Please try the URL privacy information feature enabled by clicking the flashlight icon above. This will reveal two icons after each link the body of the digest. The shield takes you to a breakdown of Terms of Service for the site - however only a small number of sites are covered at the moment. The flashlight take you to an analysis of the various trackers etc. that the linked site delivers. Please let the website maintainer know if you find this useful or not. As a RISKS reader, you will probably not be surprised by what is revealed…
NNSquad Alan Blinder and Nicole Perlroth, *The New York Times*, 28 Mar 2018 https://www.nytimes.com/2018/03/27/us/cyberattack-atlanta-ransomware.html The City of Atlanta's 8000 employees got the word on [27Mar] that they had been waiting for: It was O.K. to turn their computers on. But as the city government's desktops, hard drives and printers flickered back to life for the first time in five days, residents still could not pay their traffic tickets or water bills online, or report potholes or graffiti on a city website. Travelers at the world's busiest airport still could not use the free Wi-Fi. Atlanta's municipal government has been brought to its knees since Thursday morning by a ransomware attack—one of the most sustained and consequential cyberattacks ever mounted against a major American city.
Part of Baltimore's 9-1-1 emergency system had to be temporarily shut down over the weekend because of a ransomware attack, *The Baltimore Sun* reported. The breach reportedly affected a server that runs the city's computer-aided dispatch system, which maps the locations of 9-1-1 callers and dispatches the nearest emergency responders. Workers were forced to manually dispatch emergency personnel from Sunday morning through Monday morning. The attack came after a city IT team working on a different issue inadvertently changed a firewall, leaving hackers access for about 24 hours. I don't know what else to call it but a self-inflicted wound, as chief information officer (CIO), told The Sun. The bad guys did not get in on their own without the help of someone inadvertently leaving the door open. http://www.baltimoresun.com/news/maryland/crime/bs-md-ci-hack-folo-20180328-story.html [In addition to Atlanta and Baltimore, some of Denver's city systems were also reportedly hit by ransomware attacks. PGN]
Under Armour announces data breach, affecting 150 million MyFitnessPal app accounts Usernames, and email addresses tied to 150 million user accounts were accessed by hackers, the company said. http://www.washingtonpost.com/news/the-switch/wp/2018/03/29/under-armour-announces-data-breach-affecting-150-million-myfitnesspal-app-accounts/
http://blogs.harvard.edu/doc/2018/03/23/nothing/
via NNSquad https://www.buzzfeed.com/ryanmac/growth-at-any-cost-top-facebook-executive-defended-data "We connect people. Period. That's why all the work we do in growth is justified. All the questionable contact importing practices. All the subtle language that helps people stay searchable by friends. All of the work we do to bring more communication in. The work we will likely have to do in China some day. All of it," VP Andrew "Boz" Bosworth wrote. "So we connect more people," he wrote in another section of the memo. "That can be bad if they make it negative. Maybe it costs someone a life by exposing someone to bullies. "Maybe someone dies in a terrorist attack coordinated on our tools."
via NNSquad http://boingboing.net/2018/03/30/historical-perspective.html But as big and powerful as Facebook is, it's not immortal. Everything ends. Facebook's primary value is in helping you find people to talk with (for example, finding other people with rare diseases), but it makes its living by making the experience of talking with other people as shitty as possible, with "engagement maximization" and invasive, manipulative advertising. It is supremely vulnerable to a competitor that was willing to accept a lower degree of profitability in exchange for a business-model more closely aligned with the value of providing a forum where affinity-based groups can form and organize.
Avi Selk, *The Switch*, 30 Mar 2018 http://www.washingtonpost.com/news/the-switch/wp/2018/03/30/maybe-someone-dies-facebook-vp-justified-bullying-terrorism-as-costs-of-growth/ In a 2016 employee memo that was leaked this week, a Facebook executive defended the company's questionable data mining practices and championed the growth of social media at any cost—apparently even death. “Maybe it costs a life by exposing someone to bullies,'' company vice president Andrew Bosworth wrote in the memo, according to BuzzFeed News, which published it Thursday. “Maybe someone dies in a terrorist attack coordinated on our tools. And still we connect people. The ugly truth is that we believe in connecting people so deeply that anything that allows us to connect more people more often is *de facto* good.'' Bosworth, who oversaw Facebook's advertising and business platform at the time and is now in charge of the company's virtual reality department, has acknowledged writing the message but said he intended only to start a debate. “I didn't agree with it even when I wrote it,'' he wrote on Twitter after BuzzFeed published its report.
NNSquad https://chicago.suntimes.com/news/ecuador-wikileaks-founder-julian-assange-communications-outside-london-embassy/ Ecuador's government is cutting off WikiLeaks founder Julian Assange's communications outside the nation's London embassy. Officials announced Wednesday they were taking the measure in response to Assange's recent activity on social media.
via NNSquad http://www.foxnews.com/us/2018/03/28/self-driving-car-passenger-slapped-with-ticket-in-san-francisco-police-say.html A ticket was issued to a person traveling in a self-driving car in San Francisco on Monday, police told Fox News. The vehicle allegedly did not stop for a person in the crosswalk. However, Cruise, the car company involved, according to KPIX, maintained that the vehicle was in compliance with California state law. A motorcycle officer issued the ticket after seeing the car not stop for a woman going through a crosswalk in the South of Market area, San Francisco Police Department spokeswoman Officer Giselle Linnane told Fox News on Wednesday. The car "cut the pedestrian off," she said. When the robocar you're in kills someone—YOU may end up in prison for the rest of your life! Surprise!
via NNSquad http://www.ttnews.com/articles/uber-disabled-volvos-safety-system-fatality-aptiv-says Uber Technologies Inc. disabled the standard collision-avoidance technology in the Volvo SUV that struck and killed a woman in Arizona 18 Mar 2018, according to the auto-parts maker that supplied the vehicle's radar and camera. "We don't want people to be confused or think it was a failure of the technology that we supply for Volvo, because that's not the case," Zach Peterson, a spokesman for Aptiv Plc, said by phone. The Volvo XC90's standard advanced driver-assistance system "has nothing to do" with the Uber test vehicle's autonomous driving system, he said.
NNSquad https://www.engadget.com/2018/03/28/uber-reduced-safety-sensors-on-its-autonomous-cars/ Reuters reports that Uber scaled back to a single LiDAR sensor on the Volvo test cars the company currently uses in its fleets. The resulting vehicles have more blind spots, says Reuter's sources, than Uber's previous generation of self-driving cars as well as that of rivals, which can use five or six sensors.
Governments always get it wrong and government regulation is always a terrible idea isn't it? Just think of the first Factory Act of 1802: this forced factories to "admit fresh air by means of a sufficient number of windows", to "supply every apprentice of sufficient and suitable clothing and sleeping accommodation (not more than two to a bed)", and on top of that, the pauper apprentices were prohibited from night work, and their labour limited to a mere 12 hours in a day! Health and safety gone mad! Later regulations went even further and required fencing of machinery and prohibited the cleaning of machinery in motion. My point is that *without* government regulation, any factory that treated their employees well would be working at a disadvantage to those who worked their employees to death. So, however flawed the political system might be, the only hope for better working conditions for employees was government regulation. Similarly, the only hope for more ethical treatment of customer data is government regulation: because there is money to be made from unethical use of the data, and no company can afford to leave money on the table unless all are. [You're confusing labor regulations with micromanagement of tech and information. Two different worlds. Lauren] Your argument, and my counter-argument, apply equally well to both. So what is the difference? Note that with the current dysfunctional governments, multinationals are working hard to dismantle labour regulations as well as avoiding government regulation of tech and information. Martin [Because it's demonstrability true that government actions relating to labor/health issues have positive results, and that government is typically incapable of micromanaging technology without vast negative collateral effects. Lauren]
Don Norman writes: > [The accident record [of self-driving vehicles] is impressively low: > in four million miles of driving, > one death compared to 40 deaths in regular driving. ... > Automobile manufacturers are rushing to add more and more automation to > their existing cars, promising to have fully automated vehicles within a few > years. They need to slow down. This opinion makes no sense. On Don's own figures, delaying the introduction of self driving vehicles, costs, in the United States alone, *at least 90 deaths for each day we delay*. The reality is that the existing road and driver system is so utterly appalling that it is properly regarded as a massive emergency. Only politics (the realpolitik necessity that every idiot to be allowed to drive) have prevented us from solving this. It makes sense to replace this nightmare as soon as we can - even with automation which falls far short of normal safety standards applied elsewhere. Normal safety standards (like you find in aviation, say) aren't applied to human drivers. Getting rid of human drivers is the priority.
> Recently, one of Uber's autonomous automobiles was involved in an > accident where a pedestrian was killed. What lesson should we learn > from this incident? During the three years that my colleagues and I > have been doing research on self-driving cars, this is the first > death. Compare this single death with the 120,000 people who have > been killed in automobile accidents in the United States in that same > period: roughly 100 people each day. > Fully autonomous cars have driven around four million miles rather > than the nearly nine trillion miles driven by American drivers in > that same period. The accident record is impressively low: in four > million miles of driving, one death compared to 40 deaths in regular > driving. The Editorial "Self-Driving Car Had a Fatal Accident..." from RISKS 30.61 makes numerous arguments, but they all hinge on the two paragraphs quoted above. The claim in the first paragraph is that un-normalized comparisons of the death rate between autonomous cars and human-operated is meaningful. I'm not sure what comparison the author intends to make, but it is axiomatic that accident *rates* are by necessity normalized. I cannot find a sensible and correct interpretation of the second paragraph; so I'll simply quote Federal accident statistics. The fatality rate by all-causes from "typical" human driving is about 1.2 deaths per 10^8 miles driven. For a vehicle-pedestrian fatality, the fatality rate is nearly an order of magnitude lower. One fatality after 4 million miles driven is between a factor of 20 and 100 higher than the rate for human-operated vehicles, meaning the likelihood this would happen to a human driver with this many miles driven is in the range 1% - 5%, better known as p < 0.05! This *single event* is a sound statistical basis to be very suspicious of Uber's self-driving car program. Quite aside from the fashionable practice of denigrating human capabilities that pervades the popular press when they discuss automation, the safety of cars has shown drastic improvements over the last century as even a cursory look at US Federal statistics shows. That improvement has been the result of many changes, both to how people drive and to the vehicles. The resources expended over that century have been enormous, far beyond what is available to any company on the 5-10 year time-scale, or even the entire self-driving car community. It should come as no surprise that a bunch of starry-eyed optimists with comparatively puny resources are unable to improve the situation in a few short years: the underlying activity is very dangerous and has been the subject of long learning. It is profoundly disappointing to see that RAND Corporation pointed out the difficulties of proving self-driving car safety: <https://www.sciencedirect.com/science/article/pii/S0965856416302129 The community did not take the warning seriously. So instead, we have a p < 0.05 proof of autonomous vehicles' danger to life and limb.
My arithmetic calculation (in my RISKS-30.61 article "Self-Driving Car Had a Fatal Accident" was wrong—but I still stand by my conclusions. Several people have written privately to me (and some to RISKS directly) about my computation comparing the death rate in autonomous (self-driving) vehicles with that of manual driving. The correspondents pointed out that my numerical comparison was flawed. Unfortunately, they are correct. Worse: I cannot recreate how I came up with the numbers that I did. I used the figure of 4 million miles driven by autonomous vehicles (I have since discovered higher mileage, but that wouldn't significantly change the result). I also used the (rounded off) numbers of 1 death per 100 million miles driven, and three trillion miles driven by Americans/year. Those numbers are correct. Why didn't I conclude that manually driven cars should have had (4*10^6)/10^8 = 0.04 deaths in 4 million miles of driving? Damned if I know: my 6 years of calculus is a bit rusty, but this was simple arithmetic. My computation was wrong. That's clear. - - - However, I stand by my conclusions. They did not depend upon this computation. If I hadn't included the numbers, my argument would still hold. We need a standard testing procedure before we allow autonomous cars on the roads. Having a safety driver is unworkable. I have written at length about this point in automobile conferences, in RISKS, in articles published in Technology Review and CACM. The Human Factors and Aviation Safety literature for the past 50 years has provided lots of evidence, some of it was even contributed by me. So, ignore my faulty numerical computations and attend to the rest of the article. By the way, Waymo (previously known as Google X) has described some of their testing procedures and precautions: it would be wonderful if all manufacturers followed those policies. Alas, the mad rush to be first is forcing companies to ignore this good advice, much of it coming from their own engineers and human factors experts. Don Norman. Prof. and Director, DesignLab, UC San Diego
> I wait to hear when self-driving cars successfully complete a million > miles without human intervention in Boston and its suburbs during winter > snowstorms. This whole post is very nicely said. But someone will take your bet! Ignoring the fact that I have lived in those same challenging snow storms, I'm going to be a complete wowser and propose that no Turing-test like bar should be set for autonomous vehicles. I'm worried it would be just like <some big IT firm> to have a car drive a million miles in the snow and either kill people doing it, or worse, arrive at the millionth mile and pronounce "It's time". Lots of people have been fooled by bots now, it demonstrates little about any general intelligence implemented in machines. I put it to RISKS readers: why can't a strong counterexample of how dangerous automation be what the little boy said about the emperor's clothes? [With regard to Don Norman's messages, I think you might want a *wowser bowser* sitting in the driver's seat, to bite any person trying to take over the automated controls, PGN says doggedly!]
The Consumer Product Safety Commission wants comments "about potential safety issues and hazards associated with Internet-connected consumer products". I'm sure the RISKS audience will be a good source of such comments. The comment period ends 15 Jun. The government's site: https://www.federalregister.gov/documents/2018/03/27/2018-06067/the-internet-of-things-and-consumer-product-hazards Article about the request: https://www.federalregister.gov/documents/2018/03/27/2018-06067/the-internet-of-things-and-consumer-product-hazards Important note from the above article: "Keep in mind that submissions will be [...] published out in the open."
Please report problems with the web pages to the maintainer