Please try the URL privacy information feature enabled by clicking the flashlight icon above. This will reveal two icons after each link the body of the digest. The shield takes you to a breakdown of Terms of Service for the site - however only a small number of sites are covered at the moment. The flashlight take you to an analysis of the various trackers etc. that the linked site delivers. Please let the website maintainer know if you find this useful or not. As a RISKS reader, you will probably not be surprised by what is revealed…
https://valdostatoday.com/news-2/local/2019/12/human-error-led-to-massive-valdosta-sewage-spill/
“On December 9, 2019, the staff at the Withlacoochee Wastewater Treatment plant notified Environmental Services personnel to inform them that flow into the plant had decreased by 50% over the previous few days. After a brief investigation, utility personnel noticed that a contractor working on the city's SCADA system disconnected a reference cable at the Remerton Lift Station for testing and failed to reconnect it. As a result of the incident, the lift station's level indicator and alarm agent were disconnected. The lift station's alarm agent system did not operate as it normally would, bypassing the alert notification that is typically sent to utility staff when there is an issue at a lift station.
Based on the flow information collected, approximately 7,592,910 gallons discharged from a manhole into Sugar Creek adjacent to the 1800 block of Norman Drive.”
Jonah M. Kessel, The New York Times, 13 Dec 2019 Killing in the Age of Algorithms is The New York Times documentary examining the future of artificial intelligence and warfare. https://www.nytimes.com/2019/12/13/technology/autonomous-weapons-video.html
Times reporters traveled to Russia, Switzerland, California and Washington, D.C., talking to experts in the commercial tech, military and AI communities. Below are some key points and analysis, along with extras from the documentary.
Do I need to worry about a Terminator knocking on my door?
Most experts say you can rest easy, for now. Weapons that can operate like human soldiers are not something they see in our immediate future. Although there are varying opinions, most agree we are far from achieving artificial general intelligence, or A.G.I., that would allow for Terminators with the kind of flexibility necessary to be effective on today's complex battlefield.
However, Stuart J. Russell, a professor of computer science at the University of California, Berkeley, who wrote an influential textbook on artificial intelligence, says achieving A.G.I. that is as smart as humans is inevitable.
So where are we now?
There are many weapons systems that use artificial intelligence. But instead of thinking about Terminators, it might be better to think about software transforming the tech we already have.
There are weapons that use artificial intelligence in active use today, including some that can search, select and engage targets on their own, attributes often associated with defining what constitutes a lethal autonomous weapon system (a.k.a. a killer robot).
In his book Army of None: Autonomous Weapons and the Future of War, the Army Ranger turned policy analyst Paul Scharre explained, “More than 30 nations already have defensive supervised autonomous weapons for situations in which the speed of engagement is too fast for humans to respond.”
Perhaps the best known of these weapons is the Israel Aerospace Industries Harpy, an armed drone that can hang out high in the skies surveying large areas of land until it detects an enemy radar signal, at which point it crashes into the source of the radar, destroying both itself and the target.
The weapon needs no specific target to be launched, and a human is not necessary to its lethal decision making. It has been sold to Chile, China, India, South Korea and Turkey, Mr. Scharre said, and the Chinese are reported to have reverse-engineered their own variant..
“We call them precursors,” Mary Wareham, advocacy director of the arms division at Human Rights Watch, said in an interview between meetings at the United Nations in Geneva. “We're not quite there yet, but we are coming ever closer.”
So when will more advanced lethal autonomous weapons systems be upon us?
“I think we're talking more about years not decades,” she said.
But for the moment, most weapons that use AI have a narrow field of use and aren't flexible. They can't adapt to different situations.
“One of the things that's hard to understand unless you've been there is just the messiness and confusion of modern warfare,” Mr. Scharre said in an interview.”
“In all of those firefights,” he explained, “there was never a point where I could very clearly say that it was 100 percent that the person I was looking at down the scope of my rifle was definitely a combatant.
Soldiers are constantly trying to gauge—is this person a threat? How close can they get to me? If I tell them to stop, does that mean that they didn't hear me or they didn't understand? Maybe they're too frightened to react? Maybe they're not thinking? Or maybe they're a suicide bomber and they're trying to kill me and my teammates.”
Mr. Scharre added, “Those can be very challenging environments for robots that have algorithms they have to follow to be able to make clear and correct decisions.”
Although current AI is relatively brittle, that isn't stopping militaries from incorporating it into their robots. In his book, which was published in 2018, Mr. Scharre wrote that at least 16 countries had armed drones, adding that more than a dozen others were working on them.
Earlier this year, US National Oceanic and Atmospheric Administration and the British Geological Survey (BGS) were forced to update the World Magnetic Model a year ahead of schedule due to the speed with which the magnetic north pole is shifting out of the Canadian Arctic and toward Russia's Siberia.
The BGS and the US National Centers for Environmental Information has released a new update to the World Magnetic Model this week, confirming that the magnetic north pole, whose coordinates are crucial for the navigation systems used by governments, militaries and a slew of civilian applications, is continuing its push toward Siberia.
“The WMM2020 forecasts that the northern magnetic pole will continue drifting toward Russia, although at a slowly decreasing speed—down to about 40 km per year compared to the average speed of 55 km over the past twenty years,” the US agency said in a press statement. <https://www.ncei.noaa.gov/news/world-magnetic-model-2020-released>
The data confirmed that this year, the magnetic north pole passed to within 390 km of the geographic North Pole, and crossed the Greenwich (prime) meridian. Compilers also confirmed that the Earth's magnetic field is continuing to weaken, at a rate of about 5 percent every 100 years. […]
See SpaceX's Starlink Could Change The Night Sky Forever, And Astronomers Are Not Happy, for a brief note outlining astronomer's umbrage. http://catless.ncl.ac.uk/Risks/31/28#subj1.1
“So now the company plans to treat one of the Starlink satellites with a special coating, when the next group goes in late December, according to SpaceX president and chief operating officer Gwynne Shotwell.”
I wonder what's in SpaceX's ‘secret anti-reflective’ sauce? Hopefully, the coating won't chip or flake off the Starlink payload while deployed in orbit.
Yet another IOT vulnerability story:
There are no details in the article, but it seems to be a case of unencrypted communication between a “smart lock” and the phone app which controls it.
https://gadget.co.za/phone-breaking-android-hole-revealed/
https://www.bostonglobe.com/2019/12/13/opinion/deepfakes-are-coming-what-do-we-do/
https://www.latimes.com/business/story/2019-11-06/airline-luggage-tracking-apps-problems
https://www.theregister.co.uk/2019/12/16/internet_of_crap_encryption/
https://www.nytimes.com/2019/12/15/technology/amazon-aws-cloud-competition.html
https://techcrunch.com/2019/12/18/cloud-flaws-millions-child-watch-trackers/
https://www.cisomag.com/thief-stole-payroll-data-of-29000-facebook-employees/
https://securityboulevard.com/2019/12/companies-ignoring-third-party-breach-alerts/
Report: Blue Cross and Blue Shield Minnesota Had Thousands of Old ‘Critical’ Vulnerabilities
‘Incredibly sensitive’ data is open to cyberattack at Mass. tax-collection agency, audit report says
This BBC article suggests that an implanted medical device can improve your quality of life. https://www.bbc.com/future/article/20191216-how-hacking-the-human-heart-could-replace-pill-popping
Get an implanted device, fill it with your prescription(s), and set the dispensation timer (every X hours) or delivery trigger condition (blood glucose threshold). Convenient, no? With an implant, the recipient is relieved from fetching a glass of water to assist medicine consumption, “where is my medicine” moments, or “fingertip prick, blood glucose measure, and insulin inject” duties. Refill the reservoir periodically, like recharging a mobile electronic device.
Device implantation is a highly personal choice: to sustain longevity, a candidate recipient may have no other options available to manage a chronic or acute condition. Elective device implantation is a significant life-changing and potentially life-threatening decision.
What questions do you ask a medical provider who recommends device implantation? What information do you need to make an informed decision? What are the implanted device choices? What about post-implant quality of life? How will the implant either change, diminish, or improve life quality? How often are explants (device removals) performed for the candidate device choice? What are implant risks and their occurrence probabilities? Why does your physician recommend manufacturer X's device, and not a competitor Y's? Does your physician receive payment or other incentive from manufacturer X to implant their device? What criteria drive device selection that's relevant to your case?
These questions are difficult for a patient to ask their physician. A patient often consciously relies on physician trust to guide a “go or no-go” decision. You hold your physician in high regard. You rely on them to treat you according to the Hippocratic Oath — that's their career-long pledge to serve your interests. While you can often trust your physician, can you automatically extend this trust to the manufacturer that supplies the tools and devices a physician uses to treat your condition?
I cannot give a binary ‘yes’ or ‘no’ answer. Risk, especially risks for implanted cardiac devices, constitutes a measure that is too important to ignore.
In this note, I attempt to estimate an probability for adverse event experience arising in cardiac-related implantable device recipients: My analysis attempts to answer: “What is the probability of experiencing a malfunction or injury or death (identified as adverse events) following implantation of a pacemaker or defibrillator or electrical stimulus/sensing lead?”
I use freely available public, and professionally vetted/reviewed, literature and government sources as noted below. Basic arithmetic is used for computation.
FDA's MAUDE and TOTAL PRODUCT LIFE CYCLE (https://www.accessdata.fda.gov/scripts/cdrh/cfdocs/cfMAUDE/search.CFM) (https://www.accessdata.fda.gov/scripts/cdrh/cfdocs/cfTPLC/tplc.cfm) tools collate submitted device report records. They are used to capture adverse events (identified by the FDA as: DEATH, INJURY, MALFUNCTION, NOT SPECIFIED, OTHER) arising from, or possibly attributed to, implanted cardiac devices (defibrillators, pacemakers, electrical leads, etc.).
To perform the analysis, I estimate an aggregate adverse event count over a given 42 month interval comprising 01JAN2016-31JUL2019. I use public sources of device implant rates to calculate a non-zero probability that an adverse event will impact a recipient. That the aggregation is applied across multiple product codes (as shown below), implies that a recipient is implanted with a defibrillator or pacemaker + electrical stimulus leads.
I do not attempt to segregate and identify probabilities attributed to partial implant/explant, such as electrical stimulus lead explantation and implantation with a new one. The term ‘device’ used here implies pacemaker, defibrillator, and leads. It may also mean a big component of a pacemaker (pulse generator, but not the pacemaker's enclosure) or defibrillator that needs to be explanted or implanted.
The FDA website clearly states a caveat about using MAUDE data to calculate event rates: “MAUDE data is not intended to be used either to evaluate rates of adverse events or to compare adverse event occurrence rates across devices.” (See https://www.fda.gov/medical-devices/mandatory-reporting-requirements-manufacturers-importers-and-device-user-facilities/manufacturer-and-user-facility-device-experience-database-maude). Caveat emptor!
MAUDE content shows that on some calendar days, over 500 medical device reports are submitted. MAUDE's web interface will only retrieve a maximum of 100 reports for any single day of interest (e.g. start date: 29JAN2017 and end date: 29JAN2017). Hitting the MAUDE retrieval limit during search may align with a manufacturer device recall campaign that requires a report submission storm to comply with regulations.
The analysis was aided by pulling the raw zip files from https://www.fda.gov/medical-devices/mandatory-reporting-requirements-manufacturers-importers-and-device-user-facilities/manufacturer-and-user-facility-device-experience-database-maude to process and cleanse them to enable evaluation. A few simple PYTHON programs were used in this process.
MAUDE and TPLC afford a means to aggregate, to count, adverse event density. This density can be combined with published, peer-reviewed sources to estimate a post-implant adverse event occurrence probability. MAUDE substantially captures adverse event reports submitted by US-based healthcare providers, manufacturer device manufacturers, and recipients. Device manufacturers apparently submit the vast majority of MAUDE reports.
A small percentage (guestimate is ~1-2%) are submitted from manufacturer device representatives or healthcare providers for recipient adverse events in other countries (e.g., Singapore-based device representatives or healthcare provider submitted ~1000 reports between 01JAN2016-31JUL2019, if memory serves). Other countries rely on the same manufacturers (MEDTRONIC, BOSTON SCIENTIFIC, BIOTRONIX GMBH, ST. JUDE MEDICAL, GUIDANT, GREATBATCH MEDICAL, OSCOR, etc.) as the US healthcare system for implantable cardiac devices.
A patient's medical condition(s), and/or change in condition(s), often serves as a significant justification to prepare and submit a medical device report that characterizes an adverse event. Comprehensive cardiac and electrophysiological knowledge is required to accurately assess and properly characterize an adverse event.
The investigation used the following MAUDE product codes, comprising 16 distinct cardiac implantable device types, to estimate post-implant adverse event probability noted below.
DTB|Permanent Pacemaker Electrode DTD|Pacemaker Lead Adaptor DXY|Implantable Pacemaker Pulse-Generator LWP|Implantable Pulse Generator, Pacemaker (Non-Crt) LWS|Implantable Cardioverter Defibrillator (Non-Crt) MRM|Defibrillator, Implantable, Dual-Chamber MXC|Recorder, Event, Implantable Cardiac, (Without Arrhythmia Detection) MXD|Recorder, Event, Implantable Cardiac, (With Arrhythmia Detection) NIK|Defibrillator, Automatic Implantable Cardioverter, With Cardiac Resynchronization (Crt-D) NKE|Pulse Generator, Pacemaker, Implantable, With Cardiac Resynchronization (Crt-P) NVN|Drug Eluting Permanent Right Ventricular (Rv) Or Right Atrial (Ra) Pacemaker Electrodes NVY|Permanent Defibrillator Electrodes NVZ|Pulse Generator, Permanent, Implantable OJX|Drug Eluting Permanent Left Ventricular (Lv) Pacemaker Electrode OSR|Pacemaker/Icd/Crt Non-Implanted Components PNJ|Leadless Pacemaker
Each MAUDE product code identifier consist of 3 alphabetic characters. They are assigned to medical devices as part of FDA device registration and approval processes. Each product code consists of devices of similar type and function from different manufacturers. Thus, the NVY product code encompasses the class of Permanent Defibrillator Electrodes manufactured or sold into the global marketplace that is subject to FDA regulation.
The TPLC tool aggregates adverse events for product codes, but assigns unique terms to segregate event attribution into defect categories. As an example, the DTB product code (Permanent Pacemaker Electrode) reveals this TOP-10 tabular summary (TOTAL COUNT == 59835) reported and full traceable to the MAUDE system since 2016:
| DEVICE PROBLEMS | COUNT |
|---|---|
| High Capture Threshold | 9132 |
| Under-Sensing | 7738 |
| Over-Sensing | 7525 |
| Adverse Event Without Identified Device or Use Problem | 7523 |
| Device Dislodged or Dislocated | 7055 |
| High impedance | 6255 |
| Failure to Capture | 5155 |
| Capturing Problem | 3303 |
| Fracture | 3299 |
| Signal Artifact | 2850 |