Please try the URL privacy information feature enabled by clicking the flashlight icon above. This will reveal two icons after each link the body of the digest. The shield takes you to a breakdown of Terms of Service for the site - however only a small number of sites are covered at the moment. The flashlight take you to an analysis of the various trackers etc. that the linked site delivers. Please let the website maintainer know if you find this useful or not. As a RISKS reader, you will probably not be surprised by what is revealed…
The computers don't get accurate data, or perhaps don't get any data at all. The data is missing, or perhaps never existed. http://www.globalresearch.ca/pentagon-cannot-account-for-6-5-trillion-dollars/5541244 When trillions of dollars go missing and cannot be accounted for, that fact accounts for why the United States of America has so much homelessness and poverty, why life expectancy in the USA is declining, why our health care system costs more but has worse outcomes than any other developed country and many less developed countries, and why there is less funding for schools as the elected thieves, I mean politicians, prefer not to educate students sufficiently for them to understand the problem. Spending millions or billions on better computers won't help, as there is no way to ensure that accurate data, without which computers cannot produce accurate results, are input. Not even the most technologically advanced computers in the world can function without good data. GIGO. Yet I can feel sympathy for people who knowingly input bad data because it is the only way they can keep their jobs. But this is the Pentagon, arguably the greatest military power on earth. Should citizens of the United States revolt, the Pentagon can easily nuke a few US cities to ensure that their trillions in graft continue, as it has under both Republican and Democratic administrations. How does the Pentagon, which has a budget measured in billions of dollars annually, manage to lose trillions of dollars? I'm a simple, low-income person. If I give somebody $50 to get me some groceries and they take my money and don't come back, I've been ripped off for $50. Suppose the same thief then figures out a way to hack my bank account and steals every last dime I have, including my rent money. I really don't think I'd turn around and trust that person with my security and defense. But of course elected officials must be smarter than me or people wouldn't elect them, right? So perhaps this comment is inappropriate, as I'm not talking about a risk to the public in computers and related systems, but a risk to the public when there is no way to ensure that accurate data exists to account for widespread governmental theft, and that computers therefore cannot function. Unless, perhaps the system that is supposed to input the data to computers is a "related system?"
Outside experts said the data contained what appeared to be genuine samples of the top-secret code used in the production of the NSA's custom-built malware. http://www.nytimes.com/2016/08/17/us/shadow-brokers-leak-raises-alarming-question-was-the-nsa-hacked.html
https://epic.org/2016/08/epic-verified-voting-common-ca.html
EPIC, Verified Voting, and Common Cause today released The Secret Ballot at
Risk: Recommendations for Protecting Democracy, a report highlighting the
right to a secret ballot and how Internet voting threatens voter
privacy. All 50 states recognize ballot secrecy as a core value. Despite
this, 32 states and DC are promoting Internet voting, typically for overseas
and military voters, and are asking those voters to waive their right to a
secret ballot. That threatens voting freedom and election integrity. The
report recommends actions voters can take to protect the secrecy of their
ballot, and encourages states to do more to safeguard voter privacy. EPIC
has a long history of working to protect voter privacy and election
integrity.
The report is linked here:
http://www.secretballotatrisk.org
And here is a quick summary:
The right to cast a secret ballot in a public election is a core value in
the United States' system of self-governance. Secrecy and privacy in
elections guard against coercion and are essential to integrity in the
electoral process. Secrecy of the ballot is guaranteed in state
constitutions and statutes nationwide. However, as states permit the marking
and transmitting of marked ballots over the Internet, the right to a secret
ballot is eroded and the integrity of our elections is put at risk.
“Scientific American is not in the business of endorsing political candidates. But we do take a stand for science—the most reliable path to objective knowledge the world has seen—and the Enlightenment values that gave rise to it. For more than 170 years we have documented, for better and for worse, the rise of science and technology and their impact on the nation and the world. We have strived to assert in our reporting, writing and editing the principle that decision making in the sphere of public policy should accept the conclusions that evidence, gathered in the spirit and with the methods of science, tells us to be true.'' http://www.scientificamerican.com/article/donald-trump-s-lack-of-respect-for-science-is-alarming/ Note also *WiReD*'s unprecedented statement: https://www.salon.com/2016/08/18/wired-endorses-presidential-candidate-for-the-first-time-in-its-23-year-history/ How about Trump's call to shut down the Internet for use "by our enemy"? http://abcnews.go.com/Politics/wireStory/ap-explains-trump-shut-internet-41493822 This topic transcends political issues that RISKS has always eschewed, and seems broadly relevant here to many more-specifically risks-related issues. PGN
A squirrel bit into a power line on Crane Street in downtown Menlo Park at 6:30 p.m. on 16 Aug 2016. In the aftermath of the arc and subsequent explosion that knocked out power for 1700 PG&E customers, a "smoldering grey squirrel" was found in the gutter. In each of two different buildings on Crane Street, someone was trapped in an elevator for about 20 minutes and had to be rescued by the fire department. [Source: today's local *Daily Post* front-page item, PGN-ed] As noted below, surprisingly many squirrels have been featured in RISKS since RISKS-4.02, almost 30 years ago! You might think that this problem should be easily preventable. On the other hand, this is just another kind of RISKS case that seems to recur [*]. (You might think it was not so kind for the squirrel—except that the article quotes the MP Fire Chief: “It all happened in the blink of an eye, and we don't think he suffered at all.'') [* "Recur" would be more appropriate in this context if it had involved mongrel dogs rather than squirrels.]* Here's the squirrelitany in RISKS to date: Vol 4: Insurgent Squirrel Joins No-Ways Arc (Ross McKenrick) Vol 5: Squirrels and other pesky animals (Frank Houston) Vol 5: Squirrels, mice, bugs, and Grace Hopper's moth (Mark Mandel) Vol 6: Yet another skunk in the squirrel story (Rick Jaffe) Vol 8: SRI attacked by kamikaze squirrels? (David L. Edwards) Vol 8: No power lunch, just no-power crunch (after the squirrel's over) Vol 16: Squirrels again bring down Nasdaq (Joe Morris, Bob Frankston) Vol 16: More than squirrels: Newbridge Networks (Bob Frankston) Vol 16: Re: squirrelcide (Douglas W. Jones) Vol 17: Invaders in Eastern Washington [more squirrels] (David Burlingame) Vol 19: 5th SRI squirrelcide causes 18.5-hour outage (PGN) Vol 20: Squirrelcide at San Jose Airport (Dave Stringer-Calvert) Vol 27: The goto Squirrel (Dennis E. Hamilton) Vol 28: Squirrels are now performing coordinated attacks (Jerry Saltzer) Vol 29: Squirrel blamed for power outage in Menlo Park CA (PGN)
(... or, maybe not) http://www.bbc.com/news/world-asia-china-37091833 Aside from the fact that it allows me to make a quantum joke, this article allows me to rant about quantum cryptography. Ever since I have started to research the security implications of quantum computing, quantum crypto has bugged me. Yes, the theory is beautifully elegant, and (theoretically) allows us to detect passive eavesdropping for the first time. But dozens of attacks have demonstrated that, as usual, the devil is in the implementation details. And the implementation details here are even bigger. Our current quantum crypto systems require dedicated, single-mode fibre optic cable. And, as I keep pointing out to students and in presentations, if you've got dedicated, single-mode fibre optic cable you have very little need for encryption. (No, agreed, not zero. But I think we can agree that this is a pretty good definition of "vanishingly small.") I did once hear of a project to try and use quantum crypto between ATMs and smartphones, and that might (*MIGHT*) have been a defence against shimming attacks. But that was limited to 30 cm, and this is going to be a lot farther. Despite the mounting evidence that quantum crypto is not going to be a panacea for all security ills, interest in the topic just keeps growing. (And what *really* irks me is that it diverts attention from other areas of research into the use of actual quantum computing, which probably would be really useful in security.) I will be interested to learn of the results of the testing. But I'm not holding my breath. rslade@vcn.bc.ca slade@victoria.tc.ca rslade@computercrime.org victoria.tc.ca/techrev/rms.htm http://www.infosecbc.org/links http://blogs.securiteam.com/index.php/archives/author/p1/
John Fontana for Identity Matters, ZDNet, 16 Aug 2016 Is Death by Breach a real affliction to be feared by mid-sized small businesses? http://www.zdnet.com/article/clinic-wont-pay-breach-protection-for-victims-ceo-says-it-would-be-death-of-company/
Australia moves northward 3 inches a year, or 5 feet north of where it was 20 years ago. This means that longitude & latitude should have been updated, but they wait until over-reliance on GPS leads Australian drivers into harms way, before trying to both fix the system, and fix it in such a way that there will be continuous updates, so not get in this mess again. In the process, they blame GPS for the actions of mother nature, and the inactions of mankind. http://www.popularmechanics.com/science/environment/a22125/australia-gps/ http://phys.org/news/2016-07-australia-world-literally.html
FYI—These babies are at risk if they wear the wrong colors, the wrong headgear, or if they don't put their hands up... "Law enforcement officials told auditors no real harm comes to those who end up in the database." RISKS has from its inception talked about the problems with these types of databases. But with 'no fly lists' and other extra-Constitutional restrictions on civil liberties, these database "errors" can destroy lives. http://www.voiceofsandiego.org/topics/public-safety/scathing-audit-bolsters-critics-fears-secretive-state-gang-database/ http://www.voiceofsandiego.org/wp-content/uploads/2016/08/CalGangs-audit.pdf Scathing Audit Bolsters Critics' Fears About Secretive State Gang Database An explosive state audit confirms many of the fears that San Diego Assemblywoman Shirley Weber and others have long expressed about the state's gang database: that it cannot ensure individuals' privacy, that people can be entered in the database without proper substantiation, and that people are kept in the database long after their names should have been purged. An audit of the state's gang database was prompted by inquiries from San Diego Assemblywoman Shirley Weber. Sara Libby, Beware the gangster babies, 11 Aug 2016 Among the explosive findings included in a new audit of the state gang database, CalGang, auditors say they found "42 individuals in CalGang who were supposedly younger than one year of age at the time of entry--28 of whom were entered for 'admitting to being gang members.'" The state Legislature, prompted by San Diego Assemblywoman Shirley Weber, requested the audit, which was released Thursday. The database is a statewide tool that provides law enforcement officers access to data about an individual's gang ties. But Weber said that she was troubled when she struggled to find basic details about how the gang database operates. Now the audit has provided some of those answers—and they're disturbing. The audit confirms many of the fears that Weber and others have long expressed about the CalGang system: that it cannot ensure individuals' rights to privacy, that people can be entered in the database without proper substantiation and that people are kept in the database long after their names should have been purged. "Probably people are pretty shocked about just how deep the problems are in the CalGang system in terms of lack of transparency, lack of consistency in terms of how the standards are used," Weber said. Weber herself was not one of them. "I was not shocked at all. If you don't live in a community that has had concerns about this ... I've heard these complaints for years. As most folks know, my own son was threatened to be put on the gang list, and he hadn't done anything. I hear these things from parents on a regular basis. But I think some of my colleagues were shocked," she said. A snapshot of the findings: * Even with the broad criteria for including someone in CalGang, a check on 100 individuals included in the database found that "law enforcement agencies did not have adequate support for inclusion of 13 of these individuals." * "flaws in CalGang's controls caused many individuals to remain in the system longer than federal regulations allow; in fact, some individuals are currently scheduled to remain in CalGang for hundreds of years." * the CalGang leadership structure doesn't allow for any public input or oversight, and conflicts are rampant. One law enforcement officer, for example, "stated that he enters approximately 95 percent of CalGang records for his agency, yet this same sergeant is also responsible for conducting any audits of CalGang records for the region because he is the node administrator." * Though CalGang data is intended to be used only as a law enforcement tool, the audit found "at least three law enforcement agencies may have inappropriately used CalGang as an employment screening tool"—possibly in violation of those individuals' privacy rights. Law enforcement officials told auditors no real harm comes to those who end up in the database. In San Diego, we've seen that's not true. Aaron Harvey's inclusion in the database landed him in the thick of a case that threatened to send him to jail for life—even though San Diego prosecutors admitted he hadn't actually committed the crime at hand. Rather, they argued, the Lincoln Park resident benefited from a series of shootings because the real criminals belonged to the same gang as Harvey. Harvey denies he's in a gang, and says he landed in the database thanks to being stopped by police in his neighborhood dozens of times. Here's how I described some of what can land a person in the gang database last year: According to the state, a person can be entered into the CalGang database if he or she meets any two criteria from a list that includes: admitting to being a gang member: being arrested alongside known gang members; being ID'd as a gang member by a reliable source; being seen affiliating with documented gang members; displaying hand gestures affiliated with a gang; frequenting gang areas; wearing gang dress; or having gang tattoos. Harvey's case was later dismissed. Critics have for years said the criteria for inclusion in the database is too broad. The report notes: "academic literature suggests that the broad criteria used to label gangs and gang members may make it difficult for youth living in gang-heavy communities to avoid meeting the qualifying criteria and that gang labeling can stigmatize minority, inner-city youth, limiting their social and economic opportunities." Indeed, the report says that being seen associating with gang members, and wearing "gang dress" are the No. 2 and No. 4 most-used criteria to land someone on the database. In a gang-heavy neighborhood, that could include simply talking to a neighbor and wearing a red shirt. The No. 1 most-used criteria to land a person in the database, according to the report, is self-admitting to being in a gang. But even this can be problematic: The report notes it found at least one instance of someone being included in the database under this criteria, even though interview notes revealed the man had told officers he was not in a gang. A bill written by Weber that would mandate that adults be notified when they're entered into the database passed out of the Senate Appropriations Committee on Thursday. A 2013 law requires officials to notify parents of juveniles when their kids land in the database. But the audit found that in many cases, that's still not happening. Despite the problems, Weber said she still believes CalGang—if used and monitored properly, can be a good crime-fighting tool. "This is an important tool in law enforcement," Weber said. "And this report says that probably the manner in which we're using it is not very effective in terms of fighting crime." As for the audit's discovery that people younger than 1 year old were entered in the database, that finding was in a section on rampant errors -- presumably those people were adults whose ages were entered incorrectly.
A bill that could fine distracted drivers as much as $800 has led to an outcry among residents for whom driving is more a state of being than an activity. http://www.nytimes.com/2016/08/18/nyregion/new-jersey-distracted-driving-ban.html
[via Dave Farber] http://www.computerworld.com/article/3108493/car-tech/ford-to-offer-self-driving-cars-without-steering-wheels-by-2021.html First, Uber destroys the livelihoods of taxi drivers by replacing them with Uber serfs, and then Ford will destroy the livelihoods of the serfs by taking away the steering wheels. Telling and sad that article does not mention "job". The technology press has to expose its hidden misanthropy. We need to innovate (and patent—I need work!) technologies that bring new benefits and new jobs - for all. Greg Aharonian, Editor, Internet Patent News Service [See also https://www.theguardian.com/technology/2016/aug/16/ford-self-driving-cars-ride-sharing-uber-lyft
Most of this is almost entirely academic at this point. Ford is mostly blowing smoke. Outside of the fact that vehicles as they describe would be explicitly *illegal* on public roads in California and various other locales based on the draft regulations in circulation that require an alert human driver, steering wheel, pedals, etc.—we're not even close to dealing with the extremely long tail of all kinds of roads, all kinds of weather, all kinds of common situations (like dealing with the verbal commands of an officer at a traffic accident) and on and on. The list of issues is almost endless and we've barely scratched the surface. My guess is that Ford is actually pushing for some sort of "people mover" concept in controlled, restricted areas. The amount of hype in this sphere is almost beyond measure. I saw an article today predicting most delivery drivers would be out of work in 10 years. You don't need more than half a brain and a few minutes thought to realize the multiple reasons why that won't happen even if we had miracles of tech developments and cost decreases over that time. Or even twice that time. I still feel that the research is worthwhile toward improved safety systems, but I would like to see serious discussion from the proponents of the "all autonomous vehicles future" of what that could mean in terms of governmental access to vehicle data and remote control over vehicle operations, individually and en masse. Control travel and you control the population. Amusingly, the same folks with the stars in their eyes about a future demise of human-driven vehicles seem to avoid discussing how law enforcement and other government agencies could leverage it. You can be sure those entities are *already* drooling at the prospects though, however distant they may be.
[Re: "Autopilot"]
The problem is the hype in reporting. Even touting the feature as a
"co-pilot" who is never PIC ("Pilot in command") should not become a problem
-- until the meaning is corrupted.
In the Tesla case, overclaiming was the problem.
Under-claiming happens too: that could be seen in another automotive
evolutionary move, where most of what I read in the dailies about GM's Volt
was "omitting" that it had a conventional engine too.
In the Tesla tale, Tesla is the messenger. Don't shoot it. It's hard to
correct the daily press when it [the press] is going astray.
[Although controversial today, it seems likely that by 2021 we will
acknowledge that cars without human drivers will be *substantially* safer
than cars with human drivers—which is probably already the case today!
PGN]
I have to wonder if Musk has thought about the level of risk he has taken on in advertising the "Autopilot" in this way. Assume the owner/"operator" turns on the "autopilot" and then stops paying attention to his environment—perhaps watching a movie on their phone or tablet, perhaps texting, perhaps even sleeping. The car drives for a while, then has an accident in which an innocent person (not an occupant of the car) is severely injured or killed. The owner may have the statutory minimum liability insurance ($15,000 per victim, $30,000 per accident), which won't even cover the healthcare costs of a severe injury, to say nothing of the other economic and non-economic damages. The victim's lawyer will look around for "deep pockets" and, lo and behold, there's Tesla Motors with a market cap of $33E9. I think any competent lawyer could convince a judge that he has at least a triable case that Tesla's advertising was negligent and contributed to the victim's death or injuries. If the accident occurs in one of the 46 states that use Joint and Several liability, Tesla could have to pay everything above that (ridiculously small) statutory liability limit.
The risk here seems to be that if we hack and/or influence foreign elections, foreign countries might do unto us as we have done unto them. Which isn't acceptable because we're exceptional and we're a democracy. Our government would never hack foreign elections, bail out banks, or start wars based on lies without first requesting and obtaining the consent of the governed. Oh? We gave our elected officials blanket consent to do whatever they wished when we voted? Our job was over once we voted, as we had delegated all decision making power to our elected representatives and we no longer had a voice? And I should be concerned about the security of the processes that legitimize this sham?
So why not just give every "foreigner" a GPS ankle bracelet? ;-) (Both U.S. Presidential candidates are already competing vigorously for who can destroy more civil rights; perhaps we shouldn't give them any more ideas?)
Please report problems with the web pages to the maintainer