The RISKS Digest
Volume 29 Issue 70

Thursday, 18th August 2016

Forum on Risks to the Public in Computers and Related Systems

ACM Committee on Computers and Public Policy, Peter G. Neumann, moderator

Please try the URL privacy information feature enabled by clicking the flashlight icon above. This will reveal two icons after each link the body of the digest. The shield takes you to a breakdown of Terms of Service for the site - however only a small number of sites are covered at the moment. The flashlight take you to an analysis of the various trackers etc. that the linked site delivers. Please let the website maintainer know if you find this useful or not. As a RISKS reader, you will probably not be surprised by what is revealed…


Pentagon Cannot Account For $6.5 Trillion Dollars
Jay Syrmopoulos via Mark E. Smith
'Shadow Brokers' Leak Raises Alarming Question: Was the NSA Hacked?
EPIC, Verified Voting, Common Cause Release Report on Ballot Secrecy
via PGN
"Donald Trump's Lack of Respect for Science Is Alarming"
*Scientific American*
Squirrel blamed for power outage in Menlo Park CA
China launches first quantum-enabled satellite
BBC via Rob Slade
"Clinic won't pay breach protection for victims; CEO says it would be death of company"
John Fontana
Australia rising
Alister Wm Macintyre
42 infants found in secret CalGang gang database
Henry Baker
A Distracted-Driving Ban in New Jersey? Some Say It Threatens a Way of Life
NY Times
Ford to offer self-driving cars without steering wheels to Uber by 2021
Computer World via Gregory Aharonian
Re: Ford to offer self-driving cars without steering wheels to Uber by 2021
Lauren Weinstein
Re: "Tesla and Troubles"
Michel Bouckaert
Re: Tesla "autopilot"
Barry Gold
Re: Hacking the Vote: the Security of Our Election Systems
Mark E. Smith
Re: Thai Plan to Track All Foreigners By SIM Cards Moves Forward
Henry Baker
Info on RISKS (comp.risks)

Pentagon Cannot Account For $6.5 Trillion Dollars (Jay Syrmopoulos)

"Mark E. Smith" <>
Tue, 16 Aug 2016 21:25:44 -0700
The computers don't get accurate data, or perhaps don't get any data at all.
The data is missing, or perhaps never existed.

When trillions of dollars go missing and cannot be accounted for, that fact
accounts for why the United States of America has so much homelessness and
poverty, why life expectancy in the USA is declining, why our health care
system costs more but has worse outcomes than any other developed country
and many less developed countries, and why there is less funding for schools
as the elected thieves, I mean politicians, prefer not to educate students
sufficiently for them to understand the problem.

Spending millions or billions on better computers won't help, as there is no
way to ensure that accurate data, without which computers cannot produce
accurate results, are input. Not even the most technologically advanced
computers in the world can function without good data. GIGO.  Yet I can feel
sympathy for people who knowingly input bad data because it is the only way
they can keep their jobs.

But this is the Pentagon, arguably the greatest military power on earth.
Should citizens of the United States revolt, the Pentagon can easily nuke a
few US cities to ensure that their trillions in graft continue, as it has
under both Republican and Democratic administrations.

How does the Pentagon, which has a budget measured in billions of dollars
annually, manage to lose trillions of dollars? I'm a simple, low-income
person. If I give somebody $50 to get me some groceries and they take my
money and don't come back, I've been ripped off for $50.  Suppose the same
thief then figures out a way to hack my bank account and steals every last
dime I have, including my rent money. I really don't think I'd turn around
and trust that person with my security and defense. But of course elected
officials must be smarter than me or people wouldn't elect them, right?

So perhaps this comment is inappropriate, as I'm not talking about a risk to
the public in computers and related systems, but a risk to the public when
there is no way to ensure that accurate data exists to account for
widespread governmental theft, and that computers therefore cannot function.
Unless, perhaps the system that is supposed to input the data to computers
is a "related system?"

'Shadow Brokers' Leak Raises Alarming Question: Was the NSA Hacked? (*The New York Times*)

Monty Solomon <>
Wed, 17 Aug 2016 09:53:28 -0400
Outside experts said the data contained what appeared to be genuine samples
of the top-secret code used in the production of the NSA's custom-built

EPIC, Verified Voting, Common Cause Release Report on Ballot Secrecy

"Peter G. Neumann" <>
Thu, 17 Aug 2016 12:19:18 PDT

EPIC, Verified Voting, and Common Cause today released The Secret Ballot at
Risk: Recommendations for Protecting Democracy, a report highlighting the
right to a secret ballot and how Internet voting threatens voter
privacy. All 50 states recognize ballot secrecy as a core value. Despite
this, 32 states and DC are promoting Internet voting, typically for overseas
and military voters, and are asking those voters to waive their right to a
secret ballot. That threatens voting freedom and election integrity. The
report recommends actions voters can take to protect the secrecy of their
ballot, and encourages states to do more to safeguard voter privacy. EPIC
has a long history of working to protect voter privacy and election

The report is linked here:

And here is a quick summary:

The right to cast a secret ballot in a public election is a core value in
the United States' system of self-governance. Secrecy and privacy in
elections guard against coercion and are essential to integrity in the
electoral process. Secrecy of the ballot is guaranteed in state
constitutions and statutes nationwide. However, as states permit the marking
and transmitting of marked ballots over the Internet, the right to a secret
ballot is eroded and the integrity of our elections is put at risk.

"Donald Trump's Lack of Respect for Science Is Alarming" (*Scientific American*)

"Peter G. Neumann" <>
Thu, 17 Aug 2016 12:02:12 PDT
  “Scientific American is not in the business of endorsing political
  candidates.  But we do take a stand for science—the most reliable path
  to objective knowledge the world has seen—and the Enlightenment values
  that gave rise to it.  For more than 170 years we have documented, for
  better and for worse, the rise of science and technology and their impact
  on the nation and the world.  We have strived to assert in our reporting,
  writing and editing the principle that decision making in the sphere of
  public policy should accept the conclusions that evidence, gathered in the
  spirit and with the methods of science, tells us to be true.''

  Note also *WiReD*'s unprecedented statement:

  How about Trump's call to shut down the Internet for use "by our enemy"?

  This topic transcends political issues that RISKS has always eschewed, and
  seems broadly relevant here to many more-specifically risks-related
  issues.  PGN

Squirrel blamed for power outage in Menlo Park CA

"Peter G. Neumann" <>
Wed, 17 Aug 2016 11:47:55 PDT
A squirrel bit into a power line on Crane Street in downtown Menlo Park at
6:30 p.m. on 16 Aug 2016.  In the aftermath of the arc and subsequent explosion
that knocked out power for 1700 PG&E customers, a "smoldering grey squirrel"
was found in the gutter.  In each of two different buildings on Crane
Street, someone was trapped in an elevator for about 20 minutes and had to
be rescued by the fire department.  [Source: today's local *Daily Post*
front-page item, PGN-ed]

As noted below, surprisingly many squirrels have been featured in RISKS
since RISKS-4.02, almost 30 years ago!  You might think that this problem
should be easily preventable.  On the other hand, this is just another kind
of RISKS case that seems to recur [*].  (You might think it was not so kind
for the squirrel—except that the article quotes the MP Fire Chief: “It
all happened in the blink of an eye, and we don't think he suffered at

  [* "Recur" would be more appropriate in this context if it had involved
  mongrel dogs rather than squirrels.]*

Here's the squirrelitany in RISKS to date:

Vol 4:  Insurgent Squirrel Joins No-Ways Arc (Ross McKenrick)
Vol 5:  Squirrels and other pesky animals (Frank Houston)
Vol 5:  Squirrels, mice, bugs, and Grace Hopper's moth (Mark Mandel)
Vol 6:  Yet another skunk in the squirrel story (Rick Jaffe)
Vol 8:  SRI attacked by kamikaze squirrels? (David L. Edwards)
Vol 8:  No power lunch, just no-power crunch (after the squirrel's over)
Vol 16: Squirrels again bring down Nasdaq (Joe Morris, Bob Frankston)
Vol 16: More than squirrels: Newbridge Networks (Bob Frankston)
Vol 16: Re: squirrelcide (Douglas W. Jones)
Vol 17: Invaders in Eastern Washington [more squirrels] (David Burlingame)
Vol 19: 5th SRI squirrelcide causes 18.5-hour outage (PGN)
Vol 20: Squirrelcide at San Jose Airport (Dave Stringer-Calvert)
Vol 27: The goto Squirrel (Dennis E. Hamilton)
Vol 28: Squirrels are now performing coordinated attacks (Jerry Saltzer)
Vol 29: Squirrel blamed for power outage in Menlo Park CA (PGN)

China launches first quantum-enabled satellite (BBC)

Rob Slade <>
Wed, 17 Aug 2016 11:59:04 -0700
(... or, maybe not)

Aside from the fact that it allows me to make a quantum joke, this article
allows me to rant about quantum cryptography.

Ever since I have started to research the security implications of quantum
computing, quantum crypto has bugged me.  Yes, the theory is beautifully
elegant, and (theoretically) allows us to detect passive eavesdropping for
the first time.  But dozens of attacks have demonstrated that, as usual, the
devil is in the implementation details.

And the implementation details here are even bigger.  Our current quantum
crypto systems require dedicated, single-mode fibre optic cable.  And, as I
keep pointing out to students and in presentations, if you've got dedicated,
single-mode fibre optic cable you have very little need for encryption.
(No, agreed, not zero.  But I think we can agree that this is a pretty good
definition of "vanishingly small.")

I did once hear of a project to try and use quantum crypto between ATMs and
smartphones, and that might (*MIGHT*) have been a defence against shimming
attacks.  But that was limited to 30 cm, and this is going to be a lot

Despite the mounting evidence that quantum crypto is not going to be a
panacea for all security ills, interest in the topic just keeps growing.
(And what *really* irks me is that it diverts attention from other areas of
research into the use of actual quantum computing, which probably would be
really useful in security.)

I will be interested to learn of the results of the testing.

But I'm not holding my breath.

"Clinic won't pay breach protection for victims; CEO says it would be death of company" (John Fontana)

Gene Wirchenko <>
Wed, 17 Aug 2016 10:22:36 -0700
John Fontana for Identity Matters, ZDNet, 16 Aug 2016
Is Death by Breach a real affliction to be feared by mid-sized small

Australia rising

"Alister Wm Macintyre \(Wow\)" <>
Wed, 17 Aug 2016 14:16:08 -0500
Australia moves northward 3 inches a year, or 5 feet north of where it was
20 years ago.  This means that longitude & latitude should have been
updated, but they wait until over-reliance on GPS leads Australian drivers
into harms way, before trying to both fix the system, and fix it in such a
way that there will be continuous updates, so not get in this mess again.
In the process, they blame GPS for the actions of mother nature, and the
inactions of mankind.

42 infants found in secret CalGang gang database

Henry Baker <>
Wed, 17 Aug 2016 06:47:16 -0700
FYI—These babies are at risk if they wear the wrong colors, the wrong
headgear, or if they don't put their hands up...

"Law enforcement officials told auditors no real harm comes to those who end
up in the database."

RISKS has from its inception talked about the problems with these types of
databases.  But with 'no fly lists' and other extra-Constitutional
restrictions on civil liberties, these database "errors" can destroy lives.

Scathing Audit Bolsters Critics' Fears About Secretive State Gang Database

An explosive state audit confirms many of the fears that San Diego
Assemblywoman Shirley Weber and others have long expressed about the state's
gang database: that it cannot ensure individuals' privacy, that people can
be entered in the database without proper substantiation, and that people
are kept in the database long after their names should have been purged.

An audit of the state's gang database was prompted by inquiries from San
Diego Assemblywoman Shirley Weber.

Sara Libby, Beware the gangster babies, 11 Aug 2016

Among the explosive findings included in a new audit of the state gang
database, CalGang, auditors say they found "42 individuals in CalGang who
were supposedly younger than one year of age at the time of entry--28 of
whom were entered for 'admitting to being gang members.'"

The state Legislature, prompted by San Diego Assemblywoman Shirley Weber,
requested the audit, which was released Thursday.

The database is a statewide tool that provides law enforcement officers
access to data about an individual's gang ties.

But Weber said that she was troubled when she struggled to find basic
details about how the gang database operates.  Now the audit has provided
some of those answers—and they're disturbing.

The audit confirms many of the fears that Weber and others have long
expressed about the CalGang system: that it cannot ensure individuals'
rights to privacy, that people can be entered in the database without proper
substantiation and that people are kept in the database long after their
names should have been purged.

"Probably people are pretty shocked about just how deep the problems are in
the CalGang system in terms of lack of transparency, lack of consistency in
terms of how the standards are used," Weber said.

Weber herself was not one of them.

"I was not shocked at all.  If you don't live in a community that has had
concerns about this ... I've heard these complaints for years.  As most
folks know, my own son was threatened to be put on the gang list, and he
hadn't done anything.  I hear these things from parents on a regular basis.
But I think some of my colleagues were shocked," she said.

A snapshot of the findings:

* Even with the broad criteria for including someone in CalGang, a check on
  100 individuals included in the database found that "law enforcement
  agencies did not have adequate support for inclusion of 13 of these

* "flaws in CalGang's controls caused many individuals to remain in the
  system longer than federal regulations allow; in fact, some individuals
  are currently scheduled to remain in CalGang for hundreds of years."

* the CalGang leadership structure doesn't allow for any public input or
  oversight, and conflicts are rampant.  One law enforcement officer, for
  example, "stated that he enters approximately 95 percent of CalGang
  records for his agency, yet this same sergeant is also responsible for
  conducting any audits of CalGang records for the region because he is the
  node administrator."

* Though CalGang data is intended to be used only as a law enforcement tool,
  the audit found "at least three law enforcement agencies may have
  inappropriately used CalGang as an employment screening tool"—possibly
  in violation of those individuals' privacy rights.

Law enforcement officials told auditors no real harm comes to those who end
up in the database.  In San Diego, we've seen that's not true.

Aaron Harvey's inclusion in the database landed him in the thick of a case
that threatened to send him to jail for life—even though San Diego
prosecutors admitted he hadn't actually committed the crime at hand.
Rather, they argued, the Lincoln Park resident benefited from a series of
shootings because the real criminals belonged to the same gang as Harvey.
Harvey denies he's in a gang, and says he landed in the database thanks to
being stopped by police in his neighborhood dozens of times.

Here's how I described some of what can land a person in the gang database
last year:

  According to the state, a person can be entered into the CalGang database
  if he or she meets any two criteria from a list that includes: admitting
  to being a gang member: being arrested alongside known gang members; being
  ID'd as a gang member by a reliable source; being seen affiliating with
  documented gang members; displaying hand gestures affiliated with a gang;
  frequenting gang areas; wearing gang dress; or having gang tattoos.

Harvey's case was later dismissed.

Critics have for years said the criteria for inclusion in the database is
too broad.  The report notes: "academic literature suggests that the broad
criteria used to label gangs and gang members may make it difficult for
youth living in gang-heavy communities to avoid meeting the qualifying
criteria and that gang labeling can stigmatize minority, inner-city youth,
limiting their social and economic opportunities."

Indeed, the report says that being seen associating with gang members, and
wearing "gang dress" are the No. 2 and No. 4 most-used criteria to land
someone on the database.  In a gang-heavy neighborhood, that could include
simply talking to a neighbor and wearing a red shirt.

The No. 1 most-used criteria to land a person in the database, according to
the report, is self-admitting to being in a gang.  But even this can be
problematic: The report notes it found at least one instance of someone
being included in the database under this criteria, even though interview
notes revealed the man had told officers he was not in a gang.

A bill written by Weber that would mandate that adults be notified when
they're entered into the database passed out of the Senate Appropriations
Committee on Thursday.

A 2013 law requires officials to notify parents of juveniles when their kids
land in the database.  But the audit found that in many cases, that's still
not happening.

Despite the problems, Weber said she still believes CalGang—if used and
monitored properly, can be a good crime-fighting tool.

"This is an important tool in law enforcement," Weber said.  "And this
report says that probably the manner in which we're using it is not very
effective in terms of fighting crime."

As for the audit's discovery that people younger than 1 year old were
entered in the database, that finding was in a section on rampant errors --
presumably those people were adults whose ages were entered incorrectly.

A Distracted-Driving Ban in New Jersey? Some Say It Threatens a Way of Life (NY Times)

Monty Solomon <>
Wed, 17 Aug 2016 18:12:51 -0400
A bill that could fine distracted drivers as much as $800 has led to an
outcry among residents for whom driving is more a state of being than an

Ford to offer self-driving cars without steering wheels to Uber by 2021

Gregory Aharonian <>
August 16, 2016 at 5:21:01 PM EDT
  [via Dave Farber]

First, Uber destroys the livelihoods of taxi drivers by replacing them with
Uber serfs, and then Ford will destroy the livelihoods of the serfs by
taking away the steering wheels.

Telling and sad that article does not mention "job".  The technology press
has to expose its hidden misanthropy.  We need to innovate (and patent—I
need work!) technologies that bring new benefits and new jobs - for all.

Greg Aharonian, Editor, Internet Patent News Service

  [See also

Re: Ford to offer self-driving cars without steering wheels to Uber by 2021

Lauren Weinstein <>
August 16, 2016 at 6:35:01 PM EDT
Most of this is almost entirely academic at this point. Ford is mostly
blowing smoke. Outside of the fact that vehicles as they describe would be
explicitly *illegal* on public roads in California and various other locales
based on the draft regulations in circulation that require an alert human
driver, steering wheel, pedals, etc.—we're not even close to dealing with
the extremely long tail of all kinds of roads, all kinds of weather, all
kinds of common situations (like dealing with the verbal commands of an
officer at a traffic accident) and on and on. The list of issues is almost
endless and we've barely scratched the surface. My guess is that Ford is
actually pushing for some sort of "people mover" concept in controlled,
restricted areas.

The amount of hype in this sphere is almost beyond measure. I saw an article
today predicting most delivery drivers would be out of work in 10 years. You
don't need more than half a brain and a few minutes thought to realize the
multiple reasons why that won't happen even if we had miracles of tech
developments and cost decreases over that time. Or even twice that time.

I still feel that the research is worthwhile toward improved safety systems,
but I would like to see serious discussion from the proponents of the "all
autonomous vehicles future" of what that could mean in terms of governmental
access to vehicle data and remote control over vehicle operations,
individually and en masse. Control travel and you control the
population. Amusingly, the same folks with the stars in their eyes about a
future demise of human-driven vehicles seem to avoid discussing how law
enforcement and other government agencies could leverage it. You can be sure
those entities are *already* drooling at the prospects though, however
distant they may be.

Re: "Tesla and Troubles" (AlMac, RISKS-29.69)

Michel Bouckaert <>
Wed, 17 Aug 2016 10:52:17 -0700
  [Re: "Autopilot"]

The problem is the hype in reporting.  Even touting the feature as a
"co-pilot" who is never PIC ("Pilot in command") should not become a problem
-- until the meaning is corrupted.

In the Tesla case, overclaiming was the problem.

Under-claiming happens too: that could be seen in another automotive
evolutionary move, where most of what I read in the dailies about GM's Volt
was "omitting" that it had a conventional engine too.

In the Tesla tale, Tesla is the messenger.  Don't shoot it.  It's hard to
correct the daily press when it [the press] is going astray.

  [Although controversial today, it seems likely that by 2021 we will
  acknowledge that cars without human drivers will be *substantially* safer
  than cars with human drivers—which is probably already the case today!

Re: Tesla "autopilot"

Barry Gold <>
Tue, 16 Aug 2016 17:49:50 -0700
I have to wonder if Musk has thought about the level of risk he has taken on
in advertising the "Autopilot" in this way.

Assume the owner/"operator" turns on the "autopilot" and then stops paying
attention to his environment—perhaps watching a movie on their phone or
tablet, perhaps texting, perhaps even sleeping. The car drives for a while,
then has an accident in which an innocent person (not an occupant of the
car) is severely injured or killed.

The owner may have the statutory minimum liability insurance ($15,000 per
victim, $30,000 per accident), which won't even cover the healthcare costs
of a severe injury, to say nothing of the other economic and non-economic
damages. The victim's lawyer will look around for "deep pockets" and, lo and
behold, there's Tesla Motors with a market cap of $33E9. I think any
competent lawyer could convince a judge that he has at least a triable case
that Tesla's advertising was negligent and contributed to the victim's death
or injuries. If the accident occurs in one of the 46 states that use Joint
and Several liability, Tesla could have to pay everything above that
(ridiculously small) statutory liability limit.

Re: Hacking the Vote: the Security of Our Election Systems

"Mark E. Smith" <>
Tue, 16 Aug 2016 19:01:27 -0700
The risk here seems to be that if we hack and/or influence foreign
elections, foreign countries might do unto us as we have done unto them.

Which isn't acceptable because we're exceptional and we're a democracy. Our
government would never hack foreign elections, bail out banks, or start wars
based on lies without first requesting and obtaining the consent of the

Oh? We gave our elected officials blanket consent to do whatever they wished
when we voted? Our job was over once we voted, as we had delegated all
decision making power to our elected representatives and we no longer had a

And I should be concerned about the security of the processes that
legitimize this sham?

Re: Thai Plan to Track All Foreigners By SIM Cards Moves Forward (Jacobson, RISKS-29.69)

Henry Baker <>
Wed, 17 Aug 2016 06:25:33 -0700
So why not just give every "foreigner" a GPS ankle bracelet?  ;-)

(Both U.S. Presidential candidates are already competing vigorously for who can destroy more civil rights; perhaps we shouldn't give them any more ideas?)

Please report problems with the web pages to the maintainer