Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
precedence: bulk
Subject: Risks Digest 31.67
RISKS-LIST: Risks-Forum Digest Saturday 11 April 2020 Volume 31 : Issue 67
ACM FORUM ON RISKS TO THE PUBLIC IN COMPUTERS AND RELATED SYSTEMS (comp.risks)
Peter G. Neumann, founder and still moderator
***** See last item for further information, disclaimers, caveats, etc. *****
This issue is archived at <http://www.risks.org> as
<http://catless.ncl.ac.uk/Risks/31.67>
The current issue can also be found at
<http://www.csl.sri.com/users/risko/risks.txt>
Contents:
COVID-19 needs some big-picture thinking (PGN)
Apple-Google Proposal for Contact Tracing (Marc Rotenberg)
Can Legislatures Safely Vote by Internet? (Andrew Appel)
Citing BGP hijacks and hack attacks, feds want China Telecom out of the U.S.
(Ars Technica)
Should we teach children about quantum computing? (bbc.com)
Re: Boeing 787s must power cycle every 51 days (Amos Shapir)
Re: Masking the CoVID-19 problem (Gregory Carvalho, Amos Shapir,
Julian Bradfield)
Abridged info on RISKS (comp.risks)
----------------------------------------------------------------------
Date: Sat, 11 Apr 2020 11:26:27 PDT
From: "Peter G. Neumann" <neumann@csl.sri.com>
Subject: COVID-19 needs some big-picture thinking (PGN)
Overall, COVID-19 is eventually going to offer us many lessons in
retrospect, if we are paying enough attention. Advanced planning for
realistic scenarios has often been eschewed. There are divergent models
with incomparable assumptions, not enough testing, not enough equipment and
personnel, disrespect and disregard for science and clear evidence, and much
more. But some increased predictability is emerging, and sheltering in
place seems to be `flattening the curve'. Above all, centralized leadership
is critical. Ultimately, we need to consider this crossroads as as an
opportunity for our civilation to reflect on what must change in the future,
particularly regarding health care and long-term instead of short-term
optimization.
However, hucksters are trying to capitalize on fear, with new creative forms
of fraud and deception. Misinformation abounds. This morning's news
includes an item on the risks of misinformation that is also relevant. A
front-page article by Adam Satariano and Davey Alba, Britons Set Fire to
Cell Towers, Driven by False Theory on Virus. in *The New York Times* today
is relevant here, which "some government officials call an Internet
Conspiracy Theory" that links 5G emanations with increased susceptability to
COVID-19. This has resulted in the UK in more than 30 acts of arson and
vandalism against wireless towers. "In roughly 80 other episodes in other
countries, telecom technicians have been harassed on the job."
Misinformation is also becoming viral, and evidently pandemic as well.
These are stressful times, but I seem to be stepping up the frequency of
RISKS issues, rather than getting way behind and playing catchup with huge
issues. This will keep the issues more timely, as things are changing
rapidly. RISKS remains an open forum for discourse, so we welcome
constructive criticism and always value corrections.
End of my own rant for now. I have other things to do. PGN
------------------------------
Date: Fri, 10 Apr 2020 16:19:00 -0400
From: Marc Rotenberg <rotenberg@epic.org>
Subject: Apple-Google Proposal for Contact Tracing
[Google and Apple are working together to enable bluetooth-based
privacy-preserving contact tracing app development. There seem to
be some huge problems with privacy, as noted in the previous issue
of RISKS-31.66:
Privacy Cannot Be a Casualty of the Coronavirus (NYTimes).
Here are two items on the Apple-Google project underway.
https://www.wired.com/story/apple-google-bluetooth-contact-tracing-covid-19/
https://www.washingtonpost.com/technology/2020/04/10/apple-google-tracking-coronavirus/
At my request, Marc Rotenberg, founder and head of the Electronic Privacy
Information Center, provided this timely and topical item. PGN]
https://epic.org/2020/04/apple-and-google-propose-conta.html
<https://www.apple.com/newsroom/2020/04/apple-and-google-partner-on-covid-19-contact-tracing-technology/>
EPIC: Apple and Google Propose Contact Tracing App
Apple and Google announced today "a joint effort to enable the use of
Bluetooth technology to help governments and health agencies reduce the
spread of the virus, with user privacy and security central to the design."
The companies are proposing "Privacy-Preserving Contact Tracing."
<https://www.apple.com/covid19/contacttracing/> EPIC has previously
testified <https://epic.org/privacy/testimony_0301.html> in Congress in
support of genuine Privacy Enhancing Techniques, which EPIC President Marc
Rotenberg has defined
<https://heinonline.org/HOL/LandingPage?handle=3Dhein.journals/stantlr2001&div=3D2&id=3D&page=3D>
as technologies that "minimize or eliminate the collection of personally
identifiable information." But EPIC has also warned
<https://epic.org/privacy/wiretap/Rotenberg-CEBP-9-16.pdf> that these
techniques must be "robust, scaleable and provable." And EPIC has repeatedly
stated that notice and consent is not the basis of data protection.
[Note: This is a presentation Marc did a few years ago for the National
Academies on evidence-based policy and privacy law.
https://epic.org/privacy/wiretap/Rotenberg-CEBP-9-16.pdf
https://youtu.be/B016UpD-a4w
PGN]
------------------------------
Date: Fri, 10 Apr 2020 11:29:32 PDT
From: "Peter G. Neumann" <neumann@csl.sri.com>
Subject: Can Legislatures Safely Vote by Internet? (Andrew Appel)
Andrew Appel has just published a short blog article: [
https://freedom-to-tinker.com/2020/04/10/can-legislatures-safely-vote-by-internet/
------------------------------
Date: Sat, 11 Apr 2020 08:05:12 -1000
From: the keyboard of geoff goodfellow <geoff@iconia.com>
Subject: Citing BGP hijacks and hack attacks, feds want China Telecom out of
the U.S. (Ars Technica)
*With a history of cyber-attacks, Chinese-owned telecom is a threat,
officials say*
EXCERPT:
Citing the misrouting of US Internet traffic, malicious hacking and control
by the Chinese government, a group of US executive agencies are recommending
the FCC revoke the license authorizing China Telecom to provide
international telecommunications services to and from the United States.
The recommendation comes amid an escalation in tensions between the US and
China over a host of issues, including trade, disagreements about the
handling of the novel coronavirus, and hacking. Thursday's move comes as
part of a review the FCC disclosed last year, when the agency barred China
Mobile Limited from the US market. The federal government has also
designated both Huawei and ZTE as national security threats.
<https://www.bloomberg.com/news/articles/2019-05-09/china-mobile-barred-from-the-u-s-market-over-espionage-concerns>
``The security of our government and professional communications, as well as
of our most private data, depends on our use of trusted partners from
nations that share our values and our aspirations for humanity,'' John
C. Demers, assistant attorney general for national security, said in a
release. ``Today's action is but our next step in ensuring the integrity of
America's telecommunications systems.''
<https://www.justice.gov/opa/pr/executive-branch-agencies-recommend-fcc-revoke-and-terminate-china-telecom-s-authorizations>
The state-owned China Telecom says it's the county's second-biggest mobile
operator with about 336 million subscribers about 153 million wireline
broadband subscribers, and about 111 million access lines. China Telecom
Americas, the subsidiary that operates in the US, received authorization
from the FCC in 2002, according to this timeline. China Telecom Americas has
had a compounded and impressive annual revenue growth rate of 68% since
2005, the timeline added. <https://www.ctamericas.com/company/history/>
Hijacking huge swaths of the Internet. [...]
https://arstechnica.com/tech-policy/2020/04/citing-bgp-hijacks-and-hack-attacks-feds-want-china-telecom-out-of-the-us/
------------------------------
Date: Sat, 11 Apr 2020 10:07:31 +0800
From: Richard Stein <rmstein@ieee.org>
Subject: Should we teach children about quantum computing? (bbc.com)
https://www.bbc.com/news/business-51644033
Nothing wrong with stimulating curiosity in young people. Imagine a
13-year-old from Poughkeepsie, NY who could author a quantum programming
language solution that calculates the Fermi surface of iron! "That's my
little girl!"
If quantum computation becomes commercially viable -- feed a credit card to
a cloud supplier for access to a 1Mqubit virtual quantum computer with a
guaranteed multi-minute decoherence-mitigated computation wall clock window
-- then ethics should enter the curriculum.
------------------------------
Date: Sat, 11 Apr 2020 13:57:27 +0300
From: Amos Shapir <amos083@gmail.com>
Subject: Re: Boeing 787s must power cycle every 51 days (RISKS-31.65)
I wonder what new problems may be discovered when many planes which may
have been mothballed for more than 51 days (and even twice that) would be
put back into action?
[Hopefully, a reboot would reset the clock cycle. But maybe not... PGN]
------------------------------
Date: Fri, 10 Apr 2020 20:59:21 -0700
From: Gregory Carvalho <GregoryC@stcinc.com>
Subject: Re: Masking the CoVID-19 problem (Slade, RISKS-31.65)
A nice read. With reports of the respiratory problems associated with
COVID-19, it seems counterintuitive to instruct people to contain exhaled
carbon dioxide in the confined space of homemade double layer fabric
masks. Whether a person is healthy or exposed, it seems that potential for
weakening the state of the individual would exist in such an environment.
[Gregory, This is really a very important point. The basic respirator is
good at helping inhalation, but less good at helping exhaling. The death
of an ALS patient I knew well was attributed to CO2 toxicity. PGN]
------------------------------
From: Amos Shapir <amos083@gmail.com>
Date: Sat, 11 Apr 2020 12:55:21 +0300
Subject: Re: Masking the CoVID-19 problem (Slade, RISKS-31.65)
Starting tomorrow, emergency decrees issued by Israel's Ministry of Health
require the wearing of respiratory face masks in all public places.
Now, who may I believe -- the official decrees, which are likely backed by
advice of medical experts; or a Risks post, which mostly makes sense, but
whose author's only stated qualifications are "grandpa of Ryan, Trevor,
Devon & Hannah"?
------------------------------
Date: Sat, 11 Apr 2020 10:47:38 +0100
From: Julian Bradfield <jcb@inf.ed.ac.uk>
Subject: Re: Masking the CoVID-19 problem (Slade, RISKS-31.65)
RISKS-31.65 contains another hectoring rant by Rob Slade on masks. Slade is
not qualified in any appropriate area (neither am I), and appears not to
have done even the basic step of searching PubMed, as he doesn't refer to
any of (limited but not non-existent) available research on masks outside
healthcare settings, including on the efficacy of homemade masks.
Perhaps more importantly, he fails to consider the important fact (in so far
as there any "facts" in such a fast-moving situation), which has been agreed
for a couple of weeks at least, that SARS-Cov-2 appears to have significant
asymptomatic and presymptomatic infectious capability.
The current WHO (et al.) recommendations seem to be primarily aimed at
getting the limited supply of masks to those who need them most -- I don't
think anybody disagrees with Slade that healthworkers get first dibs on the
supply. And, as always with WHO, its recommendations move slowly.
Those who would prefer to read an up-to-date analysis (including a survey of
prior research) from people who are qualified in relevant areas should read:
https://www.bmj.com/content/369/bmj.m1435
------------------------------
Date: Mon, 14 Jan 2019 11:11:11 -0800
From: RISKS-request@csl.sri.com
Subject: Abridged info on RISKS (comp.risks)
The ACM RISKS Forum is a MODERATED digest. Its Usenet manifestation is
comp.risks, the feed for which is donated by panix.com as of June 2011.
=> SUBSCRIPTIONS: The mailman Web interface can be used directly to
subscribe and unsubscribe:
http://mls.csl.sri.com/mailman/listinfo/risks
=> SUBMISSIONS: to risks@CSL.sri.com with meaningful SUBJECT: line that
includes the string `notsp'. Otherwise your message may not be read.
*** This attention-string has never changed, but might if spammers use it.
=> SPAM challenge-responses will not be honored. Instead, use an alternative
address from which you never send mail where the address becomes public!
=> The complete INFO file (submissions, default disclaimers, archive sites,
copyright policy, etc.) is online.
<http://www.CSL.sri.com/risksinfo.html>
*** Contributors are assumed to have read the full info file for guidelines!
=> OFFICIAL ARCHIVES: http://www.risks.org takes you to Lindsay Marshall's
searchable html archive at newcastle:
http://catless.ncl.ac.uk/Risks/VL.IS --> VoLume, ISsue.
Also, ftp://ftp.sri.com/risks for the current volume
or ftp://ftp.sri.com/VL/risks-VL.IS for previous VoLume
If none of those work for you, the most recent issue is always at
http://www.csl.sri.com/users/risko/risks.txt, and index at /risks-31.00
Lindsay has also added to the Newcastle catless site a palmtop version
of the most recent RISKS issue and a WAP version that works for many but
not all telephones: http://catless.ncl.ac.uk/w/r
ALTERNATIVE ARCHIVES: http://seclists.org/risks/ (only since mid-2001)
*** NOTE: If a cited URL fails, we do not try to update them. Try
browsing on the keywords in the subject line or cited article leads.
Apologies for what Office365 and SafeLinks may have done to URLs.
==> Special Offer to Join ACM for readers of the ACM RISKS Forum:
<http://www.acm.org/joinacm1>
------------------------------
End of RISKS-FORUM Digest 31.67
************************