The RISKS Digest
Volume 31 Issue 67

Saturday, 11th April 2020

Forum on Risks to the Public in Computers and Related Systems

ACM Committee on Computers and Public Policy, Peter G. Neumann, moderator

Please try the URL privacy information feature enabled by clicking the flashlight icon above. This will reveal two icons after each link the body of the digest. The shield takes you to a breakdown of Terms of Service for the site - however only a small number of sites are covered at the moment. The flashlight take you to an analysis of the various trackers etc. that the linked site delivers. Please let the website maintainer know if you find this useful or not. As a RISKS reader, you will probably not be surprised by what is revealed…


COVID-19 needs some big-picture thinking
Apple-Google Proposal for Contact Tracing
Marc Rotenberg
Can Legislatures Safely Vote by Internet?
Andrew Appel
Citing BGP hijacks and hack attacks, feds want China Telecom out of the U.S.
Ars Technica
Should we teach children about quantum computing?
Re: Boeing 787s must power cycle every 51 days
Amos Shapir
Re: Masking the CoVID-19 problem
Gregory Carvalho Amos Shapir Julian Bradfield
Info on RISKS (comp.risks)

COVID-19 needs some big-picture thinking (PGN)

“Peter G. Neumann” <>
Sat, 11 Apr 2020 11:26:27 PDT

Overall, COVID-19 is eventually going to offer us many lessons in retrospect, if we are paying enough attention. Advanced planning for realistic scenarios has often been eschewed. There are divergent models with incomparable assumptions, not enough testing, not enough equipment and personnel, disrespect and disregard for science and clear evidence, and much more. But some increased predictability is emerging, and sheltering in place seems to be ‘flattening the curve’. Above all, centralized leadership is critical. Ultimately, we need to consider this crossroads as as an opportunity for our civilation to reflect on what must change in the future, particularly regarding health care and long-term instead of short-term optimization.

However, hucksters are trying to capitalize on fear, with new creative forms of fraud and deception. Misinformation abounds. This morning's news includes an item on the risks of misinformation that is also relevant. A front-page article by Adam Satariano and Davey Alba, Britons Set Fire to Cell Towers, Driven by False Theory on Virus. in The New York Times today is relevant here, which “some government officials call an Internet Conspiracy Theory” that links 5G emanations with increased susceptability to COVID-19. This has resulted in the UK in more than 30 acts of arson and vandalism against wireless towers. “In roughly 80 other episodes in other countries, telecom technicians have been harassed on the job.” Misinformation is also becoming viral, and evidently pandemic as well.

These are stressful times, but I seem to be stepping up the frequency of RISKS issues, rather than getting way behind and playing catchup with huge issues. This will keep the issues more timely, as things are changing rapidly. RISKS remains an open forum for discourse, so we welcome constructive criticism and always value corrections.

End of my own rant for now. I have other things to do. PGN

Apple-Google Proposal for Contact Tracing

Marc Rotenberg <>
Fri, 10 Apr 2020 16:19:00 -0400 <>

EPIC: Apple and Google Propose Contact Tracing App

Apple and Google announced today "a joint effort to enable the use of Bluetooth technology to help governments and health agencies reduce the spread of the virus, with user privacy and security central to the design." The companies are proposing “Privacy-Preserving Contact Tracing.” <> EPIC has previously testified <> in Congress in support of genuine Privacy Enhancing Techniques, which EPIC President Marc Rotenberg has defined <> as technologies that “minimize or eliminate the collection of personally identifiable information.” But EPIC has also warned <> that these techniques must be “robust, scaleable and provable.” And EPIC has repeatedly stated that notice and consent is not the basis of data protection.

Can Legislatures Safely Vote by Internet? (Andrew Appel)

“Peter G. Neumann” <>
Fri, 10 Apr 2020 11:29:32 PDT

Andrew Appel has just published a short blog article: [

Citing BGP hijacks and hack attacks, feds want China Telecom out of the U.S. (Ars Technica)

the keyboard of geoff goodfellow <>
Sat, 11 Apr 2020 08:05:12 -1000

With a history of cyber-attacks, Chinese-owned telecom is a threat, officials say


Citing the misrouting of US Internet traffic, malicious hacking and control by the Chinese government, a group of US executive agencies are recommending the FCC revoke the license authorizing China Telecom to provide international telecommunications services to and from the United States.

The recommendation comes amid an escalation in tensions between the US and China over a host of issues, including trade, disagreements about the handling of the novel coronavirus, and hacking. Thursday's move comes as part of a review the FCC disclosed last year, when the agency barred China Mobile Limited from the US market. The federal government has also designated both Huawei and ZTE as national security threats. <>

“The security of our government and professional communications, as well as of our most private data, depends on our use of trusted partners from nations that share our values and our aspirations for humanity,” John C. Demers, assistant attorney general for national security, said in a release. “Today's action is but our next step in ensuring the integrity of America's telecommunications systems.” <>

The state-owned China Telecom says it's the county's second-biggest mobile operator with about 336 million subscribers about 153 million wireline broadband subscribers, and about 111 million access lines. China Telecom Americas, the subsidiary that operates in the US, received authorization from the FCC in 2002, according to this timeline. China Telecom Americas has had a compounded and impressive annual revenue growth rate of 68% since 2005, the timeline added. <>

Hijacking huge swaths of the Internet. […]

Should we teach children about quantum computing? (

Richard Stein <>
Sat, 11 Apr 2020 10:07:31 +0800

Nothing wrong with stimulating curiosity in young people. Imagine a 13-year-old from Poughkeepsie, NY who could author a quantum programming language solution that calculates the Fermi surface of iron! “That's my little girl!”

If quantum computation becomes commercially viable—feed a credit card to a cloud supplier for access to a 1Mqubit virtual quantum computer with a guaranteed multi-minute decoherence-mitigated computation wall clock window — then ethics should enter the curriculum.

Re: Boeing 787s must power cycle every 51 days (RISKS-31.65)

Amos Shapir <>
Sat, 11 Apr 2020 13:57:27 +0300

I wonder what new problems may be discovered when many planes which may have been mothballed for more than 51 days (and even twice that) would be put back into action?

Re: Masking the CoVID-19 problem (Slade, RISKS-31.65)

Gregory Carvalho <>
Fri, 10 Apr 2020 20:59:21 -0700

A nice read. With reports of the respiratory problems associated with COVID-19, it seems counterintuitive to instruct people to contain exhaled carbon dioxide in the confined space of homemade double layer fabric masks. Whether a person is healthy or exposed, it seems that potential for weakening the state of the individual would exist in such an environment.

Re: Masking the CoVID-19 problem (Slade, RISKS-31.65)

Amos Shapir <>
Sat, 11 Apr 2020 12:55:21 +0300

Starting tomorrow, emergency decrees issued by Israel's Ministry of Health require the wearing of respiratory face masks in all public places.

Now, who may I believe—the official decrees, which are likely backed by advice of medical experts; or a Risks post, which mostly makes sense, but whose author's only stated qualifications are “grandpa of Ryan, Trevor, Devon & Hannah”?

Re: Masking the CoVID-19 problem (Slade, RISKS-31.65)

Julian Bradfield <>
Sat, 11 Apr 2020 10:47:38 +0100

RISKS-31.65 contains another hectoring rant by Rob Slade on masks. Slade is not qualified in any appropriate area (neither am I), and appears not to have done even the basic step of searching PubMed, as he doesn't refer to any of (limited but not non-existent) available research on masks outside healthcare settings, including on the efficacy of homemade masks.

Perhaps more importantly, he fails to consider the important fact (in so far as there any “facts” in such a fast-moving situation), which has been agreed for a couple of weeks at least, that SARS-Cov-2 appears to have significant asymptomatic and presymptomatic infectious capability.

The current WHO (et al.) recommendations seem to be primarily aimed at getting the limited supply of masks to those who need them most—I don't think anybody disagrees with Slade that healthworkers get first dibs on the supply. And, as always with WHO, its recommendations move slowly.

Those who would prefer to read an up-to-date analysis (including a survey of prior research) from people who are qualified in relevant areas should read:

Please report problems with the web pages to the maintainer