The RISKS Digest
Volume 32 Issue 45

Monday, 18th January 2021

Forum on Risks to the Public in Computers and Related Systems

ACM Committee on Computers and Public Policy, Peter G. Neumann, moderator

Please try the URL privacy information feature enabled by clicking the flashlight icon above. This will reveal two icons after each link the body of the digest. The shield takes you to a breakdown of Terms of Service for the site - however only a small number of sites are covered at the moment. The flashlight take you to an analysis of the various trackers etc. that the linked site delivers. Please let the website maintainer know if you find this useful or not. As a RISKS reader, you will probably not be surprised by what is revealed…

Contents

Bursts of acceleration in Tesla vehicles caused by drivers mistaking accelerators for brakes, feds conclude
Ian Duncan
Riot in the Capitol is a nightmare scenario for cybersecurity professionals
Tonya Riley
Post-Riot, the Capitol Hill IT Staff Faces a Security Mess
WiReD
The Parler API was open without authentication. One or more third parties have done full downloads
Ars Technica
ESS voting machine company sends threats
Andrew Appel
IPhone12 will stop your implantable defibrillator
Medicalxpress.com
IRS rushes to fix error that sent millions of stimulus payments to wrong bank accounts
Michelle Singletary
Lack of Tiny Parts Disrupts Auto Factories Worldwide
NYTimes
Lost Passwords Lock Millionaires Out of Their Bitcoin Fortunes
NYTimes
Bug wipes UK arrest records
Tom Van Vleck
Risks of DNS encryption: NSA warns enterprises to beware of third-party DNS resolvers
Ars Technica
Company name could lead to security xss attack
IBTimes
How Amazon Sidewalk Works—and Why You May Want to Turn It Off
WiReD
What to expect for the 2021 workplace
WashPost
In-Garage Delivery: Amazon Key
Amazon.com
AI algorithm over 70% accurate at guessing a person's political orientation
techxplore.com
Detection of Hardware Trojans Using Controlled Short-Term Aging
NYU Tandon School of Engineering
Unique study incorporates fluid dynamics and more to evaluate, enhance future implants
PHYS.ORG
Risk Management and Two-Dose Vaccines
Rob Slade
Different kinds of security
Rob Slade
Hacker Locks Internet-Connected Chastity Cage
Larry Werring
Re: Scope of Russian Hacking Far Exceeds Initial Fears
Larry Werring
Re: Voting Systems: The Cherry and the Cream
3daygoaty
Re: One Minute Left”: Hockey, CoVID-19 …vs hacking
Stephen Fierbaugh Chris Drew Stephen Fierbaugh
Info on RISKS (comp.risks)

Bursts of acceleration in Tesla vehicles caused by drivers mistaking accelerators for brakes, feds conclude (Ian Duncan)

Gabe Goldberg <gabe@gabegold.com>
Sat, 9 Jan 2021 18:00:44 -0500

Ian Duncan, The Washington Post, 8 Jan 2021

Dozens of incidents involving Teslas unexpectedly accelerating and crashing were the fault of drivers, not a defect with the electric vehicles, the federal car safety agency concluded Friday.

https://www.washingtonpost.com/transportation/2021/01/08/tesla-brakes/

[Doesn't speak well of Tesla owners' driving skills…]


Riot in the Capitol is a nightmare scenario for cybersecurity professionals (Tonya Riley)

Peter Neumann <neumann@csl.sri.com>
Tue, 12 Jan 2021 11:19:09 PST

Tonya Riley, The Washington Post, 7 Jan 2021 Riot in the Capitol is a nightmare scenario for cybersecurity professionals

Lawmakers and congressional staff were ushered into secure locations as a mob backing President Trump violently stormed the U.S. Capitol in hopes of overturning the election he lost.

The assault—which only temporarily delayed the certification of president-elect Joe Biden's win—left many unanswered questions about security at the Capitol, including its cybersecurity. The quick evacuation left computers and other device unattended as the mob ransacked offices.


Post-Riot, the Capitol Hill IT Staff Faces a Security Mess (WiReD)

Gabe Goldberg <gabe@gabegold.com>
Sun, 10 Jan 2021 00:23:17 -0500

Wednesday's insurrection could have exposed congressional data and devices in ways that have yet to be appreciated. […]

Given the scope of the intrusion, Coleman and others say that it's important to assume that any device could have been compromised and remediate the breach with that scale and scope in mind. But he and others emphasize that rather than replacing every device and cable in the entire congressional orbit, constant vigilance and an “assume breach” mentality will be the best defense going forward. The Economic Development Administration took an ill-advised maximalist approach after a 2011 compromise, launching a massive campaign <https://arstechnica.com/information-technology/2013/07/us-agency-baffled-by-modern-technology-destroys-mice-to-get-rid-of-viruses/> to physically destroy all of its digital equipment, including desktop computers, printers, cameras, mice, and keyboards—most of which were uninfected. The effort concluded only when the agency ran out of money for the project.

Congress needn't take an action so dramatic as that. But it also must acknowledge how exposed Wednesday's incident has left it.

https://www.wired.com/story/capitol-riot-security-congress-trump-mob-clean-up/

Every cable? And if they ran out of money to destroy things, what was left to buy things?


The Parler API was open without authentication. One or more third parties have done full downloads (Ars Technica)

“Bob Gezelter” <gezelter@rlgsc.com>
Tue, 12 Jan 2021 09:35:30 -0700

It is important to design APIs so that they are reasonably secure. It is reported that the Parler API was open (e.g. did not require authentication). Further more, the geo-tagging inherent in JPEG was provided on public images. Reportedly, the entire contents of Parler's database have been accessed by at least one third party.

I guess that the individuals who implemented Parler were not well-read on web security issues, and were not familiar with the OWASP guidance on the subject.

The full articles can be found at:

https://arstechnica.com/information-technology/2021/01/parlers-amateur-coding-could-come-back-to-haunt-capitol-hill-rioters/


ESS voting machine company sends threats (Andrew Appel)

Peter Neumann <neumann@csl.sri.com>
Tue, 12 Jan 2021 18:08:42 PST

Andrew Appel <appel@princeton.edu> has another RISKS-relevant article on freedom-to-tinker:

https://freedom-to-tinker.com/2021/01/11/ess-voting-machine-company-sends-threats/

ESS voting machine company sends threats, 11 Jan 2021

For over 15 years, election security experts and election integrity advocates have been communicating to their state and local election officials the dangers of touch-screen voting machines. The danger is simple: if fraudulent software is installed in the voting machine, it can steal votes in a way that a recount wouldn't be able to detect or correct. That was true of the paperless touchscreens of the 2000s, and it's still true of the ballot-marking devices (BMDs) and all-in-one machines such as the ES&S ExpressVote XL voting machine ( [ https://www.cs.princeton.edu/~appel/papers/bmd-insecure.pdf | see section 8 of this paper ] *). This analysis is based on the characteristics of the technology itself, and doesn't require any conspiracy theories about who owns the voting-machine company.

In contrast, if an optical-scan voting machine was suspected to be hacked, the recount can assure an election outcome reflects the will of the voters, because the recount examines the very sheets of paper that the voters marked with a pen. In late 2020, many states were glad they used optical-scan voting machines with paper ballots: the recounts could demonstrate conclusively that the election results were legitimate, regardless of what software might have been installed in the voting machines or who owned the voting-machine companies. In fact, the vast majority of the states use optical-scan voting machines with hand-marked paper ballots, and in 2020 we saw clearly why that's a good thing.

In November and December 2020, certain conspiracy theorists made unsupportable claims about the ownership of Dominion Voting Systems, which manufactured the voting machines used in Georgia. [ https://www.cnn.com/2021/01/08/politics/dominion-voting-defamation-lawsuit/index.html

Dominion has sued for defamation

Dominion is the manufacturer of voting machines used in many states. Its rival, Election Systems and Software (ES&S), has an even bigger share of the market.

Apparently, ES&S must think that amongst all that confusion, the time is right to send threatening Cease & Desist letters to the legitimate critics of their ExpressVote XL voting machine. Their lawyers sent [ https://freedom-to-tinker.com/2021-01-04-cease-and-desist-letter-to-smart-elections-0029787725-1/ | this letter ] to the leaders of [ https://smartelections.us/ | SMART Elections ] , a journalism+advocacy organization in New York State who have been communicating to the New York State Board of Elections, explaining to the Board why it's a bad idea to use the ExpressVote XL in New York (or in any state).

ES&S's lawyers claim that certain facts (which they call accusations) are false, defamatory, and disparaging, namely: that the “ExpressVote XL can add, delete, or change the votes on individual ballots”, that the ExpressVote XL will “deteriorate our security and our ability to have confidence in our elections,” and that it is a “bad voting machine.”

Well, let me explain it for you. The ExpressVote XL, if hacked, can add, delete, or change votes on individual ballots—and no voting machine is immune from hacking. That's why optical-scan voting machines are the way to go, because they can't change what's printed on the ballot. And let me explain some more: The ExpressVote XL, if adopted, will deteriorate our security and our ability to have confidence in our elections, and indeed it is a bad voting machine. And expensive, too!

It's been clearly explained in the peer-reviewed literature how touch-screen voting machines—even the ones like the XL that print out paper ballots — can (if hacked) alter votes; and how most voters won't notice; and how even if some voters do notice, there's no way to correct the election result. And it's been explained why machines like the ExpressVote XL are particularly insecure—as I said, [ https://www.cs.princeton.edu/~appel/papers/bmd-insecure.pdf | see section 8 of this paper ] *.

And it's pretty clear that the folks at SMART Elections are aware of these scientific studies, and are basing their journalism and advocacy on good science.

I'll summarize here what's explained in the paper: how the ExpressVote XL, if hacked, can change votes. If the machine is hacked, the software can do whatever the hacker has programmed, but the hacker can't change the hardware. The hardware includes a thermal printer that can make black marks (i.e., print text or barcodes or whatever) on the paper, but the hardware can't erase marks. Therefore you might think the ExpressVote XL, even if hacked, couldn't alter votes. But consider this: suppose there are 15 contests on the ballot; suppose the voter makes choices for all 13 contests and chooses not to vote for State Senator. Then what the legitimate software does is, in the line for State Senator, print NO SELECTION MADE. But the hacked software could simply leave that line blank—then, when the voter has reviewed the ballot (or not bothered to), the ballot card is pulled past the printhead into the ballot box, and the printhead (under control of hacked software) can print in a vote for Candidate Smith. Few voters will be worried that the line is blank rather than filled in with NO SELECTION MADE.

You might think, “OK, the ExpressVote XL can fill in undervotes, that's bad, but it can't change votes.” But it can! Here is the mechanism: Suppose the voter makes choices in all 15 contests, and chooses Jones for State Senator. The hacked software can print a ballot card with only 14 contests, and leave blank spaces for State Senator. Then, after the voter reviews the ballot card behind glass, the card moves past the printhead into the ballot box. At this time the hacked software can print the hacker's choice (Smith) for State Senator. If most humans were really good at checking their printout line-by-line with what they marked on the touchscreen, this wouldn't succeed because the voter would notice the missing line, but voters are only human.

More details and explanation are in https://www.cs.princeton.edu/~appel/papers/bmd-insecure.pdf


IPhone12 will stop your implantable defibrillator (Medicalxpress.com)

Richard Stein <rmstein@ieee.org>
Sun, 10 Jan 2021 10:04:05 +0800

https://medicalxpress.com/news/2021-01-iphone12-implantable-defibrillator.html

“In a recent paper in the journal Heart Rhythm, doctors describe how they turned off the potentially life-saving cardiac defibrillator function of an implanted Medtronic device simply by holding an iPhone 12 near it. The authors had nothing personal against Medtronic, or for that matter, against the new iPhone. The main reason they singled the phone out here was because it is compatible with some of the most advanced new technologies available for various magnetic-based communications and charging.”


IRS rushes to fix error that sent millions of stimulus payments to wrong bank accounts (Michelle Singletary)

Gabe Goldberg <gabe@gabegold.com>
Sat, 9 Jan 2021 18:02:51 -0500

Michelle Singletary, The Washington Post, 8 Jan 2021

https://www.washingtonpost.com/business/2021/01/08/irs-tax-preparer-stimulus-error/


Lack of Tiny Parts Disrupts Auto Factories Worldwide (NYTimes)

Gabe Goldberg <gabe@gabegold.com>
Thu, 14 Jan 2021 12:27:52 -0500

Carmakers can't buy the semiconductors they need because home electronics are taking all the supply.

https://www.nytimes.com/2021/01/13/business/auto-factories-semiconductor-chips.html


Lost Passwords Lock Millionaires Out of Their Bitcoin Fortunes (NYTimes)

Gabe Goldberg <gabe@gabegold.com>
Wed, 13 Jan 2021 00:12:55 -0500

https://www.nytimes.com/2021/01/12/technology/bitcoin-passwords-wallets-fortunes.html

The risk? History repeating itself.


Bug wipes UK arrest records

Tom Van Vleck <thvv@multicians.org>
Sun, 17 Jan 2021 03:20:47 -0800

Software bug wipes out over 150,000 UK arrest records including fingerprints and DNA data.


Risks of DNS encryption: NSA warns enterprises to beware of third-party DNS resolvers (Ars Technica)

Lauren Weinstein <lauren@vortex.com>
Sat, 16 Jan 2021 08:59:40 -0800

https://arstechnica.com/information-technology/2021/01/the-nsa-warns-enterprises-to-beware-of-third-party-dns-resolvers/


Company name could lead to security xss attack

Tom Van Vleck <thvv@multicians.org>
Sun, 17 Jan 2021 03:16:20 -0800

Someone named his company

" " > [or perhaps even ‘" “ >’]

https://www.ibtimes.sg/british-company-forced-change-name-it-could-be-used-cross-site-scripting-hack-53148


How Amazon Sidewalk Works—and Why You May Want to Turn It Off (WiReD)

Gabe Goldberg <gabe@gabegold.com>
Wed, 13 Jan 2021 23:44:43 -0500

The white paper points out the steps that Amazon has taken to make this as private and secure as possible, including a variety of cryptographic algorithms and those three levels of encryption: It shouldn't be possible for other people to spy on your network or suddenly gain access to your smart thermostat. Everything should happen seamlessly behind the scenes, in theory.

All that said, it really comes down to how much you trust Amazon—the company that seems keen to collect as much data as possible about you, shares Ring camera information with law enforcement agencies, and which hasn't always protected sensitive user data quite as robustly as it might have done. The company has also said it might share Sidewalk data with third-party developers further down the line, and you know where that kind of data sharing tends to lead.

If you end up deciding that Amazon Sidewalk isn't for you, you need to take action: It's on by default, once the software update has hit your devices (it's also on by default for users setting up an Amazon-powered smart home for the first time.) If you want to turn it off, you need to open up the Alexa app on your phone, and go to More, Settings, Account Settings, and Amazon Sidewalk.

https://www.wired.com/story/how-amazon-sidewalk-works/


What to expect for the 2021 workplace (WashPost)

Gabe Goldberg <gabe@gabegold.com>
Sun, 10 Jan 2021 02:13:55 -0500

Video chats will get smarter—and, potentially, creepier—thanks to artificial intelligence.

If 2020 was the year video conferencing truly went mainstream, 2021 could be the year it gets smarter. Some of the largest platforms will begin using artificial intelligence to recognize and track certain gestures participants make, automate to-do items and help manage the challenges of workers split between work and home.

Zoom Video Communications, for instance, announced a smart gallery feature it plans to roll out in June 2021 that will use cameras to make multiple people in the same on-site conference room appear as separate, equal-sized windows on their live-stream video. Those working from home will see the individual faces of each colleague rather than just a view of the whole conference room, an effort to visually shrink the differences between remote and in-person workers.

“We want to maintain the democratization of Zoom, and have everyone on the same level when people come back to the office,” said Oded Gal, Zoom's chief product officer.

Cisco Systems, meanwhile, will launch gesture recognition early next year using artificial intelligence to recognize specific movements—clapping, raised hands, a thumbs up, or thumbs down. For large virtual meetings with hundreds of attendees, it could help gauge reactions to an idea without requiring attendees to answer a survey or click on-screen emoji.

Asked if recognizing facial expressions like smiles, frowns or eye rolls in a video call might be next, Cisco Senior Vice President Jeetu Patel said addressing privacy concerns has to come first. Even collecting anonymous data might make people uneasy, he said. “This is much more of a privacy and comfort issue than it is a technology issue. It's just a matter of what is going to be acceptable.”

Microsoft Teams, meanwhile, added a new feature late this year that uses AI to recognize what tasks participants agreed to complete during a meeting and send them reminders afterward, as well as create searchable meeting transcripts.

“It will follow up with me with action items that I agreed to,” Jared Spataro, corporate vice president for Microsoft 365, said in an interview. “A lot of things that people are thinking ‘Yeah, someday that will be reality’ are actually already in the product.” Microsoft has also filed a patent for a system that could use sensors, cameras and software to examine body language, expressions and participant contributions to come up with an overall quality score for how the meeting went. But Spataro said, “Neither research nor patents is a good predictor of product pipeline. We're always looking at all those types of things.”

https://www.washingtonpost.com/road-to-recovery/2021/01/03/rtr-officetrends/

Potentially?


In-Garage Delivery: Amazon Key (Amazon.com)

Gabe Goldberg <gabe@gabegold.com>
Thu, 14 Jan 2021 23:54:05 -0500

What is Key by Amazon In-Garage Delivery?

Key by Amazon In-Garage Delivery is a secure, convenient way to receive Amazon packages inside your garage. It helps prevent package theft and provides protection from potentially damaging weather like heat and rain. Key by Amazon is also contactless, because there's no interaction between you and the delivery associate, or contact between the associate and the garage door.

Key In-Garage Delivery requires a compatible Smart Garage Hub or Wifi Garage Door Opener to enable authorized delivery associates to leave Amazon packages inside your garage.

https://www.amazon.com/b?node=21222091011&ref=kfg_surl_key


AI algorithm over 70% accurate at guessing a person's political orientation (techxplore.com)

Richard Stein <rmstein@ieee.org>
Fri, 15 Jan 2021 10:53:57 +0800

https://techxplore.com/news/2021-01-ai-algorithm-accurate-person-political.html

“A team of researchers at Stanford University has developed an AI algorithm that proved to be slightly over 70% accurate at guessing a person's political affiliation after studying a single photograph. In their paper published in the journal Scientific Reports, the group describes building and testing their algorithm and how well it worked.”

See “Facial recognition technology can expose political orientation from naturalistic facial images,” for a detailed discussion of image classification and algorithm operation. https://www.nature.com/articles/s41598-020-79310-1

“The researchers were not able to pin down exactly what sorts of facial characteristics their system correlated with political affiliation, but they did find some trends—head orientation and emotional expression, for example, appeared to provide some clues.”

Political profiling based on facial recognition can guide campaign advertising, appeals for donations, personnel recruiting, etc. Given a polarized electorate, the algorithm might assist identification of persuadable voters to tip a close election.

Correlate this algorithm's predictive capabilities with an interpretation of the brain's amygdala, as explored by political neuroscientists [1] using fMRI to estimate political inclinations, to yield artificially intelligent phrenology.

[1] “A Neurology of the Conservative-Liberal Dimension of Political Ideology, Part 4: Neuroimaging Studies” from https://neuro.psychiatryonline.org/doi/full/10.1176/appi.neuropsych.16030051


Detection of Hardware Trojans Using Controlled Short-Term Aging (NYU Tandon School of Engineering)

Gabe Goldberg <gabe@gabegold.com>
Thu, 14 Jan 2021 13:57:46 -0500

The project builds upon on-going research, funded by a $1.3 million grant from the Office of Naval Research, to create algorithms for detecting Trojans—deliberate flaws inserted into chips during fabrication—based on the short term aging phenomena in transistors.

It will focus on this physical phenomenon of short-term aging as a route to detecting hardware Trojans. The efficacy of short-term aging-based hardware Trojan detection has been demonstrated through simulations on integrated circuits (ICs) with several types of hardware Trojans through stochastic perturbations injected into the simulation studies. This DURIP project seeks to demonstrate hardware Trojan detection in actual physical ICs.

https://engineering.nyu.edu/news/detection-hardware-trojans-using-controlled-short-term-aging


Unique study incorporates fluid dynamics and more to evaluate, enhance future implants (PHYS.ORG)

Richard Stein <rmstein@ieee.org>
Thu, 14 Jan 2021 11:15:50 +0800

https://phys.org/news/2021-01-unique-incorporates-fluid-dynamics-future.html

“Rice University engineers hope to make life better for those with replacement joints by modeling how artificial hips are likely to rub them the wrong way.”

Knee, hip, and shoulder replacements are performed routinely, especially for an aging population. Arthroplasty is the medical procedure orthopedic surgeons apply for joint replacement.

“Rates of Total Joint Replacement in the United States: Future Projections to 2020—2040 Using the National Inpatient Sample” https://www.jrheum.org/content/early/2019/04/09/jrheum.170990 estimates 498K total hip arthroplasty and 1.06M total knee arthroplasty procedures in 2020 within the US. The essay projects a 2-3X multiplier for each by 2040.

The FDA's product classification website (type in ‘knee’ or ‘hip’ to see an extended list) (https://www.accessdata.fda.gov/scripts/cdrh/cfdocs/cfPCD/PCDSimpleSearch.cfm,

A culled list (filtered for implants—partial and total—and inspected to possess non-null TPLC medical device report records) reveals 24 separate product codes for hip replacements and 20 for knee replacements. Each product code represents manufactured devices consisting of various plastics, metals, or a combination of these materials.

Given the product code count above, and the Patient Problem counts given below, an estimate of diminished quality of life from hip arthroplasty can be calculated assuming there's at least 1 manufactured product per product code.

1085 * 24 = 47740 patient problems/5 years = 9548 patient problems per year or 9,548/498,000 = ~2% of all arthroplasty procedures in 2020 are estimated to experience post-operative negative quality of life impact: infection, pain, dislocations, etc. A similar method can be applied to estimate knee replacement quality of life impacts.

Given the implantation growth rate projection, this number is likely to double or triple by 2040 without significant improvements in prosthetic device and patient arthroplasty treatment life cycles.

For product code JDH (Device: prosthesis, hip, hemi-, trunnion-bearing, femoral, metal/polyacetal, Regulation Description: Hip joint femoral (hemi-hip) trunnion-bearing metal/polyacetal cemented prosthesis), the FDA's Total Product Life Cycle tool (https://www.accessdata.fda.gov/scripts/cdrh/cfdocs/cfTPLC/tplc.cfm?id=4638) aggregates the following Top-10 Device Problems and Patient Problems (linked to medical device reports) between 01JAN2016 and 31DEC2020 (in CSV format):

Device Problems,MDRs with this Device Problem,Events in those MDRs Insufficient Information,387,387 Adverse Event Without Identified Device or Use Problem,177,177 Device Dislodged or Dislocated,121,121 Break,71,71 Fracture,65,65 Loose or Intermittent Connection,36,36 Appropriate Term/Code Not Available,31,31 Unintended Movement,22,22 Unstable,14,14 Loosening of Implant Not Related to Bone-Ingrowth,12,12 Migration or Expulsion of Device,10,10

The Top-10 Patient Problems attributed to this product code in CSV format are:

Patient Problems,MDRs with this Patient Problem,Events in those MDRs Injury,532,532 Unspecified Infection,125,125 Pain,88,88 Joint Dislocation,78,78 No Code Available,60,60 No Information,50,50 Bone Fracture(s),50,50 No Known Impact Or Consequence To Patient,40,40 No Consequences Or Impact To Patient,32,32 Failure of Implant,30,30


Risk Management and Two-Dose Vaccines

Rob Slade <rmslade@shaw.ca>
Tue, 12 Jan 2021 12:15:56 -0800

Now that vaccines have started to roll out, we have a new risk management lesson from them. Most of the vaccines that have been approved so far are two-dose vaccines. With the rush to get vaccines into people in the most expeditious manner, there is now a new controversy. Do you give as many people as possible one dose of the vaccine, or do you hold back doses so that there will be a guaranteed supply for those who need a second shot?

First, let's look at the mechanics of what is going on with the two-dose vaccines. (There are some one dose vaccines coming, but they seem to be at least a month away from approval, so we've got some time to discuss this.) The first shot, in a two-dose series, is often referred to as a primer shot. It is delivering some material to the body to alert the immune system to something it should be paying attention to. Most often this is some kind of protein that is foreign to the human body. The Pfizer and Moderna vaccines are kind of interesting in that they contain messenger RNA (mRNA) that makes our bodies produce the protein spikes that are on the coronavirus. Having produced these proteins (without ever having encountered the actual virus), our bodies then produce antibodies that identify and attack these proteins. The idea is that, by the time we actually encounter some coronavirus, our bodies are primed and ready to attack the actual virus. (Given the trials that have gone on, and the data collected, the idea seems to be correct.)

With many two-dose vaccines, the second dose, sometimes known as a booster shot, as opposed to the initial primer shot, is often just more of the same. (Both the Pfizer and Moderna vaccines are of this type.) In past studies of vaccines, it seems to be that, in the case of many vaccines, a second shot of the same material does two things. The first is that it increases the protective effectiveness of the vaccine, by boosting the immune response that we produce. The second is that it increases the duration over time that the body is able to produce this response, thus conferring protection over a longer period. For example, after a single shot the body may produce an effective immune response for a period of four months. After a second shot, that might be increased to two years. (At this point we don't have good data about duration in regard to the Pfizer and Moderna vaccines, since they haven't existed for more than a few months, but we assume they will follow a similar pattern.)

The increase in duration is, of course, a benefit. But, in the midst of a pandemic, and particularly in the midst of huge second and third wave surges, it is the increase in effectiveness that sets up the possible controversy. Do you leave some people only partly protected, so that you can partly protect others?

Since this is risk management, we again have to note probabilities and uncertainties and the fact that none of this is quantum. Protection isn't absolute, and it doesn't turn on and off. In particular, protection doesn't turn on instantly, and takes time to develop. And it also takes time to go away again.

In a two-dose vaccine regime, you receive an initial primer shot. That does not mean you can now safely go to bars and insurrection mobs without being at risk of getting CoVID-19. It will take some time for your body to develop any kind of immune response. After three weeks or so, you may have about 80% protection. Note that this isn't 100% protection. You can still get infected if you encounter someone who is infectious. But you are less likely to become infected.

(Actually, even though it might sound low, 80% is pretty good for a vaccine. The flu vaccines that we get every year are only about 50% effective. That, and the effects of herd immunity when almost everyone gets the vaccine, means far fewer cases of the flu, and fewer deaths, and less time lost to sickness, and less impact on the economy, and so even a 50% effective vaccine is a very good thing.)

At this point, two things may be happening. Your body may (and probably is) still increasing it's protection, even without any further intervention. Some of the Pfizer and Moderna data indicates that, over a longer period of time, even a single dose of the vaccine can confer protection over 90%. But you can, at this point, get the second, booster, dose of the vaccine. Following the booster dose, after some time (possibly a week, possibly six weeks), your protection level can rise to around 95%.

A couple more points to note. I said “at this point.” Vaccine studies in the past have clearly shown that, if you give the booster shot too early, it is basically a waste of vaccine. There is a minimum time, after the primer shot, before a booster shot gives any booster effect. This minimum time seems to be three weeks, in the case of Pfizer, and four weeks, in the case of Moderna.

Another factor to consider is that, while there is a definite minimum time period between shots in terms of maximum effect, the maximum time between shots is much more open ended. If the minimum time is three weeks, then there is no diminution of effect if you wait until four weeks to give the booster. In fact, many studies seem to indicate that, to a certain extent, the longer you wait for the second, booster, shot, the stronger the protection and the longer the duration of protection. (Again, the coronavirus vaccines simply haven't been in existence long enough for us to have really good data on the timing, but studies or existing vaccines show that this is very likely.)

Yet another consideration goes back to those numbers. You will recall that I said 80% was pretty good protection. It is. 90% is better, and 95% is better still. But even 95% isn't that much better than 80%, and 80% is a whole lot better than nothing.

So, back to the controversy. When we start giving vaccines, we can stick with the minimum time regime, and give everyone a second dose as soon as they hit the three week mark. That way we get more people up to 95% protection sooner.

Or, we can delay the second dose out to five weeks. The downside is that those people spend an extra two weeks at 80% protection before they get the booster dose. But, during those two weeks, we can start bringing even more people to 80% protection (rather than leaving them with nothing). Which means we start building herd immunity faster. And the early lot are not, after all, being left with no protection. They are probably at 80%, and may be building, themselves, towards 90%. And they are still well within the time period during which they are going to get the booster effect. They may even get a better booster effect for the delay.

The calculus involved here is complex. It involves the infectiousness of the virus, the effectiveness of the vaccine, the total numbers of cases, and a number of other considerations. However, in our situation, the answer seems to fall on the delay side of the equation.


Different kinds of security

Rob Slade <rmslade@shaw.ca>
Fri, 15 Jan 2021 11:35:30 -0800

For years, no, actually decades, I have read, with pleasure and reliance, a certain columnist's columns on politics in BC. He has been knowledgeable, analytical, and educational. Due to his taking on a field outside his expertise in 2020, that of the pandemic, I am rapidly losing any and all of the respect that I ever had for his journalistic abilities.

https://vancouversun.com/opinion/columnists/vaughn-palmer-dix-ducks-and- covers-before-fessing-up-on-care-home-covid-outbreaks

His latest column chides Health Minister Adrian Dix for being careful in his answer about a question involving the rise of infections in long term care homes. Yes, Dix might have answered earlier and more directly that staff is responsible for most outbreaks in long term care. But that is a loaded question right now. Staff are responsible for outbreaks because they are the ones moving between the community and the homes. What do you want to do about that? Ban the staff? Leave the homes unattended, and let the residents shift as best they can from their beds?

But the columnist isn't content to raise that nonsensical issue. He then goes on to blame the “second wave” surge on the election. Anyone who takes the time to look at the case numbers can see that the election made almost no contribution to the surge, which clearly dates from Thanksgiving dinners and parties.

The columnist then takes up the cudgel on behalf of the idea of “routine” testing for staff. As he has been told many times when he raises the (same) question on “The Dr. Bonnie Show (co-starring Adrian Dix and Nigel Howard),” there is routine testing of medical staff. It's just that the routine varies depending upon the level of medical and public health risk, and not at the call of some political columnist.

Testing of every staff member twice a week would still leave at least a four day window every week during which people could become infected and infectious. In fact the window would be longer, since test results take about 24 to 48 hours to be processed. And who is it that would do these tests (by the way, how many LTC staff are there in the entire province of BC?), and what work would not be done while they are doing them? Risk management is obviously not the columnist's field.

It may just be CoVID fatigue and increased irritability on my part, but I am growing distressed with the poor quality of the Sun's coverage of the pandemic, and it's seeming pursuit of the scandalous over the informative. And so I fired off this rant to some of my friends in security.

And got a response back:

> Did you send this to the wrong mailing list?

So, I definitely did not make the point I wanted to make properly. I suppose a bit more detail (and a bit less rant) is in order.

Lemme start with a seminar I did some time back. Unusually, it was actually in Vancouver. I had two candidates, sitting next to each other, as it happened, who both worked for government, but came from radically divergent security situations, as became obvious when we discussed the good old CIA triad of Confidentiality, Integrity, and Availability.

One worked for E-Comm. These are the people who, among other things, answer the phones when you call 911. The E-Comm people don't exactly broadcast their calls, but confidentiality is not their first concern. That's availability. When somebody in trouble calls 911, somebody has to answer the phone. (I had a tour through E-Comm one time, and their business continuity and resilience planning is really impressive.)

Sitting beside him was a candidate from one of the business development banks of the federal government. These agencies provide loans to businesses that want to expand their business. Since the idea is expansion, most of the loans aren't exactly secured by traditional equity. In order to ensure that the money (mostly) goes to actually building business, the companies have to provide masses of information about themselves, their markets, and their plans. This data is highly confidential: if it ever got into the hands of their competitors, the companies could be in real trouble. So everything is kept strictly confidential, and almost all their security is directed that way. But availability? As he said himself, “Hey, we're the federal government. If we disappeared for a month, who would even notice?”

I guess what the columnist doesn't see (and what I didn't really allow for), is that he has worked for decades in politics. Politics is definitely a long game. It doesn't really happen all that fast. It's important to have a really good memory, going back decades. You need to analyse. And you've got all the time in the world to analyse, because nothing is going to happen very quickly. You need to look, in minute detail, at what the government, and political figures, are doing, while they are doing it, to point out minor flaws so that, by the time an act is passed, it's perfect. (It never actually is perfect, but that's what you are aiming for.)

But a pandemic isn't politics, even though a lot of political work is involved. A pandemic is emergency management. You have to do something, because, if you don't, people will die. And, often, anything you do is better than doing nothing, because if you do nothing, people will die. So, delaying things while you look for a perfect solution is wrong, because, in emergency management, “the best” is very definitely the enemy of the good. Pandemics are fluid, and you make the best choice you can, at the time, with limited information, and change plans when the information changes, and hope, rather desperately, that the first plans you made don't run completely counter to later information. But you make a choice, and do it, because, if you don't, people will die.

In emergency management, you do try to get divergent opinions, to try and make sure that you don't make a drastic mistake. But the very last thing you need, in the middle of a pandemic or other disaster, is someone publicly second-guessing what you are doing. That can wait for the “after action” debriefings. During the crisis, having some political columnist (with no training in emergency management, or even risk management) saying that you are making a mistake is just messing with the messaging you are trying to get out to the public. And, if that happens, people might die.

There are different types of security. They are useful in different types of situations. There is no “one size fits all.” We need to apply the right security to the right situation. And we definitely don't want to apply the wrong security to the wrong situation.


Hacker Locks Internet-Connected Chastity Cage

Larry Werring <lwerring@nrtco.net>
Mon, 11 Jan 2021 14:12:54 -0500

The risks seem obvious…<br>

https://www.vice.com/en/article/m7apnn/your-cock-is-mine-now-hacker-locks-internet-connected-chastity-cage-demands-ransom


Re: Scope of Russian Hacking Far Exceeds Initial Fears (RISKS-32.44)

Larry Werring <lwerring@nrtco.net>
Sun, 10 Jan 2021 21:39:04 -0500

I am getting very tired of reading stories like this. I worked IT security for many years in Government (now retired) expending much effort to stop this kind of activity. One of the reasons I retired early was the lack of will to really do anything about this type of activity. If the Russians or the Chinese or anyone else, for that matter, flew over and dropped troops into our major centers with orders to break into key Government and commercial buildings, sabotage critical infrastructure, and steal sensitive information and other valuables, we would immediately retaliate in an appropriate manner that would discourage future similar activities. Doing it electronically is the same as doing it the old fashioned way (analog). Why isn't anyone dealing with it as such? As far as I know, there has been no retaliation for the numerous intrusions that have occurred over the years. Why are we still letting them get away with it? Unless we treat this like an electronic war and appropriately defend ourselves with a good offence, they will keep doing it with impunity. If you are going to do nothing then you might as well throw open the doors and let them in (i.e. surrender). At the very least, take control of or destroy their access to the Internet so they can't access their targets.<br> <br> Maybe it's a good thing that I am retired. My frustration and bitterness at doing so much over the years with so little effect is beginning to show through. I can see from this and other similar posts that my peers are having very little success in dealing with the many crooks and enemies conducting these intrusions. Were I still working, I would be even more frustrated than I am reading about it. Continue to do nothing and they'll reap your reward.


Re: Voting Systems: The Cherry and the Cream (RISKS-32.44)

3daygoaty <threedaygoaty@gmail.com>
Sun, 10 Jan 2021 14:26:08 +1100
> At anytime after I'd voted, I could check my vote online by entering my
> registration number.

I ran one of these pilots in 2007, the one in Swindon.

It is illegal for the voting authority to issue any kind of binding proof of your vote that you could use to trade, sell or demonstrate your voting choices to a third party. The challenge is to show you something convincing that is not your vote, but which also can be independently verified.

One of the best that has been achieved to date and not torn to shreds (so to speak)—for which I was the project manager—is vVote (2014) due to Teague, Schneider, Culnane, Hook and Ryan, and this is a supervised polling place system based on Pret a Voter. I am not aware of a remote votingscheme in the world used or proposed for high stakes public elections that has withstood even a fairly brief spotlight by the voting security community.


Re: One Minute Left”: Hockey, CoVID-19 …vs hacking (Drewe, RISKS-32.43)

Stephen Fierbaugh <stephen@fierbaugh.org>
Sun, 10 Jan 2021 07:31:33 -0600

We “wait” until total monthly deaths from all causes decrease to <= 1 standard deviation from normal.

The benefit is this calculation is easy to make from readily available civil data collection processes which have been in place for a long time, doesn't require any special testing, and can't really be manipulated.

For my Smith County, Texas, USA, mortality is currently at 7.351 standard deviations.


Re: One Minute Left”: Hockey, CoVID-19 …vs hacking (Fierbaugh, RISKS-32.45)

“Chris D.” <e767pmk@yahoo.co.uk>
Wed, 13 Jan 2021 22:24:07 +0000

Thanks, but I'm not sure if it's that simple. Reportedly, what panics politicians is people dying from Covid-19 in hospital corridors or parking lots, so much routine health treatment has virtually stopped to leave room for these people. “Total monthly deaths from all causes” will include those who may have died from delayed investigation and/or treatment but it's difficult to say how many there were, and people who die quietly at home aren't so conspicuous. We are deluged with figures on daily/weekly/monthly deaths, but often measured in different ways or time periods, and then there's the annual panic over 'winter'. There are constant demands over making lockdown restrictions stricter, or if this would make things better or worse…

Hope that helped but it probably didn't. CD


Re: One Minute Left”: Hockey, CoVID-19 …vs hacking (Drewe, RISKS-32.45)

Stephen Fierbaugh <stephen@fierbaugh.org>
Wed, 13 Jan 2021 16:46:55 -0600

Clarification: I didn't mean that we stay locked down until then. Rather, the public health emergency will be over then. That the metric measures all deaths, not just explicitly COVID-19 is an intentional feature, not a bug.

Please report problems with the web pages to the maintainer

Top