The Risks Digest

The RISKS Digest

Forum on Risks to the Public in Computers and Related Systems

ACM Committee on Computers and Public Policy, Peter G. Neumann, moderator

Volume 28 Issue 3

Tuesday 17 June 2014


Danger: Robots Working
John Markoff and Claire Cain Miller
Yet another EMR debacle
Robert L Wears
AT&T: We need to buy DirecTV because U-verse TV is a failure
Ars Technica
"Woman creates fake Facebook profile, discovers niece wants to kill her"
Review Journal via Gene Wirchenko
"Google Chrome's experiment with killing URLs appears to be on hold"
Ian Paul
Losing the Key
Steven Kurutz via Monty Solomon
P.F. Chang's turns to vintage 1970s tech after credit card breach
Ars via Sean Peisert
"Apple devices held hostage using Find My iPhone"
Loek Essers
"Evernote hit by denial-of-service attack"
Tim Hornyak
"Tech giants finally grow a spine and resist NSA spying"
Bill Snyder
Sign of the Times: The Intimacy of Anonymity
Tim Wum
The Privacy Paradox, a Challenge for Business
Steve Lohr
Web Site with no Password Change Option
Richard Karash
Ars tests Internet surveillance-by spying on an NPR reporter
Sean Gallagher
"Here's One Big Way Your Mobile Phone Could Be Open To Hackers"
Steve Henn
Court Rules Warrantless Cell Tracking Unconstitutional
HuffPost via Dave Farber
Re: You shouldn't use a spreadsheet for important work
Bob Frankston
Walter Bushell
Re: Would a Google car sacrifice you for the sake of the many?
Re: Turning everyone's home router into a WiFi hotspot
Anthonys Lists
Bill Gunshannon
John R. Levine
Bob Frankston
Chris Drewe
Re: Renewable energy and electricity storage
Chris Drewe
Info on RISKS (comp.risks)

Danger: Robots Working (John Markoff and Claire Cain Miller)

<Peter Neumann>
Tue, 17 Jun 2014
John Markoff and Claire Cain Miller, *The New York Times*,
17 Jun 2014 (begins front page of Science Times in the National Edition)
Smarter machines will be freer to interact with people, making safety
a bigger concern

The article lists a bunch of cases of serious industrial accidents involving
robots, cited from OSHA data:

* Bakery, Aug 2011

* Plastics factory, May 2011

* Metal factory, Jul 2006

* Car factory, Mar 2006

* Car factory, Dec 2001

* Metal factory, Aug 1999

* Meatpacking plant, Jun 1999

* Sporting goods manufacturer, Nov 1996

* Aluminum factory, Feb 1996

The article notes that “Many were a result of human error; others were
caused by robots' unexpected behavior.''  Each case involved a death, except
for the sporting goods one.

If you seriously believe in the infallibility of smart robots and their
ability to prevent accidental misuse, you might want to read this article,
and perhaps dig into the OSHA data.  Also, when we combine robots with the
Internet of Things, we must also address the reality that robots could be
hacked remotely by malfeasers.  The same considerations should also apply to
Automated Highways, and perhaps even Free Flight (the FAA's notion that we
can get rid of air-traffic controllers and have all the smarts in the
cockpit computers—which may mercifully have fallen by the wayside), Once
again, the lessons from the Risks Forum leap to the forefront.

Yet another EMR debacle

"Robert L Wears, MD, MS, PhD" <>
Fri, 13 Jun 2014 13:22:21 -0400
A province-wide EMR system in Alberta, Canada, collapsed Monday, making it
impossible to see test results, medical histories, medications, etc for
several hours.  The system has a history of previous difficulties (202
clinics lost access for roughly one day a year ago; a major slowdown
occurred last week, requiring about 15 minutes for simple tasks such as
prescription renewals).  The vendor reported the problem was "a technical
issue that was difficult to find and address."

A single system for an entire province—what could go wrong?

Details at:

Robert L Wears, University of Florida, 1-904-244-4405 (ass't)
Imperial College London +44 (0)791 015 2219

AT&T: We need to buy DirecTV because U-verse TV is a failure

Lauren Weinstein <>
Thu, 12 Jun 2014 12:03:23 -0700
Ars Technica via NNSquad

  "AT&T has world-class wireline and wireless broadband facilities, but its
  video service, which is available in only a minority of customer locations
  within AT&T's 22-state incumbent local exchange carrier ('ILEC') region,
  is uneconomic and not fully competitive with cable providers," the company
  said.  AT&T only provides U-verse video where it has fiber-to-the-node or
  fiber-to-the-premises, the company said.  "As a result of its relatively
  limited video footprint, AT&T is far smaller than Comcast and Time Warner
  Cable, its principal competitors," it said. "Lack of scale particularly
  hinders AT&T with respect to content acquisition, which is by far the
  largest variable cost of MVPD [multichannel video programming distributor]
  service.  AT&T therefore faces challenges selling competitive
  broadband/video bundles even inside its U-verse video footprint."
  Although AT&T lags behind Comcast in Internet and video subscribers, it
  has double Comcast's overall revenue. AT&T made $128.8 billion in revenue
  last year compared to Comcast's $64.7 billion. Left unsaid is that AT&T
  bears responsibility for making U-verse available only in "a minority of
  customer locations," by choosing to slow down and limit its fiber
  deployment, until AT&T announced a recent expansion.

"Woman creates fake Facebook profile, discovers niece wants to kill her"

Gene Wirchenko <>
Sat, 14 Jun 2014 22:17:55 -0700
      [We can argue risk for whom if you would like!]

*Review Journal*, Jun 12 2014

"Google Chrome's experiment with killing URLs appears to be on hold" (Ian Paul)

Gene Wirchenko <>
Thu, 12 Jun 2014 12:42:54 -0700
Ian Paul | PC World, 11 Jun 2014
For several months, Google toyed with the idea of hiding full Web
addresses from users in Chrome

Losing the Key (Steven Kurutz)

Monty Solomon <>
Thu, 12 Jun 2014 21:35:01 -0400
Steven Kurutz, *The New York Times*, 11 Jun 2014

In this age of rapid transformation, the house key has been surprisingly
resistant to change. Cars have mostly switched to key fobs. Hotels and
office buildings favor the pass card. And yet the little metal keys we carry
around—part security device, part domestic totem—aren't that different
from the ones carried by our parents, their parents or their parents, going
back to the Civil War, when Linus Yale Jr. invented the cylinder lock,
modifying an ancient Egyptian design.

That was before the Internet of Things, an approach to life in which every
household fixture, no matter how unsexy or long neglected by designers, can
be rewired for digital living. And now, like the thermostat and the slow
cooker, the house key and its mate, the front-door lock, are going "smart"

In the last year or so, several electronic door locks from industry bigwigs
like Schlage and Kwikset have hit the market, making it possible to unlock
your home using a smartphone, tablet or computer.  And two new locks created
by tech start-ups, which are forthcoming, promise the hands-free ease of
unlocking the door automatically as you approach it. ...

  [I guess that RISKS may soon have to spawn an offspring, called
  Smart RISKS!  (or perhaps RISKS of Trying to Be *Too Smart*!)  PGN]

P.F. Chang's turns to vintage 1970s tech after credit card breach

Sean Peisert <>
Fri, 13 Jun 2014 11:07:21 -0700

US restaurant chain P.F. Chang's China Bistro plans to temporarily bring
back manual credit card imprinting while it investigates a security breach
that allowed hackers to steal customer payment card data from multiple

The old-school manual system has already been spotted by people affiliated
with Sans, a computer security training institute. Readers may remember the
system from decades ago, when eight-track tapes and, later, Betamax video,
were still the rage. P.F. Chang's servers will be retaining carbon copies of
the transactions, according to KrebsOnSecurity reporter Brian Krebs, who
first reported the breach three days ago after finding that thousands of
newly stolen credit and debit cards for sale in underground forums were all
used at the chain.

"At P.F. Chang's, the safety and security of our guests' payment information
is a top priority," a statement posted on the chain's website
stated. "Therefore, we have moved to a manual credit card imprinting system
for all P.F. Chang's China Bistro branded restaurants located in the
continental United States. This ensures our guests can still use their
credit and debit cards safely in our restaurants as our investigation

The statement went on to advise customers to monitor their credit card and
bank statements and to report any suspicious activity to their card issuers.

According to Krebs, P.F. Chang's is also deploying dial-up card readers that
will be plugged in to old-fashioned phone lines and used to process the
imprint slips. The chain's shift to a manual system is already prompting
jokes that rib a security-through-obscurity approach. In fairness, manual
imprints are probably more secure. Just as they are harder for merchants to
quickly process in large numbers, they probably are similarly harder for
digital thieves to siphon up wholesale.

P.F. Chang's is the latest nationwide chain to be hit by an embarrassing
hack that compromised its customers' sensitive data. In November, retailer
Target suffered a breach that compromised credit card and personal data for
as many as 110 million customers. Like P.F. Chang's, Target has been working
with law enforcement agencies to investigate the hack. Unlike P.F. Chang's,
Target has continued to process payment card transactions electronically.

"Apple devices held hostage using Find My iPhone" (Loek Essers)

Gene Wirchenko <>
Tue, 27 May 2014 15:01:59 -0700
Loek Essers, InfoWorld Home, 27 May 2014
Hackers are demanding ransoms to unlock devices that were locked with
the Find My iPhone tool, according to forum posts

"Evernote hit by denial-of-service attack" (Tim Hornyak)

Gene Wirchenko <>
Thu, 12 Jun 2014 12:40:19 -0700
Tim Hornyak, InfoWorld, 11 Jun 2014
The attack temporarily shut down Evernote, which now has over 100 million users

"Tech giants finally grow a spine and resist NSA spying" (Bill Snyder)

Gene Wirchenko <>
Thu, 12 Jun 2014 12:38:41 -0700
Bill Snyder, InfoWorld, 12 Jun 2014
Microsoft, Google, even Facebook are protecting their bottom lines --
and you—by fighting outrageous court orders and encrypting user content

Sign of the Times: The Intimacy of Anonymity (Tim Wum)

Monty Solomon <>
Thu, 12 Jun 2014 21:17:52 -0400
Tim Wum, *The New York Times*, 3 Jun 2014

Thanks to Facebook and Instagram, oversharing one's personal life feels as
authentic as reality TV. Right now anonymous posts hold the key to the

In the seminal 1999 cultural manifesto "No Logo," the writer Naomi Klein
pronounced that corporations were now in the business of selling brands,
rather than products. Whoever "produces the most powerful images, as opposed
to products," she wrote, "wins the race."  At the time, it was a shocking
message; little did she realize that by 2014 it would not just be companies,
but also people, who would be caught up in a branding race through social
media, and one directed not just at customers, but relatives and friends.

The euphemism is "sharing," but Klein would probably just call it selling a
personal brand, whether you consider yourself the pretty young thing with
literary tastes and a traditional side, the family man who brews his own
beer or the tough lawyer with a sense of humor.  It can be nice to share,
but brand maintenance takes constant work and demands consistency. A serious
self-brand should have some presence on Facebook, Twitter, LinkedIn,
Instagram, Foursquare, Google+ and Tumblr; keeping it all up can feel like
working as an unpaid intern for a Z-list celebrity known as Oneself.

In light of this, the recent comeback of online anonymity seems entirely
predictable. Two popular smartphone apps, Secret and Whisper, took off this
spring, especially in the tech communities, offering users the opportunity
to speak to their friends and a broader audience, anonymously, on just about
any subject. Reddit, an anonymous discussion and linking site, has recently
witnessed a traffic explosion; with more than 110 million unique monthly
visitors, it has more traffic than Netflix or any American newspaper.  Users
of these anonymous outlets make it clear they're looking for a break from
Facebook and other social media. One comment: "Maybe the reason Secret is
... interesting ... is because it doesn't have to be happy all the time."

The Privacy Paradox, a Challenge for Business (Steve Lohr)

Monty Solomon <>
Thu, 12 Jun 2014 21:47:56 -0400
Steve Lohr, *The New York Times*, 12 Jun 2014

People around the world are thrilled by the ease and convenience of their
smartphones and Internet services, but they aren't willing to trade their
privacy to get more of it.

That is the top-line finding of a new study of 15,000 consumers in 15
countries. The privacy paradox was surfaced most directly in one question:
Would you be willing to trade some privacy for greater convenience and ease?

Worldwide, 51 percent replied no, and 27 percent said yes. (The remainder
had no opinion or didn't know.) There were country-by-country differences,
but there was a consistency to the results, especially in the developed
nations. The United States was 56 percent no and 21 percent yes. Britain was
almost identical—55 percent no, 18 percent yes. Germany was most privacy
protective—71 percent no, and 12 percent yes. India, by contrast, had the
highest yes percentage—48 percent, to 40 percent no. ...

Web Site with no Password Change Option

Richard Karash <>
Fri, 13 Jun 2014 10:36:51 -0400
Among the many password traps: You have used the same password at multiple
sites and now you want to clean things up.

You go to one of these websites and find there is no option to change your

Worse: The only option available is to request they send you your (precious)
password in open e-mail.

Hard to believe this could happen in 2014?  Here it is:

Implication:  more important day by day, do not re-use passwords.

Richard Karash, Karash Associates LLC  +1 617-308-4750

Ars tests Internet surveillance-by spying on an NPR reporter (Sean Gallagher)

Monty Solomon <>
Thu, 12 Jun 2014 21:53:36 -0400
Sean Gallagher, Ars Technica, 10 Jun 2014
A week spent playing NSA reveals just how much data we leak online.

On a bright April morning in Menlo Park, California, I became an Internet

This was easier than it sounds because I had a willing target. I had
partnered with National Public Radio (NPR) tech correspondent Steve Henn for
an experiment in Internet surveillance. For one week, while Henn researched
a story, he allowed himself to be watched-acting as a stand-in, in effect,
for everyone who uses Internet-connected devices. How much of our lives do
we really reveal simply by going online?

Henn let me into his Silicon Valley home and ushered me into his office with
a cup of coffee. Waiting for me there was the key tool of my new trade: a
metal-and-plastic box that resembled nothing more threatening than an
unlabeled Wi-Fi router. This was the PwnPlug R2, a piece of professional
penetration testing gear designed by Pwnie Express CTO Dave Porcello and his
team and on loan to us for this project.

The box would soon sink its teeth into the Internet traffic from Henn's home
computer and smartphone, silently gobbling up every morsel of data and
spitting it surreptitiously out of Henn's home network for our later
analysis. With its help, we would create a pint-sized version of the
Internet surveillance infrastructure used by the National Security
Agency. Henn would serve as a proxy for Internet users, Porcello would
become our one-man equivalent of the NSA's Special Source Operations
department, and I would become Henn's personal NSA analyst. ...

"Here's One Big Way Your Mobile Phone Could Be Open To Hackers" (Steve Henn)

Gene Wirchenko <>
Fri, 13 Jun 2014 18:14:22 -0700
Steve Henn, NPR, 13 Jun 2014

selected text:

Earlier this spring, when I conducted an experiment tapping my own Internet
traffic, Sean Gallagher, a reporter from the tech news site Ars Technica,
came to my house, and we connected a little device called a Pwn Plug --
invented by computer security expert Dave Porcello—to my network.

Seeing just how much data streamed out of my phone the second I connected
was a big surprise.  My phone pinged Apple, Google and Yahoo. Then apps like
Twitter and Facebook connected to the Internet. This all happened in just
seconds of it simply sitting on my desk. I hadn't touched the phone.

If Porcello had been a hacker, those few seconds could have been a gold mine.

Court Rules Warrantless Cell Tracking Unconstitutional

"David Farber via ip" <>
Wed, 11 Jun 2014 21:02:43 -0400

Re: You shouldn't use a spreadsheet for important work (RISKS-28.02)

"Bob Frankston" <>
Sun, 15 Jun 2014 15:19:27 -0400
"Simply put, spreadsheets are good for quick and dirty work, but they are
not designed for serious and reliable work." Sez who? Let me state
authoritatively that statement is simply not true.

You'd think after all these years we'd be past "who needs spreadsheets when
you have Fortran (or, for Lemire, C)". There is a reason why spreadsheets
are valuable tool—they give you the ability to work with the numbers.
It's like complaining about those new-fangled typewriters because writing
should be done at a leisurely pace using a ballpoint pen or maybe quill and

What we should be concerned with is the interpretation of the data and the
tendency to treat number as supporting whatever meaning we project on them .
It reminds me of another personal experience when I was at Interactive Data
Corporation and we introduced Black-Scholes (option pricing) numbers. Naive
people on Wall St used as the foundation for derivatives even though they
had little intrinsic meaning.

It's easy to see that wealth is increasingly concentrated—the question is
why does it take precise calculations based on guesstimates to "prove" that
is happening? One risk is that we'll approach this as a problem of numbers
rather than recognizing we have a structural problem.

Spreadsheets are useful way to provide insight as long as we don't confuse
the numbers with their meaning.

We see this again in the spectrum auction which is backed by lots of
analyses premised the idea that faux wires is the right way to communicate
in the absence of wires thus maximizing the local value to the owners while
minimizing the global value to society.

Re: You shouldn't use a spreadsheet for important work (RISKS-28.02)

Walter Bushell <>
Fri, 13 Jun 2014 21:00:15 -0400
I've been saying this for years. Just to easy to hide mistakes either by
accident or on purpose to make a point. Hundred or thousands or more
programming statements scattered all over the sheets and linked perhaps to
other sheets that the author has not reviewed in detail.

Re: Would a Google car sacrifice you for the sake of the many?

Thu, 12 Jun 2014 14:34:20 -0700
In RISKS there was some interesting commentary on Google's self-driving cars
and the possible rules under which the software would decide who gets to
live and who gets to die in the presence of a pending `exchange of inertia',
one might call it, when vehicles and/or pedestrians collide out in the real
world and smart cars have time to crunch software to evaluate least-harm
consequences of possible defensive measures the cars may take.  What I
haven't seen mentioned in either David Weinberger's original article
) or the follow-up commentary to Risks is the most probable over-riding
datum which smart cars will retrieve from their on-line databases and
evaluate milliseconds before making defensive (or even offensive) actions:
Smart cars will determine there is a threat to human life, talk among
themselves to retrieve and weigh each threatened occupant's and pedestrian's
financial wealth and social standing, and the priority for survival will be
meted out to the wealthiest with us 99%ers peasants fully expected to die
first.  Let's be realistic, okay? Google is evil, ergo its cars will be
evil. These corporate Oligarchs don't care about human life unless it's
wrapped around a limo wearing a tuxedo on its way to a Wall Street
meet-and-greet with lobbyists and politicians, and the software in their
cars can be expected to have all the ethics and morals of a Mitt Romney or a
Donald Trump.

Re: Turning everyone's home router into a WiFi hotspot

Anthonys Lists <>
Fri, 13 Jun 2014 00:35:07 +0100
This sounds exactly like the BT Home Hub, which has been pretty much
standard fare for British Telecom customers for many years. As I remember
it, in order to sign up for roaming wi-fi, I had to enable my router as a
hot-spot, but it was opt-in.

So now, if I'm away from home and there is a BT customer nearby I will see a
"BT wifi" router which I can sign in on using my home credentials.
Hopefully that is configured to just provide a bridge directly to the BT
master router in the exchange.

I agree that if the router can be compromised, there is a risk that the
user's home network will be hijacked but I suspect routers are vulnerable
enough that the added attack surface isn't that important.

Re: Turning your home router into a public WiFi hotspot (RISKS-28.02)

"Bill Gunshannon" <>
Fri, 13 Jun 2014 08:35:03 -0400
> I especially liked the part about "people using the Internet via
> the hotspot won't slow down Internet access on the home network.

Let me see if I understand this.  The four guys sitting at my neighbor's
pool all streaming a playoff game of their favorite team to their iPads
are not going to use up any of the RF bandwidth of my local Access Point?
Anyone care to explain that one to me?

Bill Gunshannon, University of Scranton, Scranton, Pennsylvania

Re: Turning everyone's home router into a WiFi hotspot

"John R. Levine" <>
14 Jun 2014 15:47:08 -0400
> Thanks for sharing that.  So long a the router doesn't have any flaws, and
> no one uses the guest access for nefarious purposes, what could go wrong?

Plenty, but no more than what's already wrong with any other public hotspots.

>> I don't recall any disaster stories, although I haven't particularly
>> been looking for them.

John Levine,, Primary Perpetrator of "The Internet for Dummies",

Re: Turning everyone's home router into a WiFi hotspot (RISKS-28.02)

"Bob Frankston" <>
Sun, 15 Jun 2014 15:37:56 -0400
How do we get past the fear of contribute to the public good?

What happens if someone uses your sidewalk or your porch light to conduct
criminal activity?

The Internet is about a big idea—exchanging raw (best efforts) packets
apart from their meaning. Making people liable is the idea that we must
prevent all bits from flowing lest just in case someone may not understand
the concept of a bit is akin to requiring someone walk in front of a car
lest it go too fast and scare the horses.

The risk of doing harm is not just a risk but a reality. By making everyone
along the path a gatekeeper who must prevent all bits from passing we
prevent even the simplest applications such as connected healthcare from
happening and people die. I explain more in and
in my next IEEE column.

We must educate lawyers and organizations like the ACLU about the importance
of understanding the concept of packets apart from their meaning and the
harm that comes from crippling our ability to communicate. As an added
benefit we would get "network neutrality" as byproduct of removing
gatekeepers from the role of second-guessing the meaning of bits.

As to the Xfinity problem—I presume that using a different IP address is
a simple enough that we should instead concentrate on the value of increased
connectivity. There's a separate risk of compromised routers that totally
apart from the Xfinity effort.

Re: Using people's home broadband routers into WiFi hotspots (RISKS 28.02)

Chris Drewe <>
Sat, 14 Jun 2014 21:30:48 +0100
It's happening in the UK too—this was included in a newspaper's computing
section, text saved *WITHOUT* permission (BT is my ISP but I don't know it
this applies to me, I don't use WiFi at all).  On the face of it a good
idea, as it allows ISPs to enhance their WiFi coverage with no extra
hardware; presumably legal liability should be shown in the ISP T&Cs, but is

> Technology Advice <>
>   Are curb crawlers piggybacking on my BT WiFi?
>     Your Wi-Fi router is moonlighting as a part time public wireless
>     hotspot, says Rick Maybury
> By Rick Maybury <>
> <>

Re: Renewable energy and electricity storage (RISKS 28.02)

"Chris D." <>
Sat, 14 Jun 2014 21:30:48 +0100
Yes, I know about the Dinorwic pumped storage set-up in Wales, *however*
this is just used to give a little extra capacity to cover short-term peaks.
According to Wikipedia, the water can last for up to 6 hours, and the
installed generating capacity is 1.65GW.  Also according to Wikipedia, the
UK's electricity demand is 35.8GW on average and 57.5GW peak.  Therefore, 22
Dinorwics would be needed to meet the UK's average load, or 35 for peak
load, and that's just for a few hours.  Wikipedia gives the efficiency as
75% so getting 100% of power out means putting 133% in.

The problem with renewable electricity sources (at least for wind, solar,
and tidal) is that they only supply power in short bursts while it's needed
24/7, so if a country wanted to get all of its electricity from these
sources, it would have to have enough storage capacity to meet the country's
entire demand for quite long periods of time, and the renewable sources
would have to have enough capacity to replenish the storage facilities
(allowing for their inefficiencies) during the times when they do produce
power.  Other RISKS readers will probably have better information.

The other problems are (a) if electricity supplies become unreliable then
people may well use their own generators in preference to public supplies,
which defeats the object of 'green' energy sources, and (b) building all
those pumped storage projects and the transmission lines to them takes a lot
of steel, concrete, truck journeys, freight activity, etc. which has a big
environmental impact.

Please report problems with the web pages to the maintainer