The RISKS Digest
Volume 32 Issue 5

Saturday, 27th June 2020

Forum on Risks to the Public in Computers and Related Systems

ACM Committee on Computers and Public Policy, Peter G. Neumann, moderator

Contents

A New Normal: Siberian heat wave is a ‘warning cry’ from the Arctic, climate scientists say
Reuters
‘PizzaGate' Conspiracy Theory Thrives Anew in the TikTok Era
NYTimes
EBay's Critics Faced an Extreme Case of an Old Silicon Valley Habit
NYTimes
Physicists Just Quantum Teleported Information Between Particles of Matter
Science Alert
Apple Watch Quote/Thread of The Day
Casey Newton
California University Paid $1.14 Million After Ransomware Attack
Bloomberg
Russian Criminal Group Finds New Target: Americans Working at Home
NYTimes
Smells Fishy? The Fish That Prevent Iran From Hacking Israel's Water System
Yeshiva World Geoff Kuenning
Re: The Army will soon allow users to access classified info from home
Bob Wilson
Re: How Thousands of Misplaced Emails Took Over This Engineer's Inbox
Paul Wexelblat
Re: IP Protection for AI-generated and AI-assisted works
Henry Baker
Re: Wrongfully Accused by an Algorithm
Bella Michael Bacon
Scientists just beginning to understand the many health problems caused by COVID-19
Reuters
The number of new cases of COVID-19 is misleading
Mark Thorson
Re: 0.5% of coronavirus stimulus checks went to dead people
John Levine Gabe Goldberg John Levine Gabe Goldberg
Info on RISKS (comp.risks)

A New Normal: Siberian heat wave is a ‘warning cry’ from the Arctic, climate scientists say (Reuters)

geoff goodfellow <geoff@iconia.com>
Fri, 26 Jun 2020 14:45:05 -1000

Pine trees are bursting into flames. Boggy peatlands are tinderbox dry. And towns in northern Russia are sweltering under conditions more typical of the tropics.

Reports of record-breaking Arctic heat—registered at more than 100 Fahrenheit (38 Celsius) in the Siberian town of Verkhoyansk on June 20 — are still being verified by the World Meteorological Organization. But even without that confirmation, experts at the global weather agency are worried by satellite images showing that much of the Russian Arctic is in the red.

That extreme heat is fanning the unusual extent of wildfires across the remote, boreal forest and tundra that blankets northern Russia. Those blazes have in turn ignited normally waterlogged peatlands.

Scientists fear the blazes are early signs of drier conditions to come, with more frequent wildfires releasing stores of carbon from peatland and forests that will increase the amount of planet-warming greenhouse gases in the air.

Thomas Smith, an environmental geographer at the London School of Economics: “This is what this heat wave is doing: It makes much more fuel available to burn, not just vegetation, but the soil as well. It's one of many vicious circles that we see in the Arctic that exacerbate climate change.”

Satellite records for the region starting in 2003 suggest there has been a dramatic jump in emissions from Arctic fires during just the last two summers, with the combined emissions released in June 2019 and June 2020 greater than during all of the June months in 2003-2018 put together, Smith said.

Atmospheric records dating back more than a century show Arctic air temperatures also reaching new highs in recent years. That leads Smith to believe the scale of the fires could be unprecedented as well. “What we're seeing happening right now is the consequence of the past industrial emissions. What will happen in 40 years' time is already locked in. We can't do anything about that. That's why we should be concerned; it can only get worse.”

Although peatland covers only 3% of the Earth's land surface, those deposits contain twice as much carbon as all the world's forests together.

A NEW NORMAL… […]
https://www.reuters.com/article/us-climate-change-arctic/siberian-heat-wave-is-a-warning-cry-from-the-arctic-climate-scientists-say-idUSKBN23V2W7


‘PizzaGate' Conspiracy Theory Thrives Anew in the TikTok Era (NYTimes)

Monty Solomon <monty@roscom.com>
Sat, 27 Jun 2020 08:37:05 -0400

The false theory targeting Democrats, now fueled by QAnon and teenagers on TikTok, is entangling new targets like Justin Bieber.

https://www.nytimes.com/2020/06/27/technology/pizzagate-justin-bieber-qanon-tiktok.html


EBay's Critics Faced an Extreme Case of an Old Silicon Valley Habit (NYTimes)

Monty Solomon <monty@roscom.com>
Sat, 27 Jun 2020 09:04:19 -0400

Six former employees were recently named in federal charges that were an indication of the lengths some companies will go to hit back at detractors.

https://www.nytimes.com/2020/06/27/technology/ebay-silicon-valley-security-reputation.html


Physicists Just Quantum Teleported Information Between Particles of Matter (Science Alert)

geoff goodfellow <geoff@iconia.com>
Sat, 27 Jun 2020 08:31:06 -1000

By making use of the ‘spooky’ laws behind quantum entanglement, physicists think have found a way to make information leap between a pair of electrons separated by distance. <https://www.sciencealert.com/entanglement>

Teleporting fundamental states between photons massless particles of light — is quickly becoming old news, a trick we are still learning to exploit in computing and encrypted communications technology.
<https://www.sciencealert.com/a-new-quantum-teleportation-distance-record-has-been-set>
<https://www.sciencealert.com/scientists-manage-quantum-teleportation-between-computer-chips-for-the-first-time>
<https://www.sciencealert.com/physicists-work-out-a-way-to-cram-more-information-into-quantum-messages>

But what the latest research has achieved is quantum teleportation between particles of matter—electrons—something that could help connect quantum computing with the more traditional electronic kind. <https://www.sciencealert.com/quantum-computers>

“We provide evidence for ‘entanglement swapping,’ in which we create entanglement between two electrons even though the particles never interact, and ‘quantum gate teleportation,’ a potentially useful technique for quantum computing using teleportation,” says physicist John Nichol from the University of Rochester in New York. <https://www.sciencealert.com/entanglement> <https://www.rochester.edu/newscenter/quantum-teleportation-to-improve-quantum-computing-441352/>

“Our work shows that this can be done even without photons.”

Entanglement is physics jargon for what seems like a pretty straightforward concept. […] https://www.sciencealert.com/physicists-have-teleported-information-between-particles-of-matter-for-the-first-time


Apple Watch Quote/Thread of The Day (Casey Newton)

geoff goodfellow <geoff@iconia.com>
Fri, 26 Jun 2020 14:40:04 -1000

“If Apple Watch can detect hand washing now then it can probably detect other activities involving vigorous hand motions and I for one would like to know what Apple is doing with the data”

https://twitter.com/CaseyNewton/status/1275177758188949504


California University Paid $1.14 Million After Ransomware Attack (Bloomberg)

geoff goodfellow <geoff@iconia.com>
Sat, 27 Jun 2020 08:29:05 -1000

The hackers encrypted data on servers inside the school of medicine, the university said Friday. While researchers at UCSF are among those leading coronavirus-related antibody testing, the attack didn't impede its Covid-19 work, it said. The university is working with a team of cybersecurity contractors to restore the hampered servers soon.

“The data that was encrypted is important to some of the academic work we pursue as a university serving the public good. We therefore made the difficult decision to pay some portion of the ransom.” <https://www.ucsf.edu/news/2020/06/417911/update-it-security-incident-ucsf>.

The intrusion was detected as recently as June 1, and UCSF said the actors were halted during the attack. Yet using malware known as Netwalker, the hackers obtained and revealed data that prompted UCSF to engage in ransomware negotiations, which ultimately followed with payment. […]

<https://www.bloomberg.com/news/articles/2020-06-04/hackers-target-california-university-leading-covid-19-research>, https://www.bloomberg.com/news/articles/2020-06-27/california-university-paid-1-14-million-after-ransomware-attack


Russian Criminal Group Finds New Target: Americans Working at Home (NYTimes)

Dave Farber <farber@gmail.com>
Fri, 26 Jun 2020 10:42:05 +0900

https://www.nytimes.com/2020/06/25/us/politics/russia-ransomware-coronavirus-work-home.html?referringSource=articleShare


Smells Fishy? The Fish That Prevent Iran From Hacking Israel's Water System (Yeshiva World)

geoff goodfellow <geoff@iconia.com>
Fri, 26 Jun 2020 14:43:05 -1000

Following Iran's unprecedented attack on Israel's civilian infrastructure by its attempt to hack into Israel's water system to raise the chlorine to dangerous levels, the National Cyber Directorate took responsibility for protecting Israel's water system, *Channel 12 News* reported on Monday. <https://www.theyeshivaworld.com/news/headlines-breaking-stories/1866326/iran-tried-to-raise-chlorine-in-israels-water-to-perilous-levels-report-says.html>

The report added an intriguing detail about the protection of Israel's water system—the employment of dozens of fish in ensuring the safety of Israel's water supply.

Twelve aquariums filled with drinking water at the Eshkol water purification site in Be'er Sheva each house several fish who happily swim around as fish do. The fish are closely monitored 24/7 to ensure they stay happy and healthy. Even the slightest signs of changes in their behavior are regarded as fishy by those responsible for the safety of Israel's drinking water. […]

https://www.theyeshivaworld.com/news/headlines-breaking-stories/1876329/smells-fishy-the-fish-that-prevent-iran-from-hacking-israels-water-system.html


Smells Fishy? The Fish That Prevent Iran From Hacking Israel's Water System (RISKS-32.04)

Geoff Kuenning <geoff@cs.hmc.edu>
Fri, Jun 26, 2020 at 9:52 PM
[via geoff goodfellow]

Even if we assume a cyberattack could have raised chlorine “to dangerous levels”, Israeli citizens would have smelled and tasted it long before they consumed enough to fall ill. Something smells fishy indeed.

I can believe that there are fish who serve as canaries in the water system's “coal mine”, because there might be poisons that could be introduced in more traditional ways. But I don't buy the part about a cyberattack trying to release chlorine to make people sick.


Re: The Army will soon allow users to access classified info from home (RISKS-32.04)

Bob Wilson <wilson@math.wisc.edu>
Fri, 26 Jun 2020 17:35:33 -0500

This should really make important things a lot easier! Back when I was involved with “Orange Book” style security, we always referred to example data that was to be securely protected as “The General's Whisky List”. The list he wanted an orderly to go out and procure. Now when we have to shop from home, we can make that real again! Bob Wilson


Re: How Thousands of Misplaced Emails Took Over This Engineer's Inbox (RISKS-32.04)

<wexelblat@gmail.com>
Fri, 26 Jun 2020 20:49:06 -0400

Some years while teaching a Comp Sci course at UMass Lowell we got talking about spam and bogus email.

As part of an exercise I registered bogus-address.com <http://bogus-address.com/> so we could just watch and see what was coming in.

Afterwards I pretty much ignored it, and had the messages automatically forward to dev/null (for the last 18 years or so).

Your posting piqued my interest, and I think I'll turn it back on, so I can see what's going on. Got not much better to do while hunkering. (To answer your question, (why did I keep it?) I dunno, but periodically GoDaddy has a special that allows me to renew it for practically nothing.


Re: IP Protection for AI-generated and AI-assisted works (RISKS-32.04)

Henry Baker <hbaker1@pipeline.com>
Fri, 26 Jun 2020 15:32:53 -0700

U.S. Constitution, Art. 1, Sect. 8, gives Congress the power “to promote the Progress of Science and Useful arts, by securing, for limited Times, to Authors and Inventors, the exclusive Right to theirrespective Writings and Discoveries”.

The meaning of ‘limited’ has been twisted by Disney to mean ‘limited only by the imagination of highly paid Hollywood lawyers’; by a curious coincidence, the limit always gets extended whenever a Disney copyright is in danger of expiration.

Copyright is currently “author's life plus 70 years” (or should that read “Disney Company's life plus 70 years”?), so when, exactly, does the ‘life’ of an AI end?

What could possibly go wrong?

Here's what Disney's own web site has to say:

“We are working to endow computers and robots with many of the qualities long associated with living, thinking beings—from perception and action to reasoning, problem solving, and even creativity! Here we are going beyond simply building the next generation of smart tools and are instead finding new ways to bring our treasured characters to life.”
https://studios.disneyresearch.com/artificial-intelligence/

The plain meaning of ‘their’ in the Constitution is a human reference; otherwise, the Constitution would have said 'its'.

PS. The 'Trans Pacific Partnership', which Trump pulled out of the moment he was sworn into office in 2017, would have taken copyright out of the hands of Congress and placed it under the control of an international trade organization. Like a stopped clock, Trump happened to do the right thing this one time.


Re: Wrongfully Accused by an Algorithm (RISKS-32.04)

Bella <belcottrell-spamcatcher@yahoo.com>
Sat, 27 Jun 2020 11:28:27 +0000 (UTC)

While I do not know which facial recognition software the Detroit Police Department has chosen to use, people know that NIST's Vendor Recognition Test found that pretty much all of them had a much higher rate of false-positive matches when looking at people of colour. Considering how large a market sample NIST tested; not only do I expect we'll see significant bias in false-positive arrests, I also expect we'll probably see similar results if other police departments follow suit, regardless of the software they select.

https://www.nist.gov/programs-projects/face-recognition-vendor-test-frvt-ongoing

I wonder if potential gender or racial biases was even a factor in DPD's selection panel?


Re: Wrongfully Accused by an Algorithm (Risks-32.04)

Michael Bacon <attilathehun1900@tiscali.co.uk>
Sat, 27 Jun 2020 13:01:24 +0100

Only Sort of.

These days, a mismatch between a headline and the body of the article is not at all unusual. It used to be that newspaper headlines were accurate, albeit those in the “red top” tabloids in particular have always used a unique form of grammar, but sadly, no longer. Just the other day, a leading British broadsheet headlined a mandatory requirement, but reduced that to a “might have to” in the article itself; and throughout the past months the UK media (and government) has referred to “Rules” in headlines, but then qualified them lower down as being merely “guidance” and “advice”. Even some UK police forces have been ignorant of the limits of the “Rules” and have misapplied the law. There is a strong argument of course in this situation, that trading on the ignorance and laziness of Jo Public might not be a “bad thing”, but I suspect it's largely an accidental abuse of the language (I'm thinking Hanlon's Razor).

Nevertheless, extreme headlines abound, and the very evident RISK is that far too many people read no further than the big print (few read the subheading, fewer still the first paragraphs of the article, and there seem to be almost none at all who read “below the fold” … and then they re-broadcast the hyperbole on social media where it gains new life.

For over 300 years it's been said that: “A lie gets halfway around the world before the truth has a chance to get its pants on” (or similar), and Shakespeare had Puck say, in a Midsummer Night's Dream: “I'll put a girdle round the Earth in forty minutes.” Today the “lie” travels around the globe in 40 milliseconds, and is solidified by, and enhanced in, each retelling.


Scientists just beginning to understand the many health problems caused by COVID-19 (Reuters)

geoff goodfellow <geoff@iconia.com>
Fri, 26 Jun 2020 14:41:05 -1000

… some may have lingering effects on patients and health systems for years to come, according to doctors and infectious disease experts.

Besides the respiratory issues that leave patients gasping for breath, the virus that causes COVID-19 attacks many organ systems, in some cases causing catastrophic damage.

“We thought this was only a respiratory virus. Turns out, it goes after the pancreas. It goes after the heart. It goes after the liver, the brain, the kidney and other organs. We didn't appreciate that in the beginning,” said Dr. Eric Topol, a cardiologist and director of the Scripps Research Translational Institute in La Jolla, California.

In addition to respiratory distress, patients with COVID-19 can experience blood clotting disorders that can lead to strokes, and extreme inflammation that attacks multiple organ systems. The virus can also cause neurological complications that range from headache, dizziness and loss of taste or smell to seizures and confusion.

And recovery can be slow, incomplete and costly, with a huge impact on quality of life.

The broad and diverse manifestations of COVID-19 are somewhat unique, said Dr. Sadiya Khan, a cardiologist at Northwestern Medicine in Chicago. […] https://www.reuters.com/article/us-health-coronavirus-effects/scientists-just-beginning-to-understand-the-many-health-problems-caused-by-covid-19-idUSKBN23X1BZ


The number of new cases of COVID-19 is misleading (Wordpress)

Mark Thorson <eee@dialup4less.com>
Fri, 26 Jun 2020 15:55:22 -0700

New cases might be people who are asymptomatic, recovered, or cross-reactive to one of the mostly harmless coronavirus strains that cause an estimated 5-15% of the common cold. What counts are a) hospitalizations and b) deaths.

https://luysii.wordpress.com/2020/06/25/death-rates-from-coronavirus-drop-in-half-2-months-after-georgia-loossens-lockdown-restrictions/


Re: 0.5% of coronavirus stimulus checks went to dead people according to the GAO (Goldberg, RISKS-32.04)

“John Levine” <johnl@iecc.com>
26 Jun 2020 22:29:59 -0400

> No time to check for dead recipients—what could go wrong?

I would have hoped the WaPo would have better political and arithmetic skills than this article shows.

The $1.4 billion that went to dead people sounds like a lot until you remember that the total was $270 billion so we're talking about 0.5% of the total. The point of the stimulus was to get money to people as quickly as possible so that money generally went to the dead peoples' family members who as likely as not were happy to have to to pay for rent, food, and all the other stuff the stimulus was intended to support.

Imagine you're in an office in D.C., you know that as things stand you'll send half a percent of the money to dead people, and it would take (making up a number here) half a week to arrange to compare the payment file to the death records. Knowing that you'll still send money to some dead people (the records are always out of date since people die every day), is it worth the extra delay to fix a half percent error when the law says to send the money s “as rapidly as possible”? What would you say? I'd say of course not, ship it.

My father died last year and he did indeed get a stimulus payment directly into the estate's bank account, followed by a letter from the Leader to <dad's name> DEC'D. We don't need it so it's sitting in the bank waiting to see if they're going to take it back. If they don't, I'll send it to the local food bank who can sure use the money.


Re: 0.5% of coronavirus stimulus checks went to dead people according to the GAO (Levine, RISKS-32.05)

Gabe Goldberg <gabe@gabegold.com>
Sat, 27 Jun 2020 01:30:05 -0400

IRS has access to Social Security Death Master File https://en.wikipedia.org/wiki/Death_Master_File to verify payments.

But, quoting the article: However, IRS counsel determined they did not have the legal authority to deny payments to people who had filed a return, even if they were deceased at the time of payment.

…so it wasn't a technical problem or a week's potential delay, it was set up to deliver improper payments. And WaPo columnist now advises against recovering improper payments. Because … well, that's not clear.

What's the arithmetic skills failure to which you refer? You're likely right that family members appreciated incorrect payments. So, likely, do people receiving undeserved tax refunds. A billion here, a billion there, out of trillions here, trillions there, still amounts to substantial waste.


Re: 0.5% of coronavirus stimulus checks went to dead people according to the GAO (Goldberg, RISKS-32.05)

“John R. Levine” <johnl@iecc.com>
27 Jun 2020 12:24:33 -0400

Unfortunately, it's right there in your paragraph. A billion and a trillion are not the same thing, and an 0.5% error is not a big one.

I would also take issue with calling this mistake “waste”, but see my previous message about that.


Re: 0.5% of coronavirus stimulus checks went to dead people according to the GAO (Levine, RISKS-32.05)

Gabe Goldberg <gabe@gabegold.com>
Sat, 27 Jun 2020 13:57:17 -0400

That seems opinion or perspective than arithmetic. A small percentage of a giant number can be a big number. A billion dollars is a terrible thing to waste. Paying people who weren't intended to be paid—no matter how happy they are to receive the payment—is a waste.

Let's end here. [I agree. PGN]

Please report problems with the web pages to the maintainer

Top