The Risks Digest

The RISKS Digest

Forum on Risks to the Public in Computers and Related Systems

ACM Committee on Computers and Public Policy, Peter G. Neumann, moderator

Volume 30 Issue 77

Monday 30 July 2018

Contents

California Wants to Reinvent the Power Grid. So What Could Go Wrong?
NYTimes
Reporter Shows The Links Between The Men Behind Brexit And The Trump Campaign
NPR
Russian Hackers Reach U.S. Utility Control Rooms, Homeland Security Officials Say
WSJ
Israeli researchers say they've found better way to spot malicious emails
The Times of Israel
Man in the middle
Forbes e-news
Senator vs. Flash
Fortune
Decade-Old Bluetooth Flaw Lets Hackers Steal Data Passing Between Devices
Dan Goodin
Today, 100 Americans Will Likely Die on Our Roads
New York Times
The Ordinary License Plate's Days May Be Numbered
NYTimes
LifeLock Bug Exposed Millions of Customer Email Addresses
Krebs
For Sale: Survey Data on Millions of High School Students
NYTimes
First Ringless Voicemail Message TCPA Decision Sides With Plaintiff
Manatt
Travelodge data hacked in 'security incident'
The Caterer
Indictment: Wichita Attorney Brad Pistotnik, software engineer charged in alleged cyberattacks
KWCH
When a Stranger Decides to Destroy Your Life
Gizmodo
Second-hand land rover data may stay under control of first owner
The Register
This company is building a massive pack of robot dogs for purchase starting in 2019
WashPo
Waymo partners with Walmart to shuttle customers in self-driving cars
WashPo
Cox phone service alert
Gabe Goldberg
Nintendo to ROM sites: Forget cease-and-desist, now we're suing
Ars Technica
Venmo's terrible idea
Ars Technica
Boston woman temporarily becomes a millionaire after an account mix-up
The Boston Globe
A few extra zeroes causes a big headache
The Boston Globe
Uber driver is livestreaming riders without their knowledge or consent
StL Today via Lauren Weinstein
Wild About Tech, China Even Loves Robot Waiters That Can't Serve
NY Times
MASSIVE ethical failure and privacy violation by Dropbox
WiReD
Was It Ethical for Dropbox to Share Customer Data with Scientists?
WiReD
Why is Google Translate spitting out sinister religious prophecies?
Motherboard
Google DRM for Email can be disabled by ticking a few boxes in Firefox
Boing Boing
How Google's Safe Browsing Helped Build a More Secure Web
WiReD
Orrin Hatch tweeted at Google that he's not dead
Insider
Nationals' Trea Turner is the latest MLB player to have ugly tweets uncovered
WashPo
Braves' Sean Newcomb addresses ugly old tweets right after just missing a no-hitter
WashPo
Data allowing people to print out their own guns temporarily blocked from Internet in PA, after legal pressure.
WashPo
Re: employees as subjects in clinical trials
Robert R. Fenichel
A few short replies to RISKS-30.76
Jeff Jonas
Info on RISKS (comp.risks)

California Wants to Reinvent the Power Grid. So What Could Go Wrong? (NYTimes)

Monty Solomon <monty@roscom.com>
Sat, 21 Jul 2018 10:03:02 -0400
http://www.nytimes.com/2018/07/20/business/energy-environment/california-energy-grid-jerry-brown-plan.html

Two decades ago, a new approach to power delivery led to blackouts.  Now the
state is considering another energy makeover: a regional electric grid.


Reporter Shows The Links Between The Men Behind Brexit And The Trump Campaign (NPR)

Monty Solomon <monty@roscom.com>
Fri, 20 Jul 2018 22:43:30 -0400
http://www.npr.org/2018/07/19/630443485/reporter-shows-the-links-between-the-men-behind-brexit-and-the-trump-campaign


Russian Hackers Reach U.S. Utility Control Rooms, Homeland Security Officials Say (WSJ)

Monty Solomon <monty@roscom.com>
Tue, 24 Jul 2018 19:00:46 -0400
Blackouts could have been caused after the networks of trusted vendors were
easily penetrated

http://www.wsj.com/articles/russian-hackers-reach-u-s-utility-control-rooms-homeland-security-officials-say-1532388110


Israeli researchers say they've found better way to spot malicious emails (The Times of Israel)

Gabe Goldberg <gabe@gabegold.com>
Fri, 20 Jul 2018 19:53:24 -0400
“Existing email analysis solutions only analyze specific email elements
using rule-based methods, and don't analyze other important parts,'' said
Nir Nissim, head of the David and Janet Polak Family Malware Lab at the
cyber department of the university. Antivirus software solutions mainly use
“signature-based detection methods, and therefore are insufficient for
detecting new, unknown malicious emails.''

The new method, called Email-Sec-360, was developed by Aviad Cohen, a PhD
student and researcher at the BGU Malware Lab. The research, published in
the scientific journal Expert Systems with Applications, is based on machine
learning methods and makes use of 100 general descriptive features extracted
from the various components of emails, including the header, its body and
attachments. The methodology provides “enhanced threat detection in real
time,'' the statement said.

http://www.timesofisrael.com/israeli-researchers-say-they-have-found-better-way-to-weed-out-malicious-emails/

Perhaps too narrow and general description of "existing" solutions and too
excited about "machine learning methods and makes use of 100 general
descriptive features".


Man in the middle (Forbes e-news)

Gabe Goldberg <gabe@gabegold.com>
Thu, 26 Jul 2018 09:52:35 -0400
A pair of Israeli researchers found a flaw in the encryption scheme securing
*Bluetooth* file transfers that could allow hackers to steal data. Many
device makers have already issued security patches, so make sure your phone
software is up to date.
http://click.email.fortune.com/%3Fqs%3Dd1f8604be7a3b4e712c2efab3dea9a016c9c10ce3936774f1ab2ce11061b7dd2c6d1849421a60e597918a8a2b90dfdf2328e6f4acee9ba96


Senator vs. Flash (Fortune)

Gabe Goldberg <gabe@gabegold.com>
Fri, 27 Jul 2018 18:33:11 -0400
*Out of the frying pan*. The once-ubiquitous (and hated by Steve Jobs) web
display software known as *Flash* is going away in less than two years,
according to its maker, *Adobe*. But the U.S. government hasn't got the
message, prompting Sen. Ron Wyden to send a letter to three federal agencies
to get a move on removing Flash pronto. The software has "serious, largely
unfixable cybersecurity issues," Wyden wrote.

http://click.email.fortune.com/%3Fqs%3De4b25fc39f5bb39138b88ad39157f5cb3af50e9d9898dd83818b237ac60ab63c68e7946cc6295350040d105c0cac7bee5a976b7cdaf297ce


Decade-Old Bluetooth Flaw Lets Hackers Steal Data Passing Between Devices (Dan Goodin)

ACM TechNews <technews-editor@acm.org>
Mon, 30 Jul 2018 12:23:48 -0400
Ars Technica (07/25/18) Dan Goodin via ACM TechNews, Monday, July 30, 2018

A study from the Technion-Israel Institute of Technology warns of a
decade-old bug in the Bluetooth specification that allows hackers to
intercept and tamper with data shared wirelessly through man-in-the-middle
attacks on the link between devices.  Not only can hackers view the data,
but they can forge keystrokes on a Bluetooth keyboard to open up a command
window or malicious website.  Says security engineer JP Smith, "This attack
lets an attacker who can read and modify Bluetooth traffic during pairing
force the key to be something they know."  The researchers say the attack is
enabled by two design flaws: one involves sending both the x-coordinate and
the y-coordinate during the public key exchange, while the other is the
protocol's authentication of only the x-coordinate.

http://orange.hosting.lsoft.com/trk/click%3Fref%3Dznwrbbrs9_6-1c2c9x21684dx072162%26


Today, 100 Americans Will Likely Die on Our Roads (New York Times)

Richard M Stein <rmstein@ieee.org>
Sat, 28 Jul 2018 10:50:01 +0800
http://www.nytimes.com/2018/07/27/opinion/columnists/traffic-deaths-driverless-cars.html

  "But the current mismatch between the attention to driverless cars and the
  attention to driver-operated cars is a big mistake. We're acting as if the
  status quo is fine, and the only problem is some risky newfangled
  technology. In reality, the status quo is a public- health crisis, and a
  preventable one.

  "Today, another 100 or so Americans—many of them young and healthy --
  will likely die in human-driven vehicle crashes. Even more Americans are
  likely to die on Saturday, the deadliest day of the week on the roads. The
  terrible toll will continue every day after that, until we decide to do
  something about it."

~100 deaths per day from carbon-based drivers v. 3 documented silicon-
related vehicle deaths to date.

Risk is usually characterized by severity (critical, high, medium, low)
and probability (high, medium, low) attributes. One alternative
characterization is RISK = HAZARD + OUTRAGE. This expression clearly
quantifies a risk: (1) a known hazard; and, (2) accompanying outrage
if/when the hazard materializes
(http://www.psandman.com/articles/amsa.htm)

By the 2nd risks characterization, AV hazard is trivial compared to
daily experience, but each AV incident is disproportionately accorded
hyperbolic viral media attention (exponentiated outrage).


The Ordinary License Plate's Days May Be Numbered (NYTimes)

Richard M Stein <rmstein@ieee.org>
Sat, 28 Jul 2018 11:05:54 +0800
(The New York Times, 26 Jul 2018)
http://www.nytimes.com/2018/07/26/business/digital-license-plates.html

Another Internet of mistakes target awaiting exploitation by a botnet near
you.


LifeLock Bug Exposed Millions of Customer Email Addresses (Krebs)

Lauren Weinstein <lauren@vortex.com>
Wed, 25 Jul 2018 19:09:36 -0700
via NNSquad
http://krebsonsecurity.com/2018/07/lifelock-bug-exposed-millions-of-customer-email-addresses/

  Identity theft protection firm LifeLock—a company that's built a name
  for itself based on the promise of helping consumers protect their
  identities online—may have actually exposed customers to additional
  attacks from ID thieves and phishers. The company just fixed a
  vulnerability on its site that allowed anyone with a Web browser to index
  email addresses associated with millions of customer accounts, or to
  unsubscribe users from all communications from the company.

Pretty much the oldest trick in the book, too.

  [Gabe Goldberg noted that *LifeLock* wasn't protecting its customers'
  email addresses, which could be seen on the web. The service went offline
  briefly on Wednesday to fix the leaky web page.
http://click.email.fortune.com/%3Fqs%3De4b25fc39f5bb391bfe9e1596dce033645918d9c6d91757b3a9dbc32dd2e69815ab646f0294ba4332849e9e59bc1e9a671bbe9ebd8f5ac95
  ]


For Sale: Survey Data on Millions of High School Students (NYTimes)

Monty Solomon <monty@roscom.com>
Mon, 30 Jul 2018 10:58:54 -0400
http://www.nytimes.com/2018/07/29/business/for-sale-survey-data-on-millions-of-high-school-students.html

College-planning surveys give a peek into the opaque and little-regulated
market of data-mining of minors.


First Ringless Voicemail Message TCPA Decision Sides With Plaintiff (Manatt)

Monty Solomon <monty@roscom.com>
Mon, 30 Jul 2018 09:51:01 -0400
http://www.manatt.com/Insights/Newsletters/TCPA-Connect/First-Ringless-Voicemail-Message-TCPA-Decision-Sid


Travelodge data hacked in 'security incident' (The Caterer)

Monty Solomon <monty@roscom.com>
Sat, 28 Jul 2018 14:05:26 -0400
http://www.thecaterer.com/articles/531764/travelodge-data-hacked-in-security-incident


Indictment: Wichita Attorney Brad Pistotnik, software engineer charged in alleged cyberattacks

Monty Solomon <monty@roscom.com>
Mon, 23 Jul 2018 00:38:47 -0400
http://www.kwch.com/content/news/Indictment-Man-Behind-Cyberattacks--Was-Working-for-Wichita-Lawyer-488441491.html


When a Stranger Decides to Destroy Your Life (Gizmodo)

Gabe Goldberg <gabe@gabegold.com>
Sat, 28 Jul 2018 23:57:52 -0400
Monika Glennon has lived in Huntsville, Alabama, for the last 12 years.
Other than a strong Polish accent, she fits a certain stereotype of the
All-American life. She's blonde. Her husband is a veteran Marine. Her two
children, a boy and a girl, joined the military as adults. She sells houses
-- she's a real estate agent at Re/Max—helping others realize their own
American dream.

But in September 2015, she was suddenly plunged into an American
nightmare. She got a call at 6 a.m. one morning from a colleague at Re/Max
telling her something terrible had been posted about her on the Re/Max
Facebook page. Glennon thought at first she meant that a client had left her
a bad review, but it turned out to be much worse than that.

http://gizmodo.com/when-a-stranger-decides-to-destroy-your-life-1827546385

The risk? People.


Second-hand land rover data may stay under control of first owner (The Register)

Benoit Goas <goasben@hawk.iit.edu>
Sun, 29 Jul 2018 19:33:08 +0200
Some land rovers can be linked to an account allowing to track them, unlock
them and more.  It has to be transferred / disabled on car sale, if you
don't forget about it and/or go through an official car dealer...  Else the
first owner keeps some control over the car!

http://www.theregister.co.uk/2018/07/27/jaguar_land_rover_connected_car_privacy/


This company is building a massive pack of robot dogs for purchase starting in 2019 (WashPo)

Richard M Stein <rmstein@ieee.org>
Fri, 27 Jul 2018 09:44:09 +0800
http://www.washingtonpost.com/technology/2018/07/24/this-company-is-building-massive-pack-robot-dogs-purchase-starting/?noredirect=on

  "These robots from Boston Dynamics are incredibly rugged and robust, which
  makes them capable of addressing the clutter and uncertainty of our
  chaotic human world," Srinivasa said. "Some people watching the robot
  on video find their capabilities scarily anthropomorphic and humanlike,
  but to me it shows that there is a robot I can have in my home that will
  not break things or harm people."

This bot brings new meaning to the term "doggie breath." I wonder if it
can be trained to play fetch, retrieve a newspaper, or bark at
strangers? The idea of doggiebot as a household pet is unsettling. Safe
for the whole family, especially cats and infants?

A robot bull in a china-shop should it misinterpret a voice-
communicated command (if that sensor interface is sponsored).


Waymo partners with Walmart to shuttle customers in self-driving cars (WashPo)

Richard M Stein <rmstein@ieee.org>
Thu, 26 Jul 2018 16:45:56 +0800
http://www.washingtonpost.com/technology/2018/07/25/waymo-partners-with-walmart-shuttle-customers-self-driving-cars/?noredirect=on

Probably safer to send Boston Dynamics' SpotMini with a shopping list to
fetch pretzels and beer than take a WayMo.
(http://www.washingtonpost.com/technology/2018/07/24/this-company-is-building-massive-pack-robot-dogs-purchase-starting/>


Cox phone service alert

Gabe Goldberg <gabe@gabegold.com>
Fri, 27 Jul 2018 16:09:11 -0400
Fun with VoIP...

-------- Forwarded Message --------
> Subject: 	If you have Cox phone service you may experience trouble
> contacting 9-1-1. All Fairfax County 9-1-1 functions are in service.
> Date: 	Fri, 27 Jul 2018 17:21:43 +0000 (UTC)

*This is a message from Fairfax Alerts*

If you have Cox phone service you may experience trouble contacting 9-1-1.
All Fairfax County 9-1-1 functions are in service. Please use a wireless
phone to reach 9-1-1 if you experience trouble. Text-to-9-1-1 is also
available.

The cause of the issue is a Cox Communications service interruption near the
area of Georgetown Pike and Bellview Road. There is not an estimated time of
repair at this time.


Nintendo to ROM sites: Forget cease-and-desist, now we're suing (Ars Technica)

Monty Solomon <monty@roscom.com>
Tue, 24 Jul 2018 00:02:46 -0400
http://arstechnica.com/gaming/2018/07/nintendo-to-rom-sites-forget-cease-and-desist-now-were-suing/


Venmo's terrible idea (Ars Technica)

Monty Solomon <monty@roscom.com>
Tue, 24 Jul 2018 00:05:12 -0400
http://arstechnica.com/tech-policy/2018/07/venmos-terrible-idea/


Boston woman temporarily becomes a millionaire after an account mix-up (The Boston Globe)

Monty Solomon <monty@roscom.com>
Sat, 21 Jul 2018 02:53:02 -0400
http://www.boston.com/news/local-news/2018/07/19/boston-woman-temporarily-becomes-a-millionaire-after-an-account-mix-up


A few extra zeroes causes a big headache (The Boston Globe)

Monty Solomon <monty@roscom.com>
Sat, 21 Jul 2018 03:19:44 -0400
http://www.bostonglobe.com/business/2018/07/20/few-extra-zeroes-causes-big-headache/8kquT0q25v8XH6mYTzLt9N/story.html

Somehow, instead of paying $182.36 and $92.60 via her online account, she
paid $18,236 and $9,260. Whether she inadvertently typed in a couple of
extra zeros—thus paying 100 times what she owed—or the software on her
account went haywire, she doesn't know. ...


Uber driver is livestreaming riders without their knowledge or consent

Lauren Weinstein <lauren@vortex.com>
Sat, 21 Jul 2018 07:56:30 -0700
via NNSquad  [UNACCEPTABLE!]

St. Louis Uber driver has put video of hundreds of passengers online.
Most have no idea.

http://www.stltoday.com/news/local/metro/st-louis-uber-driver-has-put-video-of-hundreds-of/article_9060fd2f-f683-5321-8c67-ebba5559c753.html

  But there was something the women didn't know: Their driver was streaming
  a live video of them to the Internet, and comments from viewers were
  pouring in.  The blonde is a 7, the brunette a 5, someone with the
  username "DrunkenEric" commented.  "She doesn't sit like a lady though,"
  another viewer added.  "This is creepy," said another.  The women are
  among hundreds of St. Louis area Uber passengers who have been streamed
  online without their knowledge by their driver, Jason Gargac, 32, of
  Florissant.  Gargac has given about 700 rides in the area since March
  through Uber, plus more with Lyft.  Nearly all have been streamed to his
  channel on Twitch, a live video website popular with video gamers where
  Gargac goes by the username "JustSmurf."  Passengers have included
  children, drunk college students and unwitting public figures such as a
  KSDK reporter and Jerry Cantrell, lead guitarist with the band Alice in
  Chains.  First names, and occasionally full names, are revealed. Homes are
  shown. Passengers have thrown up, kissed, talked trash about relatives and
  friends and complained about their bosses in Gargac's truck.  All the
  while, an unseen online audience watches, evaluating women's bodies,
  judging parents and mocking conversations.

UNACCEPTABLE! Irrespective of the legality, Uber, Lyft, and other similar
services must ban this practice among their drivers, or face serious
repercussions going forward. Drivers violating such bans must be excised
from the services. This must be dealt with IMMEDIATELY or these services
risk losing all trust from their passengers.


Wild About Tech, China Even Loves Robot Waiters That Can't Serve (NY Times)

Richard M Stein <rmstein@ieee.org>
Sun, 22 Jul 2018 13:18:16 +0800
http://www.nytimes.com/2018/07/21/technology/china-future-robot-waiters.html

Whereas comp.risks readers are generally inured (or incensed) by
technology's weaknesses and vulnerabilities, the PRC's population embraces
robotic service deployment. Novelty impresses, especially if there's an yuan
to earn from it.

  "Waiters said their automated counterparts caused more work than they
  saved. The robots take trays of food out to customers, but are unable to
  lower them to the table. Real waiters stand back so photos and videos can
  be taken before shuffling in and serving food the old-fashioned way.

  "The robots also break down. Three times during an hour lunch, a waiter
  had to lean a robot on its side and take a blowtorch to the undercarriage
  to burn out food and trash caught in its axles. When asked whether he was
  worried that the robots would take his job, the waiter laughed.

  "Still, patrons were impressed.

  "I've just been to America, and I didn't see many new things at all," said
  Xie Aijuan, a retiree in her 50s. "I don't think they have anything like
  robotic restaurants there."

  "China is surpassing America," agreed her dining companion, Zhuang
  Jiazheng. "Robots are coming. Tech is advancing. It's all a matter of
  time."

A Caesar salad served by R2D2 today, and a killbot tomorrow. PRC
investors, especially the government, look long term for returns. 

Will a no-op robot restaurant open in the US? When customers assent to
restaurant owner indemnification against a hot bouillabaisse spill or
flambe' by Bananas Foster.


MASSIVE ethical failure and privacy violation by Dropbox (WiReD)

Lauren Weinstein <lauren@vortex.com>
Tue, 24 Jul 2018 17:38:08 -0700
via NNSquad
http://www.wired.com/story/dropbox-sharing-data-study-ethics/

  But it still appears this research was conducted without the express
  consent of the thousands of customers whose information Dropbox and the
  researchers accessed (the HBR article originally suggested that 400,000
  users' data was analyzed, while Dropbox says that the study dealt with
  data from 16,000 customers). Late Tuesday HBR added a second editors' note
  indicating that the researchers started with information on 400,000
  "unique users" but pared the data set down to 16,000 after incorporating
  data from Web of Science.  HBR editors also updated the article to
  indicate that it wasn't 1,000 universities that were included, but rather
  1,000 separate departments.  Informed consent, one of the cornerstones of
  academic research, is one of the things that got Facebook in so much
  trouble back in 2014 ...


Was It Ethical for Dropbox to Share Customer Data with Scientists? (WiReD)

Gabe Goldberg <gabe@gabegold.com>
Wed, 25 Jul 2018 09:40:30 -0400
<http://www.dropbox.com/privacy>

Dropbox representatives told WIRED that users gave consent when they agreed
to the company's privacy terms and pointed to a section of that policy about
how data will be used to improve Dropbox services. That section reads: "We
collect information related to how you use the Services, including actions
you take in your account (like sharing, editing, viewing, and moving files
or folders).  We use this information to improve our Services, develop new
services and features, and protect Dropbox users." They also pointed to
language about sharing data with third parties, which says "Dropbox uses
certain trusted third parties (for example, providers of customer support
and IT services) to help us provide, improve, protect, and promote our
Services."

Exactly how the study improved Dropbox services was not clear from the HBR
article or the Dropbox blog post, though Dropbox representatives told WIRED
the insights into how teams collaborate would help the company design better
features.

http://www.wired.com/story/dropbox-sharing-data-study-ethics/


Why is Google Translate spitting out sinister religious prophecies? (Motherboard)

Gabe Goldberg <gabe@gabegold.com>
Sun, 22 Jul 2018 14:00:40 -0400
Google Translate is moonlighting as a deranged oracle—and experts say
it's likely because of the spooky nature of neural networks.

http://motherboard.vice.com/en_us/article/j5npeg/why-is-google-translate-spitting-out-sinister-religious-prophecies

Garbage in, "gospel" out? Which other neural networks can be corrupted by
nonsense? Maybe Star Trek had it right, Kirk destroying evil computers by
feeding them jabberwocky...


Google DRM for Email can be disabled by ticking a few boxes in Firefox (Boing Boing)

Gabe Goldberg <gabe@gabegold.com>
Sun, 22 Jul 2018 17:24:38 -0400
http://boingboing.net/2018/07/22/adversarial-interop.html


How Google's Safe Browsing Helped Build a More Secure Web (WiReD)

Gabe Goldberg <gabe@gabegold.com>
Sun, 22 Jul 2018 17:30:31 -0400
http://www.wired.com/story/google-safe-browsing-oral-history/


Orrin Hatch tweeted at Google that he's not dead (Insider)

Gabe Goldberg <gabe@gabegold.com>
Tue, 24 Jul 2018 13:21:40 -0400
http://www.thisisinsider.com/orrin-hatch-tweeted-google-not-dead-2018-7

Hmm, Wikipedia isn't gospel; who knew...


Nationals' Trea Turner is the latest MLB player to have ugly tweets uncovered (WashPo)

Monty Solomon <monty@roscom.com>
Mon, 30 Jul 2018 08:00:18 -0400
A Nationals spokeswoman said the team is aware of the racially insensitive
and homophobic tweets and is gathering more information.

http://www.washingtonpost.com/news/nationals-journal/wp/2018/07/29/nationals-trea-turner-is-the-latest-mlb-player-to-have-ugly-tweets-uncovered/


Braves' Sean Newcomb addresses ugly old tweets right after just missing a no-hitter (WashPo)

Monty Solomon <monty@roscom.com>
Mon, 30 Jul 2018 08:01:34 -0400
The second-year Atlanta starter's roller coaster Sunday capped
a far more eventful late-July MLB series than usual.

http://www.washingtonpost.com/news/early-lead/wp/2018/07/29/braves-sean-newcomb-addresses-ugly-old-tweets-right-after-just-missing-a-no-hitter/


Data allowing people to print out their own guns temporarily blocked from Internet in PA, after legal pressure. (WashPo)

Monty Solomon <monty@roscom.com>
Mon, 30 Jul 2018 08:05:50 -0400
Distribution of the schematics allowing people to make homemade guns is
protected by the First Amendment, the company argues.

http://www.washingtonpost.com/news/morning-mix/wp/2018/07/30/data-allowing-people-to-print-out-their-own-guns-temporarily-blocked-from-internet-in-pa-after-legal-pressure/


Re: employees as subjects in clinical trials (Maziuk, RISKS-30.76)

"Robert R. Fenichel" <bob@fenichel.net>
Sat, 21 Jul 2018 11:29:49 -0700
Dmitri Maziuk says "I'm not quite sure what makes med AI coders so
different" from medical researchers, but the difference is in the stage of
the activity (routine vs. experimental), not in the personnel.

Medical research (clinical trials) is regulated differently from medical
practice, and the ethical restrictions are different, too, RCTs are tightly
regulated (by FDA, Health Canada, EMEA, or similar bodies in other
countries) and by Institutional Review Boards, with ethicists chiming in on
every detail.  Medical practice is loosely regulated by state licensing
boards and hospital committees, with practitioners mostly left to practice
as they see fit.

The extreme case is first-in-man trials of a new drug.  They offer no
benefit to the subjects, who usually don't have the disease that the drug is
hoped to treat.  I'm glad that there are people who will volunteer to be
subjects in those trials, but no one could be forced to do it.  Maziuk
reports that El Al maintenance crews are required to be passengers, but they
are presumably not required to be test pilots.

Robert R. Fenichel, M.D., http://www.fenichel.net


A few short replies to RISKS-30.76

Jeff Jonas <jeffj@panix.com>
Sun, 22 Jul 2018 20:02:55 -0400
replying to Richard M Stein
Subject: The cameras that know if you're happy - or a threat (bbc.com)

  "This technology motivates the old aphorism to
  "Keep smiling, the boss likes idiots."

Starbuck's already does that: hires and rewards people who smile.
A lot.  All the time.
http://valuesdrivenresults.com/starbucks-hires-best/

     *****

replying to Richard M Stein
Subject: China Expands Surveillance of Sewage to Police Illegal Drug Use

  "April Fools for 2019:
  The PRC expands surveillance to detect halitosis and BO."

1) Bad breath can be indicative of medical problems (cavities), but the term
"halitosis" was allegedly a marketing ploy:

http://www.smithsonianmag.com/smart-news/marketing-campaign-invented-halitosis-180954082/

2) Homeless people are being harassed more than ever. Everywhere.  In some
countries, it is illegal to be homeless where the police will harass and
beat them with impunity.  There are already sensors to deter folks from
using elevators as restrooms. I fear data and sensor fusion will make a more
hostile environment for the already desperate:
http://en.wikipedia.org/wiki/Anti-homelessness_legislation

On the bright side, in Elizabeth NJ
"2 homeless men found bombs, saved lives"
http://www.nj.com/union/index.ssf/2016/09/homeless_men_found_bombs_saved_lives_walked_with_a.html

     *****

replying to Benoit Goas
Subject: Micro SD cards silently switching to read-only when they're "too old"

  "The 64G Patriot micro SD ...  just decided to turn itself into a
  read-only memory card."

That seems like a reasonable fail-safe to the end of life condition, but
1) as mentioned, most software/firmware does not detect the condition
2) when it switches from read/write to read-only,
   I fear some file system data might not get written,
   leading to unrepairable inconsistencies.
   The operating system understands what data is higher priority
   but the SD card probably cannot infer that.
3) it's a lot better than the way hard drives tend to fail
   so catastrophically that all data is lost.

     *****

replying to Benoit Goas
Subject: Birds are making expensive roaming calls (The Register)

  "A new risk when tracking birds (or any other kind of stuff):
  someone manage to recover the SIM card from the tracker, and used it!"

A bright side of IoT: some cellphone providers have SIM card plans for low
data usage, perhaps with usage caps such as texting/SMS only.

     *****

replying to Monty Solomon
Subject: Robo-calls are getting worse.

Some **** thinks that engineers want to get phone calls and talk about their
trade-journal subscriptions instead of just completing a bingo-card or web
form.  That's why I rarely answer my phone during the day.  The moment I
answer ONE call, I'm flooded with more.  I suspect I'm flagged on their
sucker's list: answer one call and obviously you're interested in more. All
day.

They're poisoning their own well.

     *****

replying to Benoit Goas
Subject: We're not allowed to die anymore (NYTimes)

  "In the same kind of problems, a(n old) friend of mine died recently, and
  facebook want me to organize an event for his birthday"

1) Consider http://leonardbernstein.com/at100
   Leonard Bernstein at 100 is the world-wide celebration
   of the 100th birthday of Leonard Bernstein,
   the composer, conductor, educator, musician, cultural ambassador,
   and humanitarian, officially beginning on August 25, 2017

2) Not only the famous get such consideration.  Several friends have
   recently died.  Friends and family want their Internet social-media to
   remain intact to remember and honor them.

3) the Jewish "unveiling" ceremony honors the deceased, normally a year
   after the burial.  My take is that it's mostly for the family to remember
   and honor the person, not to forget them.

Please report problems with the web pages to the maintainer

Top