Forum on Risks to the Public in Computers and Related Systems
Volume 27: Issue 54
Wednesday 16 October 2013
- Adi Shamir Prevented from Attending Crypto and Cryptology Conferences
- An App That Saved 10,000 Lives
- Amy O'Leary via Monty Solomon
- From the Start, Signs of Trouble at Health Portal
- Pear et al. via Monty Solomon
- Deloitte IT projects plagued with troubles around the country
- Woolhouse and Healy via Monty Solomon
- Online Application Woes Make Students Anxious and Put Colleges Behind Schedule
- Lauren Weinstein
- Deutsche Telekom hopes to hide German Internet traffic from spies
- Lauren Weinstein
- "We can't let the Internet become Balkanized"
- Sascha Meinrath via NNSquad
- "Risk considerations: Tracking services monitor your every move"
- Steve Ragan via Gene Wirchenko
- Info on RISKS (comp.risks)
Adi Shamir applied for a J1 visa at the beginning of June 2013, two and one-half months early, so that he could attend the annual Crypto Conference in Santa Barbara in mid-August (which he has almost always attend for the past 32 years) and a subsequent NSA-affiliated History of Cryptography Conference—at which he was to present his paper, The Cryptology of John Nash from a Modern Perspective. As the S in RSA, and one of the most important cryptographers in the world, it would seem to be a no-brainer that he should be present for both conferences. However, he was unable to attend either, because the U.S. took exactly *four* months to send him his new visa. In his apology <http://www.fas.org/sgp/news/2013/10/shamir.html> (dated 15 Oct 2013) for not being able to attend the History of Cryptography conference, Adi notes that "I am not alone, and many foreign scientists are now facing the same situation." Because of the delay, his paper was removed from the program for the History conference. Even though his visa has now arrived long after Crypto 2013, he was reinvited to give the talk at the Cryptology History conference, it is apparently no longer possible due to other commitments. This could be some sort of egregious combination of incredible arrogance, ignorance, stupidity, personal vendetta, diplomatic blunder, and misguided attitude to International scientific collaboration, or possibly just attributable to a serious miscarriage of innate bureaucracy. In any case, the injustice is really sad, because four months for the simple nth renewal of a visa seems outrageous. Indeed, public-key cryptography might not even be with us today if Adi had not been involved with Ron Rivest and Leonard Adleman so long ago. [PGN's personal opinion]
[Note: RISKS always solicits success stories, particularly those that result from foresight, long-term planning, intelligent software development and software engineering practices, and so on. Here's one. Unfortunately, the norm seems to be that we generally run items on actual cases were the risks are either exacerbated or evidently present, as more or less dominated by the rest of this issue—because they are predominant. PGN] [Source: Amy O'Leary, *The New York Times*, 5 Oct 2013] While most start-ups feverishly track figures like the total number of users, Ron Gutman, the founder and chief executive of the health information start-up, HealthTap, is more interested in a different data point. This week, the start-up heard from its 10,000th user who said the site saved her life. "My local doctor brushed me off and told me it was anxiety without doing any tests at all," wrote one woman who turned to HealthTap after seeing her doctor. After spending two hours on HealthTap, she was told by a doctor who contributes to the site that her condition sounded like a blocked artery. She soon saw a cardiology specialist who later inserted a coronary stent. Since its founding in 2012, the site has logged nearly a billion questions and answers, from simple queries about headaches or the flu, to more complicated ones, like whether mechlorethamine is a cancer medication. Questions are then routed to a physician who is both an expert in that particular field of medicine, and who is determined by an algorithm to be likely to respond fast, Mr. Gutman said. None of that would be possible without the participation of nearly 50,000 doctors who contribute their advice free. (Every page on the site has a disclaimer saying that the site "does not provide medical advice, diagnosis or treatment.") ... http://bits.blogs.nytimes.com/2013/10/05/how-to-save-10000-lives-with-an-app-flatter-doctors/
Robert Pear, Sharon LaFraniere and Ian Austen. *The New York Times*, dated 12 Oct 2013, published 13 Oct 2013 WASHINGTON - In March, Henry Chao, the chief digital architect for the Obama administration's new online insurance marketplace, told industry executives that he was deeply worried about the Web site's debut. "Let's just make sure it's not a third-world experience," he told them. Two weeks after the rollout, few would say his hopes were realized. For the past 12 days, a system costing more than $400 million and billed as a one-stop click-and-go hub for citizens seeking health insurance has thwarted the efforts of millions to simply log in. The growing national outcry has deeply embarrassed the White House, which has refused to say how many people have enrolled through the federal exchange. Even some supporters of the Affordable Care Act worry that the flaws in the system, if not quickly fixed, could threaten the fiscal health of the insurance initiative, which depends on throngs of customers to spread the risk and keep prices low. ... http://www.nytimes.com/2013/10/13/us/politics/from-the-start-signs-of-trouble-at-health-portal.html
6 Oct 2013 http://www.boston.com/business/technology/2013/10/06/deloitte-projects-plagued-with-troubles-around-the-country/SmaXCE66SxBamlpx56FnTM/story.html Mass. IT project is latest black eye for Deloitte By Megan Woolhouse and Beth Healy | GLOBE STAFF 07 Oct 2013 http://www.bostonglobe.com/business/2013/10/06/deloitte-projects-plagued-with-troubles-around-country/gbNRcQg6yKHDS4yGVxh1RM/story.html?s_campaignâ15 State senate committee to hold hearing on troubled Deloitte unemployment system contract October 3, 2013 http://www.boston.com/business/2013/10/03/state-senate-committee-hold-hearing-troubled-deloitte-unemployment-system-contract/7XZmkCOA6AijfqkavpXmhO/story.html A thousand defects: DOR fired Deloitte in August October 3, 2013 http://www.boston.com/news/local/massachusetts/2013/10/04/thousand-defects-dor-fired-deloitte-august/hCrf5bU0o4dZ7PtcvxpOcO/story.html $54m later, state fired computer contractor By Megan Woolhouse and Beth Healy | GLOBE STAFF 04 Oct 2013 http://www.bostonglobe.com/business/2013/10/03/thousand-defects-dor-fired-deloitte-august/vVptQAuFrhmDmGoqA2aI3L/story.html?s_campaignâ15 Massachusetts, California jobless benefit claim woes both tied to Deloitte Consulting of New York 24 Sep 2013 http://www.boston.com/business/news/2013/09/24/troubled-calif-unemployment-computer-system-has-similarity-with-mass-the-consultant/uYsg1ldfnESctEHkslZY0O/story.html Mass., Calif. benefit claim woes tied to same firm By Megan Woolhouse | GLOBE STAFF 25 Sep 2013 http://www.bostonglobe.com/business/2013/09/24/troubled-calif-unemployment-computer-system-has-similarity-with-mass-consultant/sLa8QG030NnPzOsjdJNCzO/story.html?s_campaignâ15 Flawed contract for jobless claim system cost state millions By Beth Healy and Megan Woolhouse | GLOBE STAFF 19 Sep 2013 http://www.bostonglobe.com/business/2013/09/18/flawed-contract-leads-flawed-computer-system/MvKSuPSaTpJmmCrnwyW6rO/story.html?s_campaignâ15
With early admission deadlines looming for hundreds of thousands of students, the new version of the online Common Application shared by more than 500 colleges and universities has been plagued by numerous malfunctions, alarming students and parents and putting admissions offices weeks behind schedule "It's been a nightmare," Jason C. Locke, associate vice provost for enrollment at Cornell University. "I've been a supporter of the Common App, but in this case, they've really fallen down." http://j.mp/1bPUA3f (*The New York Times* via NNSquad) So, like, this is rocket science to do correctly at these volumes of transactions for relatively straightforward applications? Uh, no.
"One of Deutsche Telekom's competitors, Internet service provider QSC, had questioned the feasibility of its plan to shield Internet traffic, saying it was not possible to determine clearly whether data was being routed nationally or internationally, WirtschaftsWoche magazine reported." http://j.mp/1ajC10H (Reuters via NNSquad) What they really mean is foreign spies. Their own vast surveillance apparatus of course would have full access. No matter, it's basically impractical, as noted.
http://j.mp/1elH7hh (Slate via NNSquad) "Traditionally, that debate has featured America in the role as champion of a free and open Internet, one that guarantees the right of all people to freely express themselves. Arguing against that ideal: repressive regimes that have sought to limit connectivity and access to information. The NSA's actions have shifted that debate, alienating key Internet-freedom allies and emboldening some of the most repressive regimes on the planet. Think of it as an emerging coalition between countries that object to how the United States is going about upholding its avowed principles for a free Internet, and countries that have objected to those avowed principles all along." - - - It is my personal belief that much of the breathless foreign government hyperbole against the US relating to surveillance has little do with actual surveillance (after all, many of these countries have their own major surveillance systems, sometimes focused specifically inward to further political repression and censorship) and everything to do with pushing the abhorrent UN/ITU agenda (or similar agendas) for Internet control that would codify censorship and heavy-handed government directed dictates over Internet content and associated retribution against Internet users. China's and Russia's longstanding duplicity in these respects relating to Internet governance and censorship is particularly noteworthy.
Steve Ragan, CSO Online, 14 Oct 2013 Tracking services offer no real value to the business, but they exist on networks both large and small, and administrators are often unaware of their presence http://www.csoonline.com/article/741140/risk-considerations-tracking-services-monitor-your-every-move
Report problems with the web pages to the maintainer