The Risks Digest

The RISKS Digest

Forum on Risks to the Public in Computers and Related Systems

ACM Committee on Computers and Public Policy, Peter G. Neumann, moderator

Volume 31 Issue 50

Thursday 12 December 2019

Contents

If you think you voted in November in PA … think again!
Rebecca Mercuri
Election Security regulations in the U.S
Fortune
A banner day for truth, consequences, integrity, and privacy
PGN
China to remove all foreign computer equipment from government
The Guardian
Chinese tech groups shaping UN facial recognition standards
FT
China introduces mandatory face scans for phone users
AFP
TikTok Reverses Ban on Teen Who Slammed China's Muslim Crackdown
NYT
Deepfakes
YouTube via Lauren Weinstein
Fake news probe in Brazil exposes “Office of Hate” within government
Angelica Mari
BBB warns about fake shipping emails
KGW
Exposed: Elaborate plot including fake email from an art expert designed to prove Dali painting that belonged to James Stunt and hung on Prince Charles's wall was real
Daily Mail
Learn lessons from this $1 million email scam
ITWorld
Professor by day, scambuster by night: Business professor helps scam victims
Mustang News
Bogus Emails Give Spirit Airlines Passengers Temporary Headache
TravelPulse
AI Is Not Similar To Human Intelligence. Thinking So Could Be Dangerous
Forbes
SSD drive with critical failure at 32768 hours of operation
HPE
This might be a genuine Y2K problem—are there more?
Martyn Thomas
Plundervault
Ars Technica
Medicare needs to be flexible with Seniors!
KHN
I lost my 193,000-pound inheritance with one-digit-wrong sort code
The Guardian
WSJ discovers that phone systems are hard
danny burstein
Uber's 'Dirty Little Secret': Shared Driver Accounts WSJ)
????
Nearly $50 Million of Ether Swiped From South Korean Cryptocurrency Exchange
WSJ
Fiber-optic cables pinpoint California tectonic fault zone
National Geographic
Dexcom Software Outage Draws Fury from Diabetes Patients and Their Parents
Fortune
Facebook Experiences Sporadic Outages
WSJ
Microsoft OAuth whitelisted unregistered subdomains allowing azure account takeovers
ThreatPost
Re: AI future or follies?
Amos Shapir
Re: Train door safety interlock based on hanger not actual door position
John Murrell
Re: What happens if your mind lives forever on the Internet?
Chris Drewe
Amos Shapir
Re: DMVs profit by selling PII
Kelly Bert Manning
Info on RISKS (comp.risks)

If you think you voted in November in PA … think again!

Rebecca Mercuri <notable@mindspring.com>
Sat, 30 Nov 2019 11:56:45 -0500

Today's NYT article covers many of the points in my recent lectures (vote flipping, obsolete standards, etc.) and alludes to why this isn't accidental.

See: <https://www.nytimes.com/2019/11/30/us/politics/pennsylvania-voting-machines.html> and the eye-opening details at: https://3og1cv1uvq3u3skase2jhb69-wpengine.netdna-ssl.com/wp-content/uploads/2019/09/VOTING-TECHNOLOGY-PROCUREMENT-INVESTIGATION-PUBLIC.pdf

For Philly, $425,000 in lobbying money yielded a $29M contract to ES&S. Less the 10% penalty (the entire purchase should have been rescinded). The $29M may not include the long-term maintenance contract, which gives them even more city funds with access to the devices. And now these machines are in place for maybe 20 years? Sweet deal.

It's not just PA. This voting system replacement scam is going on all over the country where DREs are being upgraded to include the now-required paper. As long as the election officials can hide behind the electronic totals and risk limiting audits they'll continue to avoid hand-counting the ballots. There may be new machines, but the M.O. has not changed. Keep your eye on the swing states (like PA). And spread the word.

Early and often,

[Also, see Nick Corasanti, A Pennsylvania Candidate had 26,142 Votes. The Machine Counted 164. The New York Times National edition, p.20 (Sunday). Fortunately, The ExpressVoteXL (Election Systems & Software) had a paper trail, which many other touch-screen voting systems do not. PGN]


Election Security regulations in the U.S (Fortune)

“Peter G. Neumann” <neumann@csl.sri.com>
Wed, 4 Dec 2019 15:51:22 PST

https://fortune.com/2019/12/04/election-security-regulations-united-states/

“The problem is that the federal certification itself is weak from a security standpoint and that not all states require it,” says J. Alex Halderman, a professor of computer science and engineering at the University of Michigan. “There are more federal requirements that apply to plastic water bottles or whiskey than apply to electronic voting security, which is absolutely incredible to me.”


A banner day for truth, consequences, integrity, and privacy

“Peter G. Neumann” <neumann@csl.sri.com>
Wed, 11 Dec 2019 15:41:03 PST

In Britain, Fake News Muddies Election Run-Up, Adam Satariano, The New York Times National edition A12, 11 Dec 2019.

In Britain, Disinformation Ahead of a Vote Comes Largely from Within. Adam Satariano and Amie Tsang, The New York Times National edition A13, 11 Dec 2019. “We're seeing anyone and everyone picking up these tactics.”

China Jailed the Most Journalists, Rick Gladstone, The New York Times National edition A13, 11 Dec 2019.

In Iran, a Security Breach Exposes 15M Bank Customers, Farnaz Fassihi and Ronan Bergman, NYTimes National edition A14, 11 Dec 2019.


China to remove all foreign computer equipment from government (The Guardian)

“Peter G. Neumann” <neumann@csl.sri.com>
Mon, 9 Dec 2019 11:36:33 PST

https://www.theguardian.com/world/2019/dec/09/china-tells-government-offices-to-remove-all-foreign-computer-equipment

China tells government offices to remove all foreign computer equipment

Directive is likely to be a blow to US multinational companies like HP, Dell and Microsoft

Chinese president Xi Jinping has ordered that all foreign hardware be removed from government offices and agencies.

China has ordered that all foreign computer equipment and software be removed from government offices and public institutions within three years, the Financial Times reports. The government directive is likely to be a blow to US multinational companies like HP, Dell and Microsoft and mirrors attempts by Washington to limit the use of Chinese technology, as the trade war between the countries turns into a tech cold war.

The Trump administration banned US companies from doing business with Chinese Chinese telecommunications company Huawei earlier this year and in May, Google, Intel and Qualcomm [104]announced they would freeze cooperation with Huawei.

By excluding China from western know-how, the Trump administration has made it clear that the real battle is about which of the two economic superpowers has the technological edge for the next two decades.

This is the first known public directive from Beijing setting specific targets limiting China's use of foreign technology, though it is part a wider move within China to increase its reliance on domestic technology.

The FT reported that the directive would result in an estimated 20m- to 30m pieces of hardware needing to be replaced and that this work would begin in 2020. Analysts told the FT that 30% of substitutions would take place in 2020, 50% in 2021 and 20% in 2022.

The order had come from the Chinese Communist party's central office earlier this year, the analysts said. Two employees from cyber security firms told the paper that government clients had described the policy.

Replacing all the devices and software in this timeframe will be challenging, given that many products developed for US operating systems like Windows for Microsoft. Chinese government offices tend to use desktop computers from the Chinese-owned company Lenovo, but components of the computers, including its processor chips and hard drives are made by American companies.

In May, Hu Xijin, editor of the Global Times newspaper in China, said the withdrawal of sharing by US tech companies with Huawei would not be fatal for the company because the Chinese firm has been planning for this conflict “for years” and would prompt the company to develop its own microchip industry to rival America's.

“Cutting off technical services to Huawei will be a real turning point in China's overall research and development and use of domestic chips,” he said in a social media post. ”Chinese people will no longer have any illusions about the steady use of US technology.”


Chinese tech groups shaping UN facial recognition standards (FT)

geoff goodfellow <geoff@iconia.com>
Sun, 1 Dec 2019 10:12:41 -1000

Companies hope to gain an edge by laying the groundwork for global rules

EXCERPT:

Chinese technology companies are shaping new facial recognition and surveillance standards at the UN, according to leaked documents obtained by the Financial Times, as they try to open up new markets in the developing world for their cutting-edge technologies.

Companies such as ZTE, Dahua and China Telecom are among those proposing new international standards—specifications aimed at creating universally consistent technology—in the UN's International Telecommunication Union (ITU) for facial recognition, video monitoring, city and vehicle surveillance.

Standards ratified in the ITU, which comprises nearly 200 member states, are commonly adopted as policy by developing nations in Africa, the Middle East and Asia, where the Chinese government has agreed to supply infrastructure and surveillance tech under its Belt and Road Initiative, according to experts.

“African states tend to go along with what is being put forward by China and the ITU as they don't have the resources to develop standards themselves,” said Richard Wingfield, Head of Legal at Global Partners Digital, a company working on human rights on the Internet.

Europe and North America have their own regional standards setting bodies, such as the IETF, IEEE and 3GPP, which are dominated by domestic industry players. The ITU, on the other hand, is a space where companies outside of North America and Europe tend to shape and drive standard development.

Standard writing gives companies an edge in the market by aligning global rules with the specifications of their own proprietary technology, say experts.

Over the past few years, Chinese surveillance infrastructure has swept across regions from Angola to Zimbabwe. For example, earlier this year South African company Vumacam installed 15,000 surveillance cameras with facial recognition capabilities in Johannesburg, supplied by Hikvision.

In August, Uganda confirmed the nationwide installation of Huawei surveillance cameras with face recognition capabilities. Similarly, the Singapore government plans to install facial recognition cameras on its lampposts, a contract that Chinese start-up Yitu has bid for, according to local reports. …

https://www.ft.com/content/c3555a3c-0d3e-11ea-b2d6-9bf4d1957a67


China introduces mandatory face scans for phone users (AFP)

the keyboard of geoff goodfellow <geoff@iconia.com>
Sun, 1 Dec 2019 10:14:22 -1000

EXCERPT:

China will require telecom operators to collect face scans when registering new phone users at offline outlets starting Sunday, according to the country's information technology authority, as Beijing continues to tighten cyberspace controls.

In September, China's industry and information technology ministry issued a notice on “safeguarding the legitimate rights and interests of citizens online”, which laid out rules for enforcing real-name registration.

The notice said telecom operators should use “artificial intelligence and other technical means” to verify people's identities when they take a new phone number.

A China Unicom customer service representative told AFP that the December 1 “portrait matching” requirement means customers registering for a new phone number may have to record themselves turning their head and blinking.

“In next steps, our ministry will continue to…increase supervision and inspection…and strictly promote the management of real-name registration for phone users,” said the September notice.

Though the Chinese government has pushed for real-name registration for phone users since at least 2013—meaning ID cards are linked to new phone numbers—the move to leverage AI comes as facial recognition technology gains traction across China where the tech is used for everything from supermarket checkouts to surveillance. …

https://news.yahoo.com/china-introduces-mandatory-face-scans-phone-users-091042257.html


TikTok Reverses Ban on Teen Who Slammed China's Muslim Crackdown

Monty Solomon <monty@roscom.com>
Thu, 28 Nov 2019 09:38:44 -0500

https://www.nytimes.com/2019/11/27/technology/tiktok-censorship-apology.html

The video app said it would review its policies after a 17-year-old in New Jersey who discussed Chinese detention camps was locked out of her account.


Deepfakes

Lauren Weinstein <lauren@vortex.com>
Fri, 29 Nov 2019 13:23:10 -0800

Deepfakes can be deep trouble, especially when the alterations are comparatively subtle:

https://www.youtube.com/watch?v=5nDnlA1pv5U


Fake news probe in Brazil exposes “Office of Hate” within government (Angelica Mari)

Gene Wirchenko <gene@shaw.ca>
Mon, 09 Dec 2019 16:22:05 -0800

Angelica Mari for Brazil Tech | 9 Dec 2019

Access will be requested to computers that were allegedly used to spread misinformation with taxpayer money. https://www.zdnet.com/article/fake-news-probe-in-brazil-exposes-office-of-hate-within-government/

selected text:

The investigations into the dissemination of fake news have advanced in Brazil as details of the government's online communication strategy have been unveiled.

According to a ten-hour session involving a former government leader in the Congress, Joice Hasselmann, a group of presidential staff routinely spreads fake news and defames the opposition across social networks as part of their day job.

With federal elections scheduled for late September in Germany, momentum is building behind using anti-botnet laws against automated social-media accounts that churn out disinformation.

Hasselmann's statement describe the inner workings of a cluster operating right next to the presidential office in Bras´┐Żlia, charged with the development and execution of the online communication with the supporter base.


BBB warns about fake shipping emails (KGW)

Monty Solomon <monty@roscom.com>
Mon, 9 Dec 2019 11:52:03 -0500

https://www.kgw.com/article/money/consumer/bbb-warns-about-fake-shipping-emails/283-60363104-f82f-4609-ab01-47ddf2f7198b


Exposed: Elaborate plot including fake email from an art expert designed to prove Dali painting that belonged to James Stunt and hung on

Monty Solomon <monty@roscom.com>
Mon, 9 Dec 2019 11:53:49 -0500

https://www.dailymail.co.uk/news/article-7668579/Elaborate-plot-prove-Dali-painting-belonged-James-Stunt-real.html


Learn lessons from this $1 million email scam (ITWorld)

Monty Solomon <monty@roscom.com>
Mon, 9 Dec 2019 13:58:02 -0500

https://www.itworldcanada.com/article/cyber-security-today-learn-lessons-from-this-1-million-email-scam/424863


Professor by day, scambuster by night: Business professor helps scam victims

Monty Solomon <monty@roscom.com>
Mon, 9 Dec 2019 11:52:55 -0500

https://mustangnews.net/professor-by-day-scambuster-by-night-business-professor-helps-scam-victims/


Bogus Emails Give Spirit Airlines Passengers Temporary Headache

Monty Solomon <monty@roscom.com>
Mon, 9 Dec 2019 11:47:25 -0500

https://www.travelpulse.com/news/airlines/bogus-emails-give-spirit-airlines-passengers-temporary-headache.html


AI Is Not Similar To Human Intelligence. Thinking So Could Be Dangerous (Forbes)

the keyboard of geoff goodfellow <geoff@iconia.com>
Sun, 1 Dec 2019 10:08:18 -1000

EXCERPT:

It's easy to anthropomorphize artificial intelligence. We imagine befriending Siri, or that our self-driving car has our best interests at heart. When we paint a picture of an advanced AI, we might imagine machines that learn, similar to the ways a toddler might learn. We imagine them thinking or coming to conclusions similar to how we do. Even the term neural networks—an algorithm modeled after the human brain—brings up images of a brain-like machine, making decisions. However, thinking an artificial intelligence works in the same way as a human brain can be misleading and even dangerous, says a recent paper <https://link.springer.com/article/10.1007/s11023-019-09506-6> in Minds and Machines <https://link.springer.com/journal/11023> by David Watson <https://www.oii.ox.ac.uk/people/david-watson/> of the Oxford Internet Institute and the Alan Touring Institute…

https://www.forbes.com/sites/fernandezelizabeth/2019/11/30/ai-is-not-similar-to-human-intelligence-thinking-so-could-be-dangerous/


SSD drive with critical failure at 32768 hours of operation (HPE)

Eli the Bearded <*@eli.users.panix.com>
Thu, 28 Nov 2019 02:22:02 -0500 (EST)

https://support.hpe.com/hpsc/doc/public/display?docId=emr_na-a00092491en_us

IMPORTANT: This HPD8 firmware is considered a critical fix and is required to address the issue detailed below. HPE strongly recommends immediate application of this critical fix. Neglecting to update to SSD Firmware Version HPD8 will result in drive failure and data loss at 32,768 hours of operation and require restoration of data from backup in non-fault tolerance, such as RAID 0 and in fault tolerance RAID mode if more drives fail than what is supported by the fault tolerance RAID mode logical drive. By disregarding this notification and not performing the recommended resolution, the customer accepts the risk of incurring future related errors.

32768 hours is strongly suggestive of a very naive bug. In a RAID where all the drives were new originally, this could very quickly destroy the volume. [TWO TO THE FIFTEENTH! strikes again. PGN]


This might be a genuine Y2K problem—are there more?

Martyn Thomas <martyn@thomas-associates.co.uk>
Thu, 28 Nov 2019 08:39:04 +0000

In the run-up to Y2K, one of the fixes was “windowing”, where two digit years below 20 (for example) were treated as in the 21st century and years above 20 were in the 20th. There was some speculation that there might be problems when the end of the window arrived.

This might just be an example: https://nakedsecurity.sophos.com/2019/11/27/splunk-customers-should-update-now-to-dodge-y2k-style-bug/ even though the product was written after 2000, if a pre-existing library was used. If it is a Y2K end-of-window problem, there may be similar problems about to appear.

People who weren't involved in solving the Y2K problem seem to think is wasn't a serious issue. But it was and despite the billions of dollars spent and the tens of thousands of people who worked to identify and fix the problems, 15 nuclear reactors shut down on January 1st 2000. I led the Y2K service line for Deloitte Consulting for a few years and I have described what really happened. See: https://s3-eu-west-1.amazonaws.com/content.gresham.ac.uk/data/binary/2773/2017-04-04-MartynThomas_Y2K-T.pdf


Plundervault

“Peter G. Neumann” <neumann@csl.sri.com>
Wed, 11 Dec 2019 14:55:05 PST

[spotted by Phil Porras]

“By subtly increasing or decreasing the current delivered to a CPU — operations known as ‘overvolting’ and ‘undervolting’—a team of scientists has figured out how to induce SGX faults that leak cryptographic keys, break integrity assurances, and potentially induce memory errors that could be used in other types of attacks.”

https://arstechnica.com/information-technology/2019/12/scientists-pluck-crypto-keys-from-intels-sgx-by-tweaking-cpu-voltage/


Medicare needs to be flexible with Seniors! (KHN)

Gabe Goldberg <gabe@gabegold.com>
Tue, 10 Dec 2019 17:29:25 -0500

https://khn.org/news/website-errors-raise-calls-for-medicare-to-be-flexible-with-seniors-enrollment/


I lost my 193,000-pound inheritance with one-digit-wrong sort code (The Guardian)

Monty Solomon <monty@roscom.com>
Sat, 7 Dec 2019 10:11:46 -0500

https://www.theguardian.com/money/2019/dec/07/i-lost-my-193000-inheritance-with-one-wrong-digit-on-my-sort-code


WSJ discovers that phone systems are hard

danny burstein <dannyb@panix.com>
Thu, 5 Dec 2019 22:18:07 -0500 (EST)

Ok, who here would ever trust basic caller ID, and triply so in a Major Issue like the impeachment hearings?

Regarding those phone logs, displayed in the impeachment process, that seemed to show that Rudy spoke with OMB numerous times:

[Wall Street Journal]

That number, along with the other references in the report to a number associated with OMB, all correspond to a placeholder number that shows up when officials in several White House departments make calls, according to people familiar with the matter. The people said the number shows up on the caller ID of individuals outside the White House when some White House officials call them from a landline.

https://www.wsj.com/articles/doubts-surface-over-giuliani-white-house-budget-office-calls-11575588060

dannyb recalls getting phone calls from the NYTimes phone network with caller ID of “111-111-1111”, and about five years ago when the NYT actually ran a story saying there were going to end that nonsense.


Uber's 'Dirty Little Secret': Shared Driver Accounts (WSJ)

Monty Solomon <monty@roscom.com>
Thu, 28 Nov 2019 09:45:53 -0500

https://www.wsj.com/articles/ubers-dirty-little-secret-shared-driver-accounts-11574883278


Nearly $50 Million of Ether Swiped From South Korean Cryptocurrency Exchange (WSJ)

Monty Solomon <monty@roscom.com>
Thu, 28 Nov 2019 10:18:21 -0500

https://www.wsj.com/articles/nearly-50-million-of-ether-swiped-from-south-korean-cryptocurrency-exchange-11574918838


Fiber-optic cables pinpoint California tectonic fault zone (National Geographic)

the keyboard of geoff goodfellow <geoff@iconia.com>
Sat, 30 Nov 2019 11:58:04 -1000

A new method using fiber-optic cables pinpointed the previously hidden system—and it may reveal more seismic surprises around the globe

EXCERPT:

Beneath The Cerulean waters of Monterey Bay, just a few miles southeast of Santa Cruz, California, a never-before-seen cluster of faults has been found lurking on the ocean floor.

These newly spotted wrinkles in Earth's crust <https://science.sciencemag.org/cgi/doi/10.1126/science.aay5881>, described in a paper published today in Science, are still largely a mystery. We can't say much about their size, shape, or how active they are. Still, the findings show that even in one of the most seismically studied corners of the planet, fault maps of the ocean floor contain gaping holes. That's a big problem, because if we don't know where sea-floor faults are, coastal communities are going to be in the dark about any earthquake or tsunami threats they might present.

The new research also offers a solution to our tectonic blindspot: We can harness the hundreds of thousands of miles of fiber optic cables <https://www.nytimes.com/interactive/2019/03/10/technology/internet-cables-oceans.html> that send emails, Tweets, and video messages ping-ponging across Earth every day. Scientists discovered California's newest known offshore faults by borrowing a garden hose-size fiber optic cable that spans the sea-floor of Monterey Bay and turning it into an ad-hoc seismic array. (Also find out how researchers used ancient Aztec records to find a previously unknown seismic risk in Mexico .) <https://www.nationalgeographic.com/science/2019/10/ancient-aztec-records-reveal-hidden-earthquake-risk-in-mexico/>

Researchers hope this new method might one day be used to collect treasure troves of seismic data in major cities that are already undergirded by networks of fiber optic telecommunications cables but don't have the budget or physical space to install thousands of seismometers. Cables located directly offshore of major population centers, meanwhile, might be slightly retooled to serve as the backbone for new early warning systems. <https://earther.gizmodo.com/inside-the-plan-to-prepare-the-pacific-northwest-for-a-1832591821>

“The possibilities are pretty large,” says study coauthor Craig Dawe <https://www.mbari.org/dawe-craig/> of the Monterey Bay Aquarium Research Institute. “Worldwide, there's lots of fiber optic cable deployed.”

Illuminating the sea-floor…

https://www.nationalgeographic.com/science/2019/11/mysterious-tectonic-fault-zone-found-off-california-using-fiber-optics/


Dexcom Software Outage Draws Fury from Diabetes Patients and Their Parents (Fortune)

Gabe Goldberg <gabe@gabegold.com>
Tue, 3 Dec 2019 01:52:34 -0500

Dexcom's continuous glucose monitoring technology has been a quiet revolution for diabetes patients. The wearable patch keeps tabs on diabetics' blood sugar levels in real time. What's more, the Dexcom G5 and G6 devices can transmit information to a smartphone app through a service called Dexcom Follow—critical for the parents and caregivers of diabetics, who can receive instant notifications of dangerous oscillations in blood glucose for those who may not be capable of monitoring such data themselves.

But, at some point late Friday evening, the Dexcom Follow service went dark. And it still hadn't been fully restored as of Monday afternoon, according to an update on the company's Facebook account.

https://fortune.com/2019/12/02/dexcom-outage-blackout-diabetes-patients-blood-sugar-monitor/


Facebook Experiences Sporadic Outages (WSJ)

Monty Solomon <monty@roscom.com>
Thu, 28 Nov 2019 14:43:44 -0500

https://www.wsj.com/articles/facebook-experiences-sporadic-outages-11574963022


Microsoft OAuth whitelisted unregistered subdomains allowing azure account takeovers

J Coe <spendday@gmail.com>
Tue, 3 Dec 2019 07:27:57 +0000

A vulnerability in the way Microsoft applications use OAuth for third-party authentication could allow an attacker to take over Azure cloud accounts.

At least 54 sub-domains with with whitelisted URL endings were not registered in the Azure portal.

Attackers can take advantage of this by taking over these domains and then registering them, meaning that they would be approved by default and could request users' ‘access_tokens’, which would then allow them to take actions using users' permissions. If a victim is an Azure admin, for instance, an attacker could access high-level permissions, like adding unwanted members to a Microsoft Active Directory role, resetting other users' passwords or adding users to groups,

https://threatpost.com/microsoft-oauth-flaw-azure-takeover/150737/


Re: AI future or follies? (RISKS-31.48)

Amos Shapir <amos083@gmail.com>
Thu, 28 Nov 2019 10:29:57 +0200

The earliest compiled high-level languages were considered “self-programming computers” and “the end of programming by humans”. In a way, that was correct—since programming until then was mostly done in assembly languages; indeed not many assembly programmers are still around by now.

But what such “end of programming” predictions miss, is that while coding is a rote activity that may be replaced by automation, programming is not. The role of a programmer is to expect the unexpected, and tell machines what to do in such unforeseen circumstances; even with AI, humans will always be needed to mediate the real world to mechanical entities.


Re: Train door safety interlock based on hanger not actual door position (RISKS-31.49)

“John Murrell” <mail@JohnMurrell.org.uk>
Tue, 3 Dec 2019 21:23:48 -0000

I contacted the RAIB about this poor design having read their safety digest https://www.gov.uk/government/publications/safety-digest-102019-hockley

My concerns were that the FMEA should have picked the non-detection of the failure of the fasteners up as well as a lot of other faults including:

1: The brackets attached to the door. 2: The bolts that attach to the 'orange drive pieces'. 3: The attachment of the orange drive pieces to the drive belt 4: The drive belt 5: The pulleys in the drive system 6: The pulley pivots , mountings etc. 7: Using a single microswitch in a safety critical application

The reply from the RAIB is as follows:

Thank you for your email. The diagram shows only components relevant to the incident and the omitted components include a second micro switch which detects the position of the right hand (non-incident) door. This is an old but widely used design. The methods used in the design were unlikely to be as now, so our safety digest concentrated on the need for effective fastener retention, a message which applies well beyond the door arrangement involved in the incident.

Without a detailed design analysis it is difficult to know which of the first 7 items on my list above are mitigated by a second microswitch.


Re: What happens if your mind lives forever on the Internet? (RISKS-31.49)

Chris Drewe <e767pmk@yahoo.co.uk>
Thu, 28 Nov 2019 22:12:34 +0000

My concern here is that there are newspaper articles almost daily (at least in the UK) saying “AI is going to make huge changes to everybody's jobs real soon, so what are politicians going to do about it now?!?”, the RISK being that governments will try to figure out what's going to happen and plan for exactly this, while real life goes off in a different direction. Example analogy is civil aviation when I was a kid in the 1960s; the Brits and French saw the future as supersonic travel and developed Concorde at great cost to taxpayers, while Boeing looked to slow but bigger aircraft and developed the 747 'jumbo jet'. Not sure of the precise figures, but there were only 16 Concordes and they last flew about 15 years ago, while 1,500 747s have been built and about 500 are still in service.


Re: What happens if your mind lives forever on the Internet? (RISKS-31.49)

Amos Shapir <amos083@gmail.com>
Sat, 30 Nov 2019 10:41:04 +0200

> “In 20 years time people will still be predicting that in 20 years time we would have machines as intelligent as humans!”

That's because in this context, “human intelligence” is a moving target. Until the 1960's, looking up a name and number in a phone book was considered a task of human intelligence; until the 1990's, it required human intelligence to plan a travel route using a map and traffic reports; even driving a car was considered a task requiring some form of human intelligence until quite recently.

The point is, at any point in time, what is considered “human intelligence” would always be defined as “what machines cannot do now”. Any task which AI achieves, is naturally taken off the list of what AI is supposed to do if/when finally machines become “as intelligent as human”.

So the answer to the question “When will AI reach human intelligence?”, for a visitor of the early 20th century (actually, anyone over 50 years old) is “they already have”; for a current observer, as Martin Ward notes, it will always be “twenty years from now”.


Re: DMVs profit by selling PII

Kelly Bert Manning <bo774@freenet.carleton.ca>
Tue, 10 Dec 2019 12:17:06 -0500 (EST)

I have seen Seattle TV stations saying that Washington state mails an automated notice to the registered owner every time that vehicle registration data is provided to a third party. That would make disclosure more transparent than bulk transfer of data without notice and would give voters what they need to influence legislators, or not if they feel that it is no big deal.

In the late 1980s I discovered that the British Columbia Assessment Authority was peddling the names of every home in BC, along with the names of the 2 previous owners, with zero legislative or regulatory authority. The only authority in the Assessment Act for 3rd party disclosure was when a charge against the property existed, and expired when the lien or mortgage was paid off.

I complained to the BC Ombudsman, as it was called then. They produced a report: https://www.bcombudsperson.ca/documents/access-information-and-privacy

The Social Credit (~USA Republican) was in power and drafted Bill 12 to increase Public Sector Privacy Protection, but got voted out of power and withered away to nonexistence after reporters used BC Online to retrieve details about SoCred BC Premier Vander Zalm still being a corporate board member and about land dealings of the company. I was the Technical Architect for the dial up (1988) version of BC Online, but my employer found me other work when I raised Privacy concerns while putting the Technical Proof of Concept demo together. BC Online exploded to over 10,000 paying customers by the end of the first year of operation. Banks, Realtors, car & boat dealers, lawyers, News Rooms. It was all public record data, but much easier to retrieve 24x7 with a computer than by checking paper files in a land office in person during government office hours. It also dealt with concerns such as pages being removed during inspection by the public.

The NDP (~ UK Labour) watered down Bill 12 to draft Bill 50, which was proclaimed as BC's Freedom of Information and Privacy Act. It has a black letter law prohibition on extracting PII for soliciting, yet the BC Assessment Authority kept peddling PII on optical disks, which Realtors used for sending junk mail. The arrival of personally addressed real estate solicitations at our non published home address continued until it went to a full scale inquiry. I was invited to make a submission to the Inquiry. My name appears in the Thanks next to David Loukidelis, who later became BC's second Information and Privacy Commissioner. https://www.oipc.bc.ca/investigation-reports/1258

Shortly the BC Assessment Authority Director who had been stone walling my concerns for a decade disappeared from the BC Public Service. Perhaps his last meeting with his boss went something like this: https://www.youtube.com/watch?v=0r_L5Z7yLTU

He applied to the BC Cabinet for an Applies Despite exemption to the FOIPP Act, but was turned down and kept on peddling PII. Did he not understand the N or the O? That was a pity. It is better when you can be persuasive and change thinking. Settling for only changing who is doing a job, or simply their behaviour, is a last resort.

A Victoria BC municipal web interface showing the owner name and assessed value of every Victoria property, no questions asked, was quickly shut down by an OIPC BC Order.

That was not the end of the arrival of personally addressed solicitations using prohibited extracts from BC government records at our non published address, but that is another story.

Please report problems with the web pages to the maintainer

Top