The Risks Digest

The RISKS Digest

Forum on Risks to the Public in Computers and Related Systems

ACM Committee on Computers and Public Policy, Peter G. Neumann, moderator

Volume 27 Issue 55

Thursday 17 October 2013


GPS map leads to border crossing and shooting
Scott Nicol
"The shutdown gets real for science and high tech"
Robert X. Cringely via Gene Wirchenko
"How federal cronies built—and botched—"
Serdar Yegulalp via Gene Wirchenko
Health care exchange still plagued by problems
Kelly Kennedy via Monty Solomon
How applying to college just got a lot harder
David Strom via Gabe Goldberg
Food Stamp Debit Cards Failing To Work In 17 States
Monty Solomon
Majority of Brits fail to back up their important data
Monty Solomon
"Web sites tracking users using fonts, Belgian researchers find"
Candice So via Gene Wirchenko
Smart meter deployments to double market revenue of wireless modules
Bob Frankston
"Apple's claim of unbreakable iMessage encryption 'basically lies'"
Jeremy Kirk via Gene Wirchenko
Re: "We can't let the Internet become Balkanized"
Sam Steingold
Re: Founding Fathers
Richard A. O'Keefe
Info on RISKS (comp.risks)

GPS map leads to border crossing and shooting

Scott Nicol <>
Thu, 17 Oct 2013 15:18:58 -0400
A 16-year old boy from a small town in eastern Ontario stole a car, picked
up his girlfriend and headed east. A few police chases and stolen cars
later they ended up in Sherbrooke Quebec, where they stole another car. Not
far from Sherbrooke is the US border, which they promptly crashed through
and were shot at.

Speculation as to why the kids entered the US points towards a GPS map
routing. Apparently they were headed for the Maritimes, which are the
eastern-most provinces of Canada. If you go to google maps and ask for a
routing from Sherbrooke, QC to St John, NB, all of the options go through
the US. There is a small yellow banner at the top of the directions that
reads "This route crosses through the United States".

On an android phone the warning is in small print with a yellow triangle to
the left of it. This is the same yellow triangle you see when maps warns
about tolls on a route. Once you enter navigation there appears to be no
warning at all.

If you're on the run you probably won't notice the warning regardless. But
even if you aren't on the run, it's easy enough to just click "navigate"
and then any warning disappears.

"The shutdown gets real for science and high tech" (Robert X. Cringely)

Gene Wirchenko <>
Tue, 15 Oct 2013 13:33:48 -0700
Robert X. Cringely | InfoWorld, 14 Oct 2013
Think the shutdown only hits panda cams and national parks? Hardly --
scientific research will feel impact for years to come

"How federal cronies built—and botched—" (Serdar Yegulalp)

Gene Wirchenko <>
Tue, 15 Oct 2013 13:31:23 -0700
Serdar Yegulalp | InfoWorld, 14 Oct 2013
Many contractors for site seem to have been picked
based on past government work rather than IT expertise

Health care exchange still plagued by problems (Kelly Kennedy)

Monty Solomon <>
Wed, 16 Oct 2013 23:35:41 -0400
Kelly Kennedy, *USA Today*, 16 Oct 2013

Cloud devs: We could have saved buggy
Christina Farr, VentureBeat
Oct 14 2013

Why has so many problems
Steven Bellovin, Special to CNN, 15 Oct 2013

How applying to college just got a lot harder (David Strom)

Gabe Goldberg <>
Tue, 15 Oct 2013 16:31:09 -0400
New software version flawed. Imagine!

- - ------ Original Message --------
Date: Tue, 15 Oct 2013 07:43:45 -0500
From: David Strom <>
Subject: David Strom's Web Informant: How applying to college just got a lot harder

Web Informant, 15 Oct 2013

We've all heard the stories about a broken website that was overwhelmed with
visitors and was inadequately tested. But unless you have a high school
senior in your home, you may not have heard about another website besides
the much-flogged (that I and many others wrote about). I am
talking about the common application website for college admissions.

About 500 out of the nation's several thousand colleges and universities
support this site, which allows them to eliminate paper student admissions
applications. The idea dates back to when I was applying for college, when a
common paper-based application was put in use. Later it went
digital. Trouble is, the latest version of the common app is seriously
broken and has prevented many kids from applying to the colleges of their
choice. Given the high stakes involved, it is a serious problem.

The best press coverage about the breakdown has been from Nancy Griesemer in <> where she lists work-arounds for the
students and chronicles the troubles of CommonApp, as it is known, has gone
through since they did a major overhaul this past summer. "The
implementation has been terrible," one college admissions IT director told
me. "Applicants have had difficulties in creating and completing their
application, school officials have had problems in submitting transcripts
and recommendations, and major changes in how the information is delivered
to colleges have happened without sufficient time for schools to adapt and
test their systems. We needed more lead time."

This director isn't alone: many college admissions officers vented their
frustrations at their annual meeting last month in Toronto, where some said
they couldn't get satisfactory answers from the CommonApp staff.  There were
lots of things that should have been caught before being implemented. For
example, a payment processor routine that takes two days to send a
confirmation receipt, so many kids are paying multiple times. Or a signature
page that is so well hidden that students didn't find it to sign their
apps. As a result, their apps are never delivered to the college. Or those
all-important student essays turn into gibberish under some circumstances,
due to a faulty text import routine.  Supposedly, these issues are being
fixed literally right now. It makes the site look like a
well-run place.

The CommonApp processes more than a million applications a year, and is the
only application method for about 300 schools. If you are applying early
decision to one of these, you are in a tough situation as the decision
deadlines are approaching.

Some 50 others are using another online process called the Universal College
App, including most recently Princeton. This process hasn't been plagued
with problems.

It is hard enough for high school seniors to figure out the college game
without having to become unwitting software UI and QC testers. CommonApp
needs to fix its code fast, and be more transparent about its problems in
the future.

Your comments are always welcome:

  [See also
  Noted by Monty Solomon.  PGN]

Food Stamp Debit Cards Failing To Work In 17 States

Monty Solomon <>
Wed, 16 Oct 2013 23:32:13 -0400
Walmart, Xerox Point Fingers, The Associated Press, 12 Oct 2013

People in Ohio, Michigan and 15 other states found themselves temporarily
unable to use their food stamp debit-style cards on Saturday, after a
routine test of backup systems by vendor Xerox Corp. resulted in a system
failure. Xerox announced late in the evening that access has been restored
for users in the 17 states affected by the outage, hours after the first
problems were reported. ...

Walmart, Xerox Point Fingers After Food Stamp Card Glitch Leads To
Wild Shopping Spree, Reuters, 14 Oct 2013 updated 16 Oct 2013

  [See also
    "Food stamp recipients flood Louisiana Wal-Marts after EBT glitch"
  Jessica Chasmar, *The Washington Times*, 14 Oct 2013
  Noted by Gene Wirchenko.  PGN]

Majority of Brits fail to back up their important data

Monty Solomon <>
Wed, 16 Oct 2013 23:26:27 -0400
Computer Business Review, 4 Oct 2013

Tons of individuals admitted to not storing an additional copy of digital
files.  The majority of individuals in the UK do not back up their data,
leaving themselves vulnerable to loss of important files and digital
photographs.  A new research commissioned by digital storage firm WD
revealed that many of Brits admitted to not storing an additional copy of
digital files, with most of them saying they simply are not concerned or
were unaware of how it could be done. ...

"Web sites tracking users using fonts, Belgian researchers find" (Candice So)

Gene Wirchenko <>
Tue, 15 Oct 2013 13:44:04 -0700
Candice So, *IT Business*, 11 Oct 2013
Web sites tracking users using fonts, Belgian researchers find

Smart meter deployments to double market revenue of wireless modules

"Bob Frankston" <>
October 16, 2013 at 6:02:53 PM PDT
  [from Dewayne Hendricks via Dave Farber's IP]

I can't help but worry when I read a quote like “The preference for
wireless [cellular] communication modules over wired technology is also
owed to their incredibly secured network.''

Trusting the cellular network to be secure (whatever that means) is a
problem in itself—not only are there issues with the cellular protocols
but what happens once the bits get past the towers? Depending on perimeter
security is risky in that there is no protection once there is a breach.

Of course the motivation is clear as the article states—the cellular
carriers stand to make a lot of money by charging for using their network.
Even if one doesn't depend on cellular there is the cost and complexity of
maintaining a parallel network.

All that protects content are protocols and encryption. There is nothing
magic about RF bits—any approach that can be used for wireless bits can
be used for bits over IP. Not only would using existing connectivity be far
simpler and provide us with immediate benefits, the protocols would also
offer the potential for users to have access to the data for their own use
such as managing the power usage within their homes.

Bob Frankston

Smart meter deployments to double market revenue of wireless modules
By Esme Vos
Oct 16 2013

An increase in smart meter deployments will see the global market for
wireless communication modules approximately double in value over the
coming years, jumping from $532m in 2012 to $1.3 billion in 2020, at a
compound annual growth rate (CAGR) of 12 percent, according to a new report
from research and consulting firm GlobalData.

The company's latest report states that North America, currently the
dominant player in the market for global wireless communication modules for
smart meters, will be a key driver behind the leap, with its own market
revenue expected to climb steadily from $379m in 2012 to $433.7m in 2020.

Europe will also continue to account for a considerable share of the global
market, thanks to a significant number of pilot-scale projects getting
underway across the region. The uptake of wireless communication modules in
the UK, Denmark and Ireland in particular looks promising, according to
GlobalData, and these countries are predicted to occupy an even larger
share of Europe's wireless smart meter communication market by the end of

Cellular and Radio Frequency (RF) communication modules are the two key
technologies used in smart meters for two-way data transmission. RF modules
account for an 85 percent share of the North American market, thanks to
their low cost, high bandwidth and efficient performance in industrial

Ginni Hima Bindu, GlobalData's Analyst covering Smart Grid, says: “The
preference for wireless communication modules over wired technology is also
owed to their incredibly secured network, and as a result, we expect to see
an increased take-up of wireless technology for smart meter deployments
across North America, the UK and Japan, which will continue to drive the
market over the forecast period.''

However, while the outlook for the wireless communication modules market is
largely positive, a number of challenges remain that may prevent any
further growth in global revenue.

“The problem of coverage is one of the major restraints of the market for
cellular communication modules,'' says Bindu. “For an indoor electric meter,
GPRS technology provides just 80--85 percent coverage, if the electric
meter, or other grid device, is not moved accordingly.'' ...

Dewayne-Net RSS Feed: <>

"Apple's claim of unbreakable iMessage encryption 'basically lies'" (Jeremy Kirk)

Gene Wirchenko <>
Thu, 17 Oct 2013 14:04:51 -0700
Jeremy Kirk, InfoWorld, 17 Oct 2013
A famed iPhone jailbreak software developer says Apple could easily
decrypt iMessages, despite the company's claims

Re: "We can't let the Internet become Balkanized" (Sascha Meinrath)

Sam Steingold <>
Thu, 17 Oct 2013 14:13:44 -0400
I keep wondering what is wrong with what NSA is doing.  They are a spy
agency.  They have been created to spy on everyone in the world, whether a
declared enemy or a professed "ally" (alliances do shift, so not spying on
an ally is a liability no nation can afford).

They "subverted the secure Internet protocols by inserting backdoors"?  You
mean the Internet servers run on closed-source software?  Or pre-compiled
binaries from open-source vendors which NSA compromised?  Well, as a
"netizen", I am delighted that those insecure practices will now cease.  If
an inept government bureaucracy could do that, I am sure it is being
routinely done by the criminals and terrorists all over the world. So, now
we at least have a chance to see this fixed.

They spied on US citizens, thus violating their "foreign intelligence"
charter?  Yeah, this is no good.  I would have felt much better if the same
surveillance were conducted by the FBI, not the NSA.

I actually welcome this scandal because it should bring home to people the
fact that we have lost "the expectation of privacy" battle.  Yes, we can
legislate away the US government's ability to do surveillance - but how do
you make sure that China/Russia/Iran will not do it?

Sam Steingold (

Re: Founding Fathers (Robinson, RISKS-27.51)

"Richard A. O'Keefe" <>
Thu, 17 Oct 2013 18:33:20 +1300
In Risks 27.51 (,
Paul Robinson stated or implied that
 1. The US is exceptional in having a right to bear arms.
 2. (The US founding fathers having been no dummies.)
 3. Women habitually went armed in Wyoming.
 4. Wyoming was the first state to give women the vote.
 5. 2 caused 1, which enabled 3 which caused 4.

Ad 1: The right to bear arms is in the British Bill of Rights, 1689.
      And that did not create the right, but reaffirmed it as an
      ancient right.  It's noteworthy that the Bill of Rights
      affirms this as a right of *individual* self-defence.

Ad 2: They certainly weren't.
      There are two caveats in the Bill of Rights which the framers
      of the second amendment carefully removed.
      However, the second amendment is famously difficult to interpret,
      and a case can be made that the people whose right to bear arms
      was affirmed was those who would have been called on to serve in
      the militia, namely (free, non-Amerind) men.

Ad 3: That's an empirical question I have no evidence on.
      It's not clear that more women were armed in Wyoming than in
      say Arizona, where women didn't get the vote until 1912, or
      Texas, where they didn't get it until 1918.

Ad 4: This is certainly false.  Women in New Jersey had the right
      to vote since 1776.  When Wyoming women got the vote, it was
      not a state.  Women in Pitcairn Island got the vote in 1838,
      31 years before women in Wyoming, and they had neither the
      protection of the US constitution nor the danger of rattlesnakes.

Ad 5: If women having guns got them the vote, it would be difficult to
      understand how women with guns could ever _lose_ the vote.  Yet
      they did.
      New Jersey: women got the right to vote in 1776, did vote from
                  1787, LOST the vote in 1807.
      Utah: women got the vote in 1870, and LOST the vote in 1887.
      Territory of Washington: women got the vote in 1883,
                  and LOST the vote in 1887.
      Ohio: women got the vote in 1917 and LOST it later that year.

      We would also expect that countries that limited the right to
      bear arms would extend the vote to women later.  Now the
      1918 constitution of the USSR says (Article 2, paragraph 19):
        For the purpose of defending the victory of the great
        peasants' and workers' revolution, the Russian Socialist
        Federated Soviet Republic recognizes the duty of all citizens
        of the Republic to come to the defence of their socialist
        fatherland, and it therefore introduces universal military
        training.  The honor of defending the revolution with arms
        is accorded only to the workers, and the non-working
        elements are charged with the performance of other military duties.
      This actually sounds a lot like the 2nd amendment, except for the
      restriction to "the workers".  However, article 23 makes it clear
      that this has nothing to do with defence *from* the state:
        Being guided by the interests of the working class as a
        whole, the Russian Socialist Federated Soviet Republic
        deprives all individuals and groups of rights which could
        be utilized by them to the detriment of the socialist revolution.
      So you could carry a gun in the army, but not shoot a tax collector.
      Yet the USSR gave women the vote before Michigan or Oklahoma or
      South Dakota or Texas!  Did women in Texas have no guns?

My source for these dates is
which cites C. Daley and M. Nolan (eds), Suffrage and beyond: international
feminist perspectives, Auckland University Press, Auckland, 1994.

The RISK?   The truth is out there, but so is a whole lot of self-serving
wishful thinking.   (For example, the Pill had no detectable effect on
birth rates in English-speaking countries, contra the popular mythology.)

Please report problems with the web pages to the maintainer