The RISKS Digest
Volume 29 Issue 10

Tuesday, 17th November 2015

Forum on Risks to the Public in Computers and Related Systems

ACM Committee on Computers and Public Policy, Peter G. Neumann, moderator

Please try the URL privacy information feature enabled by clicking the flashlight icon above. This will reveal two icons after each link the body of the digest. The shield takes you to a breakdown of Terms of Service for the site - however only a small number of sites are covered at the moment. The flashlight take you to an analysis of the various trackers etc. that the linked site delivers. Please let the website maintainer know if you find this useful or not. As a RISKS reader, you will probably not be surprised by what is revealed…


Microsoft Helps Out Healthcare Sector With New Data Encryption Algorithm
Encrypted Messaging Apps Face New Scrutiny Over Possible Role in Paris Attacks
David E. Sanger and Nicole Perlroth
Edward Snowden and spread of encryption blamed after Paris terror attacks
Politicians blame Snowden for Paris attacks
Let's flush privacy down the toilet
Russell Brandom
Police body cams found pre-installed with notorious Conficker worm
Ars Technica
NSA Efforts to Evade Encryption Technology Damaged U.S. Cryptography Standard
Scientific American republishing
Re: In wake of Paris attacks, renewed calls for encryption backdoors
The Guardian
ICANN policy problems
CircleID via AlMac
The Microcomplaint: Nothing Too Small to Whine About
Re: Software is forever
Wendy M. Grossman
Re: Driverless car stopped by officer in traffic ...
Clint Chaplin
Dan Geer
Re: Wikipedia and Deepak Chopra
Dan Jacobson
Re: Beware of ads that use inaudible sound to link your phone, TV, tablet, and PC
Doug Humphrey
Re: My first purchase with a chipped card
Carl Byington
Chris Drewe
Re: Encouraging trends and emerging threats in email security
Dimitri Maziuk
Bruce Schneier's CRYPTO-GRAM, 15 Nov 2015
Info on RISKS (comp.risks)

Microsoft Helps Out Healthcare Sector With New Data Encryption Algorithm

Lauren Weinstein <>
Mon, 16 Nov 2015 14:38:54 -0800
Softpedia via NNSquad

  Homomorphic encryption is a method of encryption that encodes data in such
  a way that it allows developers to work with the encrypted data in the
  same way they would if it was in unencrypted form. Operations ran on
  homomorphic encrypted data yield the same results as when ran on the
  data's cleartext version.  Microsoft's new algorithm, named SEAL (Simple
  Encrypted Arithmetic Library) is modeled after homomorphic encryption
  principles, and allows developers to carry out addition and multiplication
  operations on the encrypted data.  For now, the Redmond company says that
  SEAL can only handle genomic data used in bioinformatics.

Encrypted Messaging Apps Face New Scrutiny Over Possible Role in Paris Attacks (David E. Sanger and Nicole Perlroth)

"Peter G. Neumann" <>
Mon, 16 Nov 2015 20:07:50 PST
David E Sanger and Nicole Perlroth, *The New York Times*, 17 Nov 2015

American and French officials say there is still no definitive evidence to
back up their presumption that the terrorists who massacred 129 people in
Paris used new, difficult-to-crack encryption technologies to organize the

But in interviews, Obama administration officials say the Islamic State has
used a range of encryption technologies over the past year and a half, many
of which defy cracking by the National Security Agency. Other encryption
technologies, the officials hint, are less secure than terrorist and
criminal groups may believe, and clearly they want to keep those adversaries
guessing which ones the N.S.A. has pierced.

Some of the most powerful technologies are free, easily available encryption
apps with names like Signal, Wickr and Telegram, which encode mobile
messages from cellphones. Islamic State militants used Telegram two weeks
ago to claim responsibility for the crash of the Russian jet in the Sinai
Peninsula that killed 224 people, and used it again last week, in Arabic,
English and French, to broadcast responsibility for the Paris carnage. It is
not yet clear whether they also used Telegram’s secret-messaging service to
encrypt their private conversations. [...]

Security experts counter that such arguments ignore the fact that even
end-to-end encrypted technology leaves a trail of metadata behind that can
be used to parse who is talking to whom, when and where.  “Encryption is
really good at making it difficult to hide the content of communications,
but not good at hiding the presence of communications,'' said Matt Blaze, a
computer security expert at the University of Pennsylvania.

Mr. Blaze also noted that the authorities can still read communications if
they hack into the target's device, or what security experts call the end
point.  “All the encryption in the world doesn’t help if the end point that
holds the keys are compromised.  So this idea that encryption make
terrorists' communications go completely dark has a pretty big asterisk next
to it.''  [...]

Edward Snowden and spread of encryption blamed after Paris terror attacks

Lauren Weinstein <>
Sun, 15 Nov 2015 08:49:50 -0800

  "As Paris reels from terror attacks that claimed at least 128 lives,
  fierce blame for the attack is being directed toward American
  whistleblower Edward Snowden and the spread of strong encryption catalyzed
  by his actions," Patrick Howell O'Neill reports for The Daily Dot
  ... O'Neill reports, "Fox News hosts Greg Gutfeld and Dana Perino, George
  W. Bush's former press secretary, took to Twitter to directly blame and
  even curse at Snowden."

I've already seen various officials giving interviews claiming that if they
had backdoors into crypto this might have been stopped. Of course, at this
point, there's no indication that encrypted comms were even involved. But
officials have been waiting for this excuse. As you may recall, I've been
predicting that at the first significant terrorist attack, officials would
get back to demanding control over crypto—and the inclusion of crypto
backdoors—the loss of security and privacy for all of us be damned.

Politicians blame Snowden for Paris attacks

Henry Baker <>
Sun, 15 Nov 2015 07:28:40 -0800
It's really, really hard to be more cynical than spook apologists in
exploiting a tragedy for political purposes.

'Edward Snowden and spread of encryption blamed after Paris terror attacks'

'The terrorists have read Snowden'

The Obama Administration encryption critics decided in October to merely
bide their time, waiting for a propitious Paris moment:

'Despite the Administration's apparently final decisions on the encryption
argument, I'm willing to bet anyone a cup of coffee that we have not seen
the end of this discussion between now and January 21, 2017.

From the article below:

"the [new French] law allows government agents to break into the homes of
suspected terrorists for the purpose of planting microphone bugs,
surveillance cameras, and to install keyloggers on their computers"

Well, we see now how much those *bugs, cameras and keyloggers* helped.

Uh oh, this just in:

'Is ISIS Using PlayStation 4 To Communicate?'

Is there enough room in Guantanamo for all the Playstation 4 owners/users?

[Does anyone else see any irony in this use of the 'Sony' Playstation?]

Arik Hesseldahl, Recode.Net, 14 Nov 2015
France Has A Powerful and Controversial New Surveillance Law

As it plans its response to a series of six terrorist attacks Friday night
that killed 129 and injured 352, the government of France will likely step
up its efforts to keep tabs on the movements and communications of people
within its borders.

As it happens, the attacks have occurred only a few months after legislators
in that country passed a sweeping new surveillance law that gives the
government broad powers to closely monitor the mobile phone and Internet
communications of French citizens.

Passed by the French Parliament in May in response to the attacks on the
Paris-based magazine Charlie Hebdo, the law allows government to monitor
phone calls and emails of people suspected of connections to terrorism
without the authorization of a judge.

But it goes further than that.  The law requires Internet service providers
to install black boxes that are designed to vacuum up and analyze metadata
on the Web-browsing and general Internet use habits of millions of people
using the Web, and to make the data available to intelligence agencies.

In exceptional cases, the law allows the government to deploy what are
called ISMI catchers to track all mobile phone communications in a given
area.  These catchers are basically designed to impersonate cell towers, but
they intercept and record communications data from phones within its range,
and can also track the movements of people carrying the phones.

Finally, the law allows government agents to break into the homes of
suspected terrorists for the purpose of planting microphone bugs,
surveillance cameras, and to install keyloggers on their computers, devices
that capture data on every keystroke and mouse click.

Critics of the law complain that there's not much oversight and that the
conditions under which the laws powers can be triggered are vague.  As The
Verge noted in July, the government can authorize the surveillance for
major foreign policy interests" or to counter "organized delinquency."

Surveillance operations are overseen by a nine-person committee led by Prime
Minister Manuel Valls.  But that committee has only an advisory role, and
cannot overrule decisions by the prime minister.

Arik Hesseldahl:  @ahess247

Let's flush privacy down the toilet (Russell Brandom)

Henry Baker <>
Tue, 17 Nov 2015 06:46:23 -0800
"[A criminal's] most dangerous weapon is the flush toilet ... a perfect
evidence-disposal system installed in every home in America"

Russell Brandom, The Verge, 16 Nov 2015
The problem with cracking down on PlayStations to stop terrorists
If you're scared of gaming consoles, you're scared of privacy

There's a joke in the legal world that criminals' most dangerous weapon is
the flush toilet.  Imagine, a perfect evidence-disposal system installed in
every home in America, available whenever you hear the detectives knock on
your door.  Tens thousands of potential arrests have been flushed down
toilets over the years.

So why do we keep toilets around?  Well, they're useful for other things.

Today, instead of the flush toilet, we learned about the PlayStation 4.  In
a now-retracted story, Forbes made the case that PlayStation's private chat
and VoIP features may have been used in plotting the attacks, kicking off a
wave of concerns over gaming networks and their potential use in plotting
terrorist acts.

But while Forbes has since backed off the claim that a PS4 was found in an
attacker's apartment, the air of suspicion hasn't fully lifted.  There
really have been cases of ISIS sympathizers using the PlayStation network to
communicate or recruit, and it's the kind of offbeat channel an intelligence
officer might miss.  PlayStation's network is open to anyone with the right
console, and there's lots of noise to distract anyone who might look there.
As the UK's Investigatory Powers Bill heads to parliament, the political
will to clamp down on those networks is stronger than it's ever been.  So
why shouldn't we?

The first thing to say is that the PlayStation network isn't particularly
secure.  It's not end-to-end encrypted, and Sony is open about the company's
right to surveil users, even if it doesn't have much of an apparatus to do
so.  Unlike encrypted chat apps like Telegram and WhatsApp, the PlayStation
networks weren't designed with security in mind, and most users care far
more about latency and downtime than they do about privacy.  If an
intelligence service is looking for you specifically, it's just not that
good of a place to hide.

What the networks do have is a lot of people, which makes them useful for
meeting inconspicuously.  You won't stand out if you set up a private chat
on PSN, the way you might if you log onto a protected chat room or IRC
channel.  It's the protection of the crowd, the same way you might talk more
freely in a noisy bar where you won't be overheard.  This kind of privacy is
more about cultural expectations than strict security, and it's particularly
important because of that.  It can be used by terrorists, sure, but so can
dimly lit restaurants and crowded parks.  If that's scary, then all private
spaces are scary.  If you believe that logic, you've made a boogeyman out of
privacy itself.

All of which brings us back to the flush toilet.  In the wake of a tragedy,
shock makes us value security over all else, often forgetting smaller
virtues in the rush to protect ourselves.  It's a natural impulse, but it's
worth considering where it might take us, left unchecked.  With enough fear,
anything comes to look threatening: a gaming console, a toilet, a
smartphone.  Will destroying them make us more or less powerful?

Police body cams found pre-installed with notorious Conficker worm

Lauren Weinstein <>
Mon, 16 Nov 2015 10:40:49 -0800

  A report that police cameras are shipping with Conficker.B pre-installed
  is testament to the worm's relentlessness. It's also troubling because the
  cameras can be crucial in criminal trials. If an attorney can prove that a
  camera is infected with malware, it's plausible that the vulnerability
  could be grounds for the video it generated to be thrown out of court, or
  at least to create reasonable doubt in the minds of jurors.  Infected
  cameras can also infect and badly bog down the networks of police forces,
  some of which still use outdated computers and ineffective security

NSA Efforts to Evade Encryption Technology Damaged U.S. Cryptography Standard

Lauren Weinstein <>
Mon, 16 Nov 2015 08:03:15 -0800
  Editor's note (11/16/15): Following the terrorist attacks in Paris on
  November 13 and the ensuing debate about counterterrorism efforts and
  encrypted communications, Scientific American is republishing the
  following [2013] article. [...]

Re: In wake of Paris attacks, renewed calls for encryption backdoors

Lauren Weinstein <>
Mon, 16 Nov 2015 17:06:36 -0800

  Bratton [NYC Police Commissioner] told MSNBC host and former Republican
  congressman Joe Scarborough that "You have to be on the offense. Offense
  is intelligence" on MSNBC, and said that encryption was a problem. "We are
  losing a lot of that intelligence momentum because of that issue." Privacy
  advocate Lauren Weinstein, who worked on the Department of Defense's
  proto-Internet project Arpanet, said secure encryption backdoors are a
  pure impossibility. "If there was a scientifically provable way to do
  this, we could have the discussion," Weinstein told the Guardian, "but it
  doesn't make sense to have the discussion when everybody who's looked at
  this and is honest about it says that it would make us more
  vulnerable. "The math will get you every time."

ICANN policy problems

"Alister Wm Macintyre \(Wow\)" <>
Sun, 15 Nov 2015 15:41:32 -0600
ICANN assigns domain names, has oversight over Internet registrars, but
there is no oversight for ICANN.

They are in a transition, including a mission statement of making the
Internet worthy of consumer trust.

But meanwhile no one in ICANN seems to be working towards that goal, and the
spam keeps rolling in, supported by registrars, which ICANN is supposed to
police.  Instead ICANN denies its responsibility to Internet users, puts
obstructions in the way of people who identify causes of Internet abuse and

KNUJON, and other efforts, identify registrars responsible for 89% of the
sources of spam and cyber-crime, but it can take 5 years before ICANN does
anything about this.  Perhaps law enforcement could pay some of them a
visit, to confirm or deny KNUJON et al allegations.  [KNUJON also noted
in RISKS-29.08.  PGN]

The Microcomplaint: Nothing Too Small to Whine About

Monty Solomon <>
Sun, 15 Nov 2015 11:11:59 -0500
It was once considered unbecoming, or annoying itself, to moan publicly
about trifling personal ordeals. Now we tolerate, even encourage, the

Re: Software is forever (RISKS-29.09)

"Wendy M. Grossman" <>
Mon, 16 Nov 2015 18:12:58 +0000
The Windows 3.1 incident at Orly reminded me of the net.wars column I wrote
after Microsoft officially retired XP (which is still running my desktop
here):, Twitter: @wendyg

Re: Driverless car stopped by officer in traffic ... (RISKS-29.09)

"Alister Wm Macintyre \(Wow\)" <>
Fri, 13 Nov 2015 17:53:50 -0600
This inspires discussion of what might happen in a future where there are
many such cars on the road.

2-8 Nov 2015 BBW (Bloomberg Business Week) has a time line of the history of
driverless cars, forecasting future optimistic expectations (ignoring

* 2017 GM & Google cars without steering wheel nor gas pedal;

* 2020 self driving industrial vehicles hurt driver job market;

* 2025 fully automated vehicles on Earth and Mars;

* 2030 All taxi fleets are now driverless;

* 2035 driverless cars shrink in size, with fuel consumption = gains, and
  smaller parking spaces;

* 2040 price drop in driverless cars, for more buyers, but easier trip
  invites more urban sprawl;

* 2045 restrictions on driver vehicles;

* 2050 vehicle crashes become a thing of the past;

* 2055 auto insurance shifts from owners to vehicle manufacturers;

* 2060 autonomous vehicles become mandatory. (will this include police cars
  & other 1st responders?)

Many risks mentioned in past posts:

* Autonomous military ordinance gets hacked.

* Electronic Smog.

* Google did not know they needed to report accidents with driverless   cars.  They thought paying off owner of other vehicle was good enough.

* Ethics—who to save, sacrifice, when cannot save everyone.

* Humans drive recklessly, violate speed limits, driverless cars at a

* Humans in trouble when follow flawed map apps—ditto for driverless?

* Uploading software patches, without proper testing, often leads to
  outages.  If that causes driverless to crash, blame whom?

* Who is to be held accountable when driverless public transportation
  crashes—the programmer, who did not know his code to be used for that

Re: Driverless car stopped by officer in traffic ... (RISKS-29.09)

Clint Chaplin <>
Fri, 13 Nov 2015 14:25:09 -0800
  "and because I know of only one report of a driver-present car running
  into a driverless one that stopped for a pedestrian (as required by law)"

Google very helpfully is listing all accidents that involved Google cars.
The one that got the most press was one that involved injuries, but there
have been several before and after that.

Re: Driverless car stopped by officer in traffic ... (RISKS-29.09)

Sun, 15 Nov 2015 23:30:08 -0500
 > This event actually inspires some discussion of what might happen
 > in a future where there are many such cars on the road.  (PGN)

In some states, insurance is for the driver.  In some states, insurance is
for the automobile.  In no states, is there a requirement that a passenger
have a licence to be a passenger.

Ipso facto, at the scene of an accident, there may be no one with an ID and
no one with insurance.

Re: Wikipedia and Deepak Chopra (2daygoaty, RISKS-29.09)

Dan Jacobson <>
Sat, 14 Nov 2015 18:52:45 +0800
But then again they wouldn't have become brilliant authors if they spent
their time doing that. Indeed they might cheerfully use Wikipedia every day,
ever cautious not to read articles about topics they know—worst of which
being articles describing they themselves—lest they need more than a
chuckle to get over it.

Re: Beware of ads that use inaudible sound to link your phone, TV, tablet, and PC (Lauren Weinstein, RISKS-29.09)

Doug Humphrey <>
November 13, 2015 at 3:04:56 PM EST
  [via Dave Farber]

The power of capitalism is remarkable.  The level of sophistication of "spy"
tech in the commercial world, for the purposes of gathering and correlating
this data, rivals, and in a few ways clearly surpasses similar efforts in
the national security spaces.

The "economy of scale" of reaping "all the things" rather than being
selective has enabled both efforts, but in the commercial world it is profit
(well, potential profit in many cases) driven vs. being a cost center in the
gov spaces.

Dangerous?  Oh yes.  Likely in ways we have not even imagined yet....
Still, amazing to watch it all develop.

Keep dodging all the friendly fire...

Re: My first purchase with a chipped card (RISKS-29.09)

Carl Byington <>
Fri, 13 Nov 2015 14:34:34 -0800
You will clearly get many responses to this, but

2010 -

2011 -

2012 -

2014 -

I suspect the details of the European chips and the US chips are
identical, since they are both using EMV standards.

EMV = Europay, Mastercard, Visa

  [Don't forget Ross Anderson and Steven Murdoch, Why Payment Systems Fail:
  What lessons might we learn from the chip cards used for payments in
  Europe, now that the U.S. is adopting them too?  CACM Inside Risks
  article, June 2014, .

  John Levine also suggested looking at Ross Anderson's Virus Bulletin
  keynote from last month: .  PGN]

Re: My first purchase with a chipped card (RISKS-29.09)

Chris Drewe <>
Sat, 14 Nov 2015 21:30:37 +0000
Um... we've had these in the UK for what seems like half a lifetime (nearly
as long as cameras which capture images electronically instead of on film)
-- they work exactly as described.  As I understand it, the problem was that
criminals could, with some difficulty, replicate magnetic strips on a
kitchen-table basis, but they are unlikely to be able to fabricate ICs.  I'm
told that the trouble with the earliest ones was that both cards and readers
had to handle either magnetic strips or Chip&PIN; the readers read the strip
first, and if the card had a chip then a bit was set in the strip to say
"read the chip", but criminals could replicate the strip with this bit not
set, defeating the security features of the chip.  Main fraud problems now
are the usual shoulder-surfing, strategically-placed 'security' cameras
capturing PINs, tampered readers, etc. along with cardholder-not-present
unauthorised transactions.  Incidentally, Brits traveling overseas are
warned that when using credit/debit cards they may be offered billing in
pounds sterling rather than local currency, which seems like a good idea,
but they may then be charged at a terrible exchange rate, only discovered
when they get back home.  As already mentioned in RISKS, a more-recent
innovation is contactless near-field RFID cards, which don't need to be
inserted in a reader, you just hold it nearby, and if the transaction value
is less than 30 pounds (about $45) you don't even need a PIN(!).  What I
found scary was an ATM which read my card contactlessly—normally ATMs
require you to take your card out at the end of the transaction, but with
this one I had to be sure to select the "do you want another transaction?
**NO**" to 'close' the session.  (And also as already mentioned, fun & games
if you use a contactless travel card on public transport kept too close to
your contactless credit/debit card, see RISKS-28.93 & 94.)  From time to
time there are breathless articles in UK newspapers pointing out that an
ever-smaller proportion of transactions are being done with physical cash,
and looking forward to the glorious day when it will be abolished
altogether.  Wonderfully convenient, but anybody with access to your data
will be able to see exactly what you spend your money on, AND track your

Re: Encouraging trends and emerging threats in email security (LW, RISKS-29.09)

Dimitri Maziuk <>
Fri, 13 Nov 2015 17:52:27 -0600
> The irony of course is that TLS (STARTTLS) is basically clown-grade email
> encryption.

No, the irony is STARTTLS push coming from Google barely 6 months after
the MCS Holdings "incident":

The not really funny part is that apparently this is legitimate academic
research publishable in an ACM SIG. Because if I were Google trawling user's
e-mails for targeted advertising with the "major providers complicit in TLA
spying" brouhaha on top, I'd want to do some damage control, too. Selling it
as native advertising aka "repurposed bovine waste" is not surprise either:
advertising is what Google does.

Remember the actual encrypted e-mail service provider? Lavabit, anyone?

CRYPTO-GRAM, November 15, 2015 (PGN-ed)

Bruce Schneier <>
Sat, 14 Nov 2015 22:36:34 -0600
  [I frequently cull a single item from Bruce's CRYPTO-GRAM.  At this point,
  I think I should suggest that if you are interested, you should subscribe.
  Here's just the table of contents for the latest issue.  PGN]

          November 15, 2015
          by Bruce Schneier
        CTO, Resilient Systems, Inc.
  For back issues, or to subscribe, visit
    You can read this issue on the web at

      The Doxing Trend  [Doxing has to do with hacking for documents]
      The Rise of Political Doxing
      Breaking Diffie-Hellman with Massive Precomputation (Again)
      Schneier News
      Australia Is Testing Virtual Passports
      Resilient Systems News
      The Effects of Surveillance on the Victims

Please report problems with the web pages to the maintainer