The Risks Digest

The RISKS Digest

Forum on Risks to the Public in Computers and Related Systems

ACM Committee on Computers and Public Policy, Peter G. Neumann, moderator

Volume 30 Issue 52

Tuesday 26 December 2017


Calif fires? Electrical utility "reclosers" may have contributed
IEEE Spectrum via danny burstein
The Unstoppable Momentum of Self-Driving Cars
"Laurie" via Gabe Goldberg
"Google Home is Leaving Elderly and Disabled Users Behind"
Lauren Weinstein
Section 230 of the Communications Decency Act
David Magda
Quantum Computing Is the Next Big Security Risk
Navigation Apps Are Turning Quiet Neighborhoods Into Traffic Nightmares
Lisa Foderaro
Re: Large wildfires vs. navigation apps for drivers
Amos Shapir
Uber offers bug bounty
Gabe Goldberg
College Students Come up With Plug-In to Combat Fake News (USNews via
Lauren Weinstein
Privacy Complaints Mount Over Phone Searches at U.S. Border Since 2011
The New York Times
Claims container ship's navigation system "hacked"
John C. Bauer
Re: When is Big Automation Too Big for Comfort?
Martin Ward
Terje Mathisen
Re: The hotel of the future, High-Tech "Connected Rooms"
John Levine
Gabe Goldberg
Info on RISKS (comp.risks)

Calif fires? Electrical utility "reclosers" may have contributed

danny burstein <>
Fri, 22 Dec 2017 16:19:36 -0500
Automatic Circuit Reclosers Probed as Potential Cause of California Fires -

"Automatic reclosers are pole-mounted circuit breakers that can quickly
restore power after outages, but they can also multiply the fire risk from
damaged lines. "

The Unstoppable Momentum of Self-Driving Cars ("Laurie")

Gabe Goldberg <>>
Thu, 21 Dec 2017 08:14:51 -0500
Everyone thinks they're an above average driver, that they never make
mistakes, that they're never distracted or tired. So where's the improvement
for them in self-driving cars? It's just everyone else needing to be

Risks? Adopting self-driving cars too fast, or too slowly. Regulating them
too much, or not enough. Overly dreading any robo-caused accidents, or
accepting unnecessary carnage because of sloppy products. Once it's required
to have someone with a flag walking in front of every self-driving car (it
worked once, right?) we'll be OK.

  -------- Forwarded Message --------
  Date: 	Thu, 21 Dec 2017 08:48:06 +0000
  From: 	Aging In Place Technology Watch <>
  Subject: 	The Unstoppable Momentum of Self-Driving Cars


Everybody's doing it—talking, investing, launching an initiative for
self-driving cars. Imagine 300,000 lives saved per decade, preventing the
37,500 deaths just last year
<>.  In fact, the
development of self-driving cars and other Autonomous Vehicles (AV), have
received a whopping $80 billion in investment to date
 Amid the hype, obstacles are occasionally noted (like roads
and surveyed consumer disinterest, including AAA
JD Power
Gartner <>, and in particular,
older people might not be interested
even though enabling older adults to keep driving is one of the oft-repeated
rationales by self-driving car evangelists. And of course, since older
adults want to age in place, self-driving cars are often described as

Who and what can get on board first with a media-friendly project?
Will it be Optimus Ride <>, testing the
transportation' near Boston>?
Will it be Lyft in Boston
Uber in Pittsburgh (maybe not)
Tempe (never mind that crash)
Will it involve redoing the roads to add a separate self-driving lane,
as Foxconn in Wisconsin has requested for its 13,000 employee
plant near Racine? Does it matter that a new self-driving shuttle has an
accident on its first day
(blaming a driver, naturally)?  What about that 6 mph Robot shuttle in
(and likely Paris, Singapore, etc.)?  And how about this “ commercial
delivery via self-driving trucks
and for local delivery even self-restocking delivery vehicles
(imagine the UPS truck with no driver)?

Why is *boon for the elderly* generally included as a rationale?
First, 70% of older adults live in car-dependent suburbs
and of course, ask AARP, 90% expect to age in place

  So seniors are among other much-lobbied reasons to create the 2017
Self-Drive Act
a federal effort to reduce the regulatory burden on getting 80,000
self-driving cars into the market, and to discourage states from
crafting individual legislation, one state at a time.  Never mind that
only 6 percent of cities
have any policy or strategy about self-driving cars—it's full
spending steam ahead. Waymo
(formerly Google's Self-driving project) has even issued a report
<> to
explain self-driving safety, benefit to the elderly
and disabled, and to justify its own investment and expected growth.

Do risks matter? Toyota offered a wake-up comment.  From Toyota:
"Society has come to accept 39,000 traffic fatalities a year in the US,
mostly due to human error, but would never tolerate similar carnage
involving cars controlled by computers." People are worried—in a 2017
Harris poll about the future of self-driving cars, 52% fear for other
drivers, 62% fear for pedestrians
What about the ability of a car's sensors to work when covered with slush
and ice “ maybe that will work and maybe not
Meanwhile manually-driven cars are still being purchased today, and owners
keep their cars 11.6 years on average
So it will take a few decades to get all of those cars off the regular
roadways, assuming that all other vexing barriers
<>, not to
mention ethical concerns
and insurance
issues, are addressed.  And for sure, this is just the beginning.

"Google Home is Leaving Elderly and Disabled Users Behind"

Lauren Weinstein <>
Tue, 26 Dec 2017 11:32:56 -0800
Lauren's Blog via NNSquad

I continue to be an enormous fan of Google Home—for example, please
see my post "Why Google Home Will Change the World" -
from a bit over a year ago.

But as time goes on, it's becoming obvious that a design decision by Google
in the Home ecosystem is seriously disadvantaging large numbers of potential
users—ironically, the very users who might otherwise most benefit from
Home's enormous capabilities.

You cannot install or routinely maintain Google Home units without a
smartphone and the Google Home smartphone app. There are no practical
desktop based and/or remotely accessible means for someone to even do this
for you. A smartphone on the same local Wi-Fi network as the device is
always required for these purposes.

This means that many elderly persons and individuals with physical or visual
disabilities—exactly the people whose lives could be greatly enhanced by
Home's advanced voice query, response, and control capabilities—are up
the creek unless they have someone available in their physical presence to
set up the device and make any ongoing configuration changes. Additionally,
all of the "get more info" links related to Google Home responses are also
restricted to the smartphone Home app.

I can see how imposing these restrictions made things faster and easier for
Google to bring Home to market. For example, by requiring a smartphone for
initial Wi-Fi configuration of Home, they avoided building desktop
interfaces for this purpose, and leveraged smartphones' already configured
Wi-Fi environments.

But that's not a valid excuse. You might be surprised how many people
routinely use the Internet but who do not have smartphones, or who have
never used text messaging on conventional cell phones—or hell, who don't
even have cell phones at all!

Now, one could argue that perhaps this wouldn't matter so much if we were
talking about an app to find rave parties or the best surfing locations.
But the voice control, query, and response capabilities of Home are
otherwise perfectly suited to greatly improve the lives of the very
categories of users who are shut out from Home, unless they have someone
with a smartphone in their physical presence to get the devices going and
perform ongoing routine configuration changes and other non-voice

In fact, many persons have queried me with great excitement about Home, only
to be terribly disappointed to learn that smartphones were required and that
they were being left behind by Google, yet again.

I have in the past asked the question "Does Google Hate Old People" -- and I'm not
going to rehash that discussion here.  Perhaps Google already has plans in
the works to provide non-smartphone access for these key Home
functionalities—if so I haven't heard about them, but it's clearly
technically possible to do.

I find it distressing that this all seems to follow Google's pattern of
concentrating on their target demographics at the expense of large (and in
many cases rapidly growing) categories of users who get left further and
further behind as a result.

This is always sad—and unnecessary—but particularly so with Home,
given that the voice-operated Home ecosystem would otherwise seem
tailor-made to help these persons in so many ways.

And at the risk of repetition since I have been saying this quite a bit
lately: Google is a great company. Google can do better than this.

Section 230 of the Communications Decency Act

David Magda <>
Sat, Dec 23, 2017 at 10:44 AM
  [via Dave Farber]

Another Internet debate is simmering, specifically about the liability of
online companies and their users:

> Twenty-six words within Section 230 shield websites from many types of
  claims arising from user content: “No provider or user of an interactive
  computer service shall be treated as the publisher or speaker of any
  information provided by another information content provider.  For
  example, if a newspaper publishes a defamatory article, the subject can
  sue the newspaper publisher for defamation. But under Section 230, if a
  user posts a defamatory comment on Twitter, the subject cannot
  successfully sue Twitter for defamation (but can sue the tweeter).

> I'm writing a book about Section 230 for Cornell University Press, titled
  *The Twenty-Six Words that Created the Internet*.  The title is not an
  overstatement. Without Section 230, it is difficult to conceive of social
  media, consumer review sites, and other user-focused online platforms
  existing in their current forms.

> Perhaps no case was more troubling to me than a lawsuit brought by
  plaintiffs who were victims of sex-trafficking against, the
  site where they were advertised. A district court granted Backpage's
  motion to dismiss, relying on Section 230 immunity, and last year the US
  Court of Appeals for the First Circuit affirmed the decision.

Quantum Computing Is the Next Big Security Risk (WiReD)

Gabe Goldberg <>
Thu, 21 Dec 2017 13:04:20 -0500

Navigation Apps Are Turning Quiet Neighborhoods Into Traffic Nightmares (Lisa Foderaro)

Jim Reisert AD1C <>
Tue, 26 Dec 2017 15:15:01 -0700
Lisa W. Foderaro, *New York Times*, DEC. 24, 2017

  LEONIA, N.J. ” It is bumper to bumper as far as the eye can see, the kind
  of soul-sucking traffic jam that afflicts highways the way bad food
  afflicts rest stops.

  Suddenly, a path to hope presents itself: An alternate route, your
  smartphone suggests, can save time. Next thing you know, you're headed
  down an exit ramp, blithely following directions into the residential
  streets of some unsuspecting town, along with a slew of other frustrated

  Scenes like this are playing out across the country, not just in
  traffic-choked regions of the Northeast. But one town has had enough.

  With services like Google Maps, Waze and Apple Maps suggesting shortcuts
  for commuters through the narrow, hilly streets of Leonia, N.J., the
  borough has decided to fight back against congestion that its leaders say
  has reached crisis proportions.

  In mid-January, the borough's police force will close 60 streets to all
  drivers aside from residents and people employed in the borough during the
  morning and afternoon rush periods, effectively taking most of the town
  out of circulation for the popular traffic apps—and for everyone else,
  for that matter.

Re: Large wildfires vs. navigation apps for drivers

Amos Shapir <>
Thu, 21 Dec 2017 18:38:53 +0200
Something similar had happened in Israel in 2013: A major freeway was
flooded, and the popular Waze navigation app (which was rather new, now
owned by Google) was directing drivers directly into it, because it sowed
on the maps as having no traffic!  This resulted in huge jams all over the
central region of the country.

Following this incident, Waze had added an option for drivers to report
block roads, and incorporated blockages into its maps and algorithms.

I wonder what type of application drivers in California are using...

Uber offers bug bounty

Gabe Goldberg <>
Mon, 25 Dec 2017 23:35:50 -0500

"So Uber partners with HackerOne to offer a public bug bounty program,
advertising a $500 minimum guaranteed payout if a security vulnerability is
found within an Uber app or information asset. Fair enough, I've led
numerous penetration tests over the years in addition to delivering advanced
pentest training for corporate clients..."

College Students Come up With Plug-In to Combat Fake News

Lauren Weinstein <>
Mon, 25 Dec 2017 08:55:19 -0800
[A good effort, but useless]

  A team of college students is getting attention from Internet companies
  and Congress after developing a browser extension that alerts users to
  fake and biased news stories and helps guide them to more balanced
  coverage.  The plug-in, "Open Mind ," was developed earlier this month
  during a 36-hour problem-solving competition known as a hackathon at Yale

An educational project, and ultimately a useless one. What they fail to
understand is that fake news issues must be handled natively by these
platforms—extensions and other add-ons are virtually useless.

First, most people will never learn of such extensions—and will be
unwilling to install them due to rising concerns about their security.

But even more to the point, the persons most in need of such extensions are
convinced that they already have the ability to ferret out what they believe
to be fake news, and would continue to frequent the racist, alt-right sites
that disseminate it. That is, the users most vulnerable to be taken in by
fake news don't believe that those stories from their favorite racist
outlets are fake, and would never use an extension that told them otherwise.

They'd simply call it a bogus (or fake!) fake news extension. So such
projects are essentially only preaching to the choir, and are not expected
to move the ball in any meaningful positive way. Sorry about that, Chief.

Privacy Complaints Mount Over Phone Searches at U.S. Border Since 2011

geoff goodfellow <>
Sat, 23 Dec 2017 09:19:49 -1000
Excerpt from

WASHINGTON—They spoke of being humiliated and shaken. They described
being made to feel like a criminal.  And they maintained that their rights
had been violated.

Grievances over lost privacy run through a trove of roughly 250 complaints
by people whose laptops and phones were searched without a warrant as they
crossed the United States border. Filed with the Department of Homeland
Security since 2011, mostly during the Obama administration, these stories
add a personal dimension to a growing debate over rights, security and

In January 2016, a Virginia woman wrote of experiencing a blatant abuse of
privacy after she and her 19-year-old son were pulled aside for extra
screening at Newark Liberty International Airport upon returning from Spain.

“They took his laptop and cellphone and proceeded to go through both after
getting the passwords from him,'' she wrote in her complaint, adding that
her phone was taken and browsed through “without my consent,'' as well.
While the officers were cordial, she said, “the line between security
screening and blatant search and seizure without cause or explaining is

American courts have long permitted government agents who protect the
borders to search, without a warrant or any specific basis for suspicion,
the possessions carried by people as they cross. But smartphones and other
personal electronics contain vastly more private information than suitcases.

The American Civil Liberties Union and the Electronic Frontier Foundation
have filed a lawsuit in Boston arguing that a warrant should be required to
search such devices at the border.  Last week, the Trump administration
asked a judge to dismiss the case.

The lawsuit comes amid a surge in agents looking through—and sometimes
copying data from—cellphones and laptops. Midway through fiscal year
2017, Customs and Border Protection was on pace to search 30,000 travelers'
electronics—more than tripling the annual number by that agency since
2015, when it searched 8,503 people's devices.

The complaints were submitted to the Department of Homeland Security's
Traveler Redress Inquiry Program. In many cases, the people list a set of
grievances in addition to feeling their privacy was violated, like being
detained for hours and missing connecting flights. The Knight First
Amendment Institute at Columbia University obtained the filed complaints
under the Freedom of Information Act and provided them to The New York
Times. [...]  <>

Claims container ship's navigation system "hacked" (Re: RISKS-30.51)

"John C. Bauer" <>
Sat, 23 Dec 2017 16:05:32 -0500
One can only be astounded that it was apparently possible to hack a
container ship such that the captain lost control completely. It is
analogous to being unable to disconnect the autopilot in a manned
aircraft. Such a scheme would fail certification for good reason.

Not even considering hacking, a major electrical power fault in a ship,
especially in concert with fire, could disable the computer systems of the
ship. The possible results would include stranding, collision, and
pollution. I should expect that like for aircraft, low probability events
with with possibly disastrous consequence would require preventive measures
but am not conversant with the relevant design rules.

In the days before automation, ships' engines had a so-called maneuvering
platform from which the engine could be controlled by hand through
mechanical connections. Similarly, at least the tiller flat, the space that
houses the mechanical actuation for the rudder, had a second ship's wheel
that was connected mechanically to the rudder actuation mechanism.

Providing such a backup system would be straightforward engineering.

Lastly, one is puzzled by the fact that the chief engineer did not close the
emergency or other fuel valves for the main engine. One wonders if the
"vessel not under command" signals were shown during the
incident. If piracy is suspected, a call to the nearest warship on the
international distress frequency might give the pirates pause.

Re: When is Big Automation Too Big for Comfort? (RISKS-30.51)

Martin Ward <>
Thu, 21 Dec 2017 11:27:11 +0000
If the pirates who take over the crewless container ship also get control of
communications, then the owners will have no clue that their ship has been
hijacked and is not where it claims to be: until it mysteriously fails to
appear at the destination port!  The failed appearance is then followed by
the appearance of an eBay auction for a fully automated container ship:
"Excellent condition. One rather careless owner".

Re: When is Big Automation Too Big for Comfort? (RISKS-30.51)

Terje Mathisen <>
Thu, 21 Dec 2017 08:41:36 +0100
> The risks? This one's too easy...

The errors? This one has too many...

First of all, Yara is not a shipping company at all, but rather the world's
largest manufacturer of fertilizer. The first commercially viable way to
produce artificial fertilizer was invented in 1905 and led directly to the
start of the company. Yara was started as Hydro, and developed into an
international conglomerate (about the same size in employees/revenue/profits
as Intel) involved with Aluminum and Oil&gas as well as the traditional
fertilizer business. 10+ years ago that original part of the company was
split off and became Yara.

The "high seas" mentioned here is a less than 3km-wide pond ("Frierfjorden")
which has had Yara's largest facility on the north-east side since 1925 and
several much more recent developments on the other side, the automated ship
will just go back & forth across this extremely sheltered water.

Terje (who grew up there and worked for Hydro for about 25 years, starting
in this facility)

Re: The hotel of the future, High-Tech "Connected Rooms" (Goldberg, RISKS-30.51)

"John Levine" <>
21 Dec 2017 12:51:20 -0500
Their former arch rival SPG (now part of their other arch-rival Marriott)
has a small version of this that lets you use your phone as your door key.

Old manual method: walk up to door, take key card out of your pocket, tap
lock, door unlocks, open door.

New high tech method: walk up to door, take phone out of your pocket.
Unlock phone, start up SPG app.  Tap to tell it you want to open your door.
Phone tells you this uses bluetooth, do you want to turn on bluetooth?
Switch to other app, turn on bluetooth, switch back to SPG app.  App says
aha, there is a door nearby.  App icon makes blobby motion pattern while it
talks to the door.  Door unlocks, open door.  Probably forget to turn off
bluetooth, thereby running down phone battery faster.  Try to remember to
take phone out of your pocket and start up the app and turn on bluetooth
while you're in the elevator, next time.

Re: The hotel of the future, High-Tech "Connected Rooms" (Levine)

Gabe Goldberg <>
Thu, 21 Dec 2017 13:28:23 -0500
Sounds like my experience today trying to introduce my 2007 car to a newly
installed garage-door opener. Car of course worked fine having been
programmed in 2007 for replaced opener. Car and new opener manuals both have
instructions for connecting, each to the other. While not quite
contradictory, the instructions don't quite mesh. And the car's instruction
steps loop (Step 4 stating "If this fails, repeat Steps 2-4"). Of course,
there's a separate remote opener but it's annoying the built-in button
apparently can't be programmed to the new/fancy opener.  I'll call
LiftMaster for advice, not being optimistic.

How fancy? It's WiFi capable. I just need to connect opener to my home
network, install the app, establish an account, and I can use my phone to
open/close/monitor the door. Aside from (as you note happening in elevator)
fumbling with phone while driving, running app, finding open/close option,
what could go wrong with THAT, having my garage door online?

Please report problems with the web pages to the maintainer