Please try the URL privacy information feature enabled by clicking the flashlight icon above. This will reveal two icons after each link the body of the digest. The shield takes you to a breakdown of Terms of Service for the site - however only a small number of sites are covered at the moment. The flashlight take you to an analysis of the various trackers etc. that the linked site delivers. Please let the website maintainer know if you find this useful or not. As a RISKS reader, you will probably not be surprised by what is revealed…
https://arstechnica.com/tech-policy/2020/04/us-senate-tells-members-not-to-use-zoom/
[We hope they are using zoom.gov, not zoom (with some of its servers in China)
https://www.macrumors.com/2020/04/14/zoom-accounts-sold-on-dark-web-hacker-forums/
Sixty-four-year-old lands in field after grabbing ejection handle to steady himself, French air investigators find
https://www.newyorker.com/magazine/2020/04/20/do-some-surgical-implants-do-more-harm-than-good
A sobering read on a frequently reported comp.risks subject. Caveat emptor, especially for those in the US subject to an overly corporate-friendly medical device regulatory system.
Best to read up on the device your surgeon advocates BEFORE undergoing elective surgery. Ask questions about device implant safety: infection risk, tissue perforation risk, historical injury or malfunction trends, any monetary incentive they receive for promoting the recommended device, etc. Any evidence of historical device efficacy and patient outcome NOT prepared or sponsored by the manufacturer?
Wade Rousch, Scientific American, May 2020, p.26
“In the speech-recognition business, 95 percent accuracy might as well be zero.” That's 1 of every 20 words erroneously transcribed automatically.
'ASR systems may never reach 100 percent accuracy. After all, humans do not always speak fluently, even in their native languages. And speech is so full of homophones that comprehension always depends on context. (I have seen transcription services render ‘iOS’ as ‘ayahuasca’—and ‘your podcast’ as ‘your punk ass’.
A misplaced comma in a business document can dramatically affect legal judgment. Proofreading remains an important editorial function. (see https://www.bbc.com/worklife/article/20180723-the-commas-that-cost-companies-millions .)
Risk: Over-reliance on ASRaaSWP—automated speech recognition as a service without proofreading.
In contrast to ASR, https://www.nytimes.com/2020/04/08/technology/ai-transcription-human-services.html testifies to the effectiveness of human-driven transcription. Subject matter comprehension, contextual awareness, and conversational immersion elevate transcription quality. These factors are substantially out-of-reach for ASR.
The technological race to improve ASR, and retire human transcription, reminds me of “John Henry” per https://en.wikipedia.org/wiki/John_Henry_(folklore). Perhaps an undiscovered Agatha Christie story entitled “Death by Transcription” offers a post-mortem?
Draper James had a well-intentioned giveaway. But it went very wrong.
https://www.nytimes.com/2020/04/15/fashion/reese-witherspoon-draper-james-coronavirus.html
Five years ago, the Department of Defense set dozens of security hygiene goals. A new report finds that it has abandoned or lost track of most of them.
https://www.wired.com/story/pentagon-cybersecurity-blind-spots/
https://prospect.org/mapping-corruption-interactive
The Trump administration has brought its brand of corruption and self-dealing to every agency in the federal government, and it's hard for anyone to keep on top of it all. We've mapped it out for you. Click on any agency building below, and unlock an extensive dossier of the activities happening inside.
Accompanying article by Jim Lardner, April 9, 2020: https://prospect.org/power/mapping-corruption-donald-trump-executive-branch/
Davey Winde, Forbes 7 Apr 2020 via ACM TechNews, 13 Apr 2020
A BlackBerry research and intelligence team said five Chinese advanced persistent threat groups have long been attacking Linux servers that “comprise the backbone of the majority of large data centers responsible for the some of the most sensitive enterprise network operations.” Particularly worrying is evidence of the attackers using a previously undocumented Linux malware toolkit including at least two kernel-level rootkits and three backdoors, actively deployed since March 13, 2012. Analysis associated this toolkit with one of the largest Linux botnets ever found, with a significant number of organizations likely infected. Targets include Red Hat Enterprise, CentOS, and Ubuntu Linux environments for purposes of cyber-espionage and intellectual property theft, with researchers describing Linux defensive capabilities as immature at best. Former U.K. Military Intelligence Colonel Philip Ingram said mitigating such exploits entails “treating [the threats] as if they are … as much a threat as any other operating system.” https://www.forbes.com/sites/daveywinder/2020/04/07/linux-security-chinese-state-hackers-have-compromised-holy-grail-targets-since-2012/#7ec5d33b2086
As Washington tries to take China, Russia, and India to task, these nations are mounting defenses in the name of ‘cybersovereignty’.
The US and other democratic states don't engage in many of the Chinese or Russian activities that so worry policymakers in Washington, like intellectual property theft. Clearly, these behaviors directly contradict what many countries deem to be fair trade practices. But some issues, like data localization mandates and data security regulations, are bound to receive more domestic focus from the US and its democratic allies and partners. How American policymakers reconcile these facts when addressing perceived digital trade barriers elsewhere—all the while combatting [*] false equivalencies is crucial for digital diplomacy and trade going forward.
https://www.wired.com/story/the-us-is-waging-war-on-digital-trade-barriers/
Munsif Vengattil and Ayanti Bera, Reuters, 7 Apr 2020 via ACM TechNews, 13 Apr 2020
California's Department of Motor Vehicles has authorized an autonomous technology startup to test two driverless delivery vehicles in nine cities. Startup Nuro will use its driverless low-speed R2 vehicle to begin conducting deliveries with local retail partners. The startup has been testing autonomous vehicles with safety drivers on the state's roads since 2017. Said Nuro's David Estrada, “Our R2 fleet is custom-designed to change the very nature of driving, and the movement of goods, by allowing people to remain safely at home while their groceries, medicines, and packages, are brought to them.” In February, Nuro was granted permission by the National Highway Traffic Safety Administration to deploy up to 5,000 low-speed electric delivery vehicles without any human controls in Houston. https://www.reuters.com/article/us-nuro-autonomous/california-allows-startup-nuro-to-test-driverless-delivery-vehicles-idUSKBN21P399
https://gizmodo.com/couple-fined-for-violating-lockdown-after-posting-old-v-1842855076
Without calibrated biochemical sensor input and feedback, trusting this app to accurately calculate and/or predict a biological function is more like roulette. As Mad Magazine's Alfred E. Neuman profoundly stated, “What, me worry?”
Earlier this month I received an email purporting to be an offer from UCSF (a premier medical school/hospital in on the US West Coast) to access information about COVID-19 through a third party (Emmi Solutions, LLC — emmi in the sequel). Clicking on the appropriate “personalized code” button landed on a sparse webpage that demanded my date of birth (DOB), so I stopped.
Being about COVID-19, and associated with UCSF, this seems to be nice example of the counterpart of a typical RISK: the legitimate email/website causes more harm than if they were malicious!
To wit:
The style and content of the email message train recipients into vulnerability to malicious emails/websites, by exposing them to red flags that turn out to be harmless.
Red flags include:
Roti is a South Asian, Indian subcontinent flat bread usually stuffed with curry. Delicious.
This robot stamps them out, fully baked and ready-to-eat on command. According to the manufacturer's website, The Rotimatic is “The world's most popular food robot.”
Why is this kitchen gizmo WiFi-enabled? Convenience? To sustain business revenue via subscription maintenance?
Risks: Botnet co-option and kitchen fire from thermal runaway-initiated malware sabotage.
This is a message from Fairfax (VA) Alerts
There are reports of intermittent issues making wireless calls with all wireless carriers within the last hour. If you receive a busy signal when you use your wireless phone for an emergency call, you can send a text to 911 message, or use a landline phone. You can continue to try and make contact with your wireless phone also.
[via Dave Farber]
Having seen the reality of the app proposed for our [UK] NHS, and the great distance between our public health folks' assumptions and those of assorted tech companies and academics proposing private contact tracing, I blogged about the issue:
https://www.lightbluetouchpaper.org/2020/04/12/contact-tracing-in-the-real-world/
The time for contact tracing is past, for this wave. If we're going to use it next wave then the 5,000 public-health officers on the UK local government payroll won't be anything like enough. But we have a couple of million people being paid by the government to do nothing. If we follow the South Korean / Taiwanese example we'll want to start training lots of them. It's important not to distract policymakers from that decision by offering techno-magical promises on which we cannot deliver.
There have recently been several proposals for pseudonymous contact tracing, including from Apple and Google. To both cryptographers and privacy advocates, this might seem the obvious way to protect public health and privacy at the same time. Meanwhile other cryptographers have been pointing out some of the flaws.
There are also real systems being built by governments. Singapore has already deployedand open-sourced one that uses contact tracing based on bluetooth beacons. Most of the academic and tech industry proposals follow this strategy, as the obvious way to tell who's been within a few metres of you and for how long. The UK's National Health Service is working on one too, and I'm one of a group of people being consulted on the privacy and security. […]
https://www.icann.org/news/blog/keeping-the-dns-secure-during-the-coronavirus-pandemic
The role of the ICANN community, Board, and organization in maintaining a secure, stable, and unified Internet has always been important, but at this time, when reliance on the Internet has skyrocketed, our collective role has become all the more vital. ICANN's mission frames our concern about cybercriminals who are exploiting the pandemic by perpetrating scams and victimizing Internet users. Some are selling phony cures, treatments, and vaccines. Some are using domain names as part of their efforts to prey on people at this time when many are experiencing anxiety, fear, and loneliness.
‘Weitzner said the Bluetooth concept works by identifying proximity, not location. “We don't need to know where you were close to someone, just that you were close to someone,” he said.’
Common wisdom says that ‘close’ only counts for horseshoes and tossing hand grenades.
Pandemic contact tracing, and proximity notification alerts, relies on human civility and restraint. People are timorous, and on high-alert given community spread potential. While social distancing protocols are generally deployed and enforced, there's little risk of a riot.
A crowd of people protesting lock-down or other confinement restriction who receive a proximity alert notification, given COVID-19 serological test latency or a false-positive test result, might turn ugly very quickly.
EDRi-gram 18.7, 15 April 2020
https://edri.org/emergency-responses-to-covid-19-must-not-extend-beyond-the-crisis/
Among other things you read:
“On 19 March 2020, the [Poland] efforts to tackle the spread of coronavirus received widespread attention when the government announced the use of a 'Civil Quarantine' app which they explained would require people in quarantine to send geo-located selfies within 20 minutes of receiving an alert - or face a visit from the police. according to the announcement, the app even uses controversial facial recognition technology to scan the selfies. Early in April, the Polish government looked to make the use of the app mandatory”
and
“The UK's Coronavirus Act was passed on 25 March 2020, giving the UK government a suite of extraordinary powers for a period of 2 years. [ … ] The UK has also come under fire for the sharp rise in disproportionate police responses since the introduction of the Bill, including stopping people from using their own gardens or using drones to chastise dog walkers. If not properly limited by law, these powers (and their abuse) have the potential to continue in ordinary times, further feeding the government's surveillance machine.”
COVID-19 pandemic adversely affects digital rights in the Balkans https://edri.org/covid-19-pandemic-adversely-affects-digital-rights-in-the-balkans/
Among other things you read:
“Governments in Montenegro and Moldova made public the personal health data of people infected with COVID-19, while official websites and hospital computer systems suffered cyber-attacks in Croatia and Romania. Some countries like Slovakia are considering lifting rights enshrined under the EU General Data Protection Regulation (GDPR), while Serbia imposed surveillance and phone tracking to limit freedom of movement.”
and
“In neighboring Montenegro, the National Coordination Body for Infectious Diseases decided to publish the names and surnames of people who must undergo quarantine online, after it determined that certain persons violated the measure, and as a result ‘exposing the whole Montenegro to risk.’”
https://arstechnica.com/gadgets/2020/04/remote-work-lagging-if-you-cant-plug-it-in-upgrade-to-mesh/
Tyler Durden, ZeroHedge, 13 Apr 2020 <https://www.zerohedge.com/geopolitical/new-cdc-study-shows-coronavirus-can-survive-hours-floors-walls-shoes>
A preview of a new study: <https://wwwnc.cdc.gov/eid/article/26/7/20-0885_article> by the US Centers for Disease Control and Prevention - the CDC, for short - released last night offers some distressing news for health-care workers, as well as their families, partners and friends: New research suggests that nurses, doctors and others can track the virus out of the ward and into another - perhaps a more public, or less well-protected - environment, helping to spread the disease in a new way that public health officials haven't really considered.
The study, entitled “Aerosol and Surface Distribution of Severe Acute Respiratory Syndrome Coronavirus 2 in Hospital Wards, Wuhan, China, 2020”, was conducted in two wards at Wuhan's Huoshenshan Hospital by large team of Chinese researchers back in February and March. Though the team insisted that “respiratory droplets and close contact” remain the primary vectors for the disease, the possibility for hospital workers to transmit the virus on their shoes and clothes wasn't really well understood, until now.
And unfortunately, if the data are confirmed, it would suggest that wards where coronavirus patients are treated are literally crawling with the virus, placing these health-care workers at extremely high risk for infection.
According to the research, “94% of swabs taken from the ICU floor and 100% of swabs taken from one of the general wards used to treat patients with severe symptoms tested positive for coronavirus.”
Here's a summary of the research that describes how the GW and ICU were found to have the highest levels of the virus present on the floors and walls, as well as in the air. The rate of positivity was higher for the ICU than the GW, which makes sense.
Even samples taken from the floor in the nearby hospital pharmacy showed 'weak positive' for the virus. Patients are not allowed in the pharmacy, meaning there's only one way the samples could have gotten there.
From February 19 through March 2, 2020, we collected swab samples from potentially contaminated objects in the ICU and GW as described previously. The ICU housed 15 patients with severe disease and the GW housed 24 patients with milder disease. We also sampled indoor air and the air outlets to detect aerosol exposure. Air samples were collected by using a SASS 2300 Wetted Wall Cyclone Sampler at 300 L/min for of 30 min. We used sterile premoistened swabs to sample the floors, computer mice, trash cans, sickbed handrails, patient masks, personal protective equipment, and air outlets. We tested air and surface samples for the open reading frame (ORF) 1ab and nucleoprotein (N) genes of SARS-CoV-2 by quantitative real-time PCR.
Almost all positive results were concentrated in the contaminated areas (ICU 54/57, 94.7%; GW 9/9, 100%); the rate of positivity was much higher for the ICU (54/124, 43.5%) than for the GW (9/114, 7.9%) (Tables 1, 2). The rate of positivity was relatively high for floor swab samples (ICU 7/10, 70%; GW 2/13, 15.4%), perhaps because of gravity and air flow causing most virus droplets to float to the ground. In addition, as medical staff walk around the ward, the virus can be tracked all over the floor, as indicated by the 100% rate of positivity from the floor in the pharmacy, where there were no patients. Furthermore, half of the samples from the soles of the ICU medical staff shoes tested positive. Therefore, the soles of medical staff shoes might function as carriers. The 3 weak positive results from the floor of dressing room 4 might also arise from these carriers. We highly recommend that persons disinfect shoe soles before walking out of wards containing COVID-19 patients.
The authors suggested that “air flow” and the forces of gravity might be responsible for moving the samples to the floors and the walls.But this certainly doesn't bode well for anybody arguing that the subway and restaurants will be able to go quickly back to normal, since an asymptomatic diner can leave the virus at their table for the next customer to pick up even if the table sits empty for hours - or even overnight.
Liza Lin, Timothy W. Martin, Dasl Yoon, et al., The Wall Street Journal, 15 Apr 2020, via ACM TechNews, Friday, April 17, 2020
Governments worldwide are using digital surveillance technologies to track the spread of the coronavirus pandemic, raising concerns about the erosion of privacy. Many Asian governments are tracking people through their cellphones to identify those suspected of being infected with COVID-19, without prior consent. European countries are tracking citizens' movements via telecommunications data that they claim conceals individuals' identities; American officials are drawing cellphone location data from mobile advertising firms to monitor crowds, but not individuals. The biggest privacy debate concerns involuntary use of smartphones and other digital data to identify everyone with whom the infected had recent contact, then testing and quarantining at-risk individuals to halt the further spread of the disease. Public health officials say surveillance will be necessary in the months ahead, as quarantines are relaxed and the virus remains a threat while a vaccine is developed. https://www.wsj.com/articles/coronavirus-paves-way-for-new-age-of-digital-surveillance-11586963028?mod=itp_wsj&ru=yahoo
EXCERPT:
The purpose of this FEMA page is to help the public distinguish between rumors and facts regarding the response to coronavirus (COVID-19) pandemic. Rumors can easily circulate within communities during a crisis.
Do your part to the stop the spread of disinformation by doing three easy things:
Always go to trusted sources of information like coronavirus.gov or your state and local government's official websites or social media accounts for instructions and information specific to your community.
For more information on the coronavirus, please visit coronavirus.gov <https://www.coronavirus.gov/>. You can also visit our coronavirus (COVID-19) response <https://www.fema.gov/coronavirus> page for more updates on the federal response. Follow state and local officials as well for instructions and information specific to your community. […] https://www.fema.gov/coronavirus-rumor-control
So I just got a robot call from the NYC Department of Health in regards to C-19.
Aside from the misleading info in it, and no way to ask it to “repeat”, and lots of fadeouts…
T-Mobile flagged it as a “scam likely”.
Yes. Really
photo of the Caller ID/Name:
http://www.dburstein.com/images/nyc-doh.jpg
about 3 meg
In security, we know that there are errors that are false positives, and errors that are false negatives, and that both can create problems.
At the moment, everybody is eagerly looking forward to serology tests for CoVID-19. These are tests (usually blood tests) that determine if you have antigens or antibodies related to defence against the SARS-CoV-2 virus.
At least, they try to determine that. Because, well, errors.
A good article on this is available at NPR. https://www.npr.org/sections/health-shots/2020/04/15/834497497/antibody-tests-for-coronavirus-can-miss-the-mark
If you want the tl:dr version:
If the test has 99% specificity, and you live in an area where only 1% of the population is actually infected, then when you get a “positive” test, and are reassured that you are immune, you actually only have a 50/50 chance that you encountered the virus, and do have any defence. (In BC, where I live, the infection rate is about .03%, so the chance that a positive test is of any use at all is far worse.)
The purpose of contrarian writing is to promote discussion. Slade has certainly done so, and thus perhaps it has achieved its purpose. In particular, it is important to question significant controls proposed by major bodies based upon scientific fact (with the caveat, that Julian Bradfield <jcb@inf.ed.ac.uk> observed, “in so far as there any ‘facts’ in such a fast-moving situation”.)
I would also like to call into question the “six feet of separation” rule. I get that we are talking large droplet transmission, and sneezing runs the risk of transmission of droplets onto the clothes or other surfaces—but then, we are touching possibly contaminated surfaces anyways. Are there studies to support this, or is this just tied to a convenient number similar to ‘six feet under’?
It seems like these are good questions to ask and resolve for the next pandemic.
I'd imagine that the political class is terrified by the prospect of immediate transparency. It seems that the legislative process has been designed to hide their more despicable actions behind voice votes. Doing things remotely would require them to actually cast a vote (aye or nay) which would be recorded and immediately visible to their constituency.
It's my understanding that a favorite ploy in the US Congress, especially for unpopular legislation, is to do it late on a Friday night right before a recess, with only a few members (maybe 3) present in the chamber and the gallery (both public and press) empty. If a majority then voice vote aye it passes.
Then there is when a bill is passed, a clerk walks the original (marked up with any floor passed amendments) to somewhere where it will be printed. Apparently at this point its not unheard of for additional pages to be inserted. Once it's been printed as a law, someone (press or public) notes these new provisions and asks where they came from, with the typical response being we don't know.
Over the years I've read news reports describing the above, but google isn't cooperating in locating them.
> Nothing wrong with stimulating curiosity in young people. Imagine a > 13-year-old from Poughkeepsie, NY who could author a quantum programming > language solution that calculates the Fermi surface of iron! “That's my > little girl!”
I've been to Poughkeepsie. Would that be the daughter of an IBM computer design engineer, or an unusually young Vassar student? [Most likely. PGN]
Please report problems with the web pages to the maintainer
