The RISKS Digest
Volume 32 Issue 54

Saturday, 13th March 2021

Forum on Risks to the Public in Computers and Related Systems

ACM Committee on Computers and Public Policy, Peter G. Neumann, moderator

Please try the URL privacy information feature enabled by clicking the flashlight icon above. This will reveal two icons after each link the body of the digest. The shield takes you to a breakdown of Terms of Service for the site - however only a small number of sites are covered at the moment. The flashlight take you to an analysis of the various trackers etc. that the linked site delivers. Please let the website maintainer know if you find this useful or not. As a RISKS reader, you will probably not be surprised by what is revealed…


Faulty Software Snarls Sign-Ups for Vaccinations
Kellen Browning
Security startup Verkada hack exposes 150,000 security cameras in Tesla factories, jails, hospitals, hospitals, etc.
Kia Recalls 380,000 Vehicles Over Fire Risk
Coors long outage due to ransomware
ZDNet via Tom Van Vleck
CRA to lock over 800,000 taxpayers out of online accounts tomorrow
Linus Torvalds fixes ‘double ungood’ Linux kernel bug
The Accellion breach keeps getting worse and more expensive
T-Mobile to Step Up Ad Targeting of Cellphone Customers
Experts brace for wave of hacks tied to Microsoft email vulnerabilities
Microsoft took nearly two months to issue a patch after hearing of Exchange Server's flaws, even as a mass-hack unfolded; some of the flaws were 10+ years old
Krebs on Security
Man Sues Hertz Over Lost Receipt That Was His Murder Alibi
Four new hacking groups have joined an ongoing offensive against Microsoft's email servers
Technology Review
Study of auto recalls shows carmakers delay announcements until they ‘hide in the herd’
How to poison the data that Big Tech uses to surveil you
Technology Review
Pandemic Forces FDA to Sharply Curtail Drug Company Inspections
Russian Disinformation Campaign Aims to Undermine Confidence in Pfizer, Other Covid-19 Vaccines, U.S. Officials Say
Some turned away from Danvers mass vaccination site because of glitch
The Boston Globe
Introducing Deep Nostalgia: Animate the Faces in Your Family Photos
Re: Software Bug Keeping Hundreds Of Inmates In Arizona Prisons Beyond Release Dates
Amos Shapir
Re: Israel adopts law allowing names of unvaccinated to be shared
Amos Shapir
Re: Computers get Sundays off?
Amos Shapir
Re: His Lights Stayed on During Texas's Storm. Now He Owes $16,752
Amos Shapir
Re: Vintage technology: ‘It sounds so much cleaner’
David Damerell Martin Ward A Micael W Bacon
Re: Incorrect train simulator a factor in train crash
Clive Page
Re: Spy agencies have big hopes for AI
Henry Baker
Re: Farms are going to need different kinds of robots
Martyn Thomas Henry Baker Richard Stein
Re: Google will remove facts if they think they're harmful
Henry Baker
Re: Too much choice is hurting America
henry Baker Richard Stein
Re: Boeing 777 PW4000 engine problems
Peter Bernard Ladkin
Allan McDonald Dies at 83; Tried to Stop the Challenger Launch
Info on RISKS (comp.risks)

Faulty Software Snarls Sign-Ups for Vaccinations (Kellen Browning)

Peter Neumann <>
Sat, 13 Mar 2021 10:21:54 PST

The New York Times, 13 Mar 2021

Large software systems have often been problematic for companies and governments. … crashed early on. … Virginia's VAMS system was too confusing for older adults. … PrepMod had problems too. … Many state officials have switched software providers, only to see little or no improvements. In California, tech mishaps have allowed ineligible people to snatch up appointments. Massachusetts … crashing websites. Some North Carolina residents are eschewing online sign-ups entirely, instead engaging in a vaccine free-for-all.
“You're basically building and testing data systems on the fly as millions of people are trying to find vaccines.” [Claire Hannan, executive director of the Association of Immunization Managers]

Everyone else mentioned in this roughly half-page article gets dinged for one problem or another, including Microsoft, Deloitte, Salesforce, MyTurn (which offered more appointments than available vaccines), and more. Perhaps the past 12 months could have been used to anticipate some of these problems, but then that is only 20-20 hindsight. [PGN]

Security startup Verkada hack exposes 150,000 security cameras in Tesla factories, jails, hospitals, etc. (Bloomberg)

Lauren Weinstein <>
Tue, 9 Mar 2021 15:33:15 -0800

Verkada, a Silicon Valley security startup that provides cloud-based security camera services, has suffered a major security breach. Hackers gained access to over 150,000 of the company's cameras, including cameras in Tesla factories and warehouses, Cloudflare offices, Equinox gyms, hospitals, jails, schools, police stations, and Verkada's own offices, Bloomberg reports.

Kia Recalls 380,000 Vehicles Over Fire Risk (NYIimes)

Gabe Goldberg <>
Wed, 10 Mar 2021 18:34:05 -0500

A concern over fire risk for nearly 380,000 Kia Sportage and Cadenza vehicles is underscored by the National Highway Traffic Safety Administration.

On its website, Kia describes the Sportage, which has a starting price around $24,000, as having a ‘coupe-like profile and athletic stance’. The Cadenza, a full-size sedan, is ‘a step toward luxury’, Kia says on its site, with a starting cost of around $38,000.

Affected car owners can bring their vehicles to a Kia dealer to have the problem fixed, federal officials said. In affected Sportage vehicles, dealers can replace certain fuses in the electrical junction box, and update the hydraulic electronic control unit software, the agency said. In affected Cadenza vehicles, it said, a new fuse kit containing a 25A fuse can be installed, replacing a kit containing a 40A fuse.

In addition to seeing warning lights, drivers of affected vehicles may detect a ‘burning/melting odor’ or see ‘smoke from engine compartment’ the agency said in a safety recall report.

Coors long outage due to ransomware

Tom Van Vleck <>
Fri, 12 Mar 2021 17:23:40 -0800

CRA to lock over 800,000 taxpayers out of online accounts tomorrow

“Matthew Kruk” <>
Fri, 12 Mar 2021 16:18:17 -0700

The Canada Revenue Agency says it will lock more than 800,000 taxpayers out of its online platform tomorrow after an investigation revealed that some usernames and passwords may have been obtained by “unauthorized third parties.”

The agency said the move is a precautionary cybersecurity measure and is being taken after a similar action in February, when over 100,000 accounts accounts were locked.

“Like the accounts that were locked in February, these user IDs and passwords were not compromised as a result of a breach of CRA's online systems. Rather, they may have been obtained by unauthorized third parties and through a variety of means by sources external to the CRA,” said CRA in a news release.

Linus Torvalds fixes ‘double ungood’ Linux kernel bug (ZDNet)

Gabe Goldberg <>
Fri, 12 Mar 2021 14:41:25 -0500

Well, that was embarrassing. Linus Torvalds' first release candidate for the Linux kernel 5.12 included a show-stopping bug. After shutting down that release, Torvalds has launched a new version of 5.12, which doesn't include the mistake.

The Accellion breach keeps getting worse and more expensive (WiReD)

Gabe Goldberg <>
Wed, 10 Mar 2021 18:32:01 -0500

What started as a few vulnerabilities in firewall equipment has snowballed into a global extortion spree.

T-Mobile to Step Up Ad Targeting of Cellphone Customers (WSJ)

Gabe Goldberg <>
Tue, 9 Mar 2021 16:02:56 -0500

Wireless carrier tells subscribers it could share their masked browsing, app data and online activity with advertisers unless they opt out

A T-Mobile spokeswoman said the changes give subscribers advertising that aligns with their interests. “We've heard many say they prefer more relevant ads so we're defaulting to this setting,”

How thoughtful, allowing opting out. I wonder how many clicks are required.

Experts brace for wave of hacks tied to Microsoft email vulnerabilities (

geoff goodfellow <>
Sun, 7 Mar 2021 14:20:10 -1000

The White House and cybersecurity experts are bracing for a wave of intrusions tied to the Microsoft software vulnerabilities exposed this week, with some warning that other hackers may already have found the flaws used by alleged Chinese spies to penetrate networks across the Internet.

On Friday, White House press secretary Jen Psaki warned that the vulnerabilities found in Microsoft Corp's widely used Exchange servers were “significant,” and “could have far-reaching impacts.”

“We're concerned that there are a large number of victims,” Psaki said.

The China-linked hacking activity appears to have been discovered in January. Wielding tools that exploited four previously unknown vulnerabilities, a group that Microsoft dubs “Hafnium” broke in to email servers, remotely and silently siphoning information from users' inboxes without having to send a single malicious email or rogue attachment.

Sean Koessel, of Virginia-based cybersecurity firm Volexity, said his firm has caught the hackers using the technique to steal emails from three different U.S. think tanks, which he declined to identify. But while that was consistent with classic digital spy work - it seemed restrained and deliberate - a sudden and dramatic upswing in activity during the final two days of February led him to conclude that other hackers have piled in behind them. […]

Microsoft took nearly two months to issue a patch after hearing of Exchange Server's flaws, even as a mass-hack unfolded; some of the flaws

geoff goodfellow <>
Mon, 8 Mar 2021 10:30:04 -1000

A Basic Timeline of the Exchange Mass-Hack

Sometimes when a complex story takes us by surprise or knocks us back on our heels, it pays to revisit the events in a somewhat linear fashion. Here's a brief timeline of what we know leading up to last week's mass-hack, when hundreds of thousands of Microsoft Exchange Server systems got compromised and seeded with a powerful backdoor Trojan horse program <> . When did Microsoft find out about attacks on previously unknown vulnerabilities in Exchange?. […]

Man Sues Hertz Over Lost Receipt That Was His Murder Alibi (NYTimes)

Monty Solomon <>
Thu, 11 Mar 2021 21:45:39 -0500

He spent four years imprisoned on a murder conviction before the car rental company finally located a receipt showing he was nowhere near the scene of the 2011 killing in Michigan.

Four new hacking groups have joined an ongoing offensive against Microsoft's email servers (Technology Review)

geoff goodfellow <>
Sun, 7 Mar 2021 14:28:13 -1000

Chinese hackers targeting Microsoft Exchange servers were joined by a feeding frenzy of other adversaries this week.

A Chinese government-linked hacking campaign revealed by Microsoft this week has ramped up rapidly. At least four other distinct hacking groups are now attacking critical flaws in Microsoft's email software in a cyber-campaign the US government describes as “widespread domestic and international exploitation” with the potential to impact hundreds of thousands of victims worldwide.

Beginning in January 2021, Chinese hackers known as Hafnium began exploiting vulnerabilities in Microsoft Exchange servers. But since the company publicly revealed the campaign on Tuesday, four more groups have joined in and the original Chinese hackers have dropped the pretense of stealth and increased the number of attacks they're carrying out. The growing list of victims includes tens of thousands of US businesses and government offices targeted by the new groups.

“There are at least five different clusters of activity that appear to be exploiting the vulnerabilities,” says Katie Nickels, who leads an intelligence team at the cybersecurity firm Red Canary that is investigating the hacks. When tracking cyberthreats, intelligence analysts group clusters of hacking activity by the specific techniques, tactics, procedures, machines, people, and other characteristics they observe. It's a way to track the hacking threats they face.

Hafnium is a sophisticated Chinese hacking group that has long run cyber-espionage campaigns against the United States, according to Microsoft. They are an apex predator—exactly the sort that is always followed closely by opportunistic and smart scavengers.

Activity quickly kicked into higher gear once Microsoft made their announcement on Tuesday. But exactly who these hacking groups are, what they want, and how they're accessing these servers remain unclear. It's possible that the original Hafnium group sold or shared their exploit code or that other hackers reverse engineered the exploits based on the fixes that Microsoft released, Nickels explains. […]

Study of auto recalls shows carmakers delay announcements until they ‘hide in the herd’ (Techxplore)

geoff goodfellow <>
Sun, 7 Mar 2021 14:22:03 -1000

Automotive recalls are occurring at record levels, but seem to be announced after inexplicable delays. A research study of 48 years of auto recalls announced in the United States finds carmakers frequently wait to make their announcements until after a competitor issues a recall—even if it is unrelated to similar defects.

This suggests that recall announcements may not be triggered solely by individual firms' product quality defect <> awareness or concern for the public interest, but may also be influenced by competitor recalls, a phenomenon that no prior research had investigated.

Researchers analyzed 3,117 auto recalls over a 48-year period—from 1966 to 2013—using a model to investigate recall clustering and categorized recalls as leading or following within a cluster. They found that 73 percent of recalls occurred in clusters that lasted 34 days and had 7.6 following recalls on average.

On average, a cluster formed after a 16-day gap in which no recalls were announced. They found 266 such clusters over the period studied.

“The implication is that auto firms are either consciously or unconsciously delaying recall announcements until they are able to hide in the herd,” said George Ball, assistant professor of operations and decision technologies and Weimer Faculty Fellow at the Indiana University Kelley School of Business. “By doing this, they experience a significantly reduced stock penalty from their recall.”

Ball is co-author of the study, “Hiding in the Herd: The Product Recall Clustering Phenomenon,” recently published online in Manufacturing and Service Operations Management, along with faculty at the University of Illinois, the University of Notre Dame, the University of Minnesota and Michigan State University. […]

How to poison the data that Big Tech uses to surveil you

geoff goodfellow <>
Sun, 7 Mar 2021 14:30:25 -1000

Algorithms are meaningless without good data. The public can exploit that to demand change.

Every day, your life leaves a trail of digital breadcrumbs that tech giants use to track you. You send an email, order some food, stream a show. They get back valuable packets of data to build up their understanding of your preferences. That data is fed into machine-learning algorithms to target you with ads and recommendations. Google cashes your data in for over $120 billion a year of ad revenue.

Increasingly, we can no longer opt out of this arrangement. In 2019 Kashmir Hill, then a reporter for Gizmodo, famously tried to cut five major tech giants out of her life. <> She spent six weeks being miserable, struggling to perform basic digital functions. The tech giants, meanwhile, didn't even feel an itch.

Now researchers at Northwestern University are suggesting new ways to redress this power imbalance by treating our collective data as a bargaining chip. Tech giants may have fancy algorithms at their disposal, but they are meaningless without enough of the right data to train on.

In a new paper <> being presented at the Association for Computing Machinery's Fairness, Accountability, and Transparency conference <> next week, researchers including PhD students Nicholas Vincent and Hanlin Li propose three ways the public can exploit this to their advantage:

Pandemic Forces FDA to Sharply Curtail Drug Company Inspections (NYTimes)

Richard Stein <>
Sat, 13 Mar 2021 10:42:52 +0800

“The steep decline in oversight has stalled a number of new drug applications. The agency says it is trying to protect its employees but critics say inspectors should be considered essential workers and do their jobs.”

To prove manufacturing fitness, rigorous inspection—trust but verify — is essential. This implies skilled and independent boots, and keen eyes, to confidently assess and approve acceptance. A pandemic environment, and certain federal industry initiatives (e.g. delegation of self-certification to industry), are known to weaken compliance vigilance.

With fake video and image manipulation techniques widely available, virtual inspections are a dubious substitute.

Adjusting an FDA inspector's employment classification to “essential worker” elevates their health and safety exposure risks during the pandemic. Where's the incentive to motivate their conscientious engagement?

RISKS-31.62 from 11MAR2020 notes suspensions of foreign manufacturer inspections (

The FDA inspector corps FTE, per regulatory jurisdiction for 2008-2019 were acquired via FOIA request are shown in CSV format below. I'll need to submit another FOIA request to acquire inspector FTE for fiscal year 2020.

ORA Investigative FTE by Center (Domestic/Foreign and Import Operations) From Work Plan YEAR,CBER Center for Biologics Evaluation and Research,CDER (Center for Drug Evaluation and Research),CDRH (Center for Devices and Radiological Health),CFSAN (Center for Food Safety and Applied Nutrition),CTP (Center for Tobacco Products),CVM (Center for Veterinary Medicine)

2009,115.1,248.8,214.4,642.8,,91.3 2010,121.0,252.1,231.4,681.9,,89.8
2011,131.0,293.1,243.5,842.1,,91.4 2012,131.1,292.2,243.4,842.6,13.2,91.6

Russian Disinformation Campaign Aims to Undermine Confidence in Pfizer, Other Covid-19 Vaccines, U.S. Officials Say (WSJ)

Dave Farber <>
Tue, 9 Mar 2021 09:38:24 +0900

Russia Fights Skepticism of Its Covid-19 Vaccine With Global Campaign 7 Mar 2021

To counter skepticism over its Covid-19 vaccine, Russia has built a big public-relations effort at home and abroad. WSJ's Georgi Kantchev explains why the success of Sputnik V is so important for the Kremlin. Photo: Juan Mabromata/Agence France-Presse/Getty Images

WASHINGTON—Russian intelligence agencies have mounted a campaign to undermine confidence in Pfizer Inc.'s and other Western vaccines, using online publications that in recent months have questioned the vaccines' development and safety, U.S. officials said.

An official with the State Department's Global Engagement Center, which monitors foreign disinformation efforts, identified four publications that he said have served as fronts for Russian intelligence.

The websites played up the vaccines' risk of side effects, questioned their efficacy, and said the U.S. had rushed the Pfizer vaccine through the approval process, among other false or misleading claims.

Though the outlets' readership is small, U.S. officials say they inject false narratives that can be amplified by other Russian and international media.

“We can say these outlets are directly linked to Russian intelligence services,” the Global Engagement Center official said of the sites behind the disinformation campaign. “They're all foreign-owned, based outside of the United States. They vary a lot in their reach, their tone, their audience, but they're all part of the Russian propaganda and disinformation ecosystem.”

Some turned away from Danvers mass vaccination site because of glitch (The Boston Globe)

Monty Solomon <>
Mon, 8 Mar 2021 10:17:08 -0500

Introducing Deep Nostalgia: Animate the Faces in Your Family Photos (MyHeritage)

Gabe Goldberg <>
Wed, 10 Mar 2021 20:27:20 -0500

Do you sometimes wonder how your ancestors moved, smiled and looked in real life? You can now see your ancestors from generations past like never before!

We're happy to introduce Deep Nostalgia, a groundbreaking new photo feature on MyHeritage that allows you to animate the faces of your loved ones in still photos. This new addition to our suite of photo tools produces a realistic depiction of how a person from an old photo could have moved and looked if they were captured on video.

I can't decide what the risk might be but it seems a bit creepy.

New version of uncanny valley?

Re: Software Bug Keeping Hundreds Of Inmates In Arizona Prisons Beyond Release Dates (RISKS-32.52)

Amos Shapir <>
Mon, 8 Mar 2021 10:06:31 +0200

I assume it didn't occur to anyone at the Arizona Department of Corrections to employ a human being to check who is eligible for an early release; if the computer can't do it, it's much simpler to just ignore it and keep them in prison…

I wonder if these inmates can sue for false imprisonment?

Re: Israel adopts law allowing names of unvaccinated to be shared (RISKS-32.52)

Amos Shapir <>
Mon, 8 Mar 2021 10:45:04 +0200

Such a law became necessary because the implementation of the “Green Tag” handed to vaccinated and recuperating people, is so lame.

The “Green Tag” is supposed to distinguish who can participate in public gatherings like concert halls and stadiums, and be presented as proof of eligibility at the entrance of such venues.

It can be acquired from a site of the Ministry of Health, a week after receiving the 2nd shot, in either of two forms: One is a PDF file, containing just an ID (not even a name) and expiration date, along with a big QR square which contains all necessary info (unlike previous versions, it seems to be digitally signed). It can be printed, or kept on the owner's phone. This assumes that whoever this tag is presented to, has the capacity to scan and decipher the code—which may be true for airports, but not for other venues.

The other (recommended) form, is a phone app which connects to a MOH site and displays information about the current status of COVID19 infection in the area, and when supplied with an ID, checks for Green Tag eligibility. If the answer is positive, it displays only a GIF image of green people walking—and nothing else.

Bouncers at the gates are supposed to let through only those who can present the GIF. Unvaccinated people do not need to hire a hacker to create a copy, the MOH had already done this for you:

Re: Computers get Sundays off? (RISKS-32.52)

Amos Shapir <>
Mon, 8 Mar 2021 11:07:09 +0200

Back in the Good Old Days, you could deposit a check at any branch of your bank; they'd send it to they payer's bank, who'd send it on their internal mail system to his branch, where they'd look up the balance and debit the amount, and then transfer it to your bank, who would credit your account. The process could take up to 5 business days—not including weekends, of course.

Nowadays, you can deposit checks directly from your phone, anywhere, any time. It takes only a few seconds—and then you still have to wait for up to 5 business days, until the check is “cleared”.

Re: His Lights Stayed on During Texas's Storm. Now He Owes $16,752 (RISKS-32.52)

Amos Shapir <>
Mon, 8 Mar 2021 11:23:25 +0200

The risk here is applying the Capitalist algorithm, which may be adequate for businesses, to individual consumers, where it is not. It may well be that Mr. Willoughby had saved over the years on his bill much more than these $16,752, but the trouble is, he doesn't have them available immediately for paying this bill.

Businesses borrow money regularly in the course of their normal operations; they know who could lend to them, and have all the procedures in place to do it whenever they need to. Individual consumers usually do not, which means that even if they can get a loan, it might cost much more.

Businesses may swing freely back and forth through the “zero net worth” point on their balance, but for individuals, it's rock bottom.

Re: Vintage technology: ‘It sounds so much cleaner’ (BBC News)

David Damerell <>
Tue, 9 Mar 2021 14:39:07 +0000
>Funny, backup isn't mentioned. I guess that hadn't been invented yet.

The Psion came with backup software for Windows; these days there are Linux tools to just enable you to mount it as (very slow; 9600 baud serial) external storage.

The real Achilles Heel of the Psion is that the screen cable breaks eventually from folding and unfolding; AFAIK the last company that would retrofit them with more robust ones stopped a few years ago. If Air Vice Marshal Maddison has had his for 23 years, I presume he's had it retrofitted, but lack of availability of parts and spares is the long-term risk for ancient hardware.

I am not looking forward to the day when I have to replace my Series 5mx with a device with a built-in battery which will have a definitely finite lifespan.

Re: Vintage technology: ‘It sounds so much cleaner’ (BBC News)

Martin Ward <>
Sat, 13 Mar 2021 16:08:16 +0000

The Kermit file transfer protocol and software tools were developed in 1981 and Kermit been described as the “most widely ported computer program”: it has been used in the International Space Station.

The Psion 5 has a serial port and, naturally, Kermit has been ported to it:

Re: (Page, RISKS-32.52)

A Michael W Bacon <>
Tue, 9 Mar 2021 10:26:22 +0000

Clive Page (RISKS-32.52) will not need to trouble his physician this year or in the future. Since May 2013, no Yellow Fever booster is necessary after 10 years, the vaccine is recognised by the WHO and internationally as providing immunity for life.

However, in considering vaccination certificates, there are major differences between the booklet which he, and I and others hold, and certification of vaccination against Covid-19 (in the current global situation). In no particular order:

1. Yellow Fever is not person-to-person transmissible; as with malaria, the vector is the mosquito.

Covid is highly transmissible between people, airborne in droplets and aerosols and via surfaces.

2. Possession of a Yellow Fever vaccination certificate benefits the holder in enabling travel from a country where the disease is endemic to another country requiring evidence of vaccination - and there are relatively few of these. It is a requirement for entry (albeit, it might be checked by the carrier at the port of embarkation). Further, it is a requirement at country level.

Covid vaccination certificates are being touted as a facilitation for exit from a country, with holiday companies such as Saga (specialising in cruises and package holidays for older people) insisting on evidence of full vaccination before boarding (when foreign holidays are allowed from the UK). Many airlines are reportedly pressuring governments to make possession of a certificate a condition for boarding (which would relieve them of making it a contractual matter, open to challenge in the courts). Israel's “Green Pass” — a Covid vaccination certificate — is fast becoming a requirement for entry to establishments such a gyms. Such a requirement is being actively promoted by commercial interests in other countries as a way of re-opening businesses that are currently “locked-down”. A (potential) requirement at a building level.

3. The Yellow Fever vaccination certificate is essentially valueless, there is relatively little point in forging one. Certainly in the “First World” (and under normal circumstances) aspiring travelers can arrange to be vaccinated essentially on demand, for a small fee.

Delivery of Covid vaccinations is being rationed, most commonly by age group, starting with the oldest and working backwards to the youngest who will be vaccinated. You will get vaccinated when it's your turn, queue jumping is unlikely. This creates value in forgeries. Consider a family with a booked foreign holiday that is non-refundable: one member is vaccinated before travel, one or more other, younger members are not. There will be a strong incentive to obtain a forged certificate, and they will be available. Under the UK's current vaccination programme, with a 12-week gap between first and second doses of the Oxford-AstraZeneca and Pfizer vaccines, it might well be the end of October before the last of the 20-year-olds is fully vaccinated … having missed their summer partying in Ibiza. Given their oft-demonstrated refusal to recognise the dangers to them and others of maskless massed mixing, a 100-pound (say) forgery might well be attractive to youngsters wanting to take their pleasures as usual. If possession of a certificate becomes a condition of travel, either nationally or internationally, every traveler (possibly excepting the under-20s) will need a certificate. Those who are “vaccine hesitant” or committed anti-vaxxers, but who want to holiday abroad, might be tempted to acquire a forged document.

4. The traveler carries the internationally-recognised paper Yellow Fever vaccination certificate with them. The key information on the certificate is sparse: the holder's name, the date and place of vaccination, and an official rubber-stamp. Essentially there are no privacy issues. Relatively few of the world's population have a certificate.

Current discussions for a Covid vaccination certificate are at an early stage, but at national as well as international level. Israel has already issued its “Green Pass”, whether it is widely acceptable outside the country is untested. The format of an international certificate, whether paper-based or electronic, and the information contained are open to decision. If the certificate is electronic there will be serious questions about personal data and processing outside countries with ‘adequate’ laws; it will need to be readable at all ports of disembarkation - it will take time to install the necessary equipment (think “Least developed countries”). Because of the forgery risk, there will be requirements for validation, raising further questions over data transfer, the location, accessibility, accuracy, completeness, reliability and security of the databases, and what data they contain.

5. Since 2013 the Yellow Fever certificate has been for the life of the holder.

It seems very likely that “booster” Covid inoculations will be required, possibly on an annual basis, as happens in many countries with influenza vaccinations. The certificate will need to be updated each time.

6. Owing to limited demand, Yellow Fever vaccines are not widely held or administered and so certificates are issued by relatively few physicians. The certificate is issued at the time of vaccination.

Covid vaccinations are being given in hospitals, by general practitioners, by pharmacists, by military medics, and en masse in special centres, shopping malls and even car parks. Few countries have a centralised patient record system (Israel does) and the completeness and accuracy of records of who has been vaccinated, with what and how many times, are likely to be variable. With no agreed certificate, most of those immunised have minimal evidence of their vaccination. At a national level, many countries will have incomplete records of who has been vaccinated (increasing the potential for fraud and graft).

7. One vaccine provides immunity against “Yellow Fever”.

There are many variants of Covid-19. There are many Covid vaccines, some requiring two doses. It is currently questionable whether any of the available vaccines provide the same degree of protection against all known variants, and there is no guarantee that current vaccines will offer sufficient or even any protection against future variants. A certificate will likely need to indicate against which variants the holder is protected, especially if they are traveling to a country in which one variant is particularly endemic.

8. A Yellow Fever vaccination certificate holder is not required to quarantine upon return from an infected country, and the chances of a new variant outbreak are seen as vanishingly small, given the virus's stability over a great many years.

An outbreak of a new variant Covid-19 virus somewhere in the traveler's itinerary might very well trigger a requirement for isolation on their return to their home country or arrival in the next country on their itinerary. In the UK that might cost over =C2=A31,700 per person if isolated in a “quarantine hotel”, and loss of earnings / school time whether quarantined there or self-isolated (with family) at home. The evidence of recent months indicates that such an outbreak is not at all unlikely.

9. Being very limited in its population, the Yellow Fever vaccination certificate in no way approaches being an identity document.

A Covid-19 vaccination certificate will likely be required by a majority of the population, indeed might essentially be forced upon them by government or commercial pressures. In such an instance it will become a de facto ID card … something still strongly resisted in many Western countries.

10. A Yellow Fever vaccination certificate is essentially voluntary, the requirement to have one is very limited.

A Covid vaccination certificate could become essentially mandatory, with access to some facilities restricted if one cannot be produced. Some people, for example among the BAME communities, have deep-seated reservations about vaccines in general and professed objections to various Covid vaccines (often because of misconceptions, misinformation and disinformation).

“Like a Yellow Fever certificate” is trotted out by politicians and the media whenever a Covid vaccination certificate is discussed. It is a false comparison that seriously undersells the adverse potential.

Re: Incorrect train simulator a factor in train crash (Brader, RISKS-32.53)

Clive Page <>
Sat, 13 Mar 2021 12:36:08 +0000

I am grateful to Mark Brader for his report in RISKS-32.53 “Confusing computer-interface complexity causes train crash” and have now read the report of the Rail Accident Investigation Branch that he cited. As usual the crash had multiple causes including the relative inexperience of the driver on a newish type of train. But a train simulator issue caught my eye: the immediate cause of the crash was that the driver found he could not enter a new headcode for the short trip from Leeds Station to the maintenance depot and spent 20 seconds grappling with the train management screens when he should have been looking out of the windscreen. While he was distracted his train accelerated much faster than he expected until he was unable to avoid hitting the one in front.

It turns out that the train computer would only accept a new headcode if the button “Check Stops” was used before returning to the home screen. The manuals produced by the train manufacturer, Hitachi, did not make it clear that “Check Stops” had to be used even if there were no intermediate stops. As a result the training manuals were incorrect. Not only that, an App simulating the train management system (produced in the UK) and a full train simulator (produced in France) also misunderstood this point so both would accepted a new headcode without use of the Check Stops button. It is hardly surprising that the driver did not realise that this step was essential.

This raises a more general issue: not only train drivers but also airline pilots rely a great deal on simulators, especially in training them to cope with rare conditions unlikely to happen in normal training flights: for example the activation of the flawed MCAS system on the Boeing 737 MAX, or the icing up of both pitot tubes on an Airbus (which resulted in the AF447 crash off Brazil). The 737 MAX has now been re-certified in many countries but no doubt that is partly because extensive sessions on simulators show that it is now much safer. But what assurance do we have that the simulators are themselves correct?

Re: Spy agencies have big hopes for AI (RISKS-32.53)

Henry Baker <>
Fri, 12 Mar 2021 18:15:51 -0800

Fifty years ago, we computer scientists used to sleep soundly at night, knowing that if all else failed, we could simply pull the plug on an errant computer.

As Russian interference with Ukrainian power grid has shown us, we are long past this solution.

If spy agencies start depending upon “AI” in order to translate languages and spot trends, how do you protect the decision-makers from the spoofing that enables “AI”-powered self-driving vehicles from stopping at fake stop signs or running over real pedestrians/cyclists ?

E.g., how long did it take “terrorists” to learn that drone strikes were 100% correlated with satellite orbits, and how long did it take Russia, China, N Korea, Iran, etc., to modify their satellite “signatures” to avoid raising suspicion ?

Every sensor, whether inanimate or animate, has its limitations, and its output needs to be cross-checked with independently derived information from other independent sources.

With China and the U.S. rushing headlong into this AI-hype future, how long before a war is started based solely upon “AI”-derived information (on both sides) ?

Who cares if there's a person-in-the-middle making the dreaded “go/nogo” decision if the input information is faulty ? The problem won't lie with the decision-maker, but with the information on which his/her decision is based.

WWI was supposedly an “accidental” war, started by <150 people who misunderstood the actions of their counterparts in other countries. Which “AI” has the deep understanding of history to know how “accidental” wars get started?

Re: Farms are going to need different kinds of robots (RISKS-32.53)

Martyn Thomas <>
Sat, 13 Mar 2021 17:06:59 +0000

If precision farming will be worth $12B+ to the global economy by 2027, perhaps a percentage of this should be invested in providing a robust terrestrial backup to the GPS signal, as GPS has a range of known vulnerabilities. Large farms would seem to be attractive targets for a “protection racket” by anyone with a jammer and a balloon.

Re: Farms are going to need different kinds of robots (Stein, RISKS-32.52)

Henry Baker <>
Fri, 12 Mar 2021 17:49:34 -0800

“Precision” aka “vertical” farming got its start when a Columbia University professor challenged his students in 1999. [Wikipedia]

Actually, VF/PF is a good idea, as it trades acreage for technology, and it will eventually win.

The biggest problems for agriculture are weather, water, pests, land, and labor. VF/PF solve all of these problems.

Weather: the farm is indoors, and semi-climate-controlled. Water: the farm is, or can be, sealed, so that water input/output is no longer an issue — a godsend for arid areas. Pests: the farm is indoors, so the influx of pests can be controlled. Land(*): the farm can be vertically stacked, so that large footprints of land are no longer needed. Labor: the racking system is designed with purpose-built robots in mind.

(*) By giving up land, PF/VF now need large amounts of electrical power, which can be generated by massive solar farms elsewhere—thus decoupling the absorption of solar power from the actual farming.

Basically, a PF/VF uses precision LED's to produce optimum light conditions to grow food in areas/latitudes where traditional farms are impossible.

It shouldn't surprise anyone that the leaders in VF today are cannibis growers. Hopefully, they will pay the way for less expensive crops like vegetables.

BTW, we're going to have to get really good a PF/VF if we plan to put any significant number of humans on the Moon or Mars.

Re: Farms are going to need different kinds of robots (Baker, RISKS-32.54)

Richard Stein <>
Sat, 13 Mar 2021 11:20:00 +0800

Thanks for your insight Henry. What did Norman Borlaug, The Father of the Green Revolutio, say about vertical farming?

“I agree fully…in support of agricultural biotechnology, which states that no food products, whether produced with recombinant DNA techniques or more traditional methods, are totally without risk. The risks posed by foods are a function of the biological characteristics of those foods and the specific genes that have been used, not of the processes employed in their development.”

See “Ending World Hunger. The Promise of Biotechnology and the Threat of Antiscience Zealotry,” by Norman E. Borlaug.

Guess he'd be ok with a few bots merged into the food chain despite their vulnerability to malware pests.

Re: Google will remove facts if they think they're harmful (RISKS-32.53)

Henry Baker <>
Fri, 12 Mar 2021 18:29:10 -0800

I've toyed with the thought of setting up a tautology server, which serves up nothing but facts—e.g., the simplest of which would be “$A or not $A”, where “$A” is any statement, whatsoever, for example, “Trump is an idiot” or “Black Lives Matter” or “COVID-19 vaccines aren't harmful”.

The mathematical validity of such ‘facts’ wouldn't matter, of course, to any misinformation detector, as they aren't looking for truth; they are merely looking for a mention—the “Scunthorpe Problem”.

The point of this post is to simply remind people that the general problem of proving some fact wrong is—wait for it—undecidable, so we're going to be waiting a long time for an algorithmic solution to something that isn't amenable to algorithms.

Re: Too much choice is hurting America (RISKS-32.54)

Henry Baker <>
Fri, 12 Mar 2021 19:07:13 -0800

Krugman is proof of “Pauling's Principle”, that the Nobel Prize is capable of causing early onset dementia.

IMHO, Krugman's best paper was his 1978 analysis of the effect of relativity on economic analysis: “The Theory of Interstellar Trade”. :-)

His NYTimes article about too much choice is—depending upon your point of view—either 100% right-wing: Henry Ford's “any color so long as it's black”, or 100% communist—Google “beriozka” (aka “beryozka”), the Soviet stores catering solely to foreigners that had all the “good stuff”.

Economics as a human endeavor goes back hundreds of thousands of years, to when humans began to trade with one another, allowing the exchange of goods from hundreds and thousands of miles away. Why did they trade? For greater choices! Indeed, “Economics” (with a capital “E”) is the study of the dramatic increase in human welfare due to these exchanges of the widest variety of goods. P.S., ask yourselves why someone would go to great effort and expense to transport a good hundreds or thousands of miles unless someone really wanted it. Indeed, Columbus discovered America by accident when he really wanted a better route to India and the far East for trade.

Krugman has now become an embarrassment to the field of economics.

Re: Too much choice is hurting America (Baker, RISKS-32.54)

Richard Stein <>
Sat, 13 Mar 2021 14:27:56 +0800

Henry, Deregulation enables corporate behavior that can jeopardize public health and safety.

The deregulation choice saddles consumers with increasingly opaque assumptions of product or service safety. Corporate terms of service shield corporate governance from accountability with indemnification and liability clauses.

Paul Krugman's opinions are occasionally controversial, but they are rigorously investigated, and factually traceable. When Krugman is mistaken, he apologizes as professional ethics dictate.

Contrast this conduct with a corporation's behavior if their product or service is discovered and established to enable or cause casualty or data breach. If “corporations are people,” their accountability for an mistake is vigorously, and unapologetically, defended until or unless a settlement is reached which may include a gag order prevent settlement term disclosure. This asymmetry skews the perception of justice rendered to salve injury from choice.

Re: Boeing 777 PW4000 engine problems (Risks-32.53)

Peter Bernard Ladkin <>
Sat, 13 Mar 2021 11:05:23 +0100

Richard Stein suggests in Risks-32.53 that commercial transport aircraft maintenance in general, and engine maintenance in particular, is an example of the “expert service problem” and quotes the NYTimes article “When Trust in an Expert is Unwise”, by David Leonhardt from 2007-11-07

“…the same expert who is diagnosing the flaw is the one who will be paid to fix it. In most of these cases, consumers aren't sophisticated enough to make an independent judgment. That's why they went to the expert.”

In the case of jet engines in particular, this is misplaced.

One major engine manufacturer, Rolls Royce, does not sell its engines. It leases them, as “power by the hour”. Rolls obtains all the parameters thought to be useful from its engines every second they are running (and, I imagine, also from some time when they are not). There are fixed maintenance cycles, designed to keep these engines running perfectly. The design of these maintenance cycles is by no means a trivial engineering task, and is part of airworthiness certification. (Rolls is not the only mechanical-engineering company which does this. I know of a wind-turbine company which has complete real-time operating records from each one of its turbines since it started building them, more than 25,000 of them over round about three decades.)

There are things which don't go to plan. QF32 on 2010-11-04. That engine disintegration was finally attributed to a manufacturing quality issue (parts not satisfying the design specification).

The PW4000 engine which “threw a blade” (to use the technical term :-) ) on UA328 over Denver on 2021-02-20 had a blade inspection interval of 6,500 cycles (a cycle is a period from engine start-up to shut-down). There had apparently been way fewer than that many cycles on the engine.

Blades are not supposed to be thrown. It happens when there is “metal fatigue”, as it is known. There are inspection techniques which determine whether a fan blade is “serviceable” (as it is called). The point of inspection cycles is to catch blades exhibiting phenomena associated with “fatigue” before they fail. The reaction to any unsafe or potentially unsafe event in commercial aviation is regulatory. The FAA issued an emergency Airworthiness Directive (EAD) requiring inspection of each fan blade on each of the 104 installed engines of this type on US carriers. Other regulatory authorities will have followed suite immediately.

The FAA AD which was derived from the EAD may be read at$FILE/2021-05-51.pdf

Readers will notice that it includes a precise dollar-figure estimate of the cost of compliance. 22 hours labour cost per engine; less than $2,000. Total cost across all US operators, less than $200,000.

The maintenance of these engines is a matter of regulation. It is part of the airworthiness certification of the aircraft. The issue for the regulator is that there is obviously an engineering issue: the manufacturer and regulator established during certification that these blades should not be fatiguing inside 6,500 cycles, but one or two now have done. There are engineering issues: why? Is it an unanticipated engineering design issue, or a quality-control matter, or what is it? And there are management issues: what do we do about it? The obvious short-term answer, encapsulated in the AD, is: inspect the blades right now, all of them in all engines of this type. The longer term answer will come when it is known in more detail why the blade was thrown=2E

Stein is right that there are economic issues involved, but he puts the finger entirely in the wrong place. The costs of having “experts” address the issue is trivial, as may be seen from the AD. The cost doesn't compare with the cost of the airplane not being in service for the time it takes to conduct the inspection on the two engines.

This is generally the case, and it is why Rolls sells “power by the hour”. Operators do not want their airplanes to be out of service for any non-scheduled reason, and engine manufacturers sell or lease their engines based on that client requirement for complete reliability.

Prof. Dr. Peter Bernard Ladkin, Bielefeld, Germany

Allan McDonald Dies at 83; Tried to Stop the Challenger Launch (NYTimes)

Gabe Goldberg <>
Thu, 11 Mar 2021 13:03:50 -0500

An engineer for the maker of the shuttle's booster rockets, he opposed letting it take off, worried that cold weather might affect them. He was right.

Please report problems with the web pages to the maintainer