The Risks Digest

The RISKS Digest

Forum on Risks to the Public in Computers and Related Systems

ACM Committee on Computers and Public Policy, Peter G. Neumann, moderator

Volume 31 Issue 53

Monday 6 January 2020


The Ghost of Y2K hits Hamburg
Hamburger Abendblatt
Software Glitch Affects 14,000 New York City Parking Meters
The Internet Is No Longer a Disruptive Technology
'Shattered'—Inside the secret battle to save America's undercover spies in the digital age
737 MAX Crashes Strengthen Resolve of Boeing to Automate Flight
WSJ + NYT item
Europe rejects patent applications signed with AI inventor
Charlie Osborne
Amazon' Next-Day Delivery Has Brought Chaos And Carnage To America's Streets, But The World' Biggest Retailer Has A System To Escape The Blame
Michelle Thompson
Company shuts down because of ransomware, leaves 300 without jobs just before holidays
Catalin Cimpanu
Fresh Cambridge Analytica leak 'shows global manipulation is out of control'
Carole Cadwalladr
Re: What happens if your mind lives forever on the Internet?
Martin Ward
Info on RISKS (comp.risks)

The Ghost of Y2K hits Hamburg (Hamburger Abendblatt)

Debora Weber-Wulff <>
Thu, 2 Jan 2020 23:31:13 +0100
The city of Hamburg in Germany has 120 new DT5 trains - and 95 of
them still won't work after the new decade has blown in. As soon as a
train reaches the end of the line and has to reverse its direction (and
the train driver must turn it off and walk to the other end to drive it
back), it won't turn on again. At all.

The Hamburger Abendblatt reports in that an informer told them that this is
attributable to a date problem, with the year flipping from 19 to 20.

All the trains stopped dead in their tracks, so to say. They have
managed to fix the software on 25 of them, but so many are missing
they are having to run short trains in the hopes of even keeping
up with the schedule.

A bit later in the article an update is mentioned as being at fault, the
rest of the article is politicians blathering on.

Their troubles don't stop there: a passenger purchased a ticket on 1 Jan
2020 that is not valid until 1.1.2040. Picture included.

I can't quite imagine what exactly went wrong in both of these cases,
but I'd sure like to find out. Any readers with more information?

Software Glitch Affects 14,000 New York City Parking Meters (WSJ+)

Monty Solomon <>
Sat, 4 Jan 2020 02:34:42 -0500
A software glitch has left 14,000 electronic parking meters across New York
City unable to read credit cards since the start of the new year, city
officials said Friday.

The glitch involved an antifraud security setting in meters made by software
provider Flowbird that disables card payments beyond Jan. 1, 2020, according
to the city's Department of Transportation.

  [Jan Wolitzky noted *The NYTimes item:>
  while danny burstein seemed to have the correct analysis:
    “Sounds like the "sliding calendar" kluge to get around the
    original Y2K problem, with a "if year = 0 to 19", etc.''

The Internet Is No Longer a Disruptive Technology (Bloomberg)

geoff goodfellow <>
Thu, 2 Jan 2020 10:47:13 -1000
The disruptive innovators of 10 years ago are today's stable incumbents

Internet-enabled industry disruption defined business strategy in the 2010s,
but as 2020 begins, that era appears to be winding down. The disruptors have
largely become the new establishment, and unlike a decade ago, it doesn't
look like the new leaders will be displaced any time soon.  Today's
Internet is a mature and mainstream technology.

This was not the case a decade ago. In 2009, multiple industries were in the
midst of upheaval thanks to Internet-enabled transformations. The iPhone was
only two years old. In the music industry, compact discs still represented a
plurality of revenues, and most of the rest came from digital purchases.
Streaming, whether of music or on Netflix, was still in its infancy. We were
in the middle of the transition from print ads to digital ones; 2009 was the
last year the newspaper industry had higher ad revenues than Google, and the
last year Facebook's revenues were less than $1 billion. E-commerce was
growing, but Sears and Kmart were still large retail chains. YouTube was
known mostly for a handful of viral videos (Susan Boyle, anyone?).

Today, much has changed. The music industry has become the streaming
industry, with compact discs and digital sales becoming less and less
important; today's industry growth is powered by subscriptions. Beginning
a few years ago, total revenues have started to grow again after 15 years of
declines. The competitive threats to the leader in music streaming, Spotify,
come from well-financed competitors with similar offerings, like Apple Music
and Amazon Music, rather than a brand-new technology. The music industry may
have been the first to be threatened by internet-related disruption in the
late 1990s, with the growth of mp3 sharing and Napster, and is now perhaps
the first industry to have completed its transformation.

The advertising industry has been transformed by Google and Facebook. Early
in the 2010s, there was a popular chart showing that online ad revenues
represented a much smaller share of total ad revenues than internet use
represented for total time spent consumer content. The reverse was true for
print media and print ads. Today that gap has closed. Print and radio now
account for just 15% of total ad spend.

Perhaps no industry has been hurt more by the internet this decade than
physical retail. E-commerce has continued to gain market share. Many
retailers have gone bankrupt. Malls keep closing. Sears and Kmart have
closed hundreds of stores, and their parent company flirts with bankruptcy.
Yet we've also seen that Walmart, Target and Costco are more formidable
competitors than the retailers that have disappeared, and all three have
stock prices near all-time highs. Top-tier malls have reinvented themselves
by adding restaurants, apartments and hotels. E-commerce is starting to have
its share of growing pains due to high customer acquisition costs as online
ad rates have soared, and some online firms are finding that building their
own stores makes good business sense. The future of shopping is more complex
than just e-commerce crushing brick-and-mortar stores. [...]

'Shattered'—Inside the secret battle to save America's undercover spies in the digital age (WashPost)

geoff goodfellow <>
Thu, 2 Jan 2020 10:48:05 -1000

When hackers began slipping into computer systems at the Office of Personnel
Management in the spring of 2014, no one inside that federal agency could
have predicted the potential scale and magnitude of the damage. Over the
next six months, those hackers—later identified as working for the
Chinese government—stole data on nearly 22 million former and current
American civil servants, including intelligence officials.

The data breach, which included fingerprints, personnel records and security
clearance background information, shook the intelligence community to its
core. Among the hacked information's other uses, Beijing had acquired a
potential way to identify large numbers of undercover spies working for the
U.S. government. The fallout from the hack was intense, with the CIA
reportedly pulling its officers out of China.
(The director of national intelligence later denied this withdrawal.)

Personal data was being weaponized like never before. In one previously
unreported incident, around the time of the OPM hack, senior intelligence
officials realized that the Kremlin was quickly able to identify new CIA
officers in the U.S. Embassy in Moscow—likely based on the differences in
pay between diplomats, details on past service in *hardship* posts, speedy
promotions and other digital clues, say four former intelligence officials.
Those clues, they surmised, could have come from access to the OPM data,
possibly shared by the Chinese, or some other way, say former officials.

The OPM hack was a watershed moment, ushering in an era when big data and
other digital tools may render methods of traditional human intelligence
gathering extinct, say former officials. It is part of an evolution that
poses one of the most significant challenges to undercover intelligence work
in at least a half century—and probably much longer. [...]

737 MAX Crashes Strengthen Resolve of Boeing to Automate Flight (WSJ + NYT item)

Monty Solomon <>
Wed, 1 Jan 2020 11:16:18 -0500
Boeing, Airbus and industry experts for long have planned more technology to
prevent pilot error

  *The NYTimes* on 6 Jan 2020 notes that Boeing reported to the FAA in early
  January 2020 that they had discovered the cabling controlling the
  tail-plane stabilizers on the 737 Max had wires whose close proximity
  could result in a short, which could result in catastrophe.  This appears
  to require only a minor fix, although it may also affect the the earlier
  737 MG aircraft as well.  (However, it has not been a problem to date, so
  this will be a proactive fix.)  PGN]

Europe rejects patent applications signed with AI inventor (Charlie Osborne)

Gene Wirchenko <>
Fri, 03 Jan 2020 15:21:33 -0800
Charlie Osborne for Between the Lines | 3 Jan 2020
AI-generated ideas and concepts are at the center of a heated ownership debate.

The European Patent Office (EPO) has rejected two patent applications in
which artificial intelligence (AI) was designated as the inventor.

Current rules dictate that humans must be attributed as inventors behind a
patent application in order to prevent full corporate inventorship from
becoming a recognized practice for ideas. Now, the idea of AI having a form
of 'ownership' has clashed with this traditional stance.

The team argues that "inventorship should not be restricted to natural
persons," and "a machine that would meet inventorship criteria if it were a
natural person should also qualify as an inventor."

Amazon' Next-Day Delivery Has Brought Chaos And Carnage To America's Streets, But The World' Biggest Retailer Has A System To Escape

Gene Wirchenko <>
Fri, 03 Jan 2020 15:46:57 -0800
Deaths and devastating injuries. A litany of labor violations. Drivers
forced to urinate in their vans. Here is how Amazon's gigantic,
decentralized, next-day delivery network brought chaos, exploitation, and
danger to communities across America. (BuzzFeed News)

opening text:

Valdimar Gray was delivering packages for Amazon at the height of the
pre-Christmas rush when his three-ton van barreled into an 84-year-old
grandmother, crushing her diaphragm, shattering several ribs, and fracturing
her skull.

“Oh my god!'' screamed Gray as he leaped out of his van. It was a bright,
clear afternoon on Dec.  22, 2016, and the 29-year-old had been at the wheel
of the white Nissan since early that morning, racing to drop Amazon packages
on doorsteps throughout Chicago. He stood in anguish next to Telesfora
Escamilla as she lay dying, her blood pooling on the pavement just three
blocks from her home. After the police arrived, Gray submitted to drug and
alcohol tests, which came up clean. He would later be charged with reckless

      [Sadly, not the only case.]

Company shuts down because of ransomware, leaves 300 without jobs just before holidays (Catalin Cimpanu)

Gene Wirchenko <>
Fri, 03 Jan 2020 15:54:33 -0800
Catalin Cimpanu for Zero Day | 3 Jan 2020
Company tells employees to seek new employment after suspending all
operations right before Christmas.

selected text:

An Arkansas-based telemarketing firm sent home more than 300 employees and
told them to find new jobs after IT recovery efforts didn't go according to
plan following a ransomware incident that took place at the start of October

A former The Heritage Company employee told KATV that they've lost any faith
the company is going to ever recover from the ransomware attack.

"Most of us are convinced that they're not going to reopen. I'm pretty sure
they're just buying time because they know as soon as they're not going to
reopen we're going to have to get a settlement and I think they just don't
want us to take them to court," the employee told KATV.

What happened to The Heritage Company is not an isolated incident.  Over the
past two years, there have been many cases where smaller companies decided
to shut down for good, lacking the funds to pay a ransom demand to get their
data back or lacking the funds needed to rebuild their IT infrastructure.

For example, in April 2019, doctors at a medical practice office in Michigan
decided to shut down their business and retire one year ahead of schedule,
rather than deal with the fallout from a ransomware infection.

Similarly, a second medical office, based in Simi Valley, California,
reached the same conclusion in September 2019, deciding to shut down all
operations after they were infected with ransomware a month before and
lacked the funds to pay the ransom.

Fresh Cambridge Analytica leak 'shows global manipulation is out of control' (Carole Cadwalladr)

Dewayne Hendricks <>
January 5, 2020
Company's work in 68 countries laid bare with release of more than 100,000

Jan 4 2020

An explosive leak of tens of thousands of documents from the defunct data
firm Cambridge Analytica is set to expose the inner workings of the company
that collapsed after the Observer revealed it had misappropriated 87 million
Facebook profiles.

More than 100,000 documents relating to work in 68 countries that will lay
bare the global infrastructure of an operation used to manipulate voters on
“an industrial scale'' is set to be released over the next months.

It comes as Christopher Steele, the ex-head of MI6's Russia desk and the
intelligence expert behind the so-called *Steele dossier* into Trump's
relationship with Russia, said that while the company had closed down, the
failure to properly punish bad actors meant that the prospects for
manipulation of the US election this year were even worse.

The release of documents began on New Year's Day on an anonymous Twitter
account, @HindsightFiles, with links to material on elections in Malaysia,
Kenya and Brazil. The documents were revealed to have come from Brittany
Kaiser, an ex-Cambridge Analytica employee turned whistleblower, and to be
the same ones subpoeaned by Robert Mueller's investigation into Russian
interference in the 2016 presidential election.

Kaiser, who starred in the Oscar-shortlisted Netflix documentary The Great
Hack, decided to go public after last month's election in Britain. “It's so
abundantly clear our electoral systems are wide open to abuse,'' she
said. “I'm very fearful about what is going to happen in the US election
later this year, and I think one of the few ways of protecting ourselves is
to get as much information out there as possible.''

The documents were retrieved from her email accounts and hard drives, and
though she handed over some material to parliament in April 2018, she said
there were thousands and thousands more pages which showed a “breadth and
depth of the work'' that went “way beyond what people think they know about
=98the Cambridge Analytica scandal'''.

Steele made a rare public intervention to comment on the leaks. He said that
while he didn't know what was in them, the context couldn't be more
important because “on our current trajectory these problems are likely to
get worse, not better, and with crucial 2020 elections in America and
elsewhere approaching, this is a very scary prospect. Something radical
needs to be done about it, and fast.''

He said authorities in the west had failed to punish those practising social
and other media manipulation, and “the result will be that while CA may
have been exposed and eventually shut down, other, even more sophisticated
actors will have been emboldened to interfere in our elections and sow
social divisions''.

Kaiser said the Facebook data scandal was part of a much bigger global
operation that worked with governments, intelligence agencies, commercial
companies and political campaigns to manipulate and influence people, and
that raised huge national security implications.

The unpublished documents contain material that suggests the firm was
working for a political party in Ukraine in 2017 even while under
investigation as part of Mueller's inquiry and emails that Kaiser says
described how the firm helped develop a “sophisticated infrastructure of
shell companies that were designed to funnel dark money into politics''.

“There are emails between these major Trump donors discussing ways of
obscuring the source of their donations through a series of different
financial vehicles. These documents expose the entire dark money machinery
behind US politics.'' The same machinery, she says, was deployed in other
countries that Cambridge Analytica worked in, including, she claims,

Emma Briant, an academic at Bard College, New York, who specialises in investigating propaganda and has had access to some of the documents for research, said that what had been revealed was “the tip of the iceberg''.

Re: What happens if your mind lives forever on the Internet? (Rees and Shapir, RISKS-31.52)

Martin Ward <>
Sun, 5 Jan 2020 15:21:59 +0000
Re: Rees:

The point of the Turing Test is to determine if a machine can think like a
human being, *not* to attempt to fool people into believing that the machine
is intelligent (when it actually is not).  Cases where people were fooled
into thinking that they were talking to a person, when they did not know
that it was possible that they were talking to a machine, are therefore

Re: Shapir:

If the aim is to "fool people", then the the AI developers will be hardest,
if not impossible, to fool (as you assert).

If, however, the aim is to develop an intelligent machine, using the Turing
Test as the best method of testing that we have devised so far, then the AI
developers should be *easiest* to be convinced: they have programmed
behaviour into the system which they believe is actual intelligent thinking,
as similar as possible to real human thinking, so if the machine cannot
convince them, then it is unlikely to convince anyone else!  To convince the
creators, the program would have to exhibit behaviour beyond any specific
responses programmed into it: this is simply a basic requirement for any
real AI.

I suspect that Amos is correct in his opinion that "no AI program could ever
fool the people who create it": but if he is correct, then the reason is
that AI is impossible, not that the goal posts keep being moved. If the AI
program cannot convince the people who created it then, a fortiori, it
cannot convince the ordinary person, and it is not an intelligent machine.

Please report problems with the web pages to the maintainer