The RISKS Digest
Volume 31 Issue 53

Monday, 6th January 2020

Forum on Risks to the Public in Computers and Related Systems

ACM Committee on Computers and Public Policy, Peter G. Neumann, moderator

Please try the URL privacy information feature enabled by clicking the flashlight icon above. This will reveal two icons after each link the body of the digest. The shield takes you to a breakdown of Terms of Service for the site - however only a small number of sites are covered at the moment. The flashlight take you to an analysis of the various trackers etc. that the linked site delivers. Please let the website maintainer know if you find this useful or not. As a RISKS reader, you will probably not be surprised by what is revealed…


The Ghost of Y2K hits Hamburg
Hamburger Abendblatt
Software Glitch Affects 14,000 New York City Parking Meters
The Internet Is No Longer a Disruptive Technology
‘Shattered’—Inside the secret battle to save America's undercover spies in the digital age
737 MAX Crashes Strengthen Resolve of Boeing to Automate Flight
WSJ + NYT item
Europe rejects patent applications signed with AI inventor
Charlie Osborne
Amazon's Next-Day Delivery Has Brought Chaos And Carnage To America's Streets, But The World's Biggest Retailer Has A System To Escape The Blame
Michelle Thompson
Company shuts down because of ransomware, leaves 300 without jobs just before holidays
Catalin Cimpanu
Fresh Cambridge Analytica leak 'shows global manipulation is out of control'
Carole Cadwalladr
Re: What happens if your mind lives forever on the Internet?
Martin Ward
Info on RISKS (comp.risks)

The Ghost of Y2K hits Hamburg (Hamburger Abendblatt)

Debora Weber-Wulff <>
Thu, 2 Jan 2020 23:31:13 +0100

The city of Hamburg in Germany has 120 new DT5 trains - and 95 of them still won't work after the new decade has blown in. As soon as a train reaches the end of the line and has to reverse its direction (and the train driver must turn it off and walk to the other end to drive it back), it won't turn on again. At all.

The Hamburger Abendblatt reports in that an informer told them that this is attributable to a date problem, with the year flipping from 19 to 20.

All the trains stopped dead in their tracks, so to say. They have managed to fix the software on 25 of them, but so many are missing they are having to run short trains in the hopes of even keeping up with the schedule.

A bit later in the article an update is mentioned as being at fault, the rest of the article is politicians blathering on.

Their troubles don't stop there: a passenger purchased a ticket on 1 Jan 2020 that is not valid until 1.1.2040. Picture included.

I can't quite imagine what exactly went wrong in both of these cases, but I'd sure like to find out. Any readers with more information?

Software Glitch Affects 14,000 New York City Parking Meters (WSJ+)

Monty Solomon <>
Sat, 4 Jan 2020 02:34:42 -0500

A software glitch has left 14,000 electronic parking meters across New York City unable to read credit cards since the start of the new year, city officials said Friday.

The glitch involved an antifraud security setting in meters made by software provider Flowbird that disables card payments beyond Jan. 1, 2020, according to the city's Department of Transportation.

The Internet Is No Longer a Disruptive Technology (Bloomberg)

geoff goodfellow <>
Thu, 2 Jan 2020 10:47:13 -1000

The disruptive innovators of 10 years ago are today's stable incumbents

Internet-enabled industry disruption defined business strategy in the 2010s, but as 2020 begins, that era appears to be winding down. The disruptors have largely become the new establishment, and unlike a decade ago, it doesn't look like the new leaders will be displaced any time soon. Today's Internet is a mature and mainstream technology.

This was not the case a decade ago. In 2009, multiple industries were in the midst of upheaval thanks to Internet-enabled transformations. The iPhone was only two years old. In the music industry, compact discs still represented a plurality of revenues, and most of the rest came from digital purchases. Streaming, whether of music or on Netflix, was still in its infancy. We were in the middle of the transition from print ads to digital ones; 2009 was the last year the newspaper industry had higher ad revenues than Google, and the last year Facebook's revenues were less than $1 billion. E-commerce was growing, but Sears and Kmart were still large retail chains. YouTube was known mostly for a handful of viral videos (Susan Boyle, anyone?).

Today, much has changed. The music industry has become the streaming industry, with compact discs and digital sales becoming less and less important; today's industry growth is powered by subscriptions. Beginning a few years ago, total revenues have started to grow again after 15 years of declines. The competitive threats to the leader in music streaming, Spotify, come from well-financed competitors with similar offerings, like Apple Music and Amazon Music, rather than a brand-new technology. The music industry may have been the first to be threatened by internet-related disruption in the late 1990s, with the growth of mp3 sharing and Napster, and is now perhaps the first industry to have completed its transformation.

The advertising industry has been transformed by Google and Facebook. Early in the 2010s, there was a popular chart showing that online ad revenues represented a much smaller share of total ad revenues than internet use represented for total time spent consumer content. The reverse was true for print media and print ads. Today that gap has closed. Print and radio now account for just 15% of total ad spend.

Perhaps no industry has been hurt more by the internet this decade than physical retail. E-commerce has continued to gain market share. Many retailers have gone bankrupt. Malls keep closing. Sears and Kmart have closed hundreds of stores, and their parent company flirts with bankruptcy. Yet we've also seen that Walmart, Target and Costco are more formidable competitors than the retailers that have disappeared, and all three have stock prices near all-time highs. Top-tier malls have reinvented themselves by adding restaurants, apartments and hotels. E-commerce is starting to have its share of growing pains due to high customer acquisition costs as online ad rates have soared, and some online firms are finding that building their own stores makes good business sense. The future of shopping is more complex than just e-commerce crushing brick-and-mortar stores. […]

‘Shattered’—Inside the secret battle to save America's undercover spies in the digital age (WashPost)

geoff goodfellow <>
Thu, 2 Jan 2020 10:48:05 -1000


When hackers began slipping into computer systems at the Office of Personnel Management in the spring of 2014, no one inside that federal agency could have predicted the potential scale and magnitude of the damage. Over the next six months, those hackers—later identified as working for the Chinese government—stole data on nearly 22 million former and current American civil servants, including intelligence officials.

The data breach, which included fingerprints, personnel records and security clearance background information, shook the intelligence community to its core. Among the hacked information's other uses, Beijing had acquired a potential way to identify large numbers of undercover spies working for the U.S. government. The fallout from the hack was intense, with the CIA reportedly pulling its officers out of China. <> (The director of national intelligence later denied this withdrawal.) <>

Personal data was being weaponized like never before. In one previously unreported incident, around the time of the OPM hack, senior intelligence officials realized that the Kremlin was quickly able to identify new CIA officers in the U.S. Embassy in Moscow—likely based on the differences in pay between diplomats, details on past service in hardship posts, speedy promotions and other digital clues, say four former intelligence officials. Those clues, they surmised, could have come from access to the OPM data, possibly shared by the Chinese, or some other way, say former officials.

The OPM hack was a watershed moment, ushering in an era when big data and other digital tools may render methods of traditional human intelligence gathering extinct, say former officials. It is part of an evolution that poses one of the most significant challenges to undercover intelligence work in at least a half century—and probably much longer. […]

737 MAX Crashes Strengthen Resolve of Boeing to Automate Flight (WSJ + NYT item)

Monty Solomon <>
Wed, 1 Jan 2020 11:16:18 -0500

Boeing, Airbus and industry experts for long have planned more technology to prevent pilot error

Europe rejects patent applications signed with AI inventor (Charlie Osborne)

Gene Wirchenko <>
Fri, 03 Jan 2020 15:21:33 -0800

Charlie Osborne for Between the Lines | 3 Jan 2020 AI-generated ideas and concepts are at the center of a heated ownership debate.

The European Patent Office (EPO) has rejected two patent applications in which artificial intelligence (AI) was designated as the inventor.

Current rules dictate that humans must be attributed as inventors behind a patent application in order to prevent full corporate inventorship from becoming a recognized practice for ideas. Now, the idea of AI having a form of 'ownership' has clashed with this traditional stance.

The team argues that “inventorship should not be restricted to natural persons,” and “a machine that would meet inventorship criteria if it were a natural person should also qualify as an inventor.”

Amazon's Next-Day Delivery Has Brought Chaos And Carnage To America's Streets, But The World's Biggest Retailer Has A System To Escape

Gene Wirchenko <>
Fri, 03 Jan 2020 15:46:57 -0800

Deaths and devastating injuries. A litany of labor violations. Drivers forced to urinate in their vans. Here is how Amazon's gigantic, decentralized, next-day delivery network brought chaos, exploitation, and danger to communities across America. (BuzzFeed News)

opening text:

Valdimar Gray was delivering packages for Amazon at the height of the pre-Christmas rush when his three-ton van barreled into an 84-year-old grandmother, crushing her diaphragm, shattering several ribs, and fracturing her skull.

“Oh my god!” screamed Gray as he leaped out of his van. It was a bright, clear afternoon on Dec. 22, 2016, and the 29-year-old had been at the wheel of the white Nissan since early that morning, racing to drop Amazon packages on doorsteps throughout Chicago. He stood in anguish next to Telesfora Escamilla as she lay dying, her blood pooling on the pavement just three blocks from her home. After the police arrived, Gray submitted to drug and alcohol tests, which came up clean. He would later be charged with reckless homicide.

[Sadly, not the only case.]

Company shuts down because of ransomware, leaves 300 without jobs just before holidays (Catalin Cimpanu)

Gene Wirchenko <>
Fri, 03 Jan 2020 15:54:33 -0800

Catalin Cimpanu for Zero Day | 3 Jan 2020 Company tells employees to seek new employment after suspending all operations right before Christmas.

selected text:

An Arkansas-based telemarketing firm sent home more than 300 employees and told them to find new jobs after IT recovery efforts didn't go according to plan following a ransomware incident that took place at the start of October 2019.

A former The Heritage Company employee told KATV that they've lost any faith the company is going to ever recover from the ransomware attack.

“Most of us are convinced that they're not going to reopen. I'm pretty sure they're just buying time because they know as soon as they're not going to reopen we're going to have to get a settlement and I think they just don't want us to take them to court,” the employee told KATV.

What happened to The Heritage Company is not an isolated incident. Over the past two years, there have been many cases where smaller companies decided to shut down for good, lacking the funds to pay a ransom demand to get their data back or lacking the funds needed to rebuild their IT infrastructure.

For example, in April 2019, doctors at a medical practice office in Michigan decided to shut down their business and retire one year ahead of schedule, rather than deal with the fallout from a ransomware infection.

Similarly, a second medical office, based in Simi Valley, California, reached the same conclusion in September 2019, deciding to shut down all operations after they were infected with ransomware a month before and lacked the funds to pay the ransom.

Fresh Cambridge Analytica leak ‘shows global manipulation is out of control’ (Carole Cadwalladr)

Dewayne Hendricks <>
January 5, 2020

Company's work in 68 countries laid bare with release of more than 100,000 documents

Jan 4 2020 <>

An explosive leak of tens of thousands of documents from the defunct data firm Cambridge Analytica is set to expose the inner workings of the company that collapsed after the Observer revealed it had misappropriated 87 million Facebook profiles.

More than 100,000 documents relating to work in 68 countries that will lay bare the global infrastructure of an operation used to manipulate voters on “an industrial scale” is set to be released over the next months.

It comes as Christopher Steele, the ex-head of MI6's Russia desk and the intelligence expert behind the so-called Steele dossier into Trump's relationship with Russia, said that while the company had closed down, the failure to properly punish bad actors meant that the prospects for manipulation of the US election this year were even worse.

The release of documents began on New Year's Day on an anonymous Twitter account, @HindsightFiles, with links to material on elections in Malaysia, Kenya and Brazil. The documents were revealed to have come from Brittany Kaiser, an ex-Cambridge Analytica employee turned whistleblower, and to be the same ones subpoeaned by Robert Mueller's investigation into Russian interference in the 2016 presidential election.

Kaiser, who starred in the Oscar-shortlisted Netflix documentary The Great Hack, decided to go public after last month's election in Britain. “It's so abundantly clear our electoral systems are wide open to abuse,” she said. “I'm very fearful about what is going to happen in the US election later this year, and I think one of the few ways of protecting ourselves is to get as much information out there as possible.”

The documents were retrieved from her email accounts and hard drives, and though she handed over some material to parliament in April 2018, she said there were thousands and thousands more pages which showed a “breadth and depth of the work” that went “way beyond what people think they know about the Cambridge Analytica scandal”.

Steele made a rare public intervention to comment on the leaks. He said that while he didn't know what was in them, the context couldn't be more important because “on our current trajectory these problems are likely to get worse, not better, and with crucial 2020 elections in America and elsewhere approaching, this is a very scary prospect. Something radical needs to be done about it, and fast.”

He said authorities in the west had failed to punish those practising social and other media manipulation, and “the result will be that while CA may have been exposed and eventually shut down, other, even more sophisticated actors will have been emboldened to interfere in our elections and sow social divisions”.

Kaiser said the Facebook data scandal was part of a much bigger global operation that worked with governments, intelligence agencies, commercial companies and political campaigns to manipulate and influence people, and that raised huge national security implications.

The unpublished documents contain material that suggests the firm was working for a political party in Ukraine in 2017 even while under investigation as part of Mueller's inquiry and emails that Kaiser says described how the firm helped develop a “sophisticated infrastructure of shell companies that were designed to funnel dark money into politics”.

“There are emails between these major Trump donors discussing ways of obscuring the source of their donations through a series of different financial vehicles. These documents expose the entire dark money machinery behind US politics.” The same machinery, she says, was deployed in other countries that Cambridge Analytica worked in, including, she claims, Britain.

Emma Briant, an academic at Bard College, New York, who specialises in investigating propaganda and has had access to some of the documents for research, said that what had been revealed was “the tip of the iceberg”.

Re: What happens if your mind lives forever on the Internet? (Rees and Shapir, RISKS-31.52)

Martin Ward <>
Sun, 5 Jan 2020 15:21:59 +0000

Re: Rees:

The point of the Turing Test is to determine if a machine can think like a human being, not to attempt to fool people into believing that the machine is intelligent (when it actually is not). Cases where people were fooled into thinking that they were talking to a person, when they did not know that it was possible that they were talking to a machine, are therefore irrelevant.

Re: Shapir:

If the aim is to “fool people”, then the the AI developers will be hardest, if not impossible, to fool (as you assert).

If, however, the aim is to develop an intelligent machine, using the Turing Test as the best method of testing that we have devised so far, then the AI developers should be easiest to be convinced: they have programmed behaviour into the system which they believe is actual intelligent thinking, as similar as possible to real human thinking, so if the machine cannot convince them, then it is unlikely to convince anyone else! To convince the creators, the program would have to exhibit behaviour beyond any specific responses programmed into it: this is simply a basic requirement for any real AI.

I suspect that Amos is correct in his opinion that “no AI program could ever fool the people who create it”: but if he is correct, then the reason is that AI is impossible, not that the goal posts keep being moved. If the AI program cannot convince the people who created it then, a fortiori, it cannot convince the ordinary person, and it is not an intelligent machine.

Please report problems with the web pages to the maintainer