predict," as we shift into a world of *digital*
> education, in which SOME people further distinguish themselves because they
> can literally *teach themselves* (and accrue all the benefits), what
> happens to the 30 (or 50 or 70%) of the population who don't quite "work"
> this way?
> Vocational training?  But for what?  Modern manufacturing is highly
> automated, so there are fewer and fewer "factory" jobs.
> Store clerks and burger-flippers?  With everyone shopping on the Net and
> trying to lose weight, what's the future in that?
> Rarely does anyone have the "guts" to think this all the way through.  One
> exception (?) was Michael Vlahos, then Senior Fellow at the Progress and
> Freedom Foundation, the think-tank that brought us Newt Gingrich and also
> the PFF "Aspen Summit" where the "digerati" converged starting in 1995.
> Vlahos, after trade-marking the term "Byte City," wrote an PFF White Paper
> "ByteCity -or- Life After the Big Change," which then morphed into an
> article in Washington Quarterly and then a DoD "information age" essay "The
> War After Byte City."  A book was in the works—however it never appeared
> and the original essay is not longer online.
> Vlahos segmented the USA of 2020 in to 5% "Brain Lords," 20% "Upper
> Servers and Agents," 50% "Service Workers," and 25% "The Lost."
> Perhaps he was optimistic?  Be careful what you wish for . . .
> Mark Stahlman
> Brooklyn NY

Living Plan IT's Urban OS

"Peter G. Neumann" <>
Fri, 4 May 2012 10:10:11 PDT

London is preparing to test an operating system designed to power the smart
cities of the future.  Living Plan IT has developed Urban OS, which serves
as a platform for connecting services such as water, transportation, and
energy to citizens.  "We are entering a phase when everything becomes
connected, from healthcare to transportation," says Living Plan IT CEO Steve
Lewis.  Unlike traditional operating systems, Urban OS is designed to be
extremely robust, considering critical services will be linked to the
network—even an insulin pump.  Living Plan IT plans to embed thousands of
sensors that will monitor external and internal conditions to create smart
lighting and heating systems in a newly built office block, and will test
smart lamp posts on the roads.  "They will be talking to each other,
producing their own energy, raising lighting levels when cars are coming,
and monitoring the movement of traffic," Lewis says.  Living Plan IT also
will test other technologies with the platform, such as smart vests that
have microsensors embedded in them to monitor heart rates and other vital

Judge: An IP-Address Doesn't Identify a Person—or BitTorrent Pirate

Monty Solomon <>
Thu, 3 May 2012 09:17:54 -0400

A landmark ruling in one of the many mass-BitTorrent lawsuits in the US has
suffered a severe blow to a thus far lucrative business. Among other things,
New York Judge Gary Brown explains in great detail why an IP-address is not
sufficient evidence to identify copyright infringers. According to the Judge
this lack of specific evidence means that many alleged BitTorrent pirates
have been wrongfully accused by copyright holders. ...

Furious judge decries "blizzard" of copyright troll lawsuits

New York judge blasts trolls' practices, recommends banning mass
bittorrent lawsuits in the district

  [No real surprise here to RISKS readers, but nice to see risks-aware
  judge.  PGN]

How "Privacy Correctness" Is Leading Us Dangerously Astray

Lauren Weinstein <>
Sat, 5 May 2012 11:44:14 -0700

      How "Privacy Correctness" Is Leading Us Dangerously Astray

You're probably familiar with the term "politically correct" and its
ramifications.  Simply stated, "political correctness" relates to the
narrowing of discussions, often by focusing on specific examples of
"violations" (in a range of circumstances) that in reality do not have
notable intrinsic, relevant, or significant impacts.

Political correctness can be purposely used as a weapon to manipulate
debates, or it can be the result of genuine confusion regarding the actual
facts of a situation. Frequently, political correctness issues involve both
of these facets.

As we look at the almost daily parade of supposed "privacy problems" that
splash across the Web and other media, followed by calls for investigations,
massive fines, and sometimes large-scale governmental interventions—a
fundamental question arises.

To what extent are we concerned about actual, important, substantive privacy
concerns, and conversely, to what degree are we engaging in—perhaps to
coin a phrase in this context—unwise, counterproductive, manipulative,
and even potentially dangerous "privacy correctness."

At first glance, it might appear that the seeming sheer complexity of the
technology surrounding privacy these days would make such determinations

Cookies and Flash, JavaScript and AJAX, encryption and targeted ads.  And so
on.  How can anyone be expected to untangle all this in terms of privacy

In reality though, the complex nature of these technologies—many of which
are key to providing and helping to pay for services that users have come to
expect, usually without charge—offers a clue that we may be spending our
time looking in the wrong places.

One thing we can be absolutely sure about is that new, even more complex
technologies—many of which may have privacy-related ramifications—will
be arriving almost continually.  To assume that everyday users of the Web
and other environments will have the time or inclination to understand the
functioning and external relationships of these underlying mechanisms seems
unrealistic at best.

In fact, as we've seen in recent cases involving Google and their use of Web
cookies ( [Lauren's Blog] ) and collection of unencrypted
Wi-Fi data ( [Lauren's Blog] ), even hard-core techies
and experts on these systems may at times become enmeshed in "privacy
correctness" quandaries, with various forces insisting that particular
actions represent serious privacy violations, while other observers see only
insignificant transgressions or none at all.

Cookies and Wi-Fi have been around for many years.  What of new technologies
coming down the line?  Are we going to go through these battles individually
and repeatedly, expecting consumers to incorporate such ever more intricate
complexities in their various combinations into their routine Internet usage

And what of the impacts that considerations of genuine privacy concerns,
vis-a-vis "privacy correctness," will have on issues of great import to
society at large, such as calls for vast communications surveillance
regimes, expansive cybersecurity legislation, and so on?

There are some guidelines that I use in my own analysis of these issues
today, that may be generally useful in these respects.

First, like it or not, what's public is public.  I say this a lot, and many
people don't really like the idea, but that doesn't change the underlying

It is foolhardy to pretend that something already out in the public sphere,
especially (but not necessarily) on the Internet, can then somehow be
effectively restricted or controlled.  Trying to convince people otherwise
is quintessential "privacy correctness" and can dangerously lead to false
assumptions about what information is or is not actually available publicly.

Efforts to restrict information that is already public, ranging from
governmental data, to photographs easily taken from municipal streets, to
unencrypted Wi-Fi signals, can only serve to harass legitimate and innocent
usage, while "bad players" will find ways to continue essentially
unencumbered.  Public is public.  Period.

But what about data that isn't public, that has been shared with individual
entities perhaps?  This is the category that sheds light on what I would
call true privacy problems, in contrast to generally false "privacy
correctness" issues.

Except where absolutely mandated by law, when personal information provided
to or collected by one organization is sold or otherwise provided to another
organization without the explicit permissions of the persons involved, a
significant privacy violation may well have occurred.

Health information, financial transaction data, communications addressing
and contents, Web search activities, and so on—these are all types of
data that users have a right to expect will routinely stay in the hands of
the entities they've chosen to trust.  Genuine violations of that trust,
allowing user data to flow to third parties without user permissions or
valid court orders, can be devastating to users and ultimately to the
organizations involved as well.

On the other hand, cavil complaints about complex Web cookie handling,
especially in the course of providing services that users have requested,
and in the face of contradictory and confusing technical specifications,
appears to fall squarely back into the realm of disingenuous "privacy
correctness" machinations.

I mentioned trust earlier.  In the final analysis, trust is a cardinal
aspect of our dealings in all aspects of our lives, online and offline.

On the Internet, on the Web, if we trust the organizations that we've chosen
to patronize—whether we're paying for their services or not—it makes
little sense to endlessly engage in an attempted micromanagement of their
underlying cookies, JavaScript, or other rapidly evolving technologies, or
to play a fundamentally exploitative form of "gotcha" when technical lapses
occur that do not have actual privacy-damaging characteristics as I noted

And if you don't trust a firm enough to accept this, perhaps you should
consider taking your business elsewhere.  If you insist on assuming that
most Web businesses are fundamentally evil, and can't be trusted regardless
of how well behaved they are today, then perhaps you should consider, for
your own peace of mind, not using the Internet at all.

Or, we can endeavor to see beyond the specious premises of "privacy
correctness," and concentrate instead on actual, genuine privacy problems
that are deserving of our serious attention.

What may seem at first to be "correct"—isn't always right.

Lauren Weinstein (
People For Internet Responsibility:
Data Wisdom Explorers League:
Network Neutrality Squad:  Tel: +1 (818) 225-2800

Re: Fed report on that Southern California blackout (Burstein, R-26.81)

Dick Mills <>
Sun, 6 May 2012 09:51:55 -0400

The FERC report specifically mentioned the similarities in causes between
the 2011 blackout in California and the 2003 blackout in the Northeast that
affected 50 million people.  Can't we ever learn?

In 2003 in Ohio, they still relied on human operators to "dispatch around"
trouble to relive overloads and to keep the state within security constraint
boundaries.  In Ohio, the operators even had to make phone calls to
neighboring areas to marshal resources. That takes hours.  Adequate response
was needed in just minutes.

Since the 1970s the State of New York decided that incorporating security
constraints into dispatch needed to be automated.  The New York grid,
including New York City, was the most constrained and difficult to operate
grid anywhere. They implemented automated security constrained dispatch that
responds to contingencies in minutes rather than hours.  Human operators are
not required to "dispatch around" problems.  Since then, the New York Power
Pool (today the NYISO) continually expanded and refined that software, all
the while maintaining full automation of the critical real time portions.

In RISKS-26.81, Burstein said "had operators reviewed and heeded their Real
Time Contingency Analysis results prior to the loss of the APS line, they
could have taken corrective actions, such as dispatching additional
generation or shedding load, to prevent a cascading outage."  If correct,
that suggests continued reliance on human operators in California.

It baffles me why automated security constrained dispatch has never been
mandated everywhere.  Continued reliance on human operators to respond to
highly complex grid security considerations is far from industry best
practice.  It seems plain to me that the 2003 blackout would have been
nipped in the bud if Ohio had software similar to New York's.  I'm less
familiar with California but perhaps the same is true there.

FBI Wants Backdoors in Facebook, Skype and Instant Messaging

Lauren Weinstein <>
Fri, 4 May 2012 11:51:47 -0700   (CNET, via NNSquad)

  "CNET learns the FBI is quietly pushing its plan to force surveillance
  backdoors on social networks, VoIP, and Web e-mail providers, and is
  asking Internet companies not to oppose a law making those backdoors

This is not new.  It also continues to be (a) utterly unacceptable, and
(b) ultimately useless

"Half of all Macs will lack access to security updates by summer"

Gene Wirchenko <>
Tue, 08 May 2012 09:16:52 -0700
  (Gregg Keizer)

Gregg Keizer, IT Business
Half of all Macs will lack access to security updates by summer
Mountain Lion's impending debut means Apple will stop supporting Snow
Leopard, unless it changes a decade-old habit

Unless Apple changes its security update practice, nearly half of all
Mac users will be adrift without patches sometime this summer.

Understanding the Net neutrality debate: Listening to stakeholders

Lauren Weinstein <>
Mon, 7 May 2012 22:48:27 -0700

  "This paper focuses primarily on the net neutrality landscape in Canada
  and shows how an examination of the perspectives of Internet service
  providers, businesses, governments, and civil society can lead to a more
  informed discussion of the debate. While frequently these groups have
  tried to assert both their positions on net neutrality and their views
  about an appropriate future for the Internet, the controversial and
  complex nature of the debate means that progress towards reaching a
  consensus has been slow."  (First Monday, via NNSquad)

With Chen Guangcheng news on Twitter, China's censors lost control

Lauren Weinstein <>
Sun, 6 May 2012 08:36:56 -0700

  "'Total sea change' - Twitter and Weibo similarly became essential for
  journalists and overseas human rights activists who used it to pass along
  phone numbers and links to photographs of Chen in the hospital and of
  plainclothes officers keeping reporters and diplomats outside.  When
  Chen's allies or supporters were detained, and when or if they resurfaced
  from police detention, word spread first on Twitter, often followed by
  text messages."

Re: The Power of Individual Voters to Transform Their Government

Steve Wildstrom <>
Fri, 4 May 2012 16:57:38 -0400

Mark E. Smith's attack on the process of vote counting is a political rant
well short of the standards of RISKS.  It asserts, with no evidence,
widespread corruption among elections officials and its account of a very
messy and complicated 2008 election in San Diego both glosses over facts and
makes completely unsubstantiated charges.

I share the concerns about voting procedures frequently discussed in RISKS
posts, but these unsupported accusations do nothing to advance the case.

Steve Wildstrom, Twitter:
Swildstrom on Facebook & LinkedIn

  [Steve's thoughts are also reflected in a few other comments I received.
  On reflection, I regret including Mark E. Smith's message in RISKS-26.81,
  although Steve's "unsupported" may perhaps be an overstatement in some
  instances.  Overall, I would vastly prefer to see some sort of widespread
  universal enfranchisement rather than boycotting or today's pervasive
  selective disenfranchisements, but that might *also* be considered a
  political rant, so I shall not pursue it further here.  PGN].

Re: The Power of Individual Voters to Transform Their Government

Martyn Thomas <>
Sat, 05 May 2012 18:15:46 +0100
  (Mark E Smith, RISKS-26.81)

Mark E Smith
> The only way to get honest elections is to refuse to vote until we do. If
> you're willing to vote in elections where your vote doesn't have to be
> counted and isn't verifiable, you have no leverage with which to demand
> honest elections. Boycott 2012!

This theme is central to the novel "Seeing" by Jose Saramago. I recommend it

"Controlling Queue Delay" published—Re: Bufferbloat

"Jim Gettys" <>
May 8, 2012 7:00 AM

  [RE: Bufferbloat, RISKS-26.67,76, via Dave Farber's IP]

Kathie Nichols and Van Jacobson published a new adaptive AQM algorithm
today, which, we think, provides the missing piece to solve bufferbloat
(rather than just mitigate the problem).


I highly recommend anyone working on TCP/IP networking read it, as it
explains the "standing queue" phenomena by far better than I've seen before.

I wrote a blog article to set a bit more context at:

Patches for Linux are available.

Please report problems with the web pages to the maintainer