The Risks Digest

The RISKS Digest

Forum on Risks to the Public in Computers and Related Systems

ACM Committee on Computers and Public Policy, Peter G. Neumann, moderator

Volume 28 Issue 87

Monday 17 August 2015


Technical Problem Suspends Flights Along East Coast
Failing light rail safety system
Gerrit Muller
Re: Space Ship Two crash investigation results
Rogier Wolff
Backdoors Won't Solve Comey's Going Dark Problem
Bruce Schneier
NSA - AT&T relationship
Re: AT&T Helped N.S.A. Spy on an Array of Internet Traffic
John Gilmore
gmail policy on BCCs, related to Mass. pot dispensary
George Sigut
Frontier's e-mail password reset system is a guy named "Shawn"
Chico and Groucho Marx on the security of passwords
Lauren Weinstein
Wikipedia Hates Women: 4 Dark Sides of The Site We All Use
Doubt Starts Chipping Away at the Market's Mind-Set
Data-Crunching Is Coming to Help Your Boss Manage Your Time
Where Clicks Reign, Audience Is King
Inside Amazon: Wrestling Big Ideas in a Bruising Workplace
Get Windows 10
Anthony Thorn
Info on RISKS (comp.risks)

Technical Problem Suspends Flights Along East Coast

Monty Solomon <>
Mon, 17 Aug 2015 08:08:33 -0400

FAA: Software Update May Be Responsible for Malfunction

Air Traffic Control Problem Delays Hundreds of U.S. Flights

Failing light rail safety system

Gerrit Muller <>
Sat, 15 Aug 2015 20:21:50 +0200
The light rail system in Nieuwegein should block crossing traffic with a red
traffic light. However, a photo shows the tram passing, while the traffic
light for bicycles is green.

Here's a brief summary of the Dutch content:

Last 5 years 18 accidents happened with the light rail system, some of them

The representative of Regiotram, the operator of the system, acknowledges
that there is somewhere an error. The will search in the tram computers and
traffic control system. And they will talk with the tram drivers.

The trams communicate wireless with the traffic control system. The problem
can be in the communication or in the traffic control systems, states the
Regiotram representative.

A representative of Nieuwegein states that the "passing time" may be set
too sharp. That time is set sharp to prevent that people start crossing
while the traffic lights are still red. This will be one of the topics of

Re: Space Ship Two crash investigation results (Macintyre, R-28.83)

Rogier Wolff <>
Fri, 14 Aug 2015 21:33:53 +0200
Apparently the NTSB has said something to the effect of:
> The point being that there was a event with catastrophic effect
> (technical term) subject to a single point of failure, namely the
> human error involved in unlocking too early.

I have enormous respect for the NTSB with their hard work in getting to the
bottom of various incidents and accidents. But here things are seriously

In anything flying there are a million (ok that's exaggerated) buttons that
effectively say `self-destruct'. This must especially be true for the
prototypes. The test pilots are tasked with understanding what they are
doing, exploring the limits and setting rules for the future "normal"

When the test pilots report: "we've established that the plane will shake
uncomfortably if you deploy the landing gear at an airspeed above XXX
knots." the manufacturer will put something to the effect of "do not deploy
the landing gear above YYY knots." in the manual where YYY is on the order
of 0.8 XXX (or whatever safety margin they deem appropriate).

The lower landing gear button does not get disabled above that speed. In an
emergency the pilots may still decide: "We're going to die if we don't slow
down. Let's try the landing gear.", even if they are going way too fast for
normal landing gear deployment.

On SS2, the test pilots should be aware of, among many, many other things
that unlocking the boom above mach 1.4 will cause a Rapid Unscheduled
Disassembly. ** ** +31-15-2600998
 Delftechpark 26 2628 XH  Delft, The Netherlands. KVK: 27239233

Backdoors Won't Solve Comey's Going Dark Problem

Bruce Schneier <>
Sat, 15 Aug 2015 01:23:48 -0500
For back issues, or to subscribe, visit

You can read this issue on the web at

        Bruce Schneier, CRYPTO-GRAM, August 15, 2015
      Backdoors Won't Solve Comey's Going Dark Problem

At the Aspen Security Forum two weeks ago, James Comey (and others)
explicitly talked about the "going dark" problem, describing the specific
scenario they are concerned about. Maybe others have heard the scenario
before, but it was a first for me. It centers around ISIL operatives abroad
and ISIL-inspired terrorists here in the US. The FBI knows who the Americans
are, can get a court order to carry out surveillance on their
communications, but cannot eavesdrop on the conversations, because they are
encrypted. They can get the metadata, so they know who is talking to who,
but they can't find out what's being said.

  "ISIL's M.O. is to broadcast on Twitter, get people to follow them, then
  move them to Twitter Direct Messaging" to evaluate if they are a
  legitimate recruit, he said. "Then they'll move them to an encrypted
  mobile-messaging app so they go dark to us." [...]

  The FBI can get court-approved access to Twitter exchanges, but not to
  encrypted communication, Comey said. Even when the FBI demonstrates
  probable cause and gets a judicial order to intercept that communication,
  it cannot break the encryption for technological reasons, according to

If this is what Comey and the FBI are actually concerned about, they're
getting bad advice—because their proposed solution won't solve the
problem. Comey wants communications companies to give them the capability to
eavesdrop on conversations without the conversants' knowledge or consent;
that's the "backdoor" we're all talking about. But the problem isn't that
most encrypted communications platforms are securely encrypted, or even that
some are—the problem is that there exists at least one securely encrypted
communications platform on the planet that ISIL can use.

Imagine that Comey got what he wanted. Imagine that iMessage and Facebook
and Skype and everything else US-made had his backdoor. The ISIL operative
would tell his potential recruit to use something else, something secure and
non-US-made. Maybe an encryption program from Finland, or Switzerland, or
Brazil. Maybe Mujahedeen Secrets. Maybe anything. (Sure, some of these will
have flaws, and they'll be identifiable by their metadata, but the FBI
already has the metadata, and the better software will rise to the top.) As
long as there is *something* that the ISIL operative can move them to, some
software that the American can download and install on their phone or
computer, or hardware that they can buy from abroad, the FBI still won't be
able to eavesdrop.

And by pushing these ISIL operatives to non-US platforms, they lose access
to the metadata they otherwise have.

Convincing US companies to install backdoors isn't enough; in order to solve
this going dark problem, the FBI has to ensure that an American can only use
backdoored software. And the only way to do that is to prohibit the use of
non-backdoored software, which is the sort of thing that the UK's David
Cameron said he wanted for his country in January:

  But the question is are we going to allow a means of communications which
  it simply isn't possible to read. My answer to that question is: no, we
  must not.

And that, of course, is impossible. Jonathan Zittrain explained why. And
Cory Doctorow outlined what trying would entail:

  For David Cameron's proposal to work, he will need to stop Britons from
  installing software that comes from software creators who are out of his
  jurisdiction. The very best in secure communications are already free/open
  source projects, maintained by thousands of independent programmers around
  the world. They are widely available, and thanks to things like
  cryptographic signing, it is possible to download these packages from any
  server in the world (not just big ones like Github) and verify, with a
  very high degree of confidence, that the software you've downloaded hasn't
  been tampered with. [...]

  This, then, is what David Cameron is proposing:

* All Britons' communications must be easy for criminals, voyeurs and
  foreign spies to intercept.

* Any firms within reach of the UK government must be banned from producing
  secure software.

* All major code repositories, such as Github and Sourceforge, must be

* Search engines must not answer queries about web-pages that carry secure

* Virtually all academic security work in the UK must cease—security
  research must only take place in proprietary research environments where
  there is no onus to publish one's findings, such as industry R&D and the
  security services.

* All packets in and out of the country, and within the country, must be
  subject to Chinese-style deep-packet inspection and any packets that
  appear to originate from secure software must be dropped.

* Existing walled gardens (like IOs and games consoles) must be ordered to
  ban their users from installing secure software.

* Anyone visiting the country from abroad must have their smartphones held
  at the border until they leave.

* Proprietary operating system vendors (Microsoft and Apple) must be ordered
  to redesign their operating systems as walled gardens that only allow
  users to run software from an app store, which will not sell or give
  secure software to Britons.

* Free/open source operating systems—that power the energy, banking,
  ecommerce, and infrastructure sectors—must be banned outright.

As extreme as it reads, without all of that, the ISIL operative would be
able to communicate securely with his potential American recruit. And all of
this is not going to happen.

Last week, former NSA director Mike McConnell, former DHS secretary Michael
Chertoff, and former deputy defense secretary William Lynn published a
Washington Post op-ed opposing backdoors in encryption software. They wrote:

  Today, with almost everyone carrying a networked device on his or her
  person, ubiquitous encryption provides essential security. If law
  enforcement and intelligence organizations face a future without assured
  access to encrypted communications, they will develop technologies and
  techniques to meet their legitimate mission goals.

I believe this is true. Already one is being talked about in the academic
literature: lawful hacking.

Perhaps the FBI's reluctance to accept this is based on their belief that
all encryption software comes from the US, and therefore is under their
influence. Back in the 1990s, during the first Crypto Wars, the US
government had a similar belief. To convince them otherwise, George
Washington University surveyed the cryptography market in 1999 and found
that there were over 500 companies in 70 countries manufacturing or
distributing non-US cryptography products. Maybe we need a similar study

This essay previously appeared on Lawfare.

Aspen Security Forum:

Comey's remarks at the forum:

Mujahedeen Secrets:

Identifying encryption programs from the metadata:

What Cameron wants:

Zittrain's rebuttal:

Doctorow's explanation:

Washington Post op-ed:

Lawful hacking:

The First Crypto Wars:

George Washington University survey from 1999:

NSA - AT&T relationship

"Peter G. Neumann" <>
Sat, 15 Aug 2015 14:15:02 PDT
Newly disclosed N.S.A. documents show that the agency gained access to
billions of emails through a `highly collaborative' relationship with AT&T.

Re: AT&T Helped N.S.A. Spy on an Array of Internet Traffic

"John Gilmore" <>
Aug 15, 2015 3:30 PM
  [via Dave Farber]

There's a better version of the article on the World Wide Web here:

The story was co-written with ProPublica, which runs an ordinary Web site.
The URL that you provided, Dave (based at, refuses to provide
the article to users who will not accept cookies, and has other limits to
try to force people to "log in" to their proprietary platform before they
can read this or any other story.

I continue to be amazed at how people who are opposed to mass surveillance
of the public's communication, continue to use and share URLs that only work
if every reader accepts mass surveillance of their reading habits.  If the
New York Times knows who is reading their articles, and from where and when,
then NSA does too (and the provided URL was "http", not even "https").  The
Times does NOT honor the "Do Not Track" header.  For shame, NY Times; stop
riding on your newsprint reputation to enshrine an unprecedented online
reader-tracking system.  And Dave should not be pushing their
news-reader-surveillance scheme on his readers.

gmail policy on BCCs, related to Mass. pot dispensary (RISKS-28.86)

George Sigut <>
Sun, 16 Aug 2015 10:04:46 -0400
If the dispensary had sent the email from a gmail account and used BCC, the
mail probably wouldn't get out at all.

Since roughly 21 July 2015 Gmail classifies as spam most (or all?)  of the
email sent to more than 5-10(?) BCCs. As a result the sender gets an
error-message email for EACH of the BCC addresses. As there is no real way
to complain, the issue is still not solved.

Google offers as a solution to create a Google Group, which is for various
reasons not a real alternative for most of the customers.

Risks? Various groups and individuals (including clubs, churches, schools,
self-employed people and a book author) are left without a way to distribute
information, mostly after years of using Gmail for that purpose.

In our case a speaker canceled his presentation in our club and we were
unable to advice our 200 members. That was a nuisance, but not
life-threatening. Do I have to spell out the possibilities of more serious

The real risk is relying on a free service offered by a company perceived as
a serious business, but run in an amateurish way.

For the problem discussion see!topic/gmail/uH2hN6S5OyM;context-place=topicsearchin/gmail/category$3A%28report-an-issue%29|sort:relevance

I hope the link works for you. In the forum there are more shorter
complaints on the same theme, which - probably due to lack of proper
monitoring - are not connected to the main line which now includes 168

Frontier's e-mail password reset system is a guy named "Shawn"

Lauren Weinstein <>
Sat, 15 Aug 2015 09:28:51 -0700

  Silverman pointed out how ridiculous this system is but accepted Shawn's
  offer and received the password. Before ending the chat, Shawn tried to
  sell Silverman antivirus software, computer tech support, or "identity
  protection." Silverman declined. The Frontier system then e-mailed
  Silverman a full transcript of the chat, including the password in plain
  text.  The only information Frontier obscured was his account number.

[Nope, this story is NOT from "The Onion" ...]

Chico and Groucho Marx on the security of passwords

Lauren Weinstein <>
Fri, 14 Aug 2015 18:54:06 -0700
Pretty much the current state of password-based security on the Internet
today, as illustrated by Chico and Groucho Marx in "Horse Feathers"

Wikipedia Hates Women: 4 Dark Sides of The Site We All Use (Cracked)

PRIVACY Forum mailing list <>
Sat, 15 Aug 2015 08:21:31 -0700

  Despite being such an influential site, Wikipedia has fewer than 10
  percent female editors. That leads to some strange problems. For example:
  The entries on porn stars and Pokemon are both more extensively detailed
  than the entries on prominent women. This page on American novelists is
  divided into "Female American Novelists" (for the women-folk) and
  "American Novelists" (for the men). They once removed all the female movie
  directors from their list of horror directors.

Wikipedia is basically edited by anonymous 13-year-old boys living in their
parents' basements, using names like "ballbusterman" and "vomitboy." It's
not a real, attributed encyclopedia, it's an anonymous gang bang where
the opinions of idiots are valued, and authority and experience are ignored.
It's OK if you want to look up movie information or a chart of disk space
conversion parameters. Beyond that it has largely become a disgrace where
drive-by page vandalism is the order of the day.

By the way, "Cracked" has some seriously insightful stories these days.

Doubt Starts Chipping Away at the Market's Mind-Set (NYTimes)

Monty Solomon <>
Sun, 16 Aug 2015 17:40:38 -0400
In this aging bull market, investors are showing signs of a sea change in their attitudes.

Data-Crunching Is Coming to Help Your Boss Manage Your Time (NYTimes)

Monty Solomon <>
Mon, 17 Aug 2015 07:35:33 -0400

Employers of all types are using a wide range of technological tools to
monitor workers' efforts and motivate them.

Where Clicks Reign, Audience Is King

Monty Solomon <>
Mon, 17 Aug 2015 07:42:12 -0400
As more readers move toward online social networks, and as publishers
desperately seek scale to bring in revenue, many have deplored a race toward
repetitive journalism.

Inside Amazon: Wrestling Big Ideas in a Bruising Workplace

Monty Solomon <>
Sun, 16 Aug 2015 01:11:15 -0400
The company is conducting an experiment in how far it can push white-collar
workers to get them to achieve its ever-expanding ambitions.

Get Windows 10

Anthony Thorn <>
Sun, 16 Aug 2015 11:13:20 +0200
Lots of us are irritated by the "Get Windows 10" popup which regularly
appears on our desktops.

Many of us do not want to install Windows 10 - at least not until the pros
and cons (risks?) become clearer.

To remove the irritation we uninstall KB 3035583,

AND disable automatic Windows update installation—at least for recommended

-The risk of potentially unpatched systems to Windows users is clear.

-The damage to Microsoft caused by annoying millions of users is mitigated
 by their market dominance.

If it is free you (the user) are not the customer!
(you knew this already...)

Please report problems with the web pages to the maintainer