Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
precedence: bulk
Subject: Risks Digest 31.85

RISKS-LIST: Risks-Forum Digest  Friday 21 May 2020  Volume 31 : Issue 85

ACM FORUM ON RISKS TO THE PUBLIC IN COMPUTERS AND RELATED SYSTEMS (comp.risks)
Peter G. Neumann, founder and still moderator

***** See last item for further information, disclaimers, caveats, etc. *****
This issue is archived at <http://www.risks.org> as
  <http://catless.ncl.ac.uk/Risks/31.85>
The current issue can also be found at
  <http://www.csl.sri.com/users/risko/risks.txt>

  Contents:
A Case for Cooperation Between Machines and Humans (John Markoff)
Scammers steal > $100m in Wash. State unemployment fraud (Seattle Times)
Satellites and spacecraft malfunction as Earth's magnetic field
  mysteriously weakens (Sky)
Microsoft: Beware this massive phishing campaign using malicious Excel
  macros to hack PCs (ZDNet)
Ransomware deploys virtual machines to hide itself from antivirus software
  (ZDNet)
Students are failing AP tests because the College Board can't handle iPhone
  photos (The Verge)
How Do Astronauts Escape When a Space Launch Goes Wrong? (WiReD)
How a Chinese AI Giant Made Chatting -- and Surveillance -- Easy (WiReD)
90-Day Security Plan Progress Report: May 20 (Zoom Blog)
How the CDC is misreporting COVID-19 testing data (The Atlantic)
Re: COVID codebase [D Maziuk)
Re: The ultimate Turing test (Arthur Flatau)
Re: Teen Hacker and Crew of Evil Geniuses Accused of $24 Million Crypto
  Theft (Gabe Goldberg)
Re: The FBI Just Unlocked an iPhone Without Apple's Help (Keith Medcalf)
Re: AI gets the attention, but biotechnology is poised to change the world
  (Dan Jacobson)
Abridged info on RISKS (comp.risks)

----------------------------------------------------------------------

Date: May 22, 2020 at 17:57:40 GMT+9
From: Dewayne Hendricks <dewayne@warpspeed.com>
Subject: A Case for Cooperation Between Machines and Humans (John Markoff)

John Markoff, *The New York Times*, 21 May 2020

A computer scientist argues that the quest for fully automated robots is
misguided, perhaps even dangerous. His decades of warnings are gaining more
attention.

https://www.nytimes.com/2020/05/21/technology/ben-shneiderman-automation-humans.html

The Tesla chief Elon Musk and other big-name Silicon Valley executives have
long promised a car that can do all the driving without human assistance.

But Ben Shneiderman, a University of Maryland computer scientist who has for
decades warned against blindly automating tasks with computers, thinks fully
automated cars and the tech industry's vision for a robotic future is
misguided. Even dangerous. Robots should collaborate with humans, he
believes, rather than replace them.

Late last year, Dr. Shneiderman embarked on a crusade to convince the
artificial intelligence world that it is heading in the wrong direction. In
February, he confronted organizers of an industry conference on ``Assured
Autonomy'' in Phoenix, telling them that even the title of their conference
was wrong. Instead of trying to create autonomous robots, he said, designers
should focus on a new mantra, designing computerized machines that are
``reliable, safe and trustworthy.''

There should be the equivalent of a flight data recorder for every robot,
Dr. Shneiderman argued.

It is a warning that's likely to gain more urgency when the world's
economies eventually emerge from the devastation of the coronavirus pandemic
and millions who have lost their jobs try to return to work. A growing
number of them will find they are competing with or working side by side
with machines.

Dr. Shneiderman, 72, began spreading his message decades ago. A pioneer in
the field human-computer interaction, he co-founded in 1982 what is now the
Conference on Human Factors in Computing Systems and coined the term
``direct manipulation'' to describe the way objects are moved on a computer
screen either with a mouse or, more recently, with a finger.

In 1997, Dr. Shneiderman engaged in a prescient debate with Pattie Maes, a
computer scientist at the Massachusetts Institute of Technology's Media Lab,
over the then-fashionable idea of intelligent software agents designed to
perform autonomous tasks for computer users -- anything from reordering
groceries to making a restaurant reservation.

``Designers believe they are creating something lifelike and smart --
however, users feel anxious and unable to control these systems,'' he
argued.

Since then, Dr. Shneiderman has argued that designers run the risk not just
of creating unsafe machines but of absolving humans of ethical
responsibility of the actions taken by autonomous systems, ranging from cars
to weapons.

The conflict between human and computer control is at least as old as
interactive computing itself.

The distinction first appeared in two computer science laboratories that
were created in 1962 near Stanford University. John McCarthy, a computer
scientist who had coined the term ``artificial intelligence,'' established
the Stanford Artificial Intelligence Laboratory with the goal of creating a
``thinking machine'' in a decade. And Douglas Engelbart, who invented the
computer mouse, created the Augmentation Research Center at the Stanford
Research Center and coined the term ``intelligence augmentation,'' or I.A.

In recent years, the computer industry and academic researchers have tried
to bring the two fields back together, describing the resulting discipline
as ``humanistic'' or ``human-centered'' artificial intelligence.

Dr. Shneiderman has challenged the engineering community to rethink the way
it approaches artificial intelligence-based automation. Until now, machine
autonomy has been described as a one-dimensional scale ranging from machines
that are manually controlled to systems that run without human intervention.

The best known of these one-dimensional models is a set of definitions
related to self-driving vehicles established by the Society of Automotive
Engineers. It describes six levels of vehicle autonomy ranging from Level 0,
requiring complete human control, to Level 5, which is full driving
automation.

In contrast, Dr. Shneiderman has sketched out a two-dimensional alternative
that allows for both high levels of machine automation and human
control. With certain exceptions such as automobile airbags and nuclear
power plant control rods, he asserts that the goal of computing designers
should be systems in which computing is used to extend the abilities of
human users.

This approach has already been popularized by both roboticists and Pentagon
officials. Gill Pratt, the head of the Toyota Research Institute, is a
longtime advocate of keeping humans ``in the loop.'' His institute has been
working to develop Guardian, a system that the researchers have described as
``super advanced driver assistance.''

``There is so much that automation can do to help people that is not about
replacing them,'' Dr. Pratt said. He has focused the laboratory not just on
car safety but also on the challenge of developing robotic technology
designed to support older drivers as well.

Similarly, Robert O. Work, a deputy secretary of defense under Presidents
Trump and Barack Obama, backed the idea of so-called centaur weapons
systems, which would require human control, instead of A.I.-based robot
killers, now called lethal autonomous weapons.

The term ``centaur'' was originally popularized in the chess world, where
partnerships of humans and computer programs consistently defeated
unassisted software.

At the Phoenix conference on autonomous systems this year, Dr. Shneiderman
said Boeing's MCAS flight-control system, which was blamed after two 737 Max
jets crashed, was an extreme example of high automation and low human
control.

``The designers believed that their autonomous system could not fail,'' he
wrote in an unpublished article that has been widely
circulated. ``Therefore, its existence was not described in the user manual
and the pilots were not trained in how to switch to manual override.''

Dr. Shneiderman said in an interview that he had attended the conference
with the intent of persuading the organizers to change its name from a focus
on autonomy to a focus on human control.

``I've come to see that names and metaphors are very important,'' he said.

------------------------------

Date: Thu, 21 May 2020 22:24:38 -0700
From: Henry Baker <hbaker1@pipeline.com>
Subject: Scammers steal > $100m in Wash. State unemployment fraud
  (Seattle Times)

BTW, how's that 'Internet Voting' thingy workin' out fer ya ?

Paul Roberts, Jim Brunner and Patrick Malone, *Seattle Times*, 21 May 2020
'Hundreds of millions of dollars' lost in Washington to unemployment fraud
amid coronavirus joblessness surge

https://www.seattletimes.com/business/economy/washington-adds-more-than-145000-weekly-jobless-claims-as-coronavirus-crisis-lingers/

Washington state officials have acknowledged the loss of "hundreds of
millions of dollars" to an international fraud scheme that hammered the
state's unemployment insurance system and could mean even longer delays for
thousands of jobless workers still waiting for legitimate benefits.

Suzi LeVine, commissioner of the state Employment Security Department (ESD),
disclosed the staggering losses during a news conference Thursday
afternoon. LeVine declined to specify how much money was stolen during the
scam, which is believed to be orchestrated from Nigeria. But she conceded
that the amount was "orders of magnitude above" the $1.6 million that the
ESD reported losing to fraudsters in April.

LeVine said state and law enforcement officials were working to recover as
much of the money as possible, though she declined to say how much had been
returned so far. She also said the ESD had taken "a number of steps" to
prevent new fraudulent claims from being filed or paid but would not specify
the steps, to avoid alerting criminals.

"We do have definitive proof that the countermeasures we have put in place
are working," LeVine said. "We have successfully prevented hundreds of
millions of additional dollars from going out to these criminals and
prevented thousands of fraudulent claims from being filed."

Thursday's disclosure, which came after state officials had largely refused
to discuss the scale of the fraud, helped explain the unusual surge in the
number of new jobless claims filed last week in Washington. For the week
ending May 16, the ESD received 138,733 initial claims for unemployment
insurance, a 26.8% increase over the prior week and one of the biggest
weekly surges since the coronavirus crisis began.

That sharp increase came as the number of initial jobless claims nationwide
fell 9.2%, to 2.4 million, according to data released earlier in the day by
the Labor Department.

Indeed, the surge in claims made Washington the state with the highest
percentage of its civilian labor force filing unemployment claims -- at
30.8%, according to an analysis by the Tax Foundation, a nonpartisan
Washington, D.C., think tank. Nevada, the next-highest state, reported
claims from 24.5% of its civilian workforce.

Thursday's disclosures also raised new questions about what, if anything,
the ESD could have done to detect and prevent the fraudulent activity.

Last week, the U.S. Secret Service issued an alert warning that Washington
was the "primary state targeted" by a "well-organized Nigerian fraud ring
exploiting the COVID-19 crisis to commit large-scale fraud against state
unemployment insurance programs." The alert, which said there was "also
evidence of attacks in North Carolina, Massachusetts, Rhode Island,
Oklahoma, Wyoming and Florida," noted "potential losses in the hundreds of
millions of dollars."

Among the criminal groups implicated in the fraud is a Nigerian organization
known as Scattered Canary, according to a report released this week by
Agari, a California-based cybersecurity firm that has tracked the African
organization's activities. The group has been running scams for more than a
decade, working to steal Social Security payments, student aid and disaster
relief funds, among other targets, the report said.

The group likely used personal information about Washingtonians from
previous consumer-data breaches to slam Washington's unemployment system
with phony claims, which were paid out along with hundreds of thousands of
legitimate ones.

"These crime rings are indiscriminate and very quick to jump on an
opportunity," said Armen Najarian, chief identity officer for Agari, in an
interview.

"It is clear this is not just a Washington state problem," said a statement
from Gov. Jay Inslee's office Thursday. "This is a national and
international criminal conspiracy. We were among the first states hit by
these fraudsters but we will not be the last."

ESD officials have argued that fraudsters targeted Washington because it was
among the first states to begin paying new benefits available under the $2.2
trillion federal stimulus bill. The legislation not only boosted benefits
available under existing state unemployment insurance systems, including an
extra $600 per week; it also gave state officials less time to verify new
claims for those benefits.

ESD officials have acknowledged that, because of the elimination of
the so-called waiting week between the time a claim is filed and the
time the benefit is paid, the agency wasn't always able to get
verification from employers about a claim before payment was made.

Furthermore, because federal benefits were technically available beginning
in March, several weeks before Washington was able to upgrade its processing
system to be able to pay them, many claimants had retroactive claims for
multiple weeks waiting to be paid in the ESD's system. Those retroactive
payments went out all at once, which added to the volume of the fraud.

At the federal level, the fraud is being investigated by the inspectors
general of the Social Security Administration and the Department of Labor;
the Secret Service; the FBI; and the U.S. attorney's office in Seattle,
which is coordinating the effort.

In a statement Thursday, U.S. Attorney Brian Moran said federal officials
worked with a "diligent financial institution" to "prevent $120 million from
being distributed to criminals, and were "assisting in recovering millions
of additional dollars, with assistance from scores of other banks and credit
unions."

Thursday's disclosures come as Washington was struggling to process an
unprecedented wave of legitimate jobless claims amid one of the worst
economic crises in U.S. history. On Wednesday, the state's monthly
employment report for April showed Washington with a seasonally adjusted
unemployment rate of 15.4%, up from 5.1% in March. The national unemployment
rate for April stood at 14.7%, seasonally adjusted.

The massive number of new claims had already led to delays in benefits being
paid to tens of thousands of workers, who have periodically overwhelmed the
ESD's telephone lines and website with inquiries.

On Thursday, LeVine acknowledged that, because of the fraud, some additional
delays in benefit payments to legitimate claimants are likely as the ESD
subjects all claims to more scrutiny.

"This makes me the most angry, and the most upset -- that we need to delay
payments to Washingtonians who need the benefits," LeVine said. "But we need
to also build in more time for analysis. So going forward, we want to set
expectations that we will add an additional one to two days to our
processing time."

That delay, which follows a decision last Thursday to temporarily suspend
benefit payments for two days, will mean more hardship for people like
Thomas Segers of Seattle. The 61-year-old independent contractor, who
provided packaging services to retailers, began receiving preliminary
unemployment benefits in April, pending verification that he had lost his
job.

Segers said he submitted the necessary paperwork by mail in time for the
deadline to prove his employment status. However, he was notified this week
that his submission was not processed on time, so his claim was denied. Now,
he's trying to figure out how to appeal that decision, but can't reach
anyone at the state for guidance.

He called the ESD more than 225 times on Thursday morning alone, but never
got through.

"I'm sure I'm speaking for a lot of people who have questions, that it's
frustrating that nobody is answering," Segers said. "They're inaccessible at
the one time, in my viewpoint, they most need to be accessible."

------------------------------

Date: Fri, 22 May 2020 10:58:05 -1000
From: the keyboard of geoff goodfellow <geoff@iconia.com>
Subject: Satellites and spacecraft malfunction as Earth's magnetic field
  mysteriously weakens (Sky)

*Scientists are finding that the weakening is causing technical problems
for satellites, and seems to be growing in its effects*

Earth's magnetic field, which is vital to protecting life on our planet from
solar radiation, is mysteriously weakening.  On average the planet's
magnetic field has lost almost 10% of its strength over the last two
centuries, but there is a large localised region of weakness stretching from
Africa to South America.

Known as the South Atlantic Anomaly, the field strength in this area has
rapidly shrunk over the past 50 years just as the area itself has grown and
moved westward.

Over the past five years a second centre of minimum intensity has developed
southwest of Africa, which researchers believe indicates the anomaly could
split into two separate cells.

The anomaly is causing technical difficulties for satellites orbiting the
Earth.  [...]

https://news.sky.com/story/earths-magnetic-field-which-protects-us-from-solar-radiation-is-mysteriously-weakening-11992022

------------------------------

Date: Fri, 22 May 2020 17:30:06 -0400
From: Monty Solomon <monty@roscom.com>
Subject: Microsoft: Beware this massive phishing campaign using malicious
  Excel macros to hack PCs (ZDNet)

https://www.zdnet.com/article/microsoft-beware-this-massive-phishing-campaign-using-malicious-excel-macros-to-hack-pcs/

------------------------------

Date: Fri, 22 May 2020 10:59:05 -1000
From: the keyboard of geoff goodfellow <geoff@iconia.com>
Subject: Ransomware deploys virtual machines to hide itself from antivirus
  software (ZDNet)

*The operators of the RagnarLocker ransomware are running Oracle VirtualBox
to hide their presence on infected computers inside a Windows XP virtual
machine.*

The operators of the RagnarLocker ransomware are installing the VirtualBox
app and running virtual machines on computers they infect in order to run
their ransomware in a "safe" environment, outside the reach of local
antivirus software.

This latest trick has been spotted and detailed today by UK cyber-security
firm Sophos and shows the creativity and great lengths some ransomware gangs
will go to avoid detection while attacking a victim.

*WHAT'S RAGNARLOCKER?*

Avoiding detection is crucial because RagnarLocker is not your typical
ransomware gang. They're a group that carefully selects targets, avoiding
home consumers, and goes after corporate networks and government
organizations only.

Sophos says the group has targeted victims in the past by abusing
Internet-exposed RDP endpoints and has compromised MSP (managed service
provider) tools to breach companies and gain access to their internal
networks.

On these networks, the RagnarLocker group deploys a version of their
ransomware -- customized per each victim -- and then demands an astronomical
decryption fee in the tune of tens and hundreds of thousands of US dollars.

Because each of these carefully planned intrusions represents a chance to
earn large amounts of money, the RagnarLocker group has put a primer on
stealth and has recently come up with a novel trick to avoid detection by
antivirus software.

*THE VIRTUAL MACHINE TRICK* [...]
https://www.zdnet.com/article/ransomware-deploys-virtual-machines-to-hide-itself-from-antivirus-software/

------------------------------

Date: Thu, 21 May 2020 14:26:55 -0400
From: Gabe Goldberg <gabe@gabegold.com>
Subject: Students are failing AP tests because the College Board can't
  handle iPhone photos (The Verge)

How to deal with HEIC images proves to be the hardest question of all

https://www.theverge.com/2020/5/20/21262302/ap-test-fail-iphone-photos-glitch-email-college-board-jpeg-heic

...some Android devices too.

------------------------------

Date: Thu, 21 May 2020 00:05:56 -0400
From: Gabe Goldberg <gabe@gabegold.com>
Subject: How Do Astronauts Escape When a Space Launch Goes Wrong? (WiReD)

SpaceX is preparing for the first crewed launch of its Crew Dragon
capsule. Engineers have spent years planning for what happens if things go
awry.

https://www.wired.com/story/how-do-astronauts-escape-when-a-space-launch-goes-wrong/

------------------------------

Date: May 21, 2020 22:48:18 JST
From: Dewayne Hendricks <dewayne@warpspeed.com>
Subject: How a Chinese AI Giant Made Chatting -- and Surveillance -- Easy
  (WiReD)

  [Note: This item comes from friend Desire Banse.  DLH]

How a Chinese AI Giant Made Chatting -- and Surveillance -- Easy
Alexa can tell you the weather. Siri knows a few jokes. In China, voice-computing company iFlytek built similar smart assistants beloved by users. But its tech is also helping the government listen in.
By Mara Hvistendahl
May 18 2020
https://www.wired.com/story/iflytek-china-ai-giant-voice-chatting-surveillance/

In 1937, the year that George Orwell was shot in the neck while fighting
fascists in Spain, Julian Chen was born in Shanghai. His parents, a music
teacher and a chemist, enrolled him in a school run by Christian
missionaries, and like Orwell he became fascinated by language. He studied
English, Russian, and Mandarin while speaking Shanghainese at home. Later he
took on French, German, and Japanese. In 1949, the year Mao Zedong came to
power and Orwell published 1984, learning languages became dangerous in
China. In the purges of the late 1950s, intellectuals were denounced, sent
to labor camps, and even executed. Chen, who by then was a student at
prestigious Peking University, was banished to a Beijing glass factory.

Chen's job was to cart wagons full of coal and ash to and from the factory's
furnace. He kept his mind nimble by listening to his coworkers speak. At
night, in the workers' dormitory, he compiled a sort of linguistic
ethnography for the Beijing dialect. He finished the book around 1960. Soon
after, Communist Party apparatchiks confiscated it.

His fortunes improved after Mao's death, when party leaders realized that
China's economy needed intellectuals in order to develop. Chen went back to
school, and in 1979, at the age of 42, his test scores earned him a spot in
the first group of graduate students to go abroad in decades. He moved to
the US and earned a PhD in physics at Columbia University. At the time,
America offered more opportunity than China, and like many of his peers,
Chen stayed after graduation, getting a job with IBM working on physical
science research. IBM had developed some of the world's first speech
recognition software, which allowed professionals to haltingly dictate
messages without touching a keyboard, and in 1994 the company started
looking for someone to adapt it to Mandarin. It wasn't Chen's area, but he
eagerly volunteered.

Right away, Chen realized that in China speech recognition software could
offer far more than a dictation tool for office workers; he believed it
stood to completely transform communication in his native tongue. As a
written language in the computer age, Chinese had long posed a unique
challenge: There was no obvious way to input its 50,000-plus characters on a
QWERTY keyboard. By the 1980s, as the first personal computers arrived in
China, programmers had come up with several workarounds. The most common
method used pinyin, the system of romanized spelling for Mandarin that
Chinese students learn in school. Using this approach, to write cat you
would type `m-a-o', then choose from a drop-down menu that also included
characters meaning `trade' and `hat', and the surname of Mao Zedong. Because
Mandarin has so many homophones, typing became an inefficient exercise in
word selection.

To build his dictation engine, Chen broke Mandarin down into its smallest
elements, called phonemes. Then he recruited 54 Chinese speakers living in
New York and recorded them reading articles from People's Daily. IBM's
research lab in Beijing added samples from an additional 300 speakers. In
October 1996, after he had tested the system, Chen flew to China to display
the resulting software, called ViaVoice, at a speech technology conference.

In a packed room festooned with gaudy wallpaper, Chen read aloud from that
day's newspaper. In front of him, with a brief delay, his words appeared on
a large screen. After he finished, he looked around to see people staring at
him, mouths agape. A researcher raised her hand and said she wanted to give
it go. He handed over the microphone, and a murmur ran through the
crowd. ViaVoice understood her too.

ViaVoice debuted in China in 1997 with a box that read, ``The
computer understands Mandarin! With your hands free, your thoughts will come
alive.'' That same year, President Jiang Zemin sat for a
demonstration. Soon PC makers across China -- including IBM's
rivals -- were preinstalling the software on their devices. The era of
freely conversing with a computer was still a long way off, and ViaVoice had
its limitations, but the software eased the headache of text entry in
Chinese, and it caught on among China's professional class. ``It was
the only game in town,'' Chen recalls.

But for some scholars who had stayed in China, it stung that a researcher
working for an American company had been the one to make a first step toward
conquering the Chinese language. China, they felt, needed to match what Chen
had done.

Among those motivated by IBM's triumph was Liu Qingfeng, a 26-year-old PhD
student in a speech recognition lab at the prestigious University of Science
and Technology of China, in Hefei. In 1999, while still at USTC, Liu started
a voice computing company called iFlytek. The goal, it seemed, was not just
to compete with IBM and other foreign firms but to create products that
would recoup Chinese pride. Early on, Liu and his colleagues worked out of
the USTC campus. Later they moved elsewhere in Hefei. It was a second-tier
city -- USTC had been relocated there during the Cultural
Revolution -- but staying in Hefei meant iFlytek was close to the
university's intellectual talent.=20

When Liu explained his business concept to Kai-Fu Lee, then the head of
Microsoft Research Asia, Lee warned that it would be impossible to catch up
with American speech recognition giants. In the US, the industry was led by
several formidable companies in addition to IBM and Microsoft, including
BellSouth, Dragon, and Nuance Communications, which had recently spun off
from the nonprofit research lab SRI International. These companies were
locked in a slog to overcome the limitations of early-2000s computing and
build a voice-computer interface that didn't exasperate users, but they were
far ahead of Chinese competitors.

Liu didn't listen to Lee's warnings. Even if voice-interface technology was
a crowded, unglamorous niche, Liu's ambition gave it a towering moral
urgency. ``Voice is the foundation of culture and the symbol of a nation,''
he later said, recounting iFlytek's origin story. ``Many people thought that
they'' -- meaning foreign companies -- ``had us by the throat.'' When some
members of his team suggested that the company diversify by getting into
real estate, Liu was resolute: Anyone who didn't believe in voice computing
could leave. Nuance was building a healthy business helping corporate
clients begin to automate their call centers, replacing human switchboard
operators with voice-activated phone menus (``To make a payment, say
`payment' ''). iFlytek got off the ground by doing the same sort of work for
the telecommunications company Huawei.

iFlytek went public in 2008 and launched a major consumer product, the app
iFlytek Input, in 2010. That same year, Apple's iPhone began to carry Siri,
which had been developed by SRI International and acquired by Apple. But
while Siri was a ``personal assistant'' -- a talking
digital concierge that could answer questions -- iFlytek Input was far
more focused. It allowed people to dictate text anywhere on their phones: in
an email, in a web search, or on WeChat, the super app that dominates both
work and play in China.

Like any technology trained on interactions with human speech, Input was
imprecise in the beginning. ``With the first version of that product,
the user experience was not that good,'' said Jun Du, a scientist at
USTC who oversaw technical development of the app. But as data from actual
users' interactions with the app began to pour in, Input's accuracy at
speech-to-text transcription improved dramatically.

As it happened, Siri and Input were relatively early arrivals in a coming
onslaught of mature voice-interface technologies. First came Microsoft's
Cortana, then Amazon's Alexa, and then Google Assistant. But while iFlytek
launched its first generation of virtual assistant, Yudian, in 2012, the
company was soon training much of its AI firepower on a different challenge:
providing real-time translation to help users understand speakers of other
dialects and languages. Later versions of Input allowed people to translate
their face-to-face conversations and get closed captioning of phone calls in
23 Chinese dialects and four foreign languages. When combined with China's
large population, the emphasis on translation has allowed the company to
collect massive amounts of data.

Americans might tap Alexa or Google Assistant for specific requests, but in
China people often use Input to navigate entire conversations. iFlytek
Input's data privacy agreement allows it to collect and use personal
information for ``national security and national defense
security,'' without users' consent. ``In the West, there are
user privacy problems,'' Du says. ``But in China, we sign some
contract with the users, and we can use their data.'' Voice data can
be leaky in China. The broker Data Tang, for example, describes specific
data sets on its website, including one that includes nearly 100,000 speech
samples from 3- to 5-year-old children.

In 2017, MIT Technology Review named iFlytek to its list of the world's 50
smartest companies, and the Chinese government gave it a coveted spot on its
hand-picked national ``AI team.'' The other companies selected
that year were platform giants Baidu, Alibaba, and Tencent. Soon after,
iFlytek signed a five-year cooperation agreement with MIT's Computer Science
and Artificial Intelligence Laboratory (CSAIL), a leading AI lab. The
company's translation technology is used by the Spanish football club RCD
Espanyol, and it signed an exclusive deal to provide automated translation
for the 2022 Beijing Winter Olympics. As of mid-April, iFlytek was valued on
the Shenzhen Stock Exchange at $10.8 billion, and it claims to have 70
percent of the Chinese voice market, with 700 million end users. Nuance was
valued at $5.3 billion during the same time. In China, the company's other
major competitors in voice computing are mainly platforms like Alibaba and
Baidu.

Two decades after Julian Chen intuited that voice computing would
revolutionize how people interact with computers in China, its impact there
is indeed dramatic. Every day, WeChat users send around 6 billion voice
texts, casual spoken messages that are more intimate and immediate than the
typical voicemail, according to 2017 figures. Because WeChat caps the
messages at one minute, people often dash them off in one long
string. iFlytek makes a tablet that automatically transcribes business
meetings, a digital recorder that generates instantaneous transcripts, and a
voice assistant that is installed in cars across the country.

------------------------------

Date: Wed, 20 May 2020 23:48:40 -0400
From: Gabe Goldberg <gabe@gabegold.com>
Subject: 90-Day Security Plan Progress Report: May 20 (Zoom Blog)

https://blog.zoom.us/wordpress/2020/05/20/90-day-security-plan-progress-report-may-20/

------------------------------

Date: Thu, 21 May 2020 14:12:10 -1000
From: the keyboard of geoff goodfellow <geoff@iconia.com>
Subject: How the CDC is misreporting COVID-19 testing data (The Atlantic)

*The government's disease-fighting agency is conflating viral and
antibody tests, compromising a few crucial metrics that governors depend on
to reopen their economies. Pennsylvania, Georgia, Texas, and other states
are doing the same.*

The Centers for Disease Control and Prevention is conflating the results of
two different types of coronavirus tests, distorting several important
metrics and providing the country with an inaccurate picture of the state
of the pandemic. We've learned that the CDC is making, at best, a
debilitating mistake: combining test results that diagnose current
coronavirus infections with test results that measure whether someone has
ever had the virus. The upshot is that the government's disease-fighting
agency is overstating the country's ability to test people who are sick
with COVID-19. The agency confirmed to *The Atlantic* on Wednesday that it
is mixing the results of viral and antibody tests, even though the two
tests reveal different information and are used for different reasons.

This is not merely a technical error. States have set quantitative
guidelines for reopening their economies based on these flawed data points.

Several states -- including Pennsylvania, the site of one of the country's
largest outbreaks, as well as Texas, Georgia, and Vermont -- are blending the
data in the same way. Virginia likewise mixed viral and antibody test
results until last week, but it reversed course and the governor apologized
for the practice after it was covered by the *Richmond Times-Dispatch*
<https://www.richmond.com/special-report/coronavirus/virginia-misses-key-marks-on-virus-testing-as-leaders-eye-reopening/article_021e12c6-6d20-5030-9068-4caaeda495f7.html>
 and *The Atlantic*
<https://www.theatlantic.com/health/archive/2020/05/covid-19-tests-combine-virginia/611620/>.
Maine similarly separated its data on Wednesday; Vermont authorities claimed
they didn't even know
<https://twitter.com/EPetenko/status/1263138001879797762?s=3D20> they were
doing this.

The widespread use of the practice means that it remains difficult to know
exactly how much the country's ability to test people who are
actively sick with COVID-19 has improved. [...]

https://www.theatlantic.com/health/archive/2020/05/cdc-and-states-are-misreporting-covid-19-test-data-pennsylvania-georgia-texas/611935/

------------------------------

Date: Fri, 22 May 2020 10:44:12 -0500
From: dmaziuk <dmitri.maziuk@gmail.com>
Subject: Re: COVID codebase [RISKS-31.84]

In 2005 "Neil Ferguson, a professor of mathematical biology at Imperial
College London, told Guardian Unlimited that up to 200 million people could
be killed" by the bird flu:
https://www.theguardian.com/world/2005/sep/30/birdflu.jamessturcke

450 died:
https://www.who.int/influenza/human_animal_interface/H5N1_cumulative_table_archives/en/

Four years later, "In 2009, one of Ferguson's models predicted 65,000 people
could die from the Swine Flu outbreak in the UK — the final figure
was below 500."
https://www.businessinsider.com/neil-ferguson-transformed-uk-covid-response-oxford-challenge-imperial-model-2020-4

And apparently during the 2001 Foot and Mouth outbreak "Ferguson warned the
government that 150,000 people could die. Six million animals were
slaughtered as a precaution, costing the country billions in farming
revenue. In the end, 200 people died." -- ibid

Whether the code is a steaming Pile Of Software is immaterial, really (after
20 years dealing with "academic software" I'm pretty sure it is), when it
has a proven track record of being wrong.

------------------------------

Date: Fri, 22 May 2020 11:16:55 -0500
From: Arthur Flatau <flataua@acm.org>
Subject: Re: The ultimate Turing test (Henry Baker, RISKS-31.84)

I am currently hiring someone who I have only talked to on the phone, she
starts in a few weeks.  She has previously worked at my company and with
most of the people she will be working with, so she is not an unknown
quantity.  I know of someone else being hired here, who not only has not had
an in person interview, but has not even been to the state where she will be
working.  The situation with working in the office is changing rapidly, but
it is likely that both people will initially be solely working from home and
will almost certainly work from home quite a bit, even when the offices
open.

I doubt that Zoom virtual backgrounds, real-time animations help much with
an interview.  A candidate still must answer the interview questions on
whatever subject well enough to be consider good enough to hire.  A Zoom
animation is unlikely to be helpful for this in the vast majority of
situations.

Although working at home would make it a bit easier to have 2 or more
full-time jobs, I doubt this would work, for at least the type of jobs I
have had.  I doubt Zoom makes it any significantly easier to pull off this
fraud.  Although the current work at home situation for most people would
make it easier.

------------------------------

Date: Wed, 20 May 2020 23:54:58 -0400
From: Gabe Goldberg <gabe@gabegold.com>
Subject: Re: Teen Hacker and Crew of Evil Geniuses Accused of $24 Million
  Crypto Theft (Bloomberg)

(Bloomberg) -- A 15-year-old hacker and his crew of *evil computer geniuses*
stole nearly $24 million in cryptocurrency from an adviser to blockchain
companies, according to a lawsuit filed in New York.

Michael Terpin claims his phone was hacked and his money stolen in 2018 by a
ring led by Westchester County, New York, teen Ellis Pinksy as part of a
`sophisticated cybercrime spree'.  Terpin, the founder and chief executive
officer of blockchain advisory firm Transform Group, is suing Pinsky, now
18, for $71 million under a federal racketeering law that allows for triple
damages.

https://www.bloombergquint.com/technology/teen-hacker-and-evil-geniuses-accused-of-24-million-theft

...stolen from an adviser to blockchain companies. Who says there's no such
thing as bad publicity?

------------------------------

Date: Wed, 20 May 2020 23:24:04 -0600
From: "Keith Medcalf" <kmedcalf@dessus.com>
Subject: Re: The FBI Just Unlocked an iPhone Without Apple's Help (Lifewire)

  Is this not as it should be?

When the government gets a "search warrant" to search someones safe, do they
(can they) compel the safe manufacturer to open the safe, or do they hire
their own "safecracker" to open it?

------------------------------

Date: Fri, 22 May 2020 12:00:18 +0800
From: Dan Jacobson <jidanni@jidanni.org>
Subject: Re: AI gets the attention, but biotechnology is poised to change
  the world (Axios)

gg>    <https://link.axios.com/click/20337583.60839/aHR0cHM6...

Wow, 300 byte links. Using base64 --decode reveals what they are...

------------------------------

Date: Mon, 14 Jan 2019 11:11:11 -0800
From: RISKS-request@csl.sri.com
Subject: Abridged info on RISKS (comp.risks)

 The ACM RISKS Forum is a MODERATED digest.  Its Usenet manifestation is
 comp.risks, the feed for which is donated by panix.com as of June 2011.
=> SUBSCRIPTIONS: The mailman Web interface can be used directly to
 subscribe and unsubscribe:
   http://mls.csl.sri.com/mailman/listinfo/risks

=> SUBMISSIONS: to risks@CSL.sri.com with meaningful SUBJECT: line that
   includes the string `notsp'.  Otherwise your message may not be read.
 *** This attention-string has never changed, but might if spammers use it.
=> SPAM challenge-responses will not be honored.  Instead, use an alternative
 address from which you never send mail where the address becomes public!
=> The complete INFO file (submissions, default disclaimers, archive sites,
 copyright policy, etc.) is online.
   <http://www.CSL.sri.com/risksinfo.html>
 *** Contributors are assumed to have read the full info file for guidelines!

=> OFFICIAL ARCHIVES:  http://www.risks.org takes you to Lindsay Marshall's
    searchable html archive at newcastle:
  http://catless.ncl.ac.uk/Risks/VL.IS --> VoLume, ISsue.
  Also,  ftp://ftp.sri.com/risks for the current volume
     or ftp://ftp.sri.com/VL/risks-VL.IS for previous VoLume
  If none of those work for you, the most recent issue is always at
     http://www.csl.sri.com/users/risko/risks.txt, and index at /risks-31.00
  Lindsay has also added to the Newcastle catless site a palmtop version
  of the most recent RISKS issue and a WAP version that works for many but
  not all telephones: http://catless.ncl.ac.uk/w/r
  ALTERNATIVE ARCHIVES: http://seclists.org/risks/ (only since mid-2001)
 *** NOTE: If a cited URL fails, we do not try to update them.  Try
  browsing on the keywords in the subject line or cited article leads.
  Apologies for what Office365 and SafeLinks may have done to URLs.
==> Special Offer to Join ACM for readers of the ACM RISKS Forum:
    <http://www.acm.org/joinacm1>

------------------------------

End of RISKS-FORUM Digest 31.85
************************