The RISKS Digest
Volume 30 Issue 86

Thursday, 11th October 2018

Forum on Risks to the Public in Computers and Related Systems

ACM Committee on Computers and Public Policy, Peter G. Neumann, moderator

Please try the URL privacy information feature enabled by clicking the flashlight icon above. This will reveal two icons after each link the body of the digest. The shield takes you to a breakdown of Terms of Service for the site - however only a small number of sites are covered at the moment. The flashlight take you to an analysis of the various trackers etc. that the linked site delivers. Please let the website maintainer know if you find this useful or not. As a RISKS reader, you will probably not be surprised by what is revealed…


Doctors are surprisingly bad at reading lab results. It's putting us all at risk.
FDA approves over-the-counter hearing aid from Bose
Russian hackers were caught in the act—and the results are devastating
Chinese chip spying report shows the supply chain remains the ultimate weakness
Chipping away at the spy business ...
Rob Slade
"The one serious MacBook Pro security flaw that nobody is talking about"
David Gewirtz
Microsoft Delays Latest Version of Windows 10 After Reports of Mass File Deletion
Noise about Quiet Skies program
The Boston Globe
If a Vizio TV spied on what you watch, you might be in line for a cash payout
The Los Angeles Times
"Mission impossible: Can you regain access after Twitter lockout?"
Michael Krigsman
Lapses in IT systems, organisations must be fixed
P.M. Lee
Fitbit data used to charge US man with murder
The Next Great Digital Extinction
New Macbooks and Imacs will brick themselves if they think they're being repaired by an independent technician
Weak passwords banned in California from 2020
BBC News
More than 250 people worldwide have died taking selfies, study finds
Facebook Hack Puts Thousands of Other Sites at Risk
System upgrade means more calls etc.
Donald Mackie
"What real people think about the iPhone XS"
Mortgage fraud is getting worse as more people lie about their income
Dealing with spam callers
Lauren Weinstein
Huh? Carbon Dioxide Emissions Raise Risk of Satellite Collision
That sign telling you how fast
Richard Stein
My Wed 30 Apr 2014 warning: back in the news!!
Yvo Desmedt
Molecule resonance and cellphone radiation
Alan Louis Scheinine
Declaration of Internet Rights—Italian Parliament
Karl Auerbach
Re: Don't go to New Zealand
Dan Jacobson
Re: How do you get people to trust autonomous vehicles?
Barry Gold
Info on RISKS (comp.risks)

Doctors are surprisingly bad at reading lab results. It's putting us all at risk. (WashPost)

Richard Stein <>
Sun, 7 Oct 2018 12:08:25 +0800

Physicians make mistakes interpreting lab results, assessing diagnostic
images, prescribing medicine, etc. These errors can portend either a fatal
outcome or expensive mitigation based on the incorrect assessment of patient
symptoms, history, and diagnostic evidence.

The Agency for Healthcare Research and Quality (AHRQ) of the US Health and
Human Services estimated in 2014 that 5% of outpatients experience
misdiagnosis, and 13% of emergency room patients are misdiagnosed for stroke

As AI-based assistance—robo-medicine—encroaches on medical
specializations, a significant risk arises from the training reference input
data used to construct these platforms. The risk materializes from the
who/what that arbitrates between "correct" and "incorrect" or "pass" and
"fail" machine-generated diagnostic conclusions and therapeutic
recommendations. Physicians will be challenged to justify and pursue
robo-medicine's diagnostic findings and therapeutic recommendations based on
a "probably approximately correct learning" technique.

Robo-medicine viability depends on the input training data used to construct
the core decision engine, the artificial life or neural network framework
that is constructed to generate a presumably viable diagnosis based on
patient symptoms, physiological data, and history.  That physicians make
mistakes assessing this information implies that the machine training
stimulus input and output inherits and partially acquires human judgment,
however imperfect.

Without physician intervention, an automatic patient diagnostic/treatment
life cycle consisting of pre-existing and chronic conditions, blood/urine
chemistry, diagnostic image analysis, surgical robots (robots with knives),
and prescription generators comprises a future medical-industrial ecosystem
that can amplify misdiagnosis frequency and severity. Without independent
and continuous monitoring, reporting and correction, medical error cluster
formation is a likely outcome. A proactive and concurrent maintenance and
oversight life cycle is imperative to mitigate emergent risks.

Accountability and traceability must remain with the physician in charge of
patient care. It would be irresponsible and dangerous, though possibly
cost-effective, to allow robo-medicine dispensation without physician
oversight. Publication of patient life cycle experience, including automated
misdiagnosis and maltreatment incidents, is essential to enable independent
analysis. How to achieve this reporting, and preserve patient
confidentiality, privacy, and anonymity poses a significant and sustained

Procedures are required to govern robo-medicine's therapeutic analysis,
findings and recommendations. A misdiagnosis or incorrect therapy schedule
must be quickly reported to the FDA's MAUDE repository. An unrecognized and
unchallenged diagnostic or therapeutic defect escape in a hospital emergency
room may be catastrophic.

As technological risk multiples in the medical-industrial complex, elevated
financial and legal penalties against suppliers are needed to deter
irresponsible product deployment. Robo-medicine platforms must be
indemnification-exempt should a physician initiate suspect, incorrect, or
life-threatening therapeutic recommendations and procedures.  Mandatory peer
consultation is a requirement.

If the medical-industrial complex sustains caveat emptor (buyer beware) as
their business model, independent and conflict-free reviewers of product
viability and effectiveness becomes mandatory. Robo-medicine manufacturing
and qualification processes for software and hardware must become

Consumer trust and confidence accrues from evidence that sponsors it, not
marketing or propaganda. Compulsory reporting of unvarnished defect escape
of misdiagnosis and questionable therapeutic recommendations are necessary
to reveal robo-medicine's defects. Regulatory governance, enforcement, and
vigilance must strengthen to improve patient outcome and suppress the
accelerated misdiagnosis potential of robo-medicine.

FDA approves over-the-counter hearing aid from Bose (endgadget)

Richard Stein <>
Sat, 6 Oct 2018 15:39:45 +0800

"Though they're not approved by the FDA as hearing aids, a number of
companies have developed wireless earbuds that can manipulate and augment
sound.  Bose, Nuheara and the now defunct Doppler Labs have all released
assistive hearing devices in the past."

A cellphone app and a little Bluetooth will do ya for this gizmo.
Hopefully, the amplifier settings do not go to '11'.

  [Bugs in your ear?  Nice opportunity for Trojan ears?  PGN]

Russian hackers were caught in the act—and the results are devastating (WashPost)

Monty Solomon <>
Sat, 6 Oct 2018 21:45:01 -0400
The Dutch have decided to blow the spies' operation wide open.

Chinese chip spying report shows the supply chain remains the ultimate weakness (TechCrunch)

Lauren Weinstein <>
Thu, 4 Oct 2018 09:01:24 -0700
via NNSquad

  Thursday's explosive story by Bloomberg reveals detailed allegations that
  the Chinese military embedded tiny chips into servers, which made their
  way into datacenters operated by dozens of major U.S. companies.  We
  covered the story earlier, including denials by Apple, Amazon and
  Supermicro—the server maker that was reportedly targeted by the Chinese
  government. Amazon said in a blog post that it "employs stringent security
  standards across our supply chain." The FBI and the Office for the
  Director of National Intelligence did not comment, but denied comment to

An interesting story, but aspects of it don't seem to ring quite true.  I'll
mention one odd aspect right now. Why would you build such capabilities into
a separate chip that could ultimately be noticed as extraneous—even if
camouflaged as another sort of chip—rather than build this capability
into a chip that already was expected to be present and would never attract
any attention at all? My hype detector is buzzing a bit on this saga.

  [This may be just the beginning of a long saga.  Discussions over the past
  few days have been very contentious, with many different possible
  outcomes.  For example, Peter Houppermans noted these:
Apple is clearly not happy with Bloomberg, and refutes the story:
  Also see:
  A recent bottom line may be don't believe Bloomberg:

Chipping away at the spy business ...

Rob Slade <>
Thu, 4 Oct 2018 18:35:09 -0700
I started out, more than 30 years ago, researching malware and other forms of
covert interference (including a number of instances involving hardware). While
the possibility of a hardware attack similar to this is quite possible, the
details of this story are quite suspect.

(First of all, I note that Faux News is interested.  That *automatically*
raises alarms  :-)

There is the issue that this relates to a separate chip found on the circuit
boards.  If you are smart enough to make a chip that can do everything this
superchip is supposed to do, you should be smart enough to put the functions
into another chip on the the system (perhaps the system management controller
that the superchip is supposed to control) so that an extraneous chip won't
raise alarms.

Then there are all the functions this superchip is supposed to do.  It is
supposed to manage communications.  It is supposed to subvert the operating
system.  (*Which* operating system?  How would they know that would be the
one used?)  It is supposed to divert password checks.

Oh, right.  It's supposed to subvert the system controller.  I once reviewed
a supposed antiviral system that Western Digital used as a demonstration of
their new system controller chip.  They made a total hash of it.  Even
system controllers don't have the kind of reference monitor function that
this superchip would rely on.

Other parts of the story refer to other chips, some as small as a pencil
tip, that could be layered into the circuit board itself.  Yes, it could.
But how would you make contacts with it?  (And you'd need multiple contacts

While the spy parts of the story sound reasonable, the tech parts don't.
Now, it may be that there are similar types of hardware attacks mounted.  It
may even be that almost the whole story it true, but that the "sources" lied
to Bloomberg about the tech for reasons of their own.  But this smacks, to
me, of the tale of the Desert Storm Virus of 1991.  An April Fools joke that
deceived the author of a book about the 1991 Desert Storm campaign—and
also the Pentagon press office.  (Because they'd read the book ...)

"The one serious MacBook Pro security flaw that nobody is talking about" (David Gewirtz)

Gene Wirchenko <>
Thu, 04 Oct 2018 20:43:44 -0700
David Gewirtz for ZDNet, 3 Oct 2018
The one serious MacBook Pro security flaw that nobody is talking about
Every MacBook since 2015 and every MacBook Pro since 2016 is at risk.
Here's how you can keep your machines safe.

selected text:

With my 2015 MacBook equipped with a MagSafe port, if I want to charge the
machine, I just plug it in. There's no risk of a data connection. As long as
I have networking off and nothing plugged into any of my ports, I'm
safe. I'm air-gapped from the rest of the world.

MacBooks before 2015 and MacBook Pros before 2016 could charge without any
risk, as long as everything else was off, empty, or disconnected.  Prior to
the USB C-only MacBook Pros, at least charging the device wasn't a possible
hacking vector.  But with the MacBook from 2015 on, and for the MacBook Pros
from 2016 on, the only way you can charge the notebook is by connecting to a
USB-C port.

That's right. In order to charge the machine, you must connect to a port
capable of transferring data. You have no choice.

Microsoft Delays Latest Version of Windows 10 After Reports of Mass File Deletion (Gizmodo)

"Peter G. Neumann" <>
Sat, 6 Oct 2018 17:54:50 PDT

  The update—a major revision to Windows 10 that includes tools like a
  cloud clipboard and a preliminary version of its phone mirroring software
 —was reported to have resulted in mass file deletion from user
  directories as well as less alarming issues like incorrect CPU usage in
  Task Manager or broken audio drivers, ZDNet reported. One user on the
  Microsoft support board claimed to have lost 220 gigabytes of files. As
  CNET noted, some users reported that even using hard drive software would
  not allow them to find more than a portion of the missing data.

    [Chris J Brady noted other sources:

Noise about Quiet Skies program (The Boston Globe)

Mark Thorson <>
Fri, 5 Oct 2018 17:37:27 -0700
"Federal air marshals have begun following ordinary US citizens not
suspected of a crime or on any terrorist watch list and collecting extensive
information about their movements and behavior under a new domestic
surveillance program that is drawing criticism from within the agency."

"The previously undisclosed program, called 'Quiet Skies,' specifically
targets travelers who 'are not under investigation by any agency and are not
in the Terrorist Screening Data Base,' according to a Transportation
Security Administration bulletin in March."

Not doing anything suspicious makes you a suspect?
These terrorists are far more clever than I thought!

If a Vizio TV spied on what you watch, you might be in line for a cash payout (The Los Angeles Times)

Richard Stein <>
Fri, 5 Oct 2018 08:31:30 +0800

The most resonant message a for-profit business understands hits the bottom
line. Vizio exploited customer data for profit. Now those profits, with a
hefty fine, are being disgorged.

'The settlement values the data collected about each Vizio customer at 62
cents in the unlikely case that all of them apply for compensation.  The
lawyers described the per-person settlement figures as "highly favorable"
based on estimates from a hired expert that "average damages for actual
harm" from gathering and sharing viewing data is 78 cents to $4.76.'

Chump change compensation for the affected class-action members.

"Mission impossible: Can you regain access after Twitter lockout?" (Michael Krigsman)

Gene Wirchenko <>
Thu, 04 Oct 2018 21:03:10 -0700
Michael Krigsman for Beyond IT Failure, ZDNet, 30 Sep 2018

If your Twitter is hacked, it could be gone permanently and Twitter may not
help.  Here is one user's sad story and how you can protect yourself.

opening text:

If you rely on Twitter for business or recreation, it's time to worry.
Although the days of frequent service outages have passed, users have a new
cause for concern - getting locked out by Twitter itself, without

Unfortunately, when this happens, you have no recourse, and there is no one
to call.  It's bad news.

Lapses in IT systems, organisations must be fixed (P.M. Lee)

Richard Stein <>
Wed, 3 Oct 2018 10:53:25 +0800
P.M. Lee, Straits Times

The public post-mortem following Singapore's largest data breach in its 53
year old history finds that certain IT governance and deployment practices
require redress. This breach rattled the city-state.

Among the recommendations from the "four-member Committee of Inquiry"
is adoption of the "Singapore Government Technology Stack" (SGTS) to enable
"cheaper and faster" e-service roll-out. The SGTS contents is TBD.

If a stack's publication viability (fitness to release for deployment)
possesses an attribute governing "Trust" qualification, it must be shown to
be immune/hardened against surreptitious access, and generate non-repudiated
results, etc. The "Trust" attribute needs to be applied across the full
ecosystem (including the carbon components), not just the SGTS, as the
weakest security link is the easiest to penetrate, and often requires the
broadest mitigations/countermeasures to harden.

Metasploit cleanliness, compliance, and fuzz stimulus evaluation
findings can contribute to trust qualification measurement by revealing
vulnerabilities to prioritize for repair prior to deployment.

Since the NSA's TOA toolset was involuntarily published, perhaps it should
be applied as a "kitchen sink" qualification tool for SGTS?

Fitbit data used to charge US man with murder (BBC)

Michael Marking <>
Fri, 5 Oct 2018 07:55:30 +0000

  Fitbit data has been used by US police investigating whether a 90-year-old
  murdered his stepdaughter.  The victim, Karen Navarra, 67, was found with
  a kitchen knife in her hand, suggesting she killed herself.  Anthony
  Aiello, who denies murder, told police he had visited her for 15 minutes
  to drop off pizza.  But police say a fitness tracker she was wearing
  showed a significant spike in heart rate followed by a rapid slowdown at
  the time he was there.  [...]

  It is not the first time Fitbit data has been used in a murder case.  Last
  year in the US, Richard Dabate was charged with murdering his wife after
  data from her Fitbit discredited his version of events, according to
  police.  Mr Dabate had said he had seen his wife, Connie, shot by an
  intruder more than an hour before her fitness tracker had recorded her
  last movements, they said.

I've never seen or used one of these devices, but this makes me wonder: Must
a user authenticate to one before it becomes active? How hard would it be to
"borrow", say, a roommate's or significant other's Fitbit and use it as part
of a scheme to frame him or her for a crime?

I remember a story from some time back about a woman who looked at her
boyfriend's Fitbit (or some other similar device) data, and concluded that
he had been unfaithful due to it having recorded him "in the act", having
sex with someone else. So it may not be difficult to extract data from
them. But what about changing the contents of its memory?

So I can imagine a plot for a story: Woman discovers, after examining Fitbit
data, that husband has been cheating. She murders her rival, and uses the
Fitbit to frame him for the crime. (Insert optional surprise ending: maybe
someone framed him in the first place, or a friend had borrowed his Fitbit
to try it out, and it was all a big mistake, but she learns this too late,
or maybe she has to confess to the murder to save him, or ???)

  [Monty Solomon noted another source:
Police Use Fitbit Data to Charge 90-Year-Old Man in Stepdaughter's Killing

The Next Great Digital Extinction (WiReD)

"Dave Farber" <>
Wed, 10 Oct 2018 08:07:02 +0900
Check out this great article I read on WIRED: "The Next Great (Digital)

New Macbooks and Imacs will brick themselves if they think they're being repaired by an independent technician (BoingBoing)

Gabe Goldberg <>
Sun, 7 Oct 2018 20:59:25 -0400

But calmer:

Well, stop the presses. Turns out, “Apple makes your MacBook *inoperative*
if you get it fixed at local repair shops'' isn't quite true—not yet, no
matter what *The Sun* says.

Our lab testing has found that independent (and DIY) repair is alive and
well.  But it is under threat.

Weak passwords banned in California from 2020 (BBC News)

Gabe Goldberg <>
Sun, 7 Oct 2018 21:53:33 -0400
Default passwords such as "admin" and "password" will be illegal for
electronics firms to use in California from 2020.

The state has passed a law that sets higher security standards for
net-connected devices made or sold in the region.

It demands that each gadget be given a unique password when it is made.

Before now, easy-to-guess passwords have helped some cyber-attacks spread
more quickly and cause more harm.

The Information Privacy: Connected Devices bill demands that electronics
manufacturers equip their products with "reasonable" security features.

More than 250 people worldwide have died taking selfies, study finds (WashPost)

Richard Stein <>
Thu, 4 Oct 2018 17:31:46 +0800

“The selfie deaths have become a major public health problem,'' Agam
Bansal, the study's lead author, told The Washington Post.

Not as severe a problem health problem as distracted automobile drivers
concurrently accessing mobile devices, but of a similar order of magnitude.

  [Monty Solomon quoted this in *The Washington Post* article:
  Researchers are calling for more `no selfie zones' near water bodies,
  mountain peaks, and over tall buildings.

See Dan Piraro's "Bizarro" comic on 04OCT2018

Facebook Hack Puts Thousands of Other Sites at Risk (NYTimes)

Monty Solomon <>
Tue, 2 Oct 2018 22:17:35 -0400
Facebook Hack Puts Thousands of Other Sites at Risk

Ten years ago, the social network introduced a password system that connected it to a broad swath of the Internet. Now we are seeing the downside.

System upgrade means more calls etc.

"Donald Mackie" <>
Wed, 3 Oct 2018 20:50:18 +0930
I recently emailed my superannuation provider and received the following
hopeful but disappointingly honest response.

"Please note: ###'s recent system upgrade has meant longer than usual
processing times and higher call volumes, while our staff become more
familiar with the new system.

We thank you for your patience and understanding during this time. Once we
resolve these initial issues we are looking forward to a more efficient
administration process which will provide greater service to our members. "

"What real people think about the iPhone XS" (ZDNet)

Gene Wirchenko <>
Sun, 07 Oct 2018 18:24:19 -0700
      [High tech is so exciting except when it is not.]

Chris Matyszczyk for Technically Incorrect, ZDNet | October 7, 2018

The reviews are excitable, but how do Apple's new phones look to real people
going about their daily lives?

selected text:

In reviewing the iPhone XS Max, he describes it as "the future of the iPhone."

What, though, do real people on the street think about this and its smaller
sibling, the iPhone XS?

I've spent the last couple of weeks asking people on both coasts.

Now, when I say people, I mean real people: The 99 percenters who are taken
advantage of every day.

  [The upshot is that they are not impressed, and some did not even know
  about it.  Hey, neither did I.  I am not a computer nerd for the fame.]

Mortgage fraud is getting worse as more people lie about their income (CNBC)

Gabe Goldberg <>
Wed, 3 Oct 2018 18:01:21 -0400
A casual search will result in any number of online services that will not
only generate fake pay stubs, but will also answer phone calls and "confirm"
income verbally, all for a fee.

"Sites will have a disclaimer, claiming it's for novelty purposes or similar
qualifying statements," said Berg. "Some are out of the country and not
traceable. There are sites where you can buy credit lines to increase your

What could go wrong with that?

Dealing with spam callers

Lauren Weinstein <>
Tue, 9 Oct 2018 12:19:22 -0700
[via NNSquad]
Personally, I find the best filter for spam callers is simply to push
ALL calls through to voicemail. 99% of spam callers will hang up without
ever leaving a message, as demonstrated by missed call logs.  Block the
really persistent ones. Pretty easy, actually. No AI required.

Huh? Carbon Dioxide Emissions Raise Risk of Satellite Collision (Scientific American)

Richard Stein <>
Fri, 5 Oct 2018 07:20:33 +0800
Elevated upper-atmospheric CO2 levels preserve longevity of orbiting space
junk, elevating collision potential between orbiting satellites.

"In all, according to the ESA, there have been about 5,400 rocket launches
since the space age began in 1957. They have placed about 8,650 satellites
in orbit. Of these, about 4,700 are still in space, but only around 1,800
are still functioning. Space surveillance networks operated by the United
States, Europe and other nations now estimate there are some 29,000 pieces
of debris that are 10 centimeters in diameter or larger in orbit. Not all of
them are being tracked."

Satellite operators often burn propellant to avoid collisions.
Low-earth-orbit satellite operational life time constraint compelled by

That sign telling you how fast

Richard Stein <>
Wed, 3 Oct 2018 10:15:35 +0800
"The DEA launched its National License Plate Reader Program in 2008; it was
publicly revealed for the first time during a congressional hearing four
years after that. The DEA's most recent budget describes the program as 'a
federation of independent federal, state, local, and tribal law enforcement
license plate readers linked into a cooperative system, designed to enhance
the ability of law enforcement agencies to interdict drug traffickers, money
launderers or other criminal activities on high drug and money trafficking
corridors and other public roadways throughout the U.S.,' primarily along
the southwest border region, and the country's northeast and southeast

"There used to be an old police saying, 'If you robbed a bank, please drive
carefully,' former NYPD Detective Sergeant and Bronx Cold Case Squad
commander Joseph Giacalone told Quartz, explaining that if a getaway driver
didn't do anything to attract the attention of police and get pulled over,
they usually had a half-decent chance of fleeing. 'But that's no longer in
effect because you can drive slow, you can stop at every red light, but
these license plate readers and surveillance cameras track your every

The Panopticon has been activated. Will the US Health and Human Services tap
into this database to identify and penalize obese citizens who travel to '31
Flavors' and are reliant on Medicare or other government entitlement

My Wed 30 Apr 2014 warning: back in the news!!

Yvo Desmedt <>
Fri, 5 Oct 2018 13:45:40 -0500
There were a few new news articles on the topic:

More than 250 people have died while trying to take selfies, study finds

Our love for capturing the perfect selfie has introduced a new danger,
selfie deaths, USA Today reports. The most common cause? Drowning.  (CNBC,

Selfie deaths: 259 people reported dead seeking the perfect picture

The quest for extreme selfies killed 259 people between 2011 and 2017, a
2018 global study has revealed. Researchers at the US National Library of
Medicine ...

Molecule resonance and cellphone radiation (Stein, RISKS-30.85)

Alan Louis Scheinine <>
Wed, 3 Oct 2018 14:47:49 -0500
Richard Stein wrote that cellphone frequencies are far too low to cause
ionization.  He notes that cellphone radiation in the microwave frequency
could cause a small amount of warming.  That cellphone EM radiation does not
ionize is a red herring.  He neglects the affect of resonance with
biological molecules.  As far as I know, no dangerous resonances have been
identified, but the possibility cannot be entirely discounted.

Declaration of Internet Rights—Italian Parliament

Karl Auerbach <>
October 8, 2018 5:27:17 JST
  [via dave farber]

I find the declaration intriguing, but I fear that it will be unable to
launch, much less fly, because it is too heavily laden with contentious
issues (such as the right to be forgotten - which, by-the-way, I support).

For more than a decade I have been advocating a rather shorter formulation
that I believe is an initial step that can be more easily reached.  This
formulation is, of course, in need of interpretation in order to sharpen the
distinctions that it makes.

First Law of the Internet

 + Every person shall be free to use the Internet in any way that
   is privately beneficial without being publicly detrimental.

    - The burden of demonstrating public detriment shall be on those who
      wish to prevent the private use.

    - Such a demonstration shall require clear and convincing evidence of
      public detriment.

    - The public detriment must be of such degree and extent as to justify
      the suppression of the private activity.

(By-the-way, I got the ideas for this out of the old 1954 Hush-A-Phone
decision and some of the subsequent cases, such as Carterphone and MIC, that
tried to define the boundary between what was then a monolithic and
intensely controlling "the telephone company" and users who wanted to do
more than simply talk.)

Re: Don't go to New Zealand (Baker, RISKS 30.85)

Dan Jacobson <>
Thu, 04 Oct 2018 18:51:06 +0800
HB> "It is a file-by-file [search] on your phone. We're not going into 'the
HB> cloud'. We'll examine your phone while it's on flight mode," Customs
HB> spokesperson Terry Brown said.

Do they even wash their hands first, or end up getting cupcake residue on
the buttons? (Or a real (flu) virus.) And are their fingers sufficiently
non-fat, to avoid hitting the delete key on my files?

And what if they burst out laughing when they find out what my password is
and can't help repeating it many times all over the airport, whilst dropping
my phone on the floor?

Re: How do you get people to trust autonomous vehicles?

Barry Gold <>
Tue, 2 Oct 2018 23:41:06 -0700
On 10/2/2018 4:33 PM, RISKS List Owner wrote:
> CB (Carbon-based) 100VMT for 2016: 1.2 (~270M registered vehicles)*
> SB (Silicon-based) 100VMT for 2016: 3 (~100 registered vehicles)^
> This hypothetical statistic demonstrates a safety disadvantage for AVs.  Not
> a likely selling point for consumers currently. Also, the AV sample size is
> at least 4 orders of magnitude smaller than the CB population.

That's for all SB vehicles. What happens if we segregate the statistics by
manufacturer? Are *any* of those fatalities due to Waymo vehicles? I haven't
tried a full statistical analysis, but what I remember from newspaper
reports is that at least 2 of those 3 are from Uber's SB Vehicles, not from
Waymo. This would _tend to_ suggest that Waymo is more careful than Uber in
designing their hardware/software systems to avoid accidents. And in testing
their vehicles: Waymo had SB vehicles "driving" around with a human (CB) in
the car to take over in case of emergency.

Unfortunately, given the numbers in Stein's posting, that would leave a
sample size way too small. At least if we insist on measuring only

I remember this arising a couple of years ago when I was reading analyses in
the newspapers, that said that fatal accidents were so rare (1.2 per million
VMT per the NHTSA figures Stein quotes) that it would take a long time to
accumulate enough VMTs on SB vehicles to know if they were "safe enough". I
was skeptical then, and I remain skeptical.  You don't have to count only
fatalities, because fatalities correlate positively* with (1) non-fatal
injuries, and (2) non-injury collisions.

So if we look at injury accidents per 1E8 VMT for SB  vs. CB "drivers", we
should get a pretty good idea of whether SB "drivers" are better or worse
than CB drivers.

* Not necessarily proportionally, although I suspect that fatalities are
  proportional to non-fatal injuries.

Please report problems with the web pages to the maintainer