The Risks Digest

The RISKS Digest

Forum on Risks to the Public in Computers and Related Systems

ACM Committee on Computers and Public Policy, Peter G. Neumann, moderator

Volume 29 Issue 96

Saturday 10 December 2016

Contents

NASA's Power Supply Mistake on the ISS Was Totally Avoidable
WiReD
"Yamanote Line train temporarily suspended after carriage fills with smoke in Tokyo"
Oona McGee
How a rogue subway train in Singapore was caught with data
Adam Wildavsky
Boeing Dreamliner 787 should be reboot every 21 days
PGN
These Toys Don't Just Listen To Your Kid, They Send What They Hear To A Defense Contractor
Consumerist
Taking Action: Huntsville-Madison County EMA says computer code error left sirens silent during Tuesday's storms
WHNT
Audi Cars Now Talk To Stop Lights In Vegas
IEEE Spectrum via Gabe Goldberg
BMW traps thief by remotely locking him inside car
cnet
Pentagon: Looking for a Few Good Hackers
The New York Times
Ball-bearings policy analogy to cryptography policy
Ronald L. Rivest
Phone encryption: Police 'mug' suspect to get data
BBC via Brian Randell
How a Grad Student Found Spyware That Could Control Anybody's iPhone from Anywhere in the World
Vanity Fair
US police enhanced hacking authority
Ars Technica
The Neuroscientist Who's Building a Better Memory for Humans
WiReD
"Time is running out for NTP"
Fahmida Y. Rashid
Lawyers: New court software is so awful it's getting people wrongly arrested
Ars Technica
When a system upgrade gets you arrested
BBC via Jose Maria Mateos
Google accounts hacked
Check Point
Amazon Gets Real About Counterfeits
Bloomberg
Why Russia Is Using the Internet to Undermine Western Democracy
Slate
CIA assessment: Russia intervened in the 2016 election
The Washington Post
Trump supporters bought bogus Obama conspiracy theory peddled by Fox Business
The Washington Post
Spread of Fake News Provokes Anxiety in Italy
The New York Times
Police use 'fake news' in sting aimed at California gang
WBTV
Google, democracy and the truth about Internet search
The Guardian
Tech companies target online terrorist propaganda
Tami Abdollah
Big risk in nomenclature: fake news vs lies!
Harlan Rosenthal
Fake news
Joel Achenbach via Jim Geissman
"After we left the ship, I had an uneasy feeling"
Elliott
Re: NTSB on Aviation: Risks of checklists, especially when ignored
Jay Grizzard
Weapons of Math Destruction
Cathy O'Neil via Diego Latella
Info on RISKS (comp.risks)

NASA's Power Supply Mistake on the ISS Was Totally Avoidable (WiReD)

Gabe Goldberg <gabe@gabegold.com>
Fri, 9 Dec 2016 00:14:25 -0500
https://www.wired.com/2016/12/nasa-made-really-dumb-mistake-iss-power-supply/

Lesson learned? Learn lessons.


"Yamanote Line train temporarily suspended after carriage fills with smoke in Tokyo" (Oona McGee)

Gene Wirchenko <genew@telus.net>
Sun, 04 Dec 2016 10:51:22 -0800
Oona McGee, RocketNews24, 4 Dec 2016
http://en.rocketnews24.com/2016/12/05/yamanote-line-train-temporarily-suspended-after-carriage-fills-with-smoke-in-tokyo/

  According to reports, a mobile phone battery pack fire was the cause of
  the incident.


How a rogue subway train in Singapore was caught with data

Adam Wildavsky <adam@tameware.com>
Tue, 6 Dec 2016 21:52:22 -0500
A remarkable software detective story:

https://blog.data.gov.sg/how-we-caught-the-circle-line-rogue-train-with-data-79405c86ab6a#.ext2x61ts


Boeing Dreamliner 787 should be reboot every 21 days

"Peter G. Neumann" <neumann@csl.sri.com>
Sat, 10 Dec 2016 11:14:20 PST
The FAA is reportedly requiring airlines to reboot Dreamliners at an
interval "not to exceed 21 days" to prevent disasters.
http://thepointsguy.com/2016/12/faa-requiring-airlines-reboot-dreamliners

Someone has suggested out-of-band that perhaps this is related to the
Windows GetTickCount function family.  These functions return the number of
milliseconds since the system was booted in various forms.  If an
application converts that value to a 32-bit signed integer, then that number
will appear to become negative after 24.8 days.

This issue has been around since the 787 was launched.  One might have
expected it to have been fixed by now?

Here's an item from two years ago, thanks to Peter Ladkin:
http://arstechnica.com/information-technology/2015/05/boeing-787-dreamliners-contain-a-potentially-catastrophic-software-bug/


These Toys Don't Just Listen To Your Kid, They Send What They Hear To A Defense Contractor (Consumerist)

"David Farber" <farber@gmail.com>
Wed, 7 Dec 2016 11:50:17 -0500
https://consumerist.com/2016/12/06/these-toys-dont-just-listen-to-your-kid-they-send-what-they-hear-to-a-defense-contractor/


Taking Action: Huntsville-Madison County EMA says computer code error left sirens silent during Tuesday's storms

Gabe Goldberg <gabe@gabegold.com>
Fri, 9 Dec 2016 00:17:27 -0500
HUNTSVILLE, Ala.   A missing line of computer code is being blamed for the
failure of Madison County's emergency sirens to sound Tuesday night amid
several tornado warnings.  Huntsville-Madison County EMA Director Jeff
Birdwell told WHNT News 19 Friday that the review is ongoing and will be
methodical, but he believes they've identified the problem.

The EMA switched to a polygon based warning system—aimed at sounding
sirens only in areas in the path of a potential tornado—just over a year
ago. The system is supposed to sound sirens in areas—the polygon—that
the National Weather Service reports are under a tornado warning.  “From my
understanding with the absence of this code, as the polygon was received
from the National Weather Service, not having that code didn't allow the
software to recognize we had a warning.  And then past that point you don't
have a warning[,] you don't get any activation of the sirens.''

http://whnt.com/2016/12/02/taking-action-huntsville-madison-county-ema-says-computer-code-error-left-sirens-silent-during-tuesdays-storms/

A line of polygon-recognizing specific code? Must be APL.

Gabriel Goldberg, Computers and Publishing, Inc.       gabe@gabegold.com
3401 Silver Maple Place, Falls Church, VA 22042           (703) 204-0433


Audi Cars Now Talk To Stop Lights In Vegas

Gabe Goldberg <gabe@gabegold.com>
Fri, 9 Dec 2016 00:27:08 -0500
The plan is to eventually give drivers the information they need to make
fairly ambitious predictions, like choosing the right speed to go sailing
through several green lights in a row. Or the system might bypass the driver
and go straight to the engine's start-stop system, shutting it down for a
long count, then starting it up again seconds before getting a green
light. ...

Last sentence: But, like a mobile phone, a networked vehicle is eminently
hackable, and when this communicative capability becomes common in cars,
there will be more than enough incentive for the bad guys to prey on them.
http://spectrum.ieee.org/cars-that-think/transportation/infrastructure/audi-cars-now-talk-to-stop-lights-in-vegas

Not a word about built-in or planned security.  Of course, how could
anything go wrong with this?

Gabriel Goldberg, Computers and Publishing, Inc.       gabe@gabegold.com
3401 Silver Maple Place, Falls Church, VA 22042           (703) 204-0433


BMW traps thief by remotely locking him inside car (cnet)

"Alister Wm Macintyre" <macwheel99@wowway.com>
Mon, 5 Dec 2016 19:44:42 -0600
The crook could have smashed a window and exited through it.
https://www.cnet.com/news/bmw-traps-thief-by-remotely-locking-him-in-car-he-was-stealing/


Pentagon: Looking for a Few Good Hackers

Dewayne Hendricks <dewayne@warpspeed.com>
Tue, Nov 29, 2016 at 4:07 AM
Pentagon: Looking for a Few Good Hackers
The Editorial Board, *The New York Times*, 28 Nov 2016
http://www.nytimes.com/2016/11/28/opinion/pentagon-looking-for-a-few-good-hackers.html

In June 2015, the Office of Personnel Management announced that foreign
hackers had stolen the personnel records of millions of federal employees,
one of the most damaging cyberattacks in history. Just weeks later, the
office of the Joint Chiefs of Staff shut down its unclassified email system
for several days after officials detected that it had been breached.
<http://www.nytimes.com/2015/06/05/us/breach-in-a-federal-computer-system-exposes-personnel-data.html>

These serious intrusions came months after a group affiliated with the
Islamic State briefly commandeered the Central Command's Twitter account and
rebranded it as the *Cyber Caliphate*.
<http://www.nytimes.com/2015/01/13/us/isis-is-cited-in-hacking-of-central-commands-twitter-feed.html>

Given the enormity of the problem, one of the responses by the Department of
Defense might seem befuddling. They've asked hackers willing to play by
strict rules to find vulnerabilities in some of the Pentagon's unclassified
computer system.

Well-intentioned computer security experts routinely scan the internet in
search of vulnerabilities, which they often map out and report. Until now,
doing that on Pentagon sites carried the considerable legal risk of running
afoul of the Computer Fraud and Abuse Act.

*Hack the Pentagon* kicked off in April with a month-long trial program that
attracted 1,400 so-called white hackers to fiddle with Department of Defense
websites on the hunt for weak points that could be exploited to steal data
or jam systems. Those hackers spotted 138 weaknesses, according to the
Pentagon, and were paid $75,000 in rewards.

Encouraged by the results, the Defense Department last week announced a
formal policy <https://hackerone.com/deptofdefense> permitting outside
computer experts to test for vulnerabilities in the system and report them
to the department.  Secretary of Defense Ashton Carter called the initiative
“*see something, say something* policy for the digital domain.''  Those
hackers won't be paid for their reports, but officials hope they will do it
out of a sense of duty.
<http://www.defense.gov/News/News-Releases/News-Release-View/Article/1009956/dod-announces-digital-vulnerability-disclosure-policy-and-hack-the-army-kick-off>


Ball-bearings policy analogy to cryptography policy

"Ronald L. Rivest" <rivest@mit.edu>
Thu, 8 Dec 2016 10:47:24 -0800
  [Noted elsewhere, reproduced here with permission.  PGN]

Yesterday I had a video-tape interview with Roy Levin on behalf of the ACM
Oral History project.  We talked about many things, including encryption
policy.

I tried out the following analogy, which sort-of works (at least for me).
(There was no live audience, other than Roy, so it wasn't possible to get a
reaction from the audience...)  It goes as follows (a bit elaborated on
compared to my mention in the video):

  Encryption policy is very much like "ball-bearing policy".

Ball bearings are really what make fast vehicles possible, which
causes all kinds of problems for law enforcement.  Examination of
the remains of the cars of suicide bombers has found definitive
evidence of ball bearings.  Drug smugglers are known to be particularly
fond of ball-bearing-enabled fast vehicles.

So Law Enforcement has proposed the regulation of ball bearings.  LE
understands that ball bearings have many legitimate uses, which they don't
wish to hinder.  LE doesn't have strong competence in ball-bearing tech, and
hopes that industry will be able to do "something smart" that arrives at a
reasonable compromise.

I do think that the applications of encryption are even more varied and
complex than are the applications of ball bearings.  Encryption is
everywhere inside the code of modern systems.

Trying to regulate cryptography won't be any more workable than would
trying to regulate ball-bearing technology...

Ronald L. Rivest,  Stata Center, MIT, Cambridge MA 02139
http://people.csail.mit.edu/rivest

  [Beware of ball-bearing cryptogeeks bearing grudges?  PGN]


Phone encryption: Police 'mug' suspect to get data (BBC)

Brian Randell <brian.randell@newcastle.ac.uk>
December 2, 2016 at 10:41:18 AM EST
From the BBC news website:
Phone encryption: Police 'mug' suspect to get data

Detectives have developed a new tactic to beat criminals using mobile phone
encryption—legally "mug" them.  The tactic has emerged after Scotland
Yard's cybercrime unit smashed a fake credit card fraud racket.  Officers
realised crucial evidence in the investigation was concealed on a suspect's
iPhone—but it would be unobtainable if the device was locked.

So a covert team seized it in the street while the suspect was on a call --
beating the security settings.  The street seizure of the phone was dreamt
up by detectives from Operation Falcon, the specialist Metropolitan Police
team running investigations into major fraud and related crimes organised
online.

http://www.bbc.co.uk/news/uk-38183819


How a Grad Student Found Spyware That Could Control Anybody's iPhone from Anywhere in the World (Vanity Fair)

Monty Solomon <monty@roscom.com>
Thu, 1 Dec 2016 02:15:14 -0500
http://www.vanityfair.com/news/2016/11/how-bill-marczak-spyware-can-control-the-iphone


US police enhanced hacking authority (Ars Technica)

"Alister Wm Macintyre \(Wow\)" <macwheel99@wowway.com>
Wed, 30 Nov 2016 20:03:45 -0600
Once upon a time, ordinary US courts could issue warrants only to search
people's property that existed within the jurisdiction of the judge. city,
county, state, and needed probable cause that something was being done
wrong, justifying the search.

Although the FISA court could issue approval to do mass surveillance.

Now ordinary judges can also issue warrants to search computers, regardless
of jurisdiction or even do fishing expeditions, with no probable cause
required.

http://arstechnica.com/tech-policy/2016/11/new-us-law-making-it-easier-to-search-computers-takes-effect-thursday/


The Neuroscientist Who's Building a Better Memory for Humans

Gabe Goldberg <gabe@gabegold.com>
Sun, 4 Dec 2016 16:07:39 -0500
Kernel's earliest goals are to bring Berger's implant to the market as a
medical device that can help the memory impaired.  Berger is currently
conducting a human trial with a version of the device, and says that so far,
the patients in his human trial are performing well on memory tests. But
ultimately, CEO Bryan Johnson wants Kernel to develop devices—implantable
in a simple outpatient procedure—that enhance human intelligence in areas
like attention, creativity, and focus.

That goal would venture into new waters for regulatory agencies: Are these
medical devices or consumer devices, and who should regulate them?  Under
the Food and Drug Administration's terms, an implant would count as a
medical device if its intent is to diagnose or treat a medical condition or
to affect the structure or function of the body. But a subdermal implant
that merely suggests it could improve concentration or creativity may slip
through the FDA's regulatory grasp, like the dietary supplements of brain
stimulators.

https://www.wired.com/2016/12/neuroscientist-whos-building-better-memory-humans/

Gabriel Goldberg, Computers and Publishing, Inc.       gabe@gabegold.com
3401 Silver Maple Place, Falls Church, VA 22042           (703) 204-0433


"Time is running out for NTP" (Fahmida Y. Rashid)

Gene Wirchenko <genew@telus.net>
Mon, 05 Dec 2016 09:47:00 -0800
Fahmida Y. Rashid, InfoWorld | Nov 28, 2016
A weakness of the Open-Source model is showing here.  A project that is
needed, but that is not very visible can struggle.
Everyone benefits from Network Time Protocol, but the project struggles to
pay its sole maintainer or fund its various initiatives.
http://www.infoworld.com/article/3144546/security/time-is-running-out-for-ntp.html

selected text:

There are two types of open-source projects: those with corporate
sponsorship and those that fall under the "labor of love" category.
Actually, there's a third variety: projects that get some support but have
to keep looking ahead for the next sponsor.

Some open-source projects are so widely used that if anything goes wrong,
everyone feels the ripple effects. OpenSSL is one such project; when the
Heartbleed flaw was discovered in the open-source cryptography library,
organizations scrambled to identify and fix all their vulnerable networking
devices and software. Network Time Protocol (NTP) arguably plays as critical
a role in modern computing, if not more; the open-source protocol is used to
synchronize clocks on servers and devices to make sure they all have the
same time. Yet, the fact remains that NTP is woefully underfunded and
undersupported.


Lawyers: New court software is so awful it's getting people wrongly arrested (Ars Technica)

Lauren Weinstein <lauren@vortex.com>
Fri, 2 Dec 2016 09:57:18 -0800
Ars Technica via NNSquad
http://arstechnica.com/tech-policy/2016/12/court-software-glitches-result-in-erroneous-arrests-defense-lawyers-say/

  But, just across the bay from San Francisco, Alameda County's deputy
  public defender, Jeff Chorney, says that since the county switched from a
  decades-old computer system to Odyssey in August, dozens of defendants
  have been wrongly arrested or jailed. Others have even been forced to
  register as sex offenders unnecessarily. "I understand that with every
  piece of technology, bugs have to be worked out," he said, practically
  exasperated. "But we're not talking about whether people are getting their
  paychecks on time. We're talking about people being locked in cages,
  that's what jail is. It's taking a person and locking them in a cage."

    [Also noted by Gabe Goldberg: While they're not specific, talking about
    a 1970s system being replaced might refer to mainframe or early
    minicomputer.  That apparently worked fine until recently.]


When a system upgrade gets you arrested (BBC)

Jose Maria Mateos <chema@rinzewind.org>
Wed, 30 Nov 2016 11:01:39 -0500
http://www.bbc.com/news/technology-38153992

The software, created by Texas-based Tyler Technologies, costs about $5m
(£4m) and is set to gradually replace a decades-old e-filing system
that looks like something a hacker would use in a Hollywood movie.

Tyler Technologies acknowledged in a statement that the upgrade process had
been *challenging*—but said poor training was to blame for bad inputting
of data and integration with third-party applications that often introduce
glitches into the system.

One of the state's early adopters of the new technology is Alameda County,
an area which covers around 1.5 million people in the San Francisco Bay
Area, though not San Francisco itself.

The county's public defender, Brendon Woods, is now supporting many clients
who have been affected by the issues.

He said a cumbersome user interface was causing the time taken to update a
record to jump from around one minute to as much as 30 minutes per entry.

As well as wrongful arrests and incorrectly extended custody, Mr Woods has
seen several cases of misdemeanour offenses incorrectly appearing on the
system as serious felony charges.


1.3M Google accounts hacked, and counting (Check Point)

"Alister Wm Macintyre \(Wow\)" <macwheel99@wowway.com>
Wed, 30 Nov 2016 20:17:44 -0600
I think this only applies to people whose smart phone is Android, its OS
below 6.0, and they use an ap download location other than Google's.

http://blog.checkpoint.com/2016/11/30/1-million-google-accounts-breached-gooligan/
http://www.forbes.com/sites/thomasbrewster/2016/11/30/gooligan-android-malware-1m-google-account-breaches-check-point-finds/#3c16256b470d
http://www.i24news.tv/en/news/technology/131418-161130-over-one-million-google-accounts-hacked-israeli-company-reveals

How do you know if your Google account is breached?

You can check if your account is compromised by accessing the following web
site created by Check Point: <https://gooligan.checkpoint.com/>

If your account has been breached, the following steps are required:

1. A clean installation of an operating system on your mobile device is
   required (a process called "flashing"). As this is a complex process, we
   recommend powering off your device and approaching a certified
   technician, or your mobile service provider, to request that your device
   be "re-flashed."

2. Change your Google account passwords immediately after this process.


Amazon Gets Real About Counterfeits (Bloomberg)

Gabe Goldberg <gabe@gabegold.com>
Tue, 29 Nov 2016 18:27:42 -0500
  Randy Hetrick first noticed counterfeits on Amazon.com <http://Amazon.com>
  Inc. in 2013. He had been selling his TRX Training System-- an exercise
  kit of suspension straps-- on the site since 2008.  When he began noticing
  cheap imitations, he had his employees scour Amazon for more, then go
  through the tedious process of reporting them for removal. But new
  imposters would pop up right away, and by 2014, "We realized this was an
  epidemic," said Hetrick, who estimates phonies cost him $100 million a
  year, twice his annual sales.

To read the entire article, go to http://bloom.bg/2gxVEQW

The risk? That enlarging markets with online selling has a dark side, faster
and broader luring crooks to counterfeit. Like everything else bad online,
it's not new—just human nature on a broader platform.


Why Russia Is Using the Internet to Undermine Western Democracy

"Peter G. Neumann" <neumann@csl.sri.com>
Mon, 5 Dec 2016 17:01:38 PST
http://www.slate.com/articles/technology/future_tense/2016/12/why_russia_is_using_the_internet_to_undermine_western_democracy.html

  Russia's leaders already see Western conspiracy everywhere: the Orange
  Revolution, the Arab Spring, the entire Internet.  All of these play out
  in Moscow as plots by the U.S.  and its allies to ensure the world order
  protects only Western values and therefore Western interests.  And we play
  right into their hands, saying the Internet is a samizdat—the famously
  hand-copied literature of opposition to Soviet rule—and claiming the
  Che Guevara of the 21st-century is a network.  (And rather ahistorically,
  too, given the United States' violent antipathy to Guevara's aims.)


CIA assessment: Russia intervened in the 2016 election (WashPost)

"Peter G. Neumann" <neumann@csl.sri.com>
Fri, 9 Dec 2016 17:21:16 PST
Adam Entous, Ellen Nakashima and Greg Miller
*The Washington Post*,  December 9 at 7:36 PM ET

The CIA has concluded in a secret assessment that Russia intervened in the
2016 election to help Donald Trump win the presidency, rather than just to
undermine confidence in the U.S. electoral system, according to officials
briefed on the matter.

Intelligence agencies have identified individuals with connections to the
Russian government who provided WikiLeaks with thousands of hacked emails
from the Democratic National Committee and others, including Hillary
Clinton's campaign chairman, according to U.S. officials. Those officials
described the individuals as actors known to the intelligence community and
part of a wider Russian operation to boost Trump and hurt Clinton's chances.

“It is the assessment of the intelligence community that Russia's goal here
was to favor one candidate over the other, to help Trump get elected.
That's the consensus view,'' said a senior U.S. official briefed on an
intelligence presentation made to U.S. senators.

The Obama administration has been debating for months how to respond to the
alleged Russian intrusions, with White House officials concerned about
escalating tensions with Moscow and being accused of trying to boost
Clinton's campaign.

In September, during a secret briefing for congressional leaders, Senate
Republican Leader Mitch McConnell (Ky.) voiced doubts about the veracity of
the intelligence, according to officials present. [...]

  See also *The Boston Globe:
  http://www.bostonglobe.com/news/world/2016/12/09/cia-says-russia-favored-trump/WNrHBPKLpKMFdOhqKV1pvN/story.html


Trump supporters bought bogus Obama conspiracy theory peddled by Fox Business (The Washington Post)

Lauren Weinstein <lauren@vortex.com>
Thu, 1 Dec 2016 12:06:48 -0800
via NNSquad
https://www.washingtonpost.com/blogs/erik-wemple/wp/2016/12/01/trump-supporters-bought-bogus-obama-conspiracy-theory-peddled-by-fox-business/

  Fox Business earlier this month committed an astounding nhatchet job
  against the president, who had done an interview with Gina Rodriguez on
  mit. Introducing the news, Fox Business host Stuart Varney claimed that
  President Obama, in that interview, "appears to encourage illegals to
  vote, and he promises no repercussions if they do."  No such thing
  happened.


Spread of Fake News Provokes Anxiety in Italy (The New York Times)

Lauren Weinstein <lauren@vortex.com>
Sat, 3 Dec 2016 08:26:53 -0800
The NYT via NNSquad
http://www.nytimes.com/2016/12/02/world/europe/italy-fake-news.html

  Anxiety about bogus news reports is rising in Europe, as Prime Minister
  Matteo Renzi of Italy and others express concern that fake news circulated
  over social media may influence elections on the Continent, including a
  critical referendum in Italy on Sunday.  The outcome of the Italian vote,
  which could determine the fate of Mr.  Renzi's government, may also affect
  the stability of European financial markets and further weaken the
  moorings of the European Union.  Leaders on both sides of the Atlantic are
  trying to determine whether political parties are using social media
  platforms to deliberately disseminate propaganda, and whether there are
  connections to the agendas of outside powers, including Russia.

Please remember to report news or postings you believe to be fake at:
https://factsquad.com—and thanks to everyone who has already done so.
Some great data there.


Police use 'fake news' in sting aimed at California gang (WBTV)

Lauren Weinstein <lauren@vortex.com>
Sat, 3 Dec 2016 11:40:18 -0800
WBTV via NNSquad
http://www.wbtv.com/story/33859699/police-use-fake-news-in-sting-aimed-at-california-gang

  Police investigating a notorious gang in a city on California's central
  coast issued a fake press release that the chief credited with saving two
  men by deceiving gang members who wanted to kill them, but the ruse was
  criticized by news organizations who reported it as fact.

This one is easy. Assume that everything that is said by this police chief
or released by this police department IS A LIE—unless proof of the
information is released on a contemporaneous basis. Branded as liars.


Google, democracy and the truth about Internet search (The Guardian)

Lauren Weinstein <lauren@vortex.com>
Sun, 4 Dec 2016 12:49:51 -0800
*The Guardian* via NNSquad

https://www.theguardian.com/technology/2016/dec/04/google-democracy-truth-internet-search-facebook


Tech companies target online terrorist propaganda (Tami Abdollah)

"Peter G. Neumann" <neumann@csl.sri.com>
Tue, 6 Dec 2016 10:04:41 PST
  [What's good for the goosing is good for the propagander.  PGN]

Tami Abdollah
https://apnews.com/6fdeb20a479c469c93572129561bd989/Tech-companies-move-to-target-terrorist-propaganda-online

WASHINGTON (AP)—Facebook, Microsoft, Twitter and YouTube are joining
forces to more quickly identify the worst terrorist propaganda and prevent
it from spreading online.

The new program announced Monday would create a database of unique digital
"fingerprints" to help automatically identify videos or images the companies
could remove.

The move by the technology companies, which is expected to begin in early
2017, aims to assuage government concerns—and derail proposed new federal
legislation—over social media content that is seen as increasingly driving
terrorist recruitment and radicalization, while also balancing free-speech
issues.

Technical details were being worked out, but Microsoft pioneered similar
technology to detect, report, and remove child pornography through such a
database in 2009. Unlike those images, which are plainly illegal under
U.S. law, questions about whether an image or video promotes terrorism can
be more subjective, depending on national laws and the rules of a particular
company's service.

Social media has increasingly become a tool for recruiting and
radicalization by the Islamic State group and others. Its use by terror
groups and supporters has added to the threat from so-called lone-wolf
attacks and decreased the time from "flash to bang"—or radicalization to
violence—with little or no time for law enforcement to follow evidentiary
trails before an attack.

Under the new partnership, the companies promised to share among themselves
"the most extreme and egregious terrorist images and videos we have removed
from our services—content most likely to violate all our respective
companies' content policies," according to a joint announcement Monday
evening.

When such content is shared internally, the other participating companies
will be notified and can use the digital fingerprints to quickly identify
the same content on their own services to judge whether it violates their
rules. If so, companies can delete the material and possibly disable the
account, as appropriate.

Most social media services explicitly do not allow content that supports
violent action or illegal activities. Twitter, for example, says users "may
not promote violence against or directly attack or threaten other people on
the basis of race, ethnicity, national origin, sexual orientation, gender,
gender identity, religious affiliation, age, disability or disease."

"We really are going after the most obvious serious content that is shared
online—that is, the kind of recruitment videos and beheading videos more
likely to be against all our content policies," said Sally Aldous, a
Facebook spokeswoman.

The White House praised the joint effort. "The administration believes that
the innovative private sector is uniquely positioned to help limit terrorist
recruitment and radicalization online," said National Security Council
spokesman Carl Woog. "Today's announcement is yet another example of tech
communities taking action to prevent terrorists from using these platforms
in ways their creators never intended."

The new program caps a year of efforts to tamp down on social media's use by
terrorist groups.

Lawmakers last year introduced legislation that would require social media
companies to report any online terrorist activity they became aware of to
law enforcement. The bill by Sens. Dianne Feinstein, D-Calif., and Richard
Burr, R-N.C., was criticized for not defining "terrorist activity," which
could have drowned government agencies in reports. The bill was opposed by
the Internet Association, which represents 37 internet companies, including
Facebook, Snapchat, Google, LinkedIn, Reddit, Twitter, Yahoo and others.

The bill came days after Syed Farook and his wife, Tashfeen Malik, went on a
shooting attack in San Bernardino, California, killing 14 people and
injuring 21 others. A Facebook post on Malik's page around the time of the
attack included a pledge of allegiance to the leader of the Islamic State
group.

Facebook found the post—which was under an alias—the day after the
attack. The company removed the profile from public view and informed law
enforcement. Such a proactive effort had previously been uncommon.

Twitter moved toward partial automation in late 2015, using unspecified
"proprietary spam-fighting tools" to find accounts that might be violating
its terms of service and promoting terrorism. The material still required
review by a team at Twitter before the accounts could be disabled.

"Since the middle of 2015, we have suspended more than 360,000 accounts for
violating Twitter's policy on violent threats and the promotion of
terrorism," said Sinead McSweeney, Twitter's vice president of public
policy. "A large proportion of these accounts have been removed by technical
means, including our proprietary spam-fighting tools."

Facebook has also used image-matching technology to compare images to ones
it's already removed. The effort lets Facebook review images to avoid
removing legitimate and protected uses, such as a photograph published by a
news organization, a spokeswoman said.

Terrence McNeil of Ohio was charged in 2015 with soliciting the killings of
U.S. service members over social media, including Tumblr, Facebook and
Twitter. Federal prosecutors accused him of posting a series of photographs
on his Facebook account to praise the death of a Jordanian pilot who was
burned to death by the Islamic State group—showing him before, during and
after his death, including an image of him engulfed in flames, according to
the complaint.

In January, the White House dispatched top officials, including FBI Director
James Comey, Attorney General Loretta Lynch and National Security Agency
Director Mike Rogers, to Silicon Valley to discuss the use of social media
by violent extremist groups. Among the issues they discussed was how to use
technology to help quickly identify terrorist content.

The four companies say they will be looking at involving additional
companies in the future.


Big risk in nomenclature: fake news vs lies!

Harlan Rosenthal <harlan.rosenthal@verizon.net>
Tue, 29 Nov 2016 19:12:04 -0600 (CST)
"Fake News" does not exist.  Lies do.
Beware of using calling something "fake news".
We used to call counter-factual statements "lies".

  [Harlan, Many thanks for that.  From now on, I am going to have to
  explicitly declare April Fool's items as Fake News, as opposed to "Lies".


Fake news

"Jim" <jgeissman@socal.rr.com>
Wed, 7 Dec 2016 19:00:58 -0800
Joel Achenbach has a good article on "fake news".
(Why isn't it called lies, or maybe propaganda?)

He quotes something he wrote in 1988:

  "The technology of falsehood has outraced our judgment. Alienated from
  nature, liberated from such barbaric responsibilities as the growing of
  food, the making of shelter, we have entered a mysterious phase in which
  we passively accept a cartoon version of reality that is projected upon us
  by unreliable, deceptive, and sometimes diabolical media."

https://www.washingtonpost.com/news/achenblog/wp/2016/12/07/fake-news-and-creeping-surrealism/?utm_term=.5eaf212cb409


"After we left the ship, I had an uneasy feeling" (Elliott)

Gabe Goldberg <gabe@gabegold.com>
Thu, 1 Dec 2016 11:03:50 -0500
It's mysterious because Hoagland's cabin didn't have a minibar.
That's right, Royal Caribbean charged a guest for an *amenity* that wasn't
even in his room. And wait until you read its explanation.

  http://elliott.org/thats-ridiculous-2/left-ship-uneasy-feeling/

First failure data capture? What's that? There really is no explanation.
The risk? That something computerized and automated allows "impossible"
things to happen. Repeatedly. Because nobody cares, or nobody understands
what's wrong.


Re: NTSB on Aviation: Risks of checklists, especially when ignored

Jay Grizzard <elfchief@lupine.org>
Thu, 1 Dec 2016 13:38:57 -0800
Looking at this report and concluding that checklists can easily become a
placebo seems like the wrong takeaway; pilots are specifically trained in
how to execute checklists in ways (e.g. challenge-response systems) that
make it more difficult to just breeze through them without actually
performing checklist items. This doesn't make it impossible for checklists
to fail, but a lot of effort has gone into making it much harder for them to
fail.

The catch with checklists, though, is that you have to actually intend to
use them. This incident wasn't a case of the checklists not performing their
function, it was a case of negligence by the pilots.  The pilots
intentionally ignored the checklists, presumably due to a combination of "we
already know what we need to do" and "the odds of our plane breaking in a
way the checklist would catch is low". It's this kind of arrogance that
kills pilots (and passengers).

It's not so much that the checklists were an ineffective placebo, it's more
like the pilots got their life-saving medication from the pharmacy and then
threw it in the trash on the way out the door.


Weapons of Math Destruction

Diego Latella <diego.latella@isti.cnr.it>
Sun, 04 Dec 2016 10:31:33 +0100
I'm not sure I've seen the notification of the following book in RISKS.
I would suggest everybody should read it.

  Cathy O' Neil
  "Weapons of Math Destruction"
  Allen Lane (Penguin), 2016
  https://weaponsofmathdestructionbook.com/

Although the language used by the Author is a little bit too much slang (for
my personal taste), I guess for dissemination purposes, the book reports a
series of documented facts and describes a series of concepts which I
consider important for people to know.

In particular, I think that the ICT community should think on the social
impact of some of its results, on the opacity of practices for development
and use of some predictive software tools, and on the need of ethical and
legal norms for such practices. I think it is important that the scientific
community contributes also at the (international) institutional and legal
level, in much the same way it does for, among others weapons of mass
destruction (I am thinking of course at the role movements like the Pugwash
Conferences on Science and World Affairs—Nobel Prize for Peace in 1995 --
have played and still play in the international crisis resolution or
international treaties development).

Dott. Diego Latella, CNR/ISTI, Via Moruzzi 1, 56124 Pisa, IT
(http:www.isti.cnr.it) http://www.isti.cnr.it/People/D.Latella

Please report problems with the web pages to the maintainer