The Risks Digest

The RISKS Digest

Forum on Risks to the Public in Computers and Related Systems

ACM Committee on Computers and Public Policy, Peter G. Neumann, moderator

Volume 27 Issue 69

Monday 6 January 2014


IMS Health files for IPO
Deborah Peel
I Had My DNA Picture Taken, With Varying Results
Kira Peikoff via Monty Solomon
Study documents dangers of texting, dialing while driving
Marilynn Marchione via Monty Solomon
Distracted Driving and Risk of Road Crashes among Novice and Experienced Drivers
NEJM via Monty Solomon
Brainlike Computers, Learning From Experience
John Markoff via jidanni
Re: Time Travel
Gene Spafford
Prison Locker Ransomware, an upcoming malware threat in 2014
The dangers of showing your Bitcoins on TV
Danny Burstein
Through a PRISM, Darkly - Everything we know about NSA spying
Kurt Opsahl talk via Dewayne Hendricks
Snapchat will let users opt out of compromised feature
Zach Miners via Gene Wirchenko
"How did Snapchat get hacked?"
Candice So via Gene Wirchenko
"Do your PCs leak valuable intel with every Windows error report?"
Claudiu Popa via Gene Wirchenko
Re: Nuclear arming codes
John Gilmore
Doug Humphrey
Info on RISKS (comp.risks)

IMS Health files for IPO

"Dr. Deborah Peel" <>
Sun, 5 Jan 2014 20:20:46 +0000

On January 2nd , IMS Health Holdings announced it will sell stock on the New
York Stock Exchange. IMS joins other major NYSE-listed corporations that
derive significant revenue from selling sensitive personal health data,
including General Electric, IBM, United Health Group, CVS Caremark, Medco
Health Solutions, Express Scripts, and Quest Diagnostics.

* IMS buys and aggregates sensitive "prescription" records, "electronic
  medical records", "claims data", and more to create "comprehensive",
  "longitudinal" health records on "400 million" patients.

* All purchases and subsequent sales of personal health records are hidden
  from patients.  Patients are not asked for informed consent or given
  meaningful notice.

* IMS Health Holdings sells health data to "5,000 clients", including the US

* Despite claims that the data sold is "anonymous", computer science has
  long established that re-identification is easy.

* See brief 3-page paper by Narayanan and Shmatikov at: http://www.

* See Prof. Sweeney's paper on re-identifying patient data sold by states
  like WA at:

* "Our solutions, which are designed to provide our clients access to our
deep healthcare-specific subject matter expertise, take various forms,
including information, tailored analytics, subscription software and expert
services." (from IMS Health Holding's SEC filing

Quotes from IMS Health Holding's SEC
"We have one of the largest and most comprehensive collections of healthcare
information in the world, spanning sales, prescription and promotional data,
medical claims, electronic medical records and social media. Our scaled and
growing data set, containing over 10 petabytes of unique data, includes over
85% of the world's prescriptions by sales revenue and approximately 400
million comprehensive, longitudinal, anonymous patient records."  IMS buys
"proprietary data sourced from over 100,000 data suppliers covering over
780,000 data feeds globally".

How can this business model be legal?  How can companies that US citizens'
personal health data is "proprietary data", a corporate asset, and sell it?
If personal health data 'belongs' to anyone, surely it belongs to the
individual, not to any corporation that handles, stores, or transmits that

Americans' strongest rights to control personal information are our rights
to control personal health information. We have constitutional rights to
health information privacy which are not trumped by the 2001 elimination of
the right of consent from HIPAA (see: ). HIPAA is the "floor" for
privacy rights, not the ceiling. Strong state and federal laws, and medical
ethics require consent before patient data is used or disclosed. 10 state
constitutions grant residents a right to privacy, and other states
constitutions have been interpreted as giving residents a right to privacy
(like TX).

Surely FTC would regard the statement filed with the SEC as evidence of
unfair and deceptive trade practices. US patients' health data is being
unfairly and deceptively bought and sold.  Can the SEC deny IMS Health the
opportunity to offer an IPO, since its business model is predicated on
hidden purchase and sale of Americans' personal health data?

If we can't control the use and sale of our most sensitive personal
information, data about our minds and bodies, isn't our right to privacy
worthless? deb


Healthcare Business News


IMS Health files for IPO
Rachel Landen, Modern Health Care, 3 Jan 2014

Healthcare information
company IMS Health
Holdings<> is
going public.

The Danbury, Conn.-based company, which provides analytics and consulting
services to more than 5,000 clients in the healthcare sector, filed Thursday
with the Securities and Exchange
for an initial public offering of $100 million. The $100 million figure is
used to calculate registration fees with the SEC and could become upwards of
$750 million when the deal occurs, according to IPO investment firm
Renaissance Capital.

IMS Health was acquired nearly four years ago when affiliates of TPG Global,
CPP Investment Board Private Holdings and Leonard Green & Partners purchased
the company in a leveraged buyout for just under $6 billion. In the
succeeding years, IMS Health has invested approximately $587 million in 22
acquisitions, including Seattle-based software-as-a-service company Appature
and Web-based analytics company PharmaDeals.

The company plans to use the net proceeds from the IPO to repay a portion of
its long-term debt, which was approximately $4.9 million when the company
reported its most recent quarterly earnings as of Sept. 30, 2013, according
to a release from IMS Health. For the nine months ended Sept. 30, IMS Health
showed revenue of close to $1.9 billion.

JPMorgan Chase & Co., Goldman Sachs Group and Morgan Stanley are managing
the IPO. IMS Health said the company plans to apply to list its common stock
on the New York Stock Exchange using the symbol IMS.

I Had My DNA Picture Taken, With Varying Results (Kira Peikoff)

Monty Solomon <>
Sun, 5 Jan 2014 02:18:45 -0500
Kira Peikoff, *The New York Times*, 30 Dec 2013

I like to plan ahead; that much I knew about myself before I plunged into
exploring my genetic code. I'm a healthy 28-year-old woman, but some nasty
diseases run in my family: coronary heart disease, rheumatoid arthritis,
Alzheimer's and breast cancer.

So I decided to read the tea leaves of my DNA. I reasoned that it was worth
learning painful information if it might help me avert future illness.

Like others, I turned to genetic testing, but I wondered if I could trust
the nascent field to give me reliable results. In recent years, a handful of
studies have found substantial variations in the risks for common diseases
predicted by direct-to-consumer companies.

I set out to test the tests: Could three of them agree on me?

The answers were eye-opening - and I received them just as one of the
companies, 23andMe, received a stern warning from the Food and Drug
Administration over concerns about the accuracy of its product. At a time
when the future of such companies hangs in the balance, their ability to
deliver standardized results remains dubious, with far-reaching implications
for consumers. ...

Study documents dangers of texting, dialing while driving (Marilynn Marchione)

Monty Solomon <>
Sat, 4 Jan 2014 03:11:47 -0500
Marilynn Marchione |  AP Chief Medical Writer, 2 Jan 2014

A sophisticated, real-world study confirms that dialing, texting or reaching
for a cellphone while driving raises the risk of a crash or near-miss,
especially for younger drivers. But the research also produced a surprise:
Simply talking on the phone did not prove dangerous, as it has in other

This one did not distinguish between handheld and hands-free devices
-- a major weakness.

And even though talking doesn't require drivers to take their eyes off the
road, it's hard to talk on a phone without first reaching for it or dialing
a number -things that raise the risk of a crash, researchers note.

Earlier work with simulators, test-tracks and cellphone records suggests
that risky driving increases when people are on cellphones, especially
teens. The 15-to-20-year-old age group accounts for 6 percent of all drivers
but 10 percent of traffic deaths and 14 percent of police-reported crashes
with injuries.

For the new study, researchers at the Virginia Tech Transportation Institute
installed video cameras, global positioning systems, lane trackers, gadgets
to measure speed and acceleration, and other sensors in the cars of 42 newly
licensed drivers 16 or 17 years old, and 109 adults with an average of 20
years behind the wheel. ...â15

Distracted Driving and Risk of Road Crashes among Novice and Experienced Drivers (NEJM)

Monty Solomon <>
Mon, 6 Jan 2014 03:13:03 -0500
Sheila G. Klauer, Ph.D., Feng Guo, Ph.D., Bruce G. Simons-Morton, Ed.D.,
M.P.H., Marie Claude Ouimet, Ph.D., Suzanne E. Lee, Ph.D., and Thomas
A. Dingus, Ph.D.

N Engl J Med 2014; 370:54-59, 2 Jan 2014
DOI: 10.1056/NEJMsa1204142

  From the Virginia Tech Transportation Institute (S.G.K., F.G., S.E.L.,
T.A.D.) and the Department of Statistics, Virginia Polytechnic Institute and
State University (F.G.) - both in Blacksburg; the Eunice Kennedy Shriver
National Institute of Child Health and Human Development, Bethesda, MD
(B.G.S.-M.); and the University of Sherbrooke, Sherbrooke, QC, Canada



Distracted driving attributable to the performance of secondary tasks is a
major cause of motor vehicle crashes both among teenagers who are novice
drivers and among adults who are experienced drivers.


We conducted two studies on the relationship between the performance of
secondary tasks, including cell-phone use, and the risk of crashes and
near-crashes. To facilitate objective assessment, accelerometers, cameras,
global positioning systems, and other sensors were installed in the vehicles
of 42 newly licensed drivers (16.3 to 17.0 years of age) and 109 adults with
more driving experience.


During the study periods, 167 crashes and near-crashes among novice drivers
and 518 crashes and near-crashes among experienced drivers were
identified. The risk of a crash or near-crash among novice drivers increased
significantly if they were dialing a cell phone (odds ratio, 8.32; 95%
confidence interval [CI], 2.83 to 24.42), reaching for a cell phone (odds
ratio, 7.05; 95% CI, 2.64 to 18.83), sending or receiving text messages
(odds ratio, 3.87; 95% CI, 1.62 to 9.25), reaching for an object other than
a cell phone (odds ratio, 8.00; 95% CI, 3.67 to 17.50), looking at a
roadside object (odds ratio, 3.90; 95% CI, 1.72 to 8.81), or eating (odds
ratio, 2.99; 95% CI, 1.30 to 6.91). Among experienced drivers, dialing a
cell phone was associated with a significantly increased risk of a crash or
near-crash (odds ratio, 2.49; 95% CI, 1.38 to 4.54); the risk associated
with texting or accessing the Internet was not assessed in this population.
The prevalence of high-risk attention to secondary tasks increased over time
among novice drivers but not among experienced drivers.


The risk of a crash or near-crash among novice drivers increased with the
performance of many secondary tasks, including texting and dialing cell
phones. (Funded by the Eunice Kennedy Shriver National Institute of Child
Health and Human Development and the National Highway Traffic Safety
Administration.) ...

Full text


Brainlike Computers, Learning From Experience (John Markoff)

Sat, 04 Jan 2014 05:42:08 +0800
  John Markoff, *The New York Times*, online 29 Dec 2013, print 30 Dec 2013

  Palo Alto, Calif.  Computers have entered the age when they are able to
  learn from their own mistakes, a development that is about to turn the
  digital world on its head.

Yeah, well no matter how slick you make them, I bet I can always run around
their backside and put my hands over their eyes and say "guess who?"

Re: Time Travel (RISKS-27.68)

Gene Spafford <>
Fri, 3 Jan 2014 17:39:12 -0500
My time-travel experiments have always worked.  Unfortunately, I am only
able to move forward in time.

  [TNX!  You are very lucky person.  Knowing what you now know, you can
  simply leap ahead to avoid certain foreseen risks.  PGN]

Prison Locker Ransomware, an upcoming malware threat in 2014 (Sudhir K. Bansal)

"Peter G. Neumann" <>
Sat, 4 Jan 2014 9:33:36 PST
Ransomware is one of the most blatant and obvious criminal's money making
schemes out there, and increasing rapidly.  Prison Locker uses Blowfish to
encrypt all available files each with a different key.  It then encrypts all
of those keys with RSA 2048, and sends the results back to the attacker.
Sudhir K. Bansal, The Hacker News, 3 Jan 2014 [PGN-ed]

  [I note that in the middle of this item is an ad for United Airlines
  flights to Boston.  Might this be a useful clue to the source?  Or is
  United suggesting ransomware on flights, where they might charge more to
  let you OFF THE PLANE?]

    [People sometimes ask me why there is so much security-related content
    in RISKS, when I have always tried to keep a balance between safety,
    reliability, survivability, and other -ilities.  Once again, the answer
    seems to be that's where things have been focused lately.  The
    low-hanging fruit of security seems to be MUCH LOWER HANGING than that
    of safety and other RISKS concerns.  Some of you may have noticed, as is
    the case in this issue, that I always try to put the non-security items
    first in each issue—assuming there are any.  What has been rather
    startling lately is that there are sometimes no such items!  PGN]

The dangers of showing your Bitcoins on TV

Danny Burstein <>
Fri, 3 Jan 2014 16:36:58 -0500 (EST)
Summary: Bloomberg News anchor hands his fellow anchors some Bitcoin
printout/gift certificates. With all the numbers clearly visible on tv.

As [Russia Today]'s story has it:

The user, who goes by the name "milywaymasta," took to Reddit to explain
what happened.

"The guy that is hosting the series gave bitcoin gift certificates to the
other two hosts. One of them opens up the certificate to reveal QR code of
the private key," he wrote. "They then proceeded to show a closeup of the QR
code in glorious HD for about 10 seconds. Hilarious."

"I took it, it was only $20 worth. It was exhilarating nevertheless..."

-- he offered it back, and he and the anchorman laughed it through.

The risks aren't, of course, just for Bitcoin.


On a related RISK, it seems that the Russia Today website is frequently
offline courtesy of various denials of service and other attacks.
Surprisingly they've been pretty quiet about what exactly has been

Through a PRISM, Darkly - Everything we know about NSA spying (Kurt Opsahl's talk)

Dewayne Hendricks <>
January 5, 2014 at 12:50:06 PM EST
30 Dec 2013 via Dave Farber

  From Stellar Wind to PRISM, Boundless Informant to EvilOlive, the NSA
spying programs are shrouded in secrecy and rubber-stamped by secret
opinions from a court that meets in a faraday cage. The Electronic Frontier
Foundation's Kurt Opsahl explains the known facts about how the programs
operate and the laws and regulations the U.S. government asserts allows the
NSA to spy on you.

Talk given by Kurt Opsahl, Senior Staff Attorney, Electronic Frontier
Foundation (EFF)   [Video: 1:03:16 in length, very informative talk]

Snapchat will let users opt out of compromised feature (Zach Miners)

Gene Wirchenko <>
Mon, 06 Jan 2014 10:18:59 -0800
Zach Miners, InfoWorld, 3 Jan 2014
Snapchat, feeling the heat, will let users opt out of compromised feature
New controls will let people stop themselves from being searchable
based on their phone numbers

"How did Snapchat get hacked?" (Candice So)

Gene Wirchenko <>
Mon, 06 Jan 2014 11:02:28 -0800
Candice So, *IT Business*, 3 Jan 2014

"Do your PCs leak valuable intel with every Windows error report?" (Claudiu Popa)

Gene Wirchenko <>
Mon, 06 Jan 2014 11:04:03 -0800
Claudiu Popa, *IT Business*, 3 Jan 2014

Re: nuclear arming codes

<*John Gilmore*>
Friday, January 3, 2014
  [From Dave Farber]

The most detailed and authoritative (public) version is probably

By the way, this topic *is* relevant to cryptography.  Gustavus Simmons, , cryptographer at Sandia
Labs and co-founder of the IACR, was involved in the creation of the
Permissive Action Links (PALs) that prevent the bombs from arming unless
they receive the right launch code.

In fact there's an allegation that public-key crypto was invented for the
PALs, before the Stanford crowd did it:


PS: Gus Simmons was also key to making the test-ban treaties work, by
providing cryptographic protocols that allowed sensors to be placed in each
others' countries, that would report back only what the treaty allowed them
to report, with no covert channels for additional information, and
verification that the sensor packages had not been tampered with.

The cryptography mailing list <javascript:;>

Re: nuclear arming codes

<*doug humphrey*>
Saturday, January 4, 2014
  ... the Nuclear Launch Code at US Minuteman Silos Was 00000000

  [via Dave Farber]

tl;dr -> `launch codes' are a class of information that enables (when
authorized by EMERGENCY WAR ORDERS) the USE of a nuclear weapon; the drop of
a bomb, the launch of a missile, the employment of a tactical nuclear
charge, etc.  If you get these orders and codes, you are not being enabled
or ASKED to use the weapon, you are being ORDERED to use the weapon.

PAL codes are not launch codes; they are a code, input to the nuclear weapon
itself, that unlocks the nuclear weapon to move it from being a protected,
inert chunk of materials into being a real weapon that is capable of
detonation; this is all about the transfer of custodial control of a nuclear
device from the storage/maintenance/deployment forces to the operational

more detail:

On the Titan, which is referenced in the article, a launch required both
EWO (emergency war order) authentication, plus the “butterfly valve”
code in order to unlock the fuel system on the Titan to allow for a launch.

The butterfly valve is unique in its cryptologic protection; there is a
single digit number of times that it can be activated before it completely
locks up and needs a major maintenance event to replace the entire unit
(taking the missile offline for a considerable time) Crews were much warned
to be very careful entering codes.  During certain exercises the real
(non-repeating) codes were used; no launch crew ever knew how many cycles
were already on the valve.

good article that mentions the butterfly valve code here, although my belief
is that it is not stored with in the EWO safe but is instead issued from
National Command Authority with the launch authorization codes.

and THIS is VERY likely the real source for this reporters misunderstanding
of what is and is not a launch code:

In this presentation, the author misuses the term `launch code' for `PAL
code', and it seems a perfect dovetail to the journalist error.


Terrible journalism - there are about 5 google searches that will turn up
everything that anyone could want to know about all of this, PALs and
launch codes, and valve codes, and everything—but the truth is nowhere
near as spectacular.


Re: nuclear arming codes

"Peter G. Neumann" <>
Sat, 4 Jan 2014 17:12:02 PST

According to Tom Berson, “Gus tells a story, and if you know Gus, you know he
told it more than once.  Here it is, to the best of my memory.''

  One day, his manager at Sandia Laboratories stepped in to his office and
  said, "Gus, I need a random number, right now." Gus immediately replied,
  "Zero." The manager objected, "That's not a random number." Gus, "Oh, yes
  it is." Manager, "Well, it doesn't look random." Gus, "You asked for a
  random number, not a random-looking number."

Please report problems with the web pages to the maintainer