Please try the URL privacy information feature enabled by clicking the flashlight icon above. This will reveal two icons after each link the body of the digest. The shield takes you to a breakdown of Terms of Service for the site - however only a small number of sites are covered at the moment. The flashlight take you to an analysis of the various trackers etc. that the linked site delivers. Please let the website maintainer know if you find this useful or not. As a RISKS reader, you will probably not be surprised by what is revealed…
US National Transportation Safety Board (NTSB) released results of their investigation into the October 31, 2014 crash of SpaceShipTwo near Mojave, California. This was a commercial space vehicle built for Virgin Galactic which broke up during a rocket powered test flight, seriously injuring the pilot and killing the co-pilot. NTSB abstract, including findings, probable cause and recommendations: http://www.ntsb.gov/news/events/Pages/2015_spaceship2_BMG.aspx We can download NTSB conclusions here: (6 page PDF) http://www.ntsb.gov/news/events/Documents/2015_spaceship2_BMG_abstract.pdf My summary: When a project is damned expensive, having a rush job, and cutting costs, can lead to higher risk of something going haywire, and much more expensive consequences when it does so. In this case they cut corners on test pilot training, and hazard analysis. The FAA caught them at it, issued mitigation requirements, but failed to follow-up to see if they were paying attention to what the FAA had requested, which they were not. Rescue for the injured pilot was delayed, thanks to rescue helicopters not pre-positioned nearby on standby. In my former day job, when we were designing new packages, I often suggested that we have our auditors check whether the audit trails and accounting controls were adequate. This request always denied. The NTSB has observed a similar need in the design of commercial space craft. Once something has been manufactured with flaws, it is too expensive to fix it. So safety consultants ought to be involved at the design state. A criticism of top level officialdom is that to find someone with relevant experience, people are hired from the companies to be regulated, then after their public service they go back to the same place, so their government impartiality is doubted. FAA has an opposite system for commercial spacecraft inspection. They have people on the payroll with relevant experience, but instead they send inspectors who know nothing about what they are looking at. The above links have more detail. NTSB periodically comes out with reports on other investigations, which can be viewed here: http://www.ntsb.gov/news/press-releases/Pages/default.aspx The NTSB has the job of investigating transportation mishaps such as pipe lines blowing up. There is no government mandate that anyone heed their suggestions on what to do differently to prevent history from repeating. Mainstream News Media (MSM) tells us lots of uninformed speculations about a disaster right after it happens, but is seldom interested in the results of the investigations, when they come out a year or so later. I am glad NTSB investigates such events, as opposed to NASA USAF & other competitors whose bias , how they do things, can get in the way of good evaluation of what makes most sense for other operators.
According to July 2015 Crisis Response Journal Newsletter http://us6.campaign-archive1.com/?u.46095993&id0ae6e0369&e¦8295491f from FireNet International Ltd: The European Aviation Commission published a report on Germanwings Flight 9525 incident, from a task force led by the <http://crisis-response.us6.list-manage.com/track/click?u.46095993&id¯16e4228c&e¦8295491f> European Aviation Safety Agency (EASA). That's the airline crash in which one pilot went to the bathroom, then got locked out of the cockpit, while the other one allegedly had suicide by crashing the plane into a mountainside. News reports indicated that the suicide perpetrator had had medical treatment which should have warned the airline, but privacy laws interfered, so there is an apparent need for a better balance between privacy of the individual, and public safety. Here is link to that GermanWings Flight 9525 (500 k PDF) crash report, and additional info: https://www.easa.europa.eu/newsroom-and-events/news/report-task-force-germanwings-flight-9525-european-commission
Nothing here surprising.... except I'm surprised (and disappointed) that this is the *first* time the FDA has taken this action. It seems highly unlikely that this is the only device subject to these sorts of attacks. "The federal government says health care facilities should stop using Hospira's Symbiq medication infusion pump because of its vulnerability to hacking. The Food and Drug Administration said Friday it's the first time it has warned caregivers to stop using a product because of a cybersecurity risk." [...] "Earlier this year the FDA and the Homeland Security Department's Industrial Control Systems-Cyber Emergency Response Team issued warnings about potential vulnerabilities of Hospira's LifeCare PCA 3 and PCA5 pumps. The company says newer products have additional protection against potential breaches. The company says its Plum 360 infusion pumps, which went on sale in January, don't have the same vulnerability." (But do they have other vulnerabilities? Probably!) http://www.stltoday.com/business/local/citing-hacking-risk-fda-says-hospira-pump-shouldn-t-be/article_ff050ace-44fc-5c31-8419-0359fc7a46f8.html
It's a freakin' gun! Change your freakin' default password! http://www.wired.com/2015/07/hackers-can-disable-sniper-rifleor-change-target/
FYI—The "walking back" last week by Chertoff and his Group with respect to Comey's hackdoor proposals) raises suspicions that NSA doesn't find crypto quite so challenging as the FBI does. NSA's recent tampering with RNG's makes one wonder about possible NSL's to Intel/AMD/ARM, etc. As the BBC article below indicates, hardware tampering at the source is a well-trodden path for the NSA&GCHQ. http://www.bbc.com/news/uk-33676028 How NSA and GCHQ spied on the Cold War world Gordon Corera, BBC News, 28 July 2015 American and British inte(lligence used a secret relationship with the founder of a Swiss encryption company to help them spy during the Cold War, newly released documents analysed by the BBC reveal. The story of the German Enigma machine is well-known - a device built to provide secure communications but which British code-breakers managed to crack at Bletchley Park. But there is another story - not fully told until now - about what came after [that]. The demand for machines like Enigma grew after the end of the World War Two. And one private company led the way in meeting that demand. That company, founded by a man called Boris Hagelin, was called Crypto AG. Hagelin had helped supply the US Army during the War before moving his business from Sweden to Switzerland. Crypto AG sold its machines around the world, offering security. But what customers did not know was that Hagelin himself had come to a secret agreement with the founding father of American code-breaking, William F Friedman. Reports of a deal have circulated before. In the 1980s, the historian James Bamford was researching his book The Puzzle Palace about the US National Security Agency (NSA) and came across references to the "Boris project" in Friedman's papers. The NSA promptly had the papers locked up in a vault. In 1995, journalist Scott Shane, then at the Baltimore Sun, found indications of contacts between the company and the NSA in the 1970s, but the company said claims of a deal were "pure invention". The new revelations of a deal do not come from a whistleblower or leaked reports, but are buried within 52,000 pages of documents declassified by the NSA itself this April and investigated by the BBC. Top-secret report The relationship was based on a deep personal friendship between Hagelin and Friedman, forged during the War. The central document is a once top-secret 22-page report of a 1955 visit by Friedman to Zug in Switzerland, where Crypto AG was based. Some elements of the memo have been redacted - or blacked out - by the NSA. But within the released material, are two versions of the same memo, as well as a draft. Each has different parts redacted. By placing them side by side and cross referencing with other documents, it is possible to learn many - but not all - details. The different versions of the report make clear Friedman - described as special assistant to the director, NSA - went with a proposal agreed not just by US, but also British intelligence. Friedman offered Hagelin time to think his proposal over, but Hagelin accepted on the spot. Different versions of the report: Full text of redacted version https://www.nsa.gov/public_info/_files/friedmanDocuments/CorrespondenceMemorandaandPersonnelFileRecords/FOLDER_117/42035009107382.pdf Full text of differently redacted version https://www.nsa.gov/public_info/_files/friedmanDocuments/ReportsandResearchNotes/FOLDER_109/41741409078064.pdf The relationship, initially referred to as a "gentleman's agreement", included Hagelin keeping the NSA and GCHQ informed about the technical specifications of different machines and which countries were buying which ones. The provision of technical details "is a revelation of the first order," says Paul Reuvers, an engineer who runs the Crypto Museum website. "That's extremely valuable. It is something you would not normally do because the integrity and secrecy of your own customer is mandatory in this business." Machine specifics key The key to breaking mechanical encryption machines - such as Enigma or those produced by Hagelin - is to understand in detail how they work and how they are used. This knowledge can allow smart code breakers to look for weaknesses and use a combination of maths and computing to work through permutations to find a solution. In one document, Hagelin hints to Friedman he is going to be able "to supply certain customers" with a specific machine which, Friedman notes, is of course "easier to solve than the new models". Previous reports of the deal suggested it may have involved some kind of backdoor in the machines, which would provide the NSA with the keys. But there is no evidence for this in the documents (although some parts remain redacted). Rather, it seems the detailed knowledge of the machines and their operations may have allowed code-breakers to cut the time needed to decrypt messages from the impossible to the possible. The relationship also involved not selling machines such as the CX-52, a more advanced version of the C-52 - to certain countries. "The reason that CX-52 is so terrifying is because it can be customised," says Prof Richard Aldrich, of the University of Warwick. "So it's a bit like defeating Enigma and then moving to the next country and then you've got to defeat Enigma again and again and again." Some countries - including Egypt and India - were not told of the more advanced models and so bought those easier for the US and UK to break. In some cases, customers appear to have been deceived. One memo indicates Crypto AG was providing different customers with encryption machines of different strengths at the behest of Nato and that "the different brochures are distinguishable only by 'secret marks' printed thereon". Historian Stephen Budiansky says: "There was a certain degree of deception going on of the customers who were buying [machines] and thinking they were getting something the same as what Hagelin was selling everywhere when in fact it was a watered-down version." Among the customers of Hagelin listed are Egypt, Iraq, Saudi Arabia, Syria, Pakistan, India, Jordan and others in the developing world. In the summer of 1958, army officers apparently sympathetic to Egyptian President Gamal Abdel Nasser overthrew the regime in Iraq. Historian David Easter, of King's College, London, says intelligence from decrypted Egyptian communications was vital in Britain being able to rapidly deploy troops to neighbouring Jordan to forestall a potential follow-up coup against a British ally. The 1955 deal also appears to have involved the NSA itself writing "brochures", instruction manuals for the CX-52, to ensure "proper use". One interpretation is these were written so certain countries could use the machines securely - but in others, they were set up so the number of possible permutations was small enough for the NSA to crack. In the 1955 memo, Friedman told Hagelin he was well aware of the businessman's "disinclination" to be paid as part of the deal. However, Hagelin went on, according to the memo, to express his gratitude to the NSA for "what we had done and were continuing to do for various member of his family". This included intervening to ensure a son-in-law had his active duty status in the US Air Force retained and a cousin of Hagelin's wife seemingly being employed at the NSA. Crypto AG chief executive, Giulliano Otth refused to comment on the "intense private dialogue on various personal and professional subjects" that had grown out of the friendship between Friedman and Hagelin in the 1950s. The company now "enjoys an excellent reputation with all its customers", and the algorithms used in its modern products gave customers exclusive control, he told the BBC. "That is why it is technically impossible for third parties to exert influence. Not even Crypto AG has access," he said. In a statement, a GCHQ spokesman said the agency "does not comment on its operational activities and neither confirms nor denies the accuracy of the specific inferences that have been drawn from the document you are discussing". "The documents... should be read against a background in which the UK, the US and their allies faced the likelihood of open hostilities with the Soviet bloc," he added. The NSA also declined to comment on the specific conclusions. But its associate director for policy and records, Dr David Sherman, told the BBC: "It is not surprising to me that [the US and UK] would be very concerned about the security of the communications of those West European countries - [and] want to know what systems they might be using so that the now sensitive communications of the Nato alliance are not vulnerable to penetration by the Soviet Union. "And simultaneously I think they are very concerned not to allow what we now call strong encryption - powerful encryption products and machinery - to fall into the hands of their adversaries including the Soviet Union and others." You can listen to Document: The Crypto Agreement on BBC Radio 4 at 16:00 BST on 28 July.
FYI—Chertoff at the University of Delaware, 11 Feb 2015: "we probably should not make it a legal requirement that companies maintain an ability to decrypt encrypted communications" "as a society we generally do not take the view that it's the responsibility of the citizen to make life easy for the police" "Targeted is good; indiscriminate is probably not good." [Transcription below done by myself from the YouTube video.] https://www.youtube.com/watch?v=3MkFO6EALI8 "Security expert Michael Chertoff discusses cybersecurity challenges, solutions" Published on 11 Feb 2015 Noted security expert Michael Chertoff, who served as secretary of the U.S. Department of Homeland Security from 2005-2009, delivered the first University of Delaware Cybersecurity Initiative Distinguished Lecture on Feb. 10, 2015. Visit http://www.udel.edu for more info. 53:08-58:44 Q: So it makes a lot of sense that risk management should be trust-based and collaborative, and yet we've seen in very recent history a push from the government for the criminalization of crypto, between statements from the President and the Department of Justice, they've made anti-encryption statements, and we've also seen the recent history of the government pushing Silicon Valley operations like Skype to put vulnerabilities in their software, so my question is: 'why should citizens cooperate with the government that only wants its people to have personal cybersecurity when it's convenient ?' Chertoff: So I think that's a fair question. And I want to begin by saying a lot of these issues are debatable and it's also true that the folks who are focused on having maybe limits on crypto or want to have the capability to get into systems, are actually often performing a different function from those who are trying to defend systems, but I do think that what you point out, and I think the discussion is beginning now, is we need perhaps to rethink comprehensively some of the strategic trade-offs about what we do on the offensive side and the defensive side. So I'm going to give you a personal opinion, here. Everything I've said is a personal opinion, but I think that I've wrestled with the question about whether we ought to restrict the ability to encrypt, as a number of companies are now in the process of debating. And if we were to be a bit more precise, 'should we require companies that are in the business of managing and running networks to have a back door or to retain the capability to get into encrypted data apart from the sender and the recipient?'. This is, by the way, a recapitulation of a debate back in the 90's about something that was called "Carnivore" which was a requirement about what was then a concern about some of the communications technology. I guess I've come to the conclusion that we probably should not make it a legal requirement that companies maintain an ability to decrypt encrypted communications. And I say that for two reasons. I understand that there will be a cost to the government if you get a device and you can't decrypt it and the company can't decrypt it and the person who owns the device is not going to cooperate. So I accept that that's a cost in security. But I think as a society we generally do not take the view that it's the responsibility of the citizen to make life easy for the police. Otherwise, we would simply give everybody a body camera and say you gotta wear this all the time and record everything you do so when you commit a crime it's easy to convict you. So I'm not minimizing the security challenge, but I think that as a society, we probably don't want to go that far. There's a practical issue, too, which is: someone out there is going to make a capability or device that's encrypted that doesn't have an accessible opportunity for the person running the network to get at the—to decrypt the data. All that's going to happen is the bad guys are going to go to that, and they're going to have the protection anyway, and the good guys are going wind up without that protection, and some greater vulnerability. On the issue of, again, implanting vulnerabilities, again I think strategically it's a bad idea for this country if it were to say for example, let's create a vulnerability and insert it in software that's generally available or generally made part of the marketplace. Again, because I think we wind up—although it's an easier way to get stuff. I think we wind up hurting our values and frankly hurting our interests, our economic interests, in basically saying our software and hardware is not as secure as it could be because we've deliberately made it insecure. Now, by the way, I separate that from, you know, if I knew a particular device was going to be delivered to the bomb-maker in Yemen who's, you know, working for Al Quaeda, I'd be perfectly happy to put a vulnerability in that device. But that would be targeted. I think we need to treat creating vulnerabilities in the same way we talk about doing things in the physical world. Targeted is good; indiscriminate is probably not good. Again, I acknowledge the fact these are hard decisions, and I've been in the law enforcement community one way or another in the last 25-30 years, and a lot of my colleagues probably would disagree with me, but again I do think we—one thing that cyber challenges you to do is to recognize that you got to look at 360 degrees of the problem. All too often, people are very well meaning, but they have a particular mission, and what they do is, I'm going to accomplish this mission and that's all I want to do. The job of our political leadership and the people at the very top of organizations is always to say wait, before we do this, let's look at all the dimensions, pluses and minuses, and make a strategic decision across the entire spectrum of our national interests, which include our civil liberties, our economics and our security interests, about where to draw the balance. And so, I think this is going to be part of again what we want to discuss academically.
Apparently the *disappeared* item noted in RISKS-28.82 returned: *WaPo* says Clarification: Due to a production error, a version of this column was temporarily posted prematurely before the editing process was complete. https://www.washingtonpost.com/opinions/the-need-for-ubiquitous-data-encryption/2015/07/28/3d145952-324e-11e5-8353-1215475949f4_story.html?hpid=z3 Premature emission of information? Ah, yes, premature release seems to happen occasionally, including to an article I was involved in, which accidentally was released before its embargoed time.
http://www.nytimes.com/2015/07/31/business/in-microsofts-nokia-debacle-a-view-of-an-industrys-feet-of-clay.html The technology business is especially vulnerable to rapid, unforeseen transformation, sometimes leading to the mass extinction of giant companies.
Windows XP just can't get to its end-of-life fast enough What does an electronic safe and a undersea fiber optic cable-laying ship have in common? Both are still using Windows XP as their underlying operating system. As Microsoft releases Windows 10 this week and we start getting those annoying upgrade messages, it might be amusing to note exactly how hard it is to rid XP from the entire world. Killing off kudzu is probably easier. http://blog.strom.com/wp/?pI29
TheNextWeb via NNSquad http://thenextweb.com/microsoft/2015/07/30/windows-10-steals-your-bandwidth-to-send-other-people-updates/ Windows 10 launched on July 29 to much fanfare—it's a free upgrade for Windows 7, 8 and 8.1 users—but along with the privacy issues, there's another small thing you should check: by default, Windows 10 uses your Internet connection to share updates with others across the Internet. Without your affirmative permission in advance, this is *stealing* bandwidth.
Windows 10 has introduced Wifi Sense - which will - by default - share your wifi passwords amongst your visiting friends and relatives, including unknown strangers sitting in a car outside your house. https://nakedsecurity.sophos.com/2015/07/01/windows-10-wi-fi-sense-feature-shares-your-wi-fi-network-with-your-friends/ "The feature, which can automatically accept a Wi-Fi network's terms and conditions and provide your name, email address or phone number on your behalf, also allows you to share access to password-protected Wi-Fi networks with Outlook.com and Skype contacts, as well as Facebook friends (via an opt-in), all on a per-service rather than per-person basis." This is automatically configured if you choose Express Install. Astonishingly this will be an 'opt-out' feature - if you are savvy enough to realise and understand what the risks are. What could possible go wrong? Well a point missed by most reviewers is that Microsoft will establish a truly enormous database of ip addresses, email addresses, and passwords etc. - just asking to be hacked or reverse engineered.
FYI—Microsoft's new cloud facility in Bluffdale, UT, appears to be fully operational. Windows 10: the operating system only James Comey and Theresa Wright could love. Windows 10 is free; free of any pretense at privacy. 'the operating system immediately syncs settings and *data* to the company's servers' 'Cortana also learns about you by collecting data about how you use your device and other Microsoft services, such as your music, alarm settings, whether the lock screen is on, what you view and purchase, your browse and Bing search history, and *more*' Yes, but wait, there's "more" ! “Microsoft collects your voice input, as well as your name and nickname, your recent calendar events and the names of people in your appointments, and information about your contacts.'' “Windows 10 automatically encrypts the drive ... and generates a BitLocker recovery key. That's backed up to your OneDrive account.'' Right where James Comey can find it. http://thenextweb.com/microsoft/2015/07/29/wind-nos/
http://www.nytimes.com/2015/08/01/world/asia/us-decides-to-retaliate-against-chinas-hacking.html The Obama administration decided a response was needed after the Chinese stole data on 20 million Americans from the Office of Personnel Management.
http://arstechnica.com/security/2015/07/group-that-hacked-anthem-shared-weaponized-0-days-with-rival-attackers/
[It's only fair—you watch TV, it watches you.] We've never heard of Inscape before, but as explained in the S-1 Vizio filed today, it's based on ACR (automatic content recognition) software licensed from a third party, and viewers can opt-out of participating in it while maintaining other connected features. That's actually fairly common in modern TVs, and others like LG and Samsung have already rolled out features based on the tech to do things like integrate with TV shows, or display ads based on what the TV is showing. ACR software recognizes the video being displayed, matches it up and phones home the data. According to Vizio, its Inscape platform can pull some 100 billion anonymized datapoints from 8 million of its connected TVs every day. That kind of data can be used for ratings, and is valuable to both advertisers and content providers. http://www.engadget.com/2015/07/24/vizio-ipo-inscape-acr/ [Henry Baker found similar items: http://www.vizio.com/news/cat/news/post/vizio-files-registration-statement-for-initial-public-offering-of-class-a-common-stock/ http://www.sec.gov/Archives/edgar/data/1648158/000119312515262817/d946612ds1.htm PGN]
http://arstechnica.com/security/2015/07/ownstar-researcher-hijacks-remote-access-to-onstar/
https://www.techdirt.com/articles/20150725/14510131761/study-spains-google-tax-news-shows-how-much-damage-it-has-done.shtml However, the really telling part of the report is that this law that was passed in the name of helping news publications, ended up doing tremendous harm to many online publications—especially smaller sites that frequently (and happily) relied on Google News and other aggregators for a significant amount of traffic. The report points out that it wasn't just Google News that shut down because of this law: a whole bunch of local Spanish aggregators shut down themselves, switched business models entirely, or similarly left the Spanish market entirely. The report notes that sites like Planeta Ludico, NiagaRank, InfoAliment and Multifriki shut down entirely, as they were scared of the economic and legal liability from the new law. The report notes the case of NiagaRank is particularly troubling as it has a wider impact on innovation in Spain ... As Gomer Pyle would say, "Surprise, surprise, surprise." Great work, Spain—if you're suicidal, that is.
"Rackspace hire two of three leaders of the US military's online operations squad" "... asking CPU makers to add security functions to silicon"—i.e., add spying functions to silicon Translation: pre-pwned CPU's for rent http://www.theregister.co.uk/2015/07/30/rackspace_cooking_up_securitysecretsharing_cloud_cabal/ Rackspace cooking up security-secret-sharing cloud cabal Top-tier clouds invited into information-sharing club to speed defence deployment 30 Jul 2015 at 06:31, Simon Sharwood Rackspace is leading an effort to create a new group of top-tier cloud companies that it hopes will share information about security in close to real time. Rackspace chief security officer Brian Kelly today told The Reg at a Sydney event that he feels cloud companies have to take a lead to address security challenges. Rackspace, he said, operates a skunkworks in which it is considering approaches such as asking CPU-makers to add security functions to silicon in order to make dedicated security appliances less relevant. That effort, he said, has seen Rackspace hire two of three leaders of the US military's online operations squads because Rackspace wants that kind of expertise and experience on staff. Another approach Kelly feels is necessary is for cloud leaders to come together to share information, so that when one detects an attack or a threat, the others are quickly made aware of it. All, it is hoped, will therefore be better positioned to combat emerging threats. Kelly said Rackspace has developed a platform to monitor its own systems for attacks or emerging threats, and provide information on them at speed. The company hopes the new group will be willing to both consume that feed and contribute to it. Intel, Dropbox, Google, Microsoft and Amazon Web Services are either on the target list or have already entered discussions about the group. It's hoped the group will launch later this year. Another new Rackspace initiative Kelly mentioned can be described as a security operations centre-as-a-service. Kelly said few organisations can afford or have the capabilities to run a proper security operations centre (SOC) and those that have subscribed to them often feel the experience is poor because knowing about new threats is one thing but being ready and/or able to combat them is another. Kelly said Rackspace's service will deliver news of threats, but will meld with its managed cloud to also offer remediation. The new service is currently being piloted with two global customers, and is planned to commence operations on 1 Oct 2015.
http://arstechnica.com/security/2015/07/major-flaw-could-let-lone-wolf-hacker-bring-down-huge-swath-of-internet/
"The ambiguity in the definitions used in these rules creates an extraordinary gray area which makes it difficult for independent researchers and small companies to determine what is included under the proposed controls, especially the technology category," said Adam Ghetti, CTO of Ionic Security. "It will have a disproportionate impact on those who are not well versed in export controls." http://www.technewsworld.com/story/82324.html http://www.washingtontimes.com/news/2015/jul/30/commerce-dept-dumps-plans-software-exports-after-o/ http://www.theregister.co.uk/2015/07/30/us_to_rethink_wassenaar/
Lucian Constantin, InfoWorld, 27 Jul 2015 Vulnerabilities in the Android multimedia framework allow attackers to remotely compromise devices with ease, a researcher said http://www.infoworld.com/article/2952726/mobile-security/most-android-phones-can-be-hacked-with-a-simple-mms-message-or-multimedia-file.html
And, yet again, locked apps are a pain in the proverbial. Hangouts, and its predecessor, are apps I would have deleted from my phone the day I bought it, except that I don't have permission to do so! (That's the phone I had to bin, because forced updates ate all available memory...)
It seems Spain now has something similar: James Badcock, *The Telegraph*, Madrid First victim of Spain's 'gag law' fined for criticising 'lazy' police A man has been fined for calling Spanish police 'lazy' Eduardo Díaz described his local police force as "slackers" on Facebook and a few hours later, they turned up on his doorstep and fined him. http://www.telegraph.co.uk/news/worldnews/europe/spain/11771851/First-victim-of-Spains-gag-law-fined-for-criticising-lazy-police.html
Electronic Aids I think Michael Bacon's stated preference for his "old clunker" without electronic driving aids may constitute throwing out the baby with the bathwater. Arguably the electronic aids prevent more accidents than they cause. For example I personally appreciate the active cruise control (maintains distance to vehicle ahead) particularly in bad visibility or heavy traffic, and if anything I am surprised by how good the systems are at least compared to my PC (-;. I am also reminded of the Air France 447 disaster where the pilot misunderstood the the "electronic aids". Probably more accidents are prevented than are caused by these systems. Of course this does not mean that the systems should not be improved. Lastly if/when we have real evidence that electronic aids improve safety Mr Bacon may HAVE to replace his "old clunker" !
Please report problems with the web pages to the maintainer