The Risks Digest

The RISKS Digest

Forum on Risks to the Public in Computers and Related Systems

ACM Committee on Computers and Public Policy, Peter G. Neumann, moderator

Volume 31 Issue 64

Wednesday 1 April 2020


The Driverless Vehicle Act
Richard Stein, April Fools 2020
Tokyo firm urges caution against surge in coronavirus-related disinformation on April Fools' Day
The Japan Times via Dave Farber
Risks of Ostrichizing Yourself: Almost everything is interdependent
U.S. Health and Human Services Department suffered a cyber-attack
U.S. government & tech industry discussing ways to use smartphone
WashPost via Jan Wolitzky
Putin's New Cyberweapons
Zak Doffman
Classified info on stolen laptop
Electronic Health Records Need an Ethical Tune-Up
Scientific American
Speech recognition algorithms may also have racial bias
Ars Technica
Big Rigs Begin to Trade Diesel for Electric Motors
RFID Locks and the Lock Picking Lawyer
YouTube via Sheldo
Siri and Alexa Fails: Frustrations With Voice Search
The Manifest
Zoom bombing
Video conferences under attack by “zoombombing”
Lauren Weinstein
Beware of call-back numbers
Mabry Tyso vi PGN
Wash Your Hands—but Beware the Electric Hand Dryer
Rob Slade
Why Don't We Just Ban Targeted Advertising
Death on Mars
Scientific American
Her Incredible Sense Of Smell Is Helping Scientists Find New Ways To Diagnose Disease
MIT-based Team Works on Rapid Deployment of Open-source Low-cost Ventilator
MIT News
MIT Will Post Free Plans Online for an Emergency Ventilator That Can Be Built for $100
SciTechDaily via Lauren Weinstein
A computer virus expert looks at CoVID-19
Rob Slade
Mathematics of life and death: How disease models shape national shutdowns and other pandemic policies
Martin Enserink/Kai Kupferschmidt
Coronavirus: Robots use light beams to zap hospital viruses
Risks of extrapolation
Geoff Kuenning
Coronavirus Reactions Creating Major Internet Security Risks
Lauren Weinstein
Seeking podcast contributors relating to Y2K
Peter de Jager
Risks of Leap Years, and depending on WWVB
Rob Seaman
Call for Cyberattack Use Cases
Sami Saydjari
Re: What happens when Google loses your address?
Wendy M. Grossman
Re: 911 operators couldn't trace the location of a dying student's
John Levine
Info on RISKS (comp.risks)

The Driverless Vehicle Act (April Fools 2020)

Richard Stein <>
Mon, 1 Apr 2020 10:49:59 +0800

Washington, DC—With a super PAC war chest estimated at US$ 100M to lubricate Congress, the Driverless Vehicle Consortium's (DVC) eponymously named Driverless Vehicle Act (DVA) achieved veto-proof House and Senate majorities. The White House signaled imminent Presidential signature during a Rose Garden ceremony.

The DVA establishes a taxpayer-funded insurance pool to underwrite full-scale deployment of driverless passenger vehicles and commercial cargo transport across American roads and highways.

The Act authorizes the US Treasury to create a US$ 50B fund to offset potential liabilities arising from DV-initiated accidents and mishaps. Nearly 7 times larger than The September 11th Victim Compensation Fund, the government-backed bonds kick-start a long-overdue infrastructure renewal effort led by the Department of Transportation.

The legislation establishes a special master to administer the fund and adjudicate claims. The National Highway Transportation Safety Agency (NHTSA) budget gained a 10X increase over the US$ 900M 2018 appropriation to energize DV safety monitoring and oversight programs.

The legislation funds the creation and operation of NHTSA towers, similar to those operated by the Federal Aviation Administration for domestic air traffic. The cloud-hosted towers encompass fleet arbitration oversight authority, with local and interstate scope, to proactively anticipate and circumvent DV traffic conflicts.

The NHTSA towers rely on standardized fleet-control capabilities that continuously apply dynamic scheduling to sustain traffic routing, generative adversarial network structures, and deep-learning AI techniques that optimize obstacle avoidance outcomes.

Legislative debate was rancorous in both Congressional houses. Certain consumer-friendly amendments were defeated by business lobbying during Senate and House negotiations to reconcile the Bill before final passage.

Wisconsin Senator Floyd Thursby proposed that new or used DVs eligible for sale be required to prominently display product liability indemnification clauses on their pricing stickers. The amendment's defeat ensures that manufacturers and fleet operators who sell, maintain, own, and/or lease the vehicle platform, including the vital obstacle-avoidance program and inter-vehicle communication software, retain liability ownership for any deployment mishaps.

Louisiana Senator Kaspar ‘Fats’ Guttman proposed a “Dog Fooding” amendment requiring DV manufacturer and fleet operator boards of directors, employees, and their family members to participate in a 6-month duration, pre-deployment trial without backup drivers. An unidentified industry lobbyist exiting the House-Senate conference smirked that the defeated amendment was, “Potentially too retributive.”

Michigan Senator Miles ‘Sharkey’ Archer's “Consumer Vulnerability Exposure” amendment requiring DVs to render explainable diagnostic information from mishaps to assist claim adjudication processes was voted down. Passage would require DV manufacturers and software suppliers to publicly disclose software test plans, test results, release qualification wall clock, and defect discovery/repair life cycle metrics to assist DV safety rating compilation.

Speaking at a press conference, Senator Guttman said, “This legislation green-lights our nation's transport infrastructure transformation, a ‘moonshot on the ground’ for the unforestallable future.“

A reporter asked, “Would he hail a DV to commute to and from Capitol Hill?”, Senator Guttman stated, “The manufacturers and fleet operators have full confidence in their product's effectiveness and operational safety; our regulatory bodies endorse these findings, with acceptable and calculated risks. Get onboard for a ride that makes history!“

Driverless, interstate cargo transport and city-wide passenger hailing services will progressively roll-out, without backup drivers, over the next 3 years. Scholastic, municipal, and cross-country bus services are to deploy initially. The Act also incentivizes state and local emergency services to replenish their aging fleets with DV versions of ambulances, firetrucks, and law enforcement prowlers.

The Bland Institute (BI), a non-profit transportation think-tank, excoriated the DVA as the single largest corporate welfare award in US history. “It progressively accelerates the demise of the right-to-drive by recklessly promoting nascent technology. Deployment will displace long-haul cargo truckers, bus captains, and ride-hailing service drivers. How will these transportation and logistic workers be retrained and re-employed? The re-insurance pool twists capitalism like DNA. It 'plays chicken' with our economic future, public safety, and social fabric. You know it! I know it! The American people know it!” said BI spokeswoman Ms. Brigid O'Shaughnessy.

Cyber-safety and security analysts questioned DV fleet transport operating tower readiness. The effectiveness of tower operating procedures that safeguard end-to-end travel, and cargo delivery service achievement comprise unknowable metrics which the DVA requires the NHTSA to periodically disclose.

DVC spokesperson Henrik T. Ford VIII declined to comment on privately-owned fleet deployment readiness. He said, “DV simulation results comprise closely-guarded corporate trade secrets, intellectual property not freely disclosed. The commuting public will accept certain teething issues given anticipated DV convenience.”

Mobile device-distracted pedestrians, motorcyclists, and bicyclists are advised to be wary when alongside a DV. The transition from a DV-light commute environment consisting of a hybrid transport environment comprised of diminishing human motorists and pedestrians side-by-side with rising DV population, to a DV-supreme environment with carbon-based motorists effectively banished from the road, is fraught with uncertainty.

As incremental DV-supreme transportation conditions emerge, traffic volume will quickly outstrip carbon-based NHTSA tower arbitration and oversight capabilities. “Traffic flow will be best addressed through autonomous management techniques. Human intervention will only be necessary for emergency maintenance and pedestrian incidents,” said an anonymous NHTSA employee speaking on background.

Questions regarding the efficacy and safety of dedicated short-range communications (DSRC) shared spectrum, essential for coordinating and reporting DV movements, remain unresolved.

“Consumers benefit from DSRC. As dual-use spectrum, it will minimize rush-hour congestion while accelerating WiFi content access that optimizes the commuting experience,” said Mr. Ford.

Ms. O'Shaughnessy added, “Consumer skepticism of technologically-enhanced convenience products is justified. Industry self-regulation, galvanized through years of endemic regulatory capture and diminished federal agency enforcement, has shown to compromise the viability and safety of aircraft, cellphones, implanted medical devices, pharmaceuticals—you name it. Our government shills public health and safety like a Ponzi scheme. Are DVs safer than carbon-based drivers? An indication of DV public benefit will be shown if US traffic death rate declines below the 2016 level of 1.18 per 100 million vehicle miles traveled. The DVA represents a parlous wager of investor sagacity with public safety.”

Mr. Wilmer Cook, CEO of stated, “The cyber-attack perimeter for DVs is virtually indefensible. State-sponsored hackers — advanced persistent threats—are likely to penetrate DSRC protocol defenses. Expanding the NHTSA's role is a first step, but DV deployment and operational viability comprise a mega-risk with limited mitigation.”

Tokyo firm urges caution against surge in coronavirus-related disinformation on April Fools' Day (The Japan Times)

Dave Farber <>
Tue, 31 Mar 2020 14:54:37 +0900

While this is Tokyo centric, the disinformation comments apply everywhere.

Risks of Ostrichizing Yourself: Almost everything is interdependent

“Peter G. Neumann”


Wed, 25 Mar 2020 16:46:12 PDT

With respect to everything being interrelated, one of my favorite quotes is from Bob Morris (then chief scientist of the National Computer Security Center):

“To a first approximation, every computer in the world is connected with every other computer.” (19 September 1988, in a briefing from Bob, K Speierman—then Chief Scientist of the NSA—me, and Don Good, for the National Research Council Computer Science and Technology Board in Washington DC)

That bit of wisdom has been borne out by the Internet malware and hacking attacks. But the more general form of it might be this:

To a first approximation, every living creature in the world is ultimately potentially dependent on the behavior of every other creature.

It's a very old idea, e.g.,

“No man is an island, entire of itself.” John Donne, 1624

but hugely timely in light of recent events. [Don't let the proverbial butterflyinyourface.]

U.S. Health and Human Services Department suffered a cyber-attack

Twitter via IFTTT <>
Mon, Mar 16, 2020 at 9:09 AM

On 15 Mar 2020, a HHS computer system was attacked during the nation's response to the coronavirus pandemic, according to three people familiar with the matter.

U.S. government & tech industry discussing ways to use smartphone

Jan Wolitzky <>
Tue, 17 Mar 2020 15:06:29 -0400


To Track Coronavirus, Israel Moves to Tap Secret Trove of Cellphone Data

Putin's New Cyberweapons (Zak Doffman)

“Peter G. Neumann”


Tue, 24 Mar 2020 10:12:06 PDT

“Red faces in Red Square, again. Last July, I reported on the hacking of SyTech, an FSB (Federal Security Service) contractor working on Internet surveillance tech. Now, reports have emerged from Russia of another shocking security breach within the FSB ecosystem. This one has exposed a new weapon ordered by the security service,“ one that can execute cyber attacks on the Internet of Things (IoT)—the millions of connected devices now in our homes and offices.” […]

Classified info on stolen laptop (NYTimes)

Jan Wolitzky <>
Tue, 17 Mar 2020 21:08:00 -0400>

Electronic Health Records Need an Ethical Tune-Up (Scientific American)

Richard Stein <>
Wed, 25 Mar 2020 15:48:43 +0800

The proposed ethical tuneup, a recommendation that EHR engineering and sales businesses (their employees specifically) obey an equivalent physician oath “to do no harm,” must extend beyond this domain.

Why not require employees and governance for every technology vendor or person/persons that design, author/manufacture, test, and publish/sell any product to take an oath?

“Ethics or moral philosophy is a branch of philosophy that involves systematizing, defending, and recommending concepts of right and wrong conduct” per Ethics are mere words unless solemnly embraced and sincerely enforced without being overly restrictive of practice.

Employee rights are essential to assert and demonstrate, without fear of employer reprisal, that a product defect may harm public safety. Defect disclosure transparency of discovery and repair before product release can build public trust. Few businesses unfortunately allow sunshine inside their walls.

Suppose a product defect escape injures customers or jeopardizes public safety, and governance knew in advance, but declined to freely disclose, or direct resolution, before release. This hypothetical business favors schedule and cost achievement over deliverable qualification rigor. Clearly unethical. A catastrophic product defect escape can generate severe brand outrage leading to bankruptcy.

Unfortunately, this conduct regularly occurs across the industrial spectrum: finance, aerospace, medical devices, technology, chemical, mining, automobiles, etc. “Profit Without Honor” by Pontell, testifies to the jeopardy which industry self-regulation, and a deficit of regulatory enforcement, enables acts of impunity against public interests.

What to do? Penalize employees—dock their pay—for not speaking up about defect severity or not communicating defect discovery to the customer? Or penalize employees $10 for every defect escape, perhaps doubling the imposed amount for every layer of management right up through the board of directors, and pay a fine to the national treasury that cuts dividends or curtails stock buy-backs?

A company imposing an exponential organizational penalty structure for defect escape would quickly alienate employees, but immediately telescope the adopting a customer-centric corporate attitude.

One might boost funding for hiring and training regulatory inspectors, perform more frequent inspection, and introduce heavier enforcement actions for violating regulations. But political oversight “blows with wind,” and seldom persists beyond one election cycle.

Systematizing ethics is historically challenging, defending ethics is like “shattered glass in an acid bath,” and recommending ethics to redress organizational behavior is moot unless corporate governance is held accountable regulatory action.

Caveat emptor.

Speech recognition algorithms may also have racial bias (Ars Technica)

Monty Solomon <>
Wed, 25 Mar 2020 10:33:22 -0400

Big Rigs Begin to Trade Diesel for Electric Motors (NYTimes)

Richard Stein <>
Thu, 26 Mar 2020 07:45:05 +0800 After reading the NYT essay, my memory sparked a comp.risks archive search yielding this submission from 2010: “Quiet electric & hybrid cars endanger blind pedestrians” in

In, Jonathan Kamens said, “I believe I first heard about the problem of electric cars being so quiet that they would pose a danger to pedestrians (blind and otherwise) and bicyclists from a kids' science program on TV 27 years ago.” established “FMVSS 141 (Minimum Sound Requirements for Hybrid and Electric Vehicles),” a regulation that applies to hybrids and electric vehicles weighing less than 10,000 lbs (~4.5 metric tons).

The regulation establishes a “crossover” speed value where audible alert emission starts/stops as vehicle tire/wind noise drops below a specified sound pressure level threshold. The regulation is very long and complex, with certain enforcement deferments given manufacturer implementation schedules, etc. If I read it correctly, the regulation establishes vehicle artificial audible alarm emission at and below 30 mph (~48 kph).

Regarding the ‘Big Rig’ family of long-haul electric trucks, I found “Daimler Unveils Electric Freightliner Cascadia,” retrieved on 23MAR2020 from

The article states, “The company unveiled a nearly silent, electric version of its flagship Freightliner Cascadia heavy-duty truck at the Portland International Raceway during a meeting with Wall Street analysts and investors…”

The essay does not mention any audible warning from the cab when in forward motion, though a backup warning (beep…beep…beep) is likely standard.

I reached out to the contact listed in the essay to inquire about audible alert noise emission. Their response was, “Although the FMVSS 141 (Minimum Sound Requirements for Hybrid and Electric Vehicles) applies to vehicle < 10, 000 lbs., we will apply the same standard to our series production electric Freightliner medium- and heavy-duty commercial vehicles. Thus, they will emit a low-speed audible sound in addition to wind/tire noise.”

The Freightliner Cascadia cab weight (batteries included) is estimated @ 26,000 lbs (~11.8 metric tons). That's ~7.4X the weight a 2020 Honda CRV (~1.6 metrics tons). With a typical maximum TEU (twenty-foot equivalent unit) payload of ~24 metric tons, that's 35 metric tons whispering down the road @ ~100 km/h (~60 miles/hour)!

RFID Locks and the Lock Picking Lawyer

Sheldon <>
Sun, 15 Mar 2020 23:52:27 -0400

It is amazing how bad various security products are.

You can see that if you subscribe to the Lock picking lawyer on youtube

Gun safes often can be opened in seconds using a screwdriver. The standard the lockpicking lawyer uses for gun safes is that they have to be able to stop a teenager for a few minutes.

Some RFID door locks do the encryption checking on the outside of the door and just send an unlock signal to the magnetic lock on the inside of the door. So just send the electrical signal to the lock and you are in. Others allow you to capture the encrypted signal so that you can reprogram a card.

Bluetooth padlocks have the problem that they may be produced by companies that don't know how to design locks so that they aren't hard to bypass.

And that's just the beginning. People have expensive and effective locks on doors only to have a lock box for keys that can be opened in seconds.

Go take a look.

And yes, he's a lawyer.

Siri and Alexa Fails: Frustrations With Voice Search (The Manifest)

Gabe Goldberg <>
Thu, 26 Mar 2020 23:59:28 -0400

Voice Search Assistants Are Often Summoned Unintentionally

Joshua Liljenquist is a senior at Minnesota State University in Mankato, Minn. His professor walked into his class sophomore year and began to review the syllabus. He forbade the students from taking photos for note-taking purposes during the lecture, threatening expulsion.

Liljenquist was shocked and whispered to the person next to him, “This guy is kind of an a--——.”

The lecture hall was silent when, suddenly, Liljenquist's Siri, trying to be helpful, said, “I found no results for ‘This guy is kind of an a--——.’ ”

“A wrinkle in my jeans must have set off Siri—My face turned bright red as I wanted to grab my things and sprint out of the classroom. I don't think the timing could be any worse.”

Liljenquist is not alone—64% of voice search users have accidentally accessed a voice assistant in the last month.

Zoom bombing

“John R. Levine”


21 Mar 2020 18:19:02 -0400

A lot of informal online gatherings have moved into online Zoom conferences. Unfortunately, since this is the Internet, trolls join and screen share hardcore porn. Since Zoom was designed as a business conference system where the users are all known to the organizers and can be expected to behave (sort of like the early Internet), it's hard to prevent.

Keeping in mind that the primary blame falls on cretins who think that sort of thing is funny, this is also a usability issue. There are Zoom features to deter this, e.g., lock the room to keep anyone from re-entering after being ejected, but it's not well documented for new users.

Video conferences under attack by “zoombombing”

Lauren Weinstein <>
Sun, 22 Mar 2020 10:42:04 -0700

[In addition to John Levine's Times item:]

Beware of “ZoomBombing” - screensharing filth to video calls

Troll Terrifies Public Zoom Meeting By Sharing Highly Disturbing Video

Beware of call-back numbers

“Peter G. Neumann”


Fri, 20 Mar 2020 8:46:13 PDT

From Mabry Tyson:

Just before 6PM, I got a text on my phone this evening allegedly from 1-860-360-xxxx (I believe this is forgeable) saying

MSG: We have accepted your request. If you did not make this request for an ADDITIONAL LINE please call VZ Customer Support at 1-855-955-0926

This is not someone adding a line as claimed. This is an identity theft attempt.

The victim is expected to call up and be worried about a fraud attempt. They will then ask all kinds of questions, getting whatever identity information they can pull from you.

That 855-955 number is not listed at the VerizonWireless site as a customer support number. The text came through an hour after the customer support closed for the weekend (COVID-19 fallout)

I recently got a postal service mail allegedly from a bank that made a similar claim. I actually checked that it was their customer service number. The bank had no record of the claim.


Wash Your Hands—but Beware the Electric Hand Dryer

Rob Slade <>
Sat, 21 Mar 2020 18:10:40 -0700

Some years back a high-school student (in Alberta?) did a study on the various ways to dry your hands in public washrooms, swabbing her hands and culturing the results. As a control, she wiped her hands dry on her jeans.

Wiping her hands dry on her jeans was cleaner than using air dryers …

Why Don't We Just Ban Targeted Advertising (WIRED)

Gabe Goldberg <>
Sun, 22 Mar 2020 22:47:48 -0400

From protecting privacy to saving the free press, it may be the single best way to fix the Internet.

The solution to our privacy problems, suggested Hansson, was actually quite simple. If companies couldn't use our data to target ads, they would have no reason to gobble it up in the first place, and no opportunity to do mischief with it later. From that fact flowed a straightforward fix: “Ban the right of companies to use personal data for advertising targeting.”

Excruciatingly overlong, makes the point in headline and never stops…

Death on Mars (Scientific American)

Richard Stein <>
Tue, 24 Mar 2020 09:49:50 +0800 by Caleb A. Scharf (20JAN2020).

“The martian radiation environment is a problem for human explorers that cannot be overstated.”

Astronauts traveling to Mars from Earth will experience ~1 sievert of solar radiation (~10000 chest x-rays). “It would increase the odds of you getting fatal cancer by some 5% over your lifetime.”

Without an Earth-like atmosphere and magnetic shield against ionizing radiation, Martian surface colonists will experience an estimated 18 sieverts over a ~20-30 year mission timeline. Digging into the regolith a few meters affords a shield.

Instantaneous exposure to eighteen (18) sieverts will kill a human within a few days. If spread over 20-30 years, one might survive. Although, “there is evidence that neurological function is particularly sensitive to radiation exposure, and there is the question of our essential microbiome and how it copes with long-term, persistent radiation damage.”

As Scharf states, “To put all of this another way: in the worst case scenario (which may or may not be a realistic extrapolation) there's a chance you'd end up dead or stupid on Mars. Or both.”

Her Incredible Sense Of Smell Is Helping Scientists Find New Ways To Diagnose Disease (

Richard Stein <>
Tue, 24 Mar 2020 11:33:52 +0800

The NPR piece discusses Parkinson's Disease detection using a hyperosomic individual—a person with super-sensitive smell.

The “volatilome” is a neologism that characterizes human body odors outgassed from the volatile organic compounds contained by our skin's sebaceous fluid. See, “Discovery of Volatile Biomarkers of Parkinson's Disease from Sebum” for technical details.

Risk: Inexpensive volatilome detectors enlarge individual biometric profile metadata for surveillance economy exploitation.

Will an IoT-enabled volatilome detector eventually replace doorbell camera facial recognition?

IoT devices that embed an open-source, web-enabled 'smellorithm'? The 'Smellogram,' a wireless peripheral proven to reconstruct and spritz any smellorithm-captured volatilome, a must-have 'ugh-mented' reality gizmo.

MIT-based Team Works on Rapid Deployment of Open-source Low-cost Ventilator (MIT News)

“Peter G. Neumann”


Mon, 30 Mar 2020 9:22:31 PDT

David L. Chandler, MIT News, 26 Mar 2020

MIT-based team works on rapid deployment of open-source low-cost ventilator

Clinical and design considerations will be published online; goal is to support rapid scale-up of device production to alleviate hospital shortages.

The new device fits around an Ambu bag (blue), which hospitals already have in abundance. Designed to be squeezed by hand, they are squeezed by mechanical paddles (center) driven by a small motor. This directs air through a tube to the patient's airway, MIT E-Vent Unit.

One of the most pressing shortages facing hospitals during the Covid-19 emergency is a lack of ventilators. These machines can keep patients breathing when they no longer can on their own, and they can cost around $30,000 each. Now, a rapidly assembled volunteer team of engineers, physicians, computer scientists, and others, centered at MIT, is working to implement a safe, inexpensive alternative for emergency use, which could be built quickly around the world.

The team, called MIT E-Vent [] (for emergency ventilator), was formed on 12 March 2020 in response to the rapid spread of the Covid-19 pandemic. Its members were brought together by the exhortations of doctors, friends, and a sudden flood of mail referencing a project done a decade ago in the MIT class 2.75 (Medical Device Design). Students working in consultation with local physicians designed a simple ventilator device that could be built with about $100 worth of parts. They published a paper detailing their design and testing, but the work ended at that point. Now, with a significant global need looming, a new team, linked to that course, has resumed the project at a highly accelerated pace. []

MIT E-Vent Unit 000 Setup, Image by JC

The key to the simple, inexpensive ventilator alternative is a hand-operated plastic pouch called a bag-valve resuscitator, or Ambu bag, which hospitals already have on hand in large quantities. These are designed to be operated by hand, by a medical professional or emergency technician, to provide breaths to a patient in situations like cardiac arrest, until an intervention such as a ventilator becomes available. A tube is inserted into the patient's airway, as with a hospital ventilator, but then the pumping of air into the lungs is done by squeezing and releasing the flexible pouch. This is a task for skilled personnel, trained in how to evaluate the patient and adjust the timing and pressure of the pumping accordingly.

The innovation begun by the earlier MIT class, and now being rapidly refined and tested by the new team, was to devise a mechanical system to do the squeezing and releasing of the Ambu bag, since this is not something that a person could be expected to do for any extended period. But it is crucial for such a system to not damage the bag and to be controllable, so that the amount of air and pressures being delivered can be tailored to the particular patient. The device must be very reliable, since an unexpected failure of the device could be fatal, but as designed by the MIT team, the bag can be immediately operated manually.

MIT E-Vent Unit 002 Undergoing Testing, Image by MD

The team is particularly concerned about the potential for well-meaning but inexperienced do-it-yourselfers to try to reproduce such a system without the necessary clinical knowledge or expertise with hardware that can operate for days; around 1 million cycles would be required to support a ventilated patient over a two-week period. Furthermore, it requires code that is fault-tolerant, since ventilators are precision devices that perform a life-critical function. To help curtail the spread of misinformation or poorly-thought-out advice, the team has added to their website verified information resources on the clinical use of ventilators and the requirements for training and monitoring in using such systems. All of this information is freely available at

“We are releasing design guidance (clinical, mechanical, electrical/controls, testing) on a rolling basis as it is developed and documented,” one team member says. “We encourage capable clinical-engineering teams to work with their local resources, while following the main specs and safety information, and we welcome any input other teams may have.”

The researchers emphasize that this is not a project for typical do-it-yourselfers to undertake, since it requires specialized understanding of the clinical-technical interface, and the ability to work in consideration of strict U.S. Food and Drug Administration specifications and guidelines.

Such devices “have to be manufactured according to FDA requirements, and should be utilized [only] under the supervision of a clinician. The Department of Health and Human Services released a notice stating that all medical interventions related to Covid-19 are no longer subject to liability, but that does not change our burden of care. At present, we are awaiting FDA feedback about the project. Ultimately, our intent is to seek FDA approval. That process takes time, however,” a team member said.

The all-volunteer team is working without funding and operating anonymously for now because many of them have already been swamped by inquiries from people wanting more information, and are concerned about being overwhelmed by calls that would interfere with their work on the project. “We would really, really like to just stay focused,” says one team member. “And that's one of the reasons why the website is so essential, so that we can communicate with anyone who wants to read about what we are doing, and also so that others across the world can communicate with us.”

“The primary consideration is patient safety. So we had to establish what we're calling minimum clinical functional requirements,” that is, the minimum set of functions that the device would need to perform to be both safe and useful, says one of the team members, who is both an engineer and an MD. He says one of his jobs is to translate between the specialized languages used by the engineers and the medical professionals on the team.

That determination of minimum requirements was made by a team of physicians with broad clinical backgrounds, including anesthesia and critical care, he says. In parallel, the group set to work on designing, building, and testing an updated prototype. Initial tests revealed the high loads that actual use incurs, and some weaknesses that have already been addressed so that, in the words of team co-leads, “Even the professor can kick it across the room.” In other words, early attempts focused on super “makeability” were too optimistic.

New versions have already been fabricated and are being prepared for additional functional tests. Already, the team says there is enough detailed information on their website to allow other teams to work in parallel with them, and they have also included links to other teams that are working on similar design efforts.

In under a week the team has gone from empty benches to their first realistic tests of a prototype. One team member says that in the less than a week full they have been working, motivated by reports of doctors already having to ration ventilators, and the intense focus the diverse group has brought to this project, they have already generated “multiple theses worth” of research.

The cross-disciplinary nature of the group has been crucial, one team member says. “The most exciting times and when the team is really moving fast are when we have an a design engineer, sitting next to a controls engineer, sitting next to the fabrication expert, with an anesthesiologist on WebEx, all solid modeling, coding, and spreadsheeting in parallel. We are discussing the details of everything from ways to track patients' vital signs data to the best sources for small electric motors.”

The intensity of the work, with people putting in very long hours every day, has been tiring but hasn't dulled their enthusiasm. “We all work together, and ultimately the goal is to help people, because people's lives understandably hang in the balance,” he said.

The team can be contacted via their website [].

David L. Chandler writes about energy, engineering, and materials science for the MIT News Office.

MIT Will Post Free Plans Online for an Emergency Ventilator That Can Be Built for $100

Lauren Weinstein <>
Mon, 30 Mar 2020 08:29:02 -0700

I've been arguing for weeks that there's no good reason that ventilators have to be so expensive and complex as the ones routinely used today, when not having any kind of ventilator means DEATH for so many patients.

A computer virus expert looks at CoVID-19

Rob Slade <>
Tue, 31 Mar 2020 11:05:01 -0700

First off, let me say that, while “virus” was and is a reasonably good choice as a term for replicating malware, it doesn't do to push the analogy too far. A computer; any computer, even a supercomputer; is a fairly simple entity in comparison with the complexity of the human body. And it's easy to say whether or not a computer is infected with a computer virus. It's pretty quantum. Either the computer is infected or not. Either a computer virus is running in memory or it's not.

When I worked in the isolation ward and in industrial first aid, I learned a lot of things that later pointed out just how different biological and computer viruses were. And, when you study the various fields of science, which I did, it's easy to analyze some of the factors that determine how viruses work.

In comparison to a computer, any body is more akin to, well, the Internet itself. A network of billions of computers (all the cells in your body), any one of which may or may not be infected.

A computer virus is just code. I have several thousand computer viruses in the office with me. Hundreds of them are on each of the computers I have. They are of almost no risk to anyone, since they are all on either floppy disks (those are of no risk to anyone who doesn't have a floppy disk drive anymore) or in “zoo” directories. They aren't going to execute. They won't replicate unless I copy them somewhere. (No, don't ask. We old malware researchers are funny that way.)

A biological virus is alive. Actually, get a few microbiologists in a room together, and making that statement is a good way to start an argument. There are a large number of factors that we generally consider necessary for life that viruses don't have. But we can say that viruses are, at some point, viable and will replicate (under the right conditions), and, at another point, are not viable, and won't replicate.

It's rather difficult to say that a person (a body) is infected or not. I probably have some rhinovirus in me somewhere, but I don't (at the moment) have a cold (that I know of). I probably have some flu virus (viruses?) in me somewhere, but I don't have the flu. There is a progression in most virus infections. You get a virus on or in you. (Actually, it's probably more than one “copy” of the same virus. Infectious disease people talk about viral “load,” in reference to the number of viruses that you need to infect, or that you have, or that you shed when/while you are infectious.) Your body has defences that are running all the time to fight off viruses, bacteria, parasites, and other things that shouldn't be in your body. But if there are enough copies of the virus, they may either get past or overwhelm your defences and start to replicate.

At that point, you probably can be said to be infected, but you probably don't know it yet. The virus is attacking and spreading in your body, but not to the point of causing symptoms yet. That is why you can be infected, and infectious, before you realize it.

The virus replicates by inserting it's own genetic material into one of your cells, and getting the cell to reproduce it (generally destroying your cell in the process). (CoVID-19's genetic material is RNA rather than DNA, but since we use RNA in the process of recreating our own DNA this is not a problem. For CoVID-19. It is kind of a problem for us.) Viruses tend to have certain types of cells that they prefer. CoVID-19 prefers lung tissue (among other types). Once a virus has started to reproduce on a large scale in your body, the fact that you are losing some of your cells, and the fight that your defences are making against the virus, starts to produce symptoms. At this point you are infected, and infectious, and probably know something is wrong.

Your defences have some generic ways to identify and fight off intruders. (These are akin to the change detection or activity monitoring types of computer antivirus programs.) But, when an infection actually takes hold, your defences start to learn how to recognize and target the specific infection. This process often involves antigens. (This is similar to computer virus signature scanning types of antiviral programs.) (We'll come back to antigens.) These defences may, initially, create additional symptoms, or make the existing symptoms worse, but, eventually, they will build up and overwhelm the specific virus, drive it—well, not away completely, but to a very low level—and cure you. If the infection doesn't kill you first. As your defences are getting the better of the virus, you are still somewhat infected, and still shedding copies of the virus, and therefore are still infectious, but your symptoms are disappearing and you are feeling better.

I've mentioned the issue of viruses being alive versus being viable. CoVID-19 seems to need to be wet to be viable. It travels between people in drops of water or mucus. (Very small drops, so we call them droplets.) The virus itself can't exist (or, at least, isn't viable) as a single virus with no water that can be breathed out and hang in the air for some time, bouncing between air molecules. Some viruses can; we call them aerosols (and there are other types of small particles that hang in the air that we call aerosols); but CoVID-19 doesn't seem to be able to do this. (Sometimes people say that coughing aerosolizes your saliva, but the droplets with water are much bigger than true aerosols.) The droplets have to be big enough to contain water for the CoVID-19 virus to be viable, in order to be infectious, so that means that the droplets are heavy, and therefore fall out of the air fairly quickly and can't travel very far from the person who produced them. (This is where the “six feet”/“two metres”/“fingertip to fingertip” rules come from, and why we now talk about social distancing, which sounds cute but isn't accurate, or physical distancing, which is more accurate but isn't as catchy as a phrase.)

This is why masks aren't very effective at preventing people from getting the virus (although they do help in some specific and dangerous situations where you are encountering a number of people with a high viral load who are coughing up droplets a lot). Masks are somewhat more effective at preventing people who are sick from spreading infections, since the masks, even just dust masks, catch the droplets. If you get the virus, you probably won't breath it in. You will probably touch a surface (any surface, even the surface of yourself or another person) where a droplet has landed, and then touch the mucus membranes of your eyes, nose, or mouth, which are nice and moist and CoVID-19 really likes. And remains viable. And infects. (Are your eyes getting itchy just thinking about this? When was the last time you touched your eyes because they felt itchy? You touch your face a lot more than you realize. This is why constant hand-washing, with soap, or hand sanitizing, is important. The outer envelope of a coronavirus is mostly a layer of fat, and, if you know chemistry, it easy to see why coronaviruses really don't like soap or alcohol.)

You may have heard that CoVID-19 can be detected in air hours after an infected person has been there. You may have heard that CoVID-19 can be detected on surfaces up to three days after an infected person has been there (depending on the type of surface). There is a difference between “can be detected” and “is viable.” Remember that our current tests for CoVID-19 are checking for strings of the RNA of the virus, in the same way that computer antivirus programs check for strings of code that are unique to the computer virus. The virus, or fragments of the virus (even if not wet or viable), can hang in the air, or be on surfaces, and be detected by RNA tests, long after it has ceased to be viable and infectious.

(There is another type of test, one form of which is currently under trial, involving the antigens we spoke of earlier. This type of test will not detect the virus directly, but detects whether someone has been sufficiently exposed to the virus to develop specific defences to it. This would indicate that a person has had the virus, and then recovered (or is recovering), whether or not they demonstrated any symptoms. This test will tell us other, different, things about the virus and how it spreads, particularly about how many people in a given population get infected.)

We are security professionals. We deal with risk. We know that risk always involves probability. A biological infection situation is not quantum. It is not “if you leave the house you will get infected.” It is “if you leave the house there is a higher likelihood you will become infected.” Biological virus infection involves proximity to an infected person, time of exposure, that person's viral load, number of proximal contacts, and a number of other factors. And all of the various factors involve probabilities.

The probabilities can add up. If you pass someone on the street or in a store, there is maybe a one in a million chance you will get infected. (Don't quote me on the “million.” It's just for this example.) That isn't big. If you own a pool there is twice that chance that you will die by drowning, but many people accept that risk. We could avoid the risk of infection by not going out, but then there is a risk we could starve to death, so we have to calculate and balance those risks. But if we encounter ten people at that store, those risks add up, so now we are at one in a hundred thousand. And if we go to ten stores, then we go to one in ten thousand. And if we keep that up for ten days then we go to one in a thousand, and if we keep it up for three months we are at one percent. Which starts to sound like it might be a bit dangerous when the impact is that we might die.

So we have rules. But the rules are based on probabilities. It's not that at six feet you are safe but at five foot six inches you will be infected, but that it is unlikely that droplets will easily jump six feet. They will more easily jump three feet, although it's still not guaranteed. Rinsing your hands with water will get rid of 80% of germs on your hands. Washing with soap and water for 20 seconds and the proper process will get rid of 99.9% of germs. But, if you are pretty sure that you've touched something that might be dangerous, but you can't right now, wash thoroughly but you can, right now, rinse your hands, then rinsing your hands right now is better than doing nothing. (Although you should make sure you wash your hands thoroughly, as soon as you can.) All of our “six feet,” “wash hands,” “don't congregate” rules are risk mitigation.

(No, for those students of risk management, there is no risk transfer in this scenario.)

And remember the tests that can't tell the difference between viable and dead viruses, and the studies that say the virus can live on surfaces for three days (if metal or plastic) or four hours (if copper or cardboard or steel but in direct sunlight)? It's not that all the virus copies stay alive for seventy two hours and then die on the seventy third. Copies of the virus are dying all the time, and after a certain number of hours half of them are dead, and after that same number of hours half of the remaining ones are dead, and all that time the viral load is going down and the probability that there will be enough copies of the virus to actually infect you is reducing.

So, you calculate the risks, and assess them, the same way that you calculate that it is unlikely that you will be stabbed to death if you go to a party. 1.5514085

(Wait. You were at a party? During the CoVID-19 crisis? What kind of risk management decision is that?)

Mathematics of life and death: How disease models shape national shutdowns and other pandemic policies (Martin Enserink/Kai Kupferschmidt)

Dewayne Hendricks <>
March 27, 2020 22:09:12 JST

Science, 25 Mar 2020 <>

Jacco Wallinga's computer simulations are about to face a high-stakes reality check. Wallinga is a mathematician and the chief epidemic modeler at the National Institute for Public Health and the Environment (RIVM), which is advising the Dutch government on what actions, such as closing schools and businesses, will help control the spread of the novel coronavirus in the country.

The Netherlands has so far chosen a softer set of measures than most Western European countries; it was late to close its schools and restaurants and hasn't ordered a full lockdown. In a 16 March speech,

Prime Minister Mark Rutte rejected working endlessly to contain the virus and shutting down the country completely. Instead, he opted for controlled spread of the virus among the groups least at risk of severe illness while making sure the health system isn't swamped with COVID-19 patients. He called on the public to respect RIVM's expertise on how to thread that needle. Wallinga's models predict that the number of infected people needing hospitalization, his most important metric, will taper off by the end of the week. But if the models are wrong, the demand for intensive care beds could outstrip supply, as it has, tragically, in Italy and Spain.

COVID-19 isn't the first infectious disease scientists have modeled—Ebola and Zika are recent examples—but never has so much depended on their work. Entire cities and countries have been locked down based on hastily done forecasts that often haven't been peer reviewed. “It has suddenly become very visible how much the response to infectious diseases is based on models,” Wallinga says. For the modelers, “it's a huge responsibility,” says epidemiologist Caitlin Rivers of the Johns Hopkins University Center for Health Security, who co-authored a report about the future of outbreak modeling in the United States that her center released yesterday.

Just how influential those models are became apparent over the past 2 weeks in the United Kingdom. Based partly on modeling work by a group at Imperial College London, the U.K. government at first implemented fewer measures than many other countries—not unlike the strategy the Netherlands is pursuing. Citywide lockdowns and school closures, as China initially mandated, “would result in a large second epidemic once measures were lifted,” a group of modelers that advises the government concluded in a statement. Less severe controls would still reduce the epidemic's peak and make any rebound less severe, they predicted.

But on 16 March, the Imperial College group published a dramatically revised model that concluded—based on fresh data from the United Kingdom and Italy—that even a reduced peak would fill twice as many intensive care beds as estimated previously, overwhelming capacity. The only choice, they concluded, was to go all out on control measures. At best, strict measures might be periodically eased for short periods, the group said (see graphic, below). The U.K. government shifted course within days and announced a strict lockdown.

Epidemic modelers are the first to admit their projections can be off. “All models are wrong, but some are useful,” statistician George Box supposedly once said—a phrase that has become a cliche in the field.

Textbook mathematics

It's not that the science behind modeling is controversial. Wallinga uses a well-established epidemic model that divides the Dutch population into four groups, or compartments in the field's lingo: healthy, sick, recovered, or dead. Equations determine how many people move between compartments as weeks and months pass. “The mathematical side is pretty textbook,” he says. But model outcomes vary widely depending on the characteristics of a pathogen and the affected population.

Because the virus that causes COVID-19 is new, modelers need estimates for key model parameters. These estimates, particularly in the early days of an outbreak, also come from the work of modelers. For instance, by late January several groups had published roughly similar estimates of the number of new infections caused by each infected person when no control measures are taken — a parameter epidemiologists call R0. “This approximate consensus so early in the pandemic gave modelers a chance to warn of this new pathogen's epidemic and pandemic potential less than 3 weeks after the first Disease Outbreak News report was released by the WHO [World Health Organization] about the outbreak,” says Maia Majumder, a computational epidemiologist at Harvard Medical School whose group produced one of those early estimates.

Wallinga says his team also spent a lot of time estimating R0 for SARS-Cov-2, the virus that causes COVID-19, and feels sure it's just over two. He is also confident about his estimate that 3 to 6 days elapse between the moment someone is infected and the time they start to infect others. From a 2017 survey of the Dutch population, the RIVM team also has good estimates of how many contacts people of different ages have at home, school, work, and during leisure. Wallinga says he's least confident about the susceptibility of each age group to infection and the rate at which people of various ages transmit the virus. The best estimates come from a study done in Shenzhen, a city in southern China, he says.

Compartment models assume the population is homogeneously mixed, a reasonable assumption for a small country like the Netherlands. Other modeling groups don't use compartments but simulate the day-to-day interactions of millions of individuals. Such models are better able to depict heterogeneous countries, such as the United States, or all of Europe. WHO organizes regular calls for COVID-19 modelers to compare strategies and outcomes, Wallinga says: “That's a huge help in reducing discrepancies between the models that policymakers find difficult to handle.”

Still, models can produce vastly different pictures. A widely publicized, controversial modeling study published yesterday by a group at the University of Oxford argues that the deaths observed in the United Kingdom could be explained by a very different scenario from the currently accepted one. Rather than SARS-CoV-2 spreading in recent weeks and causing severe disease in a significant percentage of people, as most models suggest, the virus might have been spreading in the United Kingdom since January and could have already infected up to half of the population, causing severe disease only in a tiny fraction. Both scenarios are equally plausible, says Sunetra Gupta, the theoretical epidemiologist who led the Oxford work. “I do think it is missing from the thinking that there is an equally big possibility that a lot of us are immune,” she says. The model itself cannot answer the question, she says; only widespread testing for antibodies can, and that needs to be done urgently.

Coronavirus: Robots use light beams to zap hospital viruses (

Richard Stein <>
Mon, 23 Mar 2020 07:10:47 +0800

“Glowing like light sabres, eight bulbs emit concentrated UV-C ultraviolet light. This destroys bacteria, viruses and other harmful microbes by damaging their DNA and RNA, so they can't multiply.”

“It's also hazardous to humans, so we wait outside. The job is done in 10-20 minutes. Afterwards there's a smell, much like burned hair.”

This disinfection bot is not “Bad to the Bone,” but is bad to the skin.

Risk: Melanoma from UV-C albedo.

Risks of extrapolation

Geoff Kuenning <>
Sat, Mar 21, 2020 at 8:55 AM

Professor Ioannidis criticizes working with a lack of data, and then proceeds to extrapolate (apparently entirely from a single population of 700 people) without even attempting to examine the extensive data we already have. In particular, Mark Handley of University College London has shown that when unchecked, infections grow at a rate of about 35% per day, which translates to doubling every three days. That's completely unlike the seasonal flu, which infects only a small proportion of the population each year.

The data we have is consistent with that growth pattern. We don't run out of ICU beds with the seasonal flu. But multiple localities are running out of beds.

There is also evidence that people who suffer severe COVID-19 symptoms survive with significantly reduced lung capacity. Again, that's different from the seasonal flu.

But perhaps the most bizarre argument in his article is his apparent claim in the article that the best thing to do is to let everybody who contracts the virus die quickly so that there will be ICU beds left over for heart patients six months from now. (Search the article for “heart attack” and read the paragraph containing that phrase.)

I am reminded of James Watson's statement that “One could not be a successful scientist without realizing that, in contrast to the popular conception supported by newspapers and mothers of scientists, a goodly number of scientists are not only narrow-minded and dull, but also just stupid.”

Like an elephant being attacked by a house cat'


“If we had not known about a new virus out there, and had not checked individuals with PCR [virus] tests, the number of total deaths due to ‘influenza-like illness’ would not seem unusual this year. At most, we might have casually noted that flu this season seems to be a bit worse than average.”

This was not written by some right-wing crank claiming coronavirus is a conspiracy to deny President Trump a second term, or an excuse to bring down capitalism.

It's from a sobering and illuminating essay by Stanford University epidemiologist John Ioannidis, co-director of its Meta-Research Innovation Center, published in the life sciences news site STAT.

The coronavirus-driven crackdowns on public life by state and local political leaders are being made in a data vacuum, Ioannidis warns, and extreme government measures to prevent infections may actually lead to more deaths.

“The current coronavirus disease, Covid-19, has been called a once-in-a-century pandemic,” he says. “But it may also be a once-in-a-century evidence fiasco,” with policymakers relying on “meaningless” statistics based on unreliable samples. […]

The “M” in XML stands for markup. If you don't have anything outside the angle brackets, you probably shouldn't be using XML.

Coronavirus Reactions Creating Major Internet Security Risks

Lauren Weinstein <>
Wed, 18 Mar 2020 10:30:04 -0700

Seeking podcast contributors relating to Y2K (Peter de Jager)

Peter de Jager <>
Mon, 30 Mar 2020 12:29:31 -0400

Peter de Jager, once prominent in the Y2K issue, who wrote the now infamous ‘Doomsday 2000’ article in Computerworld in Sept1993, and operated the now defunct Year2000,com website, has decided to take a look back at Y2K and is producing a podcast: Y2K an Autobiography. [Only if it writes itself! PGN]

You can google it, or find it here:

Free Content:

Premium Content: [You're welcome to use, and share this 70% off discount code for the premium content: risksdigest]

John Koskinen, once the Y2K Czar for Clinton's Task force has supported this effort by doing an interview with him - you can find this interview and others in the Premium content.

I have a request. If you worked on Y2K in any capacity? He'd like to interview you for the show, so that you can tell your side of the so called ‘hoax’ we were a part of — and set the record straight. If you're interested in more details on how he's doing the interviews? Please contact him at:

Here's his promise - you have final say on whether or not your interview is released - unlike the typical media interview where you have no control over how you're represented? Peter wants your story to represent your full perspective of your involvement and not just a few cherry picked quotes to meet the media's agenda.

Risks of Leap Years, and depending on WWVB

Rob Seaman <>
Mon, 23 Mar 2020 10:00:03 -0700

If a WWVB watch misses a Daylight Saving time adjustment it is not the fault of WWVB, which distributes Coordinated Universal Time (UTC), not local time and not DST. The rabbit hole starts with

Also, leap day technically occurs on February 24, not February 29. Search on ‘bissextile’ for historical context. Perhaps only of interest to historians, but on the other hand little about the fundamental pinnings of calendars or timekeeping is coherently fixed in current international law.

For that matter, “Old Style” New Year's Day was Lady Day, March 25. George Washington was born on February 11, 1731 O.S., which is February 22, 1732 N.S.

In short, any attempt to simplify analysis of dates and times will fail, certainly historically and likely into the future.

Rob Seaman, Lunar and Planetary Laboratory, University of Arizona

Call for Cyberattack Use Cases

Sami Saydjari <>
Tue, 31 Mar 2020 11:49:18 -0400

Peter and RISKS friends and colleagues:

Of course, I will cross-link to important related websites, cite RISKS, etc. So, those sorts of pointers are welcome as well. In case anyone is interested, other sections I plan for the website include:

Re: What happens when Google loses your address? (RISKS-31.62)

“Wendy M. Grossman” <>
Sat, 21 Mar 2020 22:43:29 +0000

For some years, one of London's major route maps, used by mini cab drivers and lots of others (even black cabs, since where I live is not within the confines of The Knowledge), had my tiny street placed wrong. Cab drivers could never find it, and despatchers typically did not pass on my instructions (I guess they thought they knew better).

There is a much larger street nearby with a similar name (Road instead of Avenue), and cab drivers often went there, fruitlessly looking for my number. I'm not sure what house he went to, but one 6am cabbie showed up at my door. “I went to Xxxxx Road,” he said. Then he handed over a pile of paper. “They had your mail.”

Re: 911 operators couldn't trace the location of a dying student's phone. (Stein, RISKS-31.60)

John Levine <>
21 Mar 2020 18:26:20 -0400

> [Roger that, John. Wonder if there should be a standardized ‘soft’ > GSM/CDMA emulation of h/w location discovery? If there was, it'd probably > be full of holes. Nothing like a keyed and registered GPS locater to > enable surveillance, I guess. RS]

They knew where he was from cell site data, but it is a big apartment block and they couldn't find which apartment it was.

Please report problems with the web pages to the maintainer