Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit precedence: bulk Subject: Risks Digest 32.74 RISKS-LIST: Risks-Forum Digest Wednesday 30 June 2021 Volume 32 : Issue 74 ACM FORUM ON RISKS TO THE PUBLIC IN COMPUTERS AND RELATED SYSTEMS (comp.risks) Peter G. Neumann, founder and still moderator ***** See last item for further information, disclaimers, caveats, etc. ***** This issue is archived at <http://www.risks.org> as <http://catless.ncl.ac.uk/Risks/32.74> The current issue can also be found at <http://www.csl.sri.com/users/risko/risks.txt> Contents: [Still backlogged] Wabi-sabi rebar -- on Miami Surfside collapse (Henry Baker) Qantas pilot was `incapacitated' by oxygen mask (ATSB) GPS Cyberattack Falsely Placed U.K. Warship Near Russian Naval Base (New Scientist) The Internet Eats Up Less Energy Than You Might Think (NYTimes) The Problem With Jam-ming GPS (Now I Know) Pilot in deadly Canadian military helicopter crash unaware of flight-control software conflict, says report (CBC) Cyber-risk Across the U.S. Nuclear Enterprise (TSNR) CSIS says 2020 was a banner year for espionage operations targeting Canada (CBC) Mounties suspected person leaking secrets had high-level computer access, search warrants show (CBC) Major Step Forward for Quantum Error Algorithms (NCI Australian) 3D Scanning Breakthrough Means Results Are 4,500% More Accurate (Loughborough) Giant comet found in outer solar system by Dark Energy Survey (phys.org) Supreme Court sides with credit agency (WashPost) EDPB & EDPS call for ban on use of AI for automated recognition of human features in publicly accessible spaces, and some other uses of AI that can lead to unfair discrimination (Diego Latella) I've Cracked Zodiac, a French Engineer Says. Online Sleuths Are Skeptical. (NYTimes) German States want compulsory pre-installed youth protection filters (Heise) Politicians vs. Big Tech: Ordinary Users are Going to Lose Big Time! (TechDirt) Regarding "My Book" ext. drives w/Internet connectivity (Bleeping Computer via danny burstein) Your CPU May Have Slowed Down on Wednesday (travisdowns via Thomas Koenig) Sony Wins Pirate Site Blocking Order Against DNS-Resolver Quad9 (TorrentFreak) USPS mail delays: What it means in your Zip code (WashPost) A Well-Meaning Feature Leaves Millions of Dell PCs Vulnerable (WiReD) A model to predict how much humans and robots can be trusted with completing specific tasks (techxplore.com) Re: End-to-End Verifiability Key to Future Election Security (eric Sosman) Re: Government Chatbots Now a Necessity for States, Cities, Counties (DJC) Re: Apple Says It's Time to Digitize Your ID, Ready or Not (Steven Klein) Abridged info on RISKS (comp.risks) ---------------------------------------------------------------------- From: "Henry Baker" <hbaker1@pipeline.com> Subject: Wabi-sabi rebar -- on Miami Surfside collapse Date: Sat, 26 Jun 2021 08:21:24 -0700 Concerning the Miami Surfside building collapse: It is well known that the probability of failure in reinforced concrete approaches 100% after 100 years, and far less time in corrosive environments -- e.g., coastal salt air: https://www.structuremag.org/?p=9459 https://www.structuremag.org/wp-content/uploads/2015/12/0116-sd-1.png The ancient Greeks and Romans knew this, and either avoided reinforcing iron completely (Pantheon) or coated the iron with lead (Parthenon). "The ancient Greek builders had secured the marble blocks together with iron clamps ... They then poured molten lead over the joints to cushion them from seismic shocks and ***protect the clamps from corrosion.*** But when a Greek architect, Nikolas Balanos, launched an enthusiastic campaign of restorations in 1898, he installed crude iron clamps, ... neglecting to add the lead coating. Rain soon began to play havoc with the new clamps, swelling the iron and cracking the marble. Less than a century later, it was clear that parts of the Parthenon were in imminent danger of collapse." https://www.smithsonianmag.com/history/unlocking-mysteries-of-the-parthenon-16621015/ Unfortunately, this Surfside disaster is merely the 'canary in the coal mine', as much of our infrastructure is constructed with now-senile reinforced concrete. https://www.nytimes.com/2021/06/26/us/miami-building-collapse-investigation.html Engineer Warned of 'Major Structural Damage' at Florida Condo Complex Mike Baker and Anjali Singhvi 26 Jun 2021, Updated 8:14 a.m. ET James Glanz and Joseph B. Treaster contributed to this report. [Very long item PGN-pruned, but worth reading in full, especially if you believe in standards and compliance. PGN] A consultant in 2018 urged the managers to repair cracked columns and crumbling concrete. The work was finally about to get underway when the building collapsed. Three years before the deadly collapse of the Champlain Towers South condominium complex near Miami, a consultant found alarming evidence of "major structural damage" to the concrete slab below the pool deck and "abundant" cracking and crumbling of the columns, beams and walls of the parking garage under the 13-story building. The engineer's report helped shape plans for a multimillion-dollar repair project that was set to get underway soon -- more than two and a half years after the building managers were warned -- but the building suffered a catastrophic collapse in the middle of the night on Thursday, trapping sleeping residents in a massive heap of debris. The complex's management association had disclosed some of the problems in the wake of the collapse, but it was not until city officials released the 2018 report late Friday that the full nature of the concrete and rebar damage -- most of it probably caused by years of exposure to the corrosive salt air along the South Florida coast -- became chillingly apparent. "Though some of this damage is minor, most of the concrete deterioration needs to be repaired in a timely fashion," the consultant, Frank Morabito, wrote about damage near the base of the structure as part of his October 2018 report on the 40-year-old building in Surfside, Fla. He gave no indication that the structure was at risk of collapse, though he noted that the needed repairs would be aimed at "maintaining the structural integrity" of the building and its 136 units. [...] [Middle section omitted for RISKS. PGN] A nearly identical companion property -- Champlain Towers North -- was built the same year, a few hundred yards up the beach. It was not immediately clear whether any of the issues raised by the engineer in the south project had also been found in the other buildings. Surfside's mayor, Charles W. Burkett, said on Friday that he was worried about the stability of the north building but did not feel "philosophically comfortable" ordering people to evacuate. "I can't tell you, I can't assure you, that the building is safe," he said at a town commission meeting. The collapse has stunned industry experts in the Miami area, including John Pistorino, a consulting engineer who designed the 40-year reinspection program when he was consulting for the county in the 1970s. He touted other regulations that have come since, including requirements that tall buildings have an independent engineer verify that construction is going according to plans. Mr. Pistorino did not want to speculate on the cause of the collapse. But he said that while some buildings in the region have had quality problems, any serious deficiencies were unusual, and were typically easy to detect by way of glaring cracks or other visible problems. "This is so out of the norm," Mr. Pistorino said. "This is something I cannot fathom or understand what happened." ------------------------------ From: "John Colville" <John.Colville@uts.edu.au> Subject: Qantas pilot was `incapacitated' by oxygen mask (ATSB) Date: Thu, 24 Jun 2021 23:50:20 +0000 (ATSB is the Australian Transport Safety Bureau) The captain of a Qantas Freight flight became temporarily incapacitated after ingesting too much oxygen from an emergency mask needed when cabin pressure dropped, prompting the first officer to declare a MAYDAY. https://www.smh.com.au/national/qantas-pilot-was-incapacitated-by-oxygen-mask-atsb-20210624-p5843l.html ------------------------------ Date: Fri, 25 Jun 2021 12:12:30 -0400 (EDT) From: ACM TechNews <technews-editor@acm.org> Subject: GPS Cyberattack Falsely Placed U.K. Warship Near Russian Naval Base (New Scientist) David Hambling, *New Scientist*, 24 Jun 2021, via ACM TechNews, Friday, June 25, 2021 A cyberattack may have been involved in a naval confrontation this week between Russia and a British warship in the Black Sea that never really happened. The global positioning system (GPS)-tracking Automatic Identification System (AIS) last week showed both a U.K. warship and a Dutch naval vessel coming within a few kilometers of a Russian naval base at Sevastopol, but a live Web camera feed confirmed that both ships were docked in Odessa, Ukraine, at the time. The spoofing in this case suggests a deliberate deception, as the ships' coordinates were changed gradually to imitate normal travel. Dana Goward at the Resilient Navigation and Timing Foundation said Russia could have executed the spoofing attack, and warned that such a hack "could easily lead to a shooting war by making things more confusing in a crisis." https://orange.hosting.lsoft.com/trk/click?ref=3Dznwrbbrs9_6-2b9dex22c03cx068909& ------------------------------ From: "Matthew Kruk" <mkrukg@gmail.com> Date: Fri, 25 Jun 2021 07:33:44 -0600 Subject: The Internet Eats Up Less Energy Than You Might Think (NYTimes) https://www.nytimes.com/2021/06/24/technology/computer-energy-use-study.html New research by two leading scientists says some dire warnings of environmental damage from technology are overstated. [Are they investing in Cybercurrencies and Climate Warming? This should pique environmentalists. PGN] ------------------------------ From: "Gabe Goldberg" <gabe@gabegold.com> Subject: The Problem With Jam-ming GPS (Now I Know) Date: Tue, 29 Jun 2021 12:36:20 -0400 http://nowiknow.com/the-problem-with-jam/ ------------------------------ From: "Matthew Kruk" <mkrukg@gmail.com> Subject: Pilot in deadly Canadian military helicopter crash unaware of flight-control software conflict, says report (CBC) Date: Tue, 29 Jun 2021 07:26:38 -0600 https://www.cbc.ca/news/politics/cyclone-crash-report-greece-1.6082716 The pilot of an ill-fated Canadian military helicopter tried to manually override the flight control function and - for a variety of reasons - did not see the autopilot was still on when the CH-148 Cyclone helicopter crashed into the Ionian Sea off Greece last year, an air force flight safety investigation has concluded. The conflict between manual control and the aircraft's automatic flight controller system caused an unanticipated "bias" in the helicopter's fly-by-wire (FWB) computers, prompting the aircraft to nose dive at full speed into the ocean as it was returning to HMCS Fredericton after a flypast. ------------------------------ From: Paul Saffo <paul@saffo.com> Date: Mon, 21 Jun 2021 22:09:39 -0700 Subject: Cyber-risk Across the U.S. Nuclear Enterprise (TSNR) https://tnsr.org/2021/06/cyber-risk-across-the-u-s-nuclear-enterprise/ As the United States embarks on an effort to modernize many elements of its nuclear enterprise, it needs to consider how dependencies on modern information technologies could lead to cyber-induced failures of nuclear deterrence or to nuclear war. The Biden administration has an opportunity to address issues of cyber risk across the entire nuclear enterprise in ways that previous administrations have not. ------------------------------ From: "Matthew Kruk" <mkrukg@gmail.com> Subject: CSIS says 2020 was a banner year for espionage operations targeting Canada (CBC) Date: Tue, 29 Jun 2021 07:28:13 -0600 https://www.cbc.ca/news/politics/nsicop-espionage-pandemic-1.5983612 Canada's spy agency says 2020 saw the highest level of foreign espionage and foreign interference directed at Canadian targets since the end of the Cold War. "The fluid and rapidly evolving environment caused by COVID-19 has created a situation ripe for exploitation by threat actors seeking to advance their own interests," said Canadian Security Intelligence Service Director David Vigneault in his agency's 2020 report, released today. "In 2020, CSIS observed espionage and foreign interference activity at levels not seen since the Cold War." The report follows a year of warnings from CSIS and other security agencies about national security vulnerabilities in Canada's biopharmaceutical and life sciences sectors. Those sectors were exposed to outside interference as large numbers of Canadians transitioned to working from home - and as research involving vaccine, therapeutics and other measures to combat COVID-19 became far more valuable. ------------------------------ From: "Matthew Kruk" <mkrukg@gmail.com> Subject: Mounties suspected person leaking secrets had high-level computer access, search warrants show (CBC) Date: Tue, 29 Jun 2021 06:41:31 -0600 https://www.cbc.ca/news/canada/rcmp-suspected-high-level-leaking-secrets-court-documents-1.6083437?cmp=newsletter_CBC%20News%20Morning%20Brief_4157_286252 The RCMP suspected someone senior in its ranks was offering to spill secrets, but still didn't know the identity of the alleged leaker for several months after they first learned highly confidential information about investigations had been compromised. The revelation is contained in court documents unsealed late last week at the request of The Fifth Estate. The documents suggest investigators ultimately focused on a small group who had access to sensitive information stored on an RCMP server "controlled by the RCMP National Intelligence Co-ordination Centre," and "access to its files is limited to select authorized employees of the RCMP." ------------------------------ Date: Fri, 25 Jun 2021 12:12:30 -0400 (EDT) From: ACM TechNews <technews-editor@acm.org> Subject: Major Step Forward for Quantum Error Algorithms (NCI Australian) NCI Australian, 21 Jun 2021, via ACM TechNews, Friday, June 25, 2021 Researchers at the University of Sydney have raised the threshold for correcting quantum calculation errors with the help of the Gadi supercomputer of Australia's National Computational Infrastructure (NCI) organization. The researchers used Gadi to run about 87 million simulations for all possible qubit arrangements and aligned the threshold with the actual error rates of physical quantum computing systems. Said Sydney's David Tuckett, "This step brings us closer to making practical quantum computing possible. Quickly being able to run these simulations on NCI is central to understanding the effectiveness of our qubit arrangements." https://orange.hosting.lsoft.com/trk/click?ref=3Dznwrbbrs9_6-2b9dex22c044x068909& [I am still concerned about the presence of errors exceeding the assumed worst case for correction, which typically can result in miscorrection in conventional error-correcting codes. PGN] ------------------------------ Date: Wed, 30 Jun 2021 12:07:27 -0400 (EDT) From: ACM TechNews <technews-editor@acm.org> Subject: 3D Scanning Breakthrough Means Results Are 4,500% More Accurate (Loughborough) Loughborough University (UK), 29 Jun 2021, via ACM TechNews, Wednesday, June 30, 2021 Scientists at the U.K.'s Loughborough University and University of Manchester have boosted the accuracy of three-dimensional (3D) body scans by 4,500% via a free algorithm that can be used with any scanning system. The Gryphon code can identify and remove errors in scan measurements. In 121 measurements of 97 participants, Gryphon had a margin of error of 0.3 centimeters, compared to an average of 13.8 centimeters for current 3D scanning machines when data is captured non-consecutively. Loughborough's Chris Parker said, "We hope this will speed up 3D body scanning, removing the need for highly trained operators to correct mistakes, and--ultimately--help 3D body scanning create custom garments for everyone--without the fuss." https://orange.hosting.lsoft.com/trk/click?ref=3Dznwrbbrs9_6-2bad7x22c18cx068589& [Wow! The post-hoc RISKS lesson here is that nobody should have trusted what was so bad in the first place. And what makes you think 4,500% better is good enough for a particular application? Caveat emptor. PGN] ------------------------------ From: "Richard Stein" <rmstein@ieee.org> Subject: Giant comet found in outer solar system by Dark Energy Survey (phys.org) Date: Tue, 29 Jun 2021 07:28:30 +0800 https://phys.org/news/2021-06-giant-comet-outer-solar-dark.html What I found interesting: "Bernardinelli and Bernstein used 15–20 million CPU hours at the National Center for Supercomputing Applications and Fermilab, employing sophisticated identification and tracking algorithms to identify over 800 individual TNOs from among the more than 16 billion individual sources detected in 80,000 exposures taken as part of the DES. Thirty-two of those detections belonged to one object in particular —- C/2014 UN271." 15-20 Megacpu hours! That's an awful lot of computation. NCSA has a "compute dashboard" revealing BlueWaters continuous service delivery achievement at over 39.2 Gigacpu hours of computation to date (see https://bluewaters.ncsa.illinois.edu/ retrieved on 29JUN2021). The Dark Energy Survey has ONLY consumed ~0.05% of this total. A mere pittance. Given the DES repository size, comet detection and discovery is analogous to extracting fly poop from a pepper pile. How big of a pile? http://archive1.dm.noao.edu/home/content (retrieved on 29JUN2021) shows the total to date: ~795 TBytes. Nightly acquisition accumulates ~0.9 TByte of imaging using a 570 Mpixel camera. Risk: CO2 generation. ------------------------------ From: Richard Stein <rmstein@ieee.org> Date: Sun, 27 Jun 2021 05:31:19 +0800 Subject: Supreme Court sides with credit agency (WashPost) https://www.washingtonpost.com/politics/courts_law/supreme-court-credit-oil-alaskans/2021/06/25/74eaa540-d5bb-11eb-a53a-3b5450fdca7a_story.html '"TransUnion generated credit reports that erroneously flagged many law-abiding people as potential terrorists and drug traffickers," wrote Thomas. Yet, "the majority decides that TransUnion's actions are so insignificant that the Constitution prohibits consumers from vindicating their rights in federal court. The Constitution does no such thing."' TransUnion, and other financial service entities, can (and routinely) test if your name matches one on the list maintained by Treasury Departments Office of Foreign Assets Control (OFAC). Probably part of their KYC (know your customer) processes. https://home.treasury.gov/policy-issues/financial-sanctions/specially-designated-nationals-and-blocked-persons-list-sdn-human-readable-lists ------------------------------ From: "Diego.Latella" <diego.latella@isti.cnr.it> Subject: EDPB & EDPS call for ban on use of AI for automated recognition of human features in publicly accessible spaces, and some other uses of AI that can lead to unfair discrimination Date: Tue, 29 Jun 2021 20:35:41 +0200 In a joint opinion regarding the European Commission's Proposal for Regulation on artificial intelligence, "[t]aking into account the extremely high risks posed by remote biometric identification of individuals in publicly accessible spaces, the EDPB [European Data Protection Board] and the EDPS [European Data Protection Supervisor] call for a general ban on any use of AI for automated recognition of human features in publicly accessible spaces, such as recognition of faces, gait, fingerprints, DNA, voice, keystrokes and other biometric or behavioural signals, in any context." https://edpb.europa.eu/news/news/2021/edpb-edps-call-ban-use-ai-automated-recognition-human-features-publicly-accessible_en ------------------------------ From: "Gabe Goldberg" <gabe@gabegold.com> Subject: I've Cracked Zodiac, a French Engineer Says. Online Sleuths Are Skeptical. (NYTimes) Date: Tue, 22 Jun 2021 23:42:29 -0400 I've Cracked Zodiac, a French Engineer Says. Online Sleuths Are Skeptical. https://www.nytimes.com/2021/06/22/world/europe/france-zodiac-killer-cipher.html ------------------------------ From: Thomas Koenig <tkoenig@netcologne.de> Date: Thu, 24 Jun 2021 22:02:51 +0200 Subject: German States want compulsory pre-installed youth protection filters (Heise) The German States want to oblige providers of operating systems for PCs, laptops and cell phones, for example, to pre-install youth protection filters and block all websites by default that are not suitable for under-18s or do not have an age label. This would affect most websites around the world. The legal vehicle for this censorship is to be an amendment to the State Treaty on the Protection of Minors in the Media (JMStV). This would oblige operating system providers "to effectively block large parts of the Internet - starting from all devices" until the age verification of users is completed. Of course, the divices would also have to send the user's age to all web sites. Source (in German): https://www.heise.de/news/Laender-wollen-Filter-in-allen-Betriebssystemen-Verbaende-laufen-Sturm-6116452.html ------------------------------ From: "Lauren Weinstein" <lauren@vortex.com> Subject: Politicians vs. Big Tech: Ordinary Users are Going to Lose Big Time! (TechDirt) Date: Sun, 27 Jun 2021 14:09:03 -0700 Ordinary Internet users don't realize how much they stand to lose by this kind of grandstanding by politicians without facts or due consideration. Both parties seem hell-bent to destroy as much of the Internet as possible. -L Congressman Nadler Throws The World's Worst Slumber Party In Order To Destroy The Internet Policy https://www.techdirt.com/articles/20210625/09355347057/congressman-nadler-throws-worlds-worst-slumber-party-order-to-destroy-internet.shtml ------------------------------ From: "danny burstein" <dannyb@panix.com> Subject: Regarding "My Book" ext. drives w/Internet connectivity (Bleeping Computer) Date: Fri, 25 Jun 2021 00:37:06 +0000 Cough, oops, uggh... [from Bleeping computer:] WD My Book NAS devices are being remotely wiped clean worldwide Western Digital My Book NAS owners worldwide found that their devices have been mysteriously factory reset and all of their files deleted. WD My Book is a network-attached storage device that looks like a small vertical book that you can stand on your desk. The WD My Book Live app allows owners to access their files and manage their devices remotely, even if the NAS is behind a firewall or router. Today, WD My Book owners worldwide suddenly found that all of their files were mysteriously deleted, and they could no longer log into the device via a browser or an app. rest: https://www.bleepingcomputer.com/news/security/wd-my-book-nas-devices-are-being-remotely-wiped-clean-worldwide/ [Also noted by Monty Solomon at https://www.theverge.com/2021/6/24/22549677/wd-my-book-live-data-deletion-unplug-lan-cable-threat-actor PGN] ------------------------------ From: Thomas Koenig <tkoenig@netcologne.de> Date: Thu, 24 Jun 2021 23:02:16 +0200 Subject: Your CPU May Have Slowed Down on Wednesday A microcode update for Intel CPUs appeared to have caused a major slowdown. https://travisdowns.github.io/blog/2021/06/17/rip-zero-opt.html ------------------------------ From: Monty Solomon <monty@roscom.com> Date: Thu, 24 Jun 2021 17:10:17 -0400 Subject: Sony Wins Pirate Site Blocking Order Against DNS-Resolver Quad9 (TorrentFreak) Sony Music has obtained an injunction that requires the freely available DNS-resolver Quad9 to block a popular pirate site. The order, issued by the District Court in Hamburg, Germany, is the first of its kind. The Quad9 foundation has already announced that it will protest the judgment, which could have far-reaching consequences. https://torrentfreak.com/sony-wins-pirate-site-blocking-order-against-dns-resolver-quad9-210621/ ------------------------------ From: Gabe Goldberg <gabe@gabegold.com> Date: Thu, 24 Jun 2021 18:15:06 -0400 Subject: USPS mail delays: What it means in your Zip code (WashPost) How long it should take for mail to arrive, if it's sent from ... https://www.washingtonpost.com/business/interactive/2021/dejoy-usps-delays-by-zip-code-map/ ------------------------------ From: Gabe Goldberg <gabe@gabegold.com> Date: Thu, 24 Jun 2021 19:14:41 -0400 Subject: A Well-Meaning Feature Leaves Millions of Dell PCs Vulnerable (WiReD) Flaws in a firmware security tool affect as many as 30 million desktops, laptops, and tablets. https://www.wired.com/story/dell-firmware-vulnerabilities/ ------------------------------ From: Richard Stein <rmstein@ieee.org> Date: Wed, 30 Jun 2021 17:21:25 +0800 Subject: A model to predict how much humans and robots can be trusted with completing specific tasks (techxplore.com) https://techxplore.com/news/2021-06-humans-robots-specific-tasks.html '"There has been a lot of research aimed at understanding why humans should or should not trust robots, but unfortunately, we know much less about why robots should or should not trust humans," Herbert Azevedo-Sa, one of the researchers who carried out the study, told TechXplore. "In truly collaborative work, however, trust needs to go in both directions. With this in mind, we wanted to build robots that can interact with and build trust in humans or in other agents, similarly to a pair of co-workers that collaborate."' To trust, or not to trust? That is a key question when a human engages with a robot and vice-versa. See Francis Fukuyama's "Trust: The Social Virtues and the Creation of Prosperity." Free Press, 1995. ISBN 0-02-910976-0 for an exhaustive exploration of what makes trustworthy, cooperative behavior essential to economic achievement. No telling what event(s) may tip an organic/robotic relationship into a foregone, default acceptance favoring the robot. There are clear financial motives for businesses to promote and attempt to accelerate this achievement. The tipping point will likely require more than an anthropomorphic smile, mellifluous voice, or gentle touch. Laws of robotics (https://en.wikipedia.org/wiki/Laws_of_robotics retrieved on 30JUN2021) specify noteworthy and meritorious function and behavior. There are lessons to learn and apply from Amazon.com's warehouse environment, an algorithmic, heavily robotic ecosystem that measures and judges organic workers via strict binary objectives. No gray area, no accounting for "real world," hidden factors that interfere with achievement. Trust, as humans define and accept it, is unlikely to be equivalence by a robot and its operating system without a means to computationally specify and reconcile a near innumerable set and degree of human emotion. Ain't that so, Spock? Risk: Non-deterministic outcomes. ------------------------------ Date: Wed, 30 Jun 2021 15:07:52 -0400 From: Eric Sosman <esosman@comcast.net> Subject: Re: End-to-End Verifiability Key to Future Election Security In RISKS-32.72 Gabe Goldberg reports on an initiative to strengthen ballot security with cryptographic methods. He expresses some doubt about the practicality of such schemes, writing "A high-tech concept will work for some voters, not for others..." Indeed, or even Double Indeed! One need look no further than New York City's week-ago-and-we-still-don't-know mayoral primary to see that anything "complicated" is well beyond the capabilities of the people running modern elections. Researchers may invent whiz-bang tools to make elections secure, but matters will not improve much if the tools are operated by Larry, Curly, and Moe. ------------------------------ Date: Tue, 29 Jun 2021 23:19:32 +0200 From: DJC <djc@resiak.org> Subject: Re: Government Chatbots Now a Necessity for States, Cities, Counties (RISKS-32.62) > I have never, *not once*, had a useful interaction with a chatbot. From my experience with (being) technical support in the 1980s, I can imagine that a chatbot might be able to handle many common queries. Back in the day, the one question on my part that solved the most problems was "Is it plugged in / turned on?" A chatbot could have done that, and probably also resolved the next 10 commonest problems. Incidentally, most people showed no gratitude for being reminded that their devices had to be plugged in to work -- indeed they were often furious at having their inattention so grossly exposed. But my colleague Morris K figured out an approach to dealing with that: Okay, first I want you to unplug it / turn it off.... ------------------------------ From: "Steven Klein" <steven@klein.us> Subject: Re: Apple Says It's Time to Digitize Your ID, Ready or Not (RISKS-32.72) Date: Mon, 28 Jun 2021 02:00:38 -0400 Gabe Goldberg raises the concern that: “If your driver's license is on your phone, you could potentially have to present your fully unlocked device to a law enforcement agent in a transaction like a traffic stop or at airport security.” Fortunately, that's not how Apple wallet works. On my iPhone XS, when I double-tap the side button, it displays the cards in my digital wallet, but does *not* unlock my phone. That cop or TSA agent would be able to view all the cards in my wallet, but not anything else in my phone. ------------------------------ Date: Mon, 1 Aug 2020 11:11:11 -0800 From: RISKS-request@csl.sri.com Subject: Abridged info on RISKS (comp.risks) The ACM RISKS Forum is a MODERATED digest. Its Usenet manifestation is comp.risks, the feed for which is donated by panix.com as of June 2011. => SUBSCRIPTIONS: The mailman Web interface can be used directly to subscribe and unsubscribe: http://mls.csl.sri.com/mailman/listinfo/risks => SUBMISSIONS: to risks@CSL.sri.com with meaningful SUBJECT: line that includes the string `notsp'. Otherwise your message may not be read. *** This attention-string has never changed, but might if spammers use it. => SPAM challenge-responses will not be honored. Instead, use an alternative address from which you never send mail where the address becomes public! => The complete INFO file (submissions, default disclaimers, archive sites, copyright policy, etc.) is online. <http://www.CSL.sri.com/risksinfo.html> *** Contributors are assumed to have read the full info file for guidelines! => OFFICIAL ARCHIVES: http://www.risks.org takes you to Lindsay Marshall's searchable html archive at newcastle: http://catless.ncl.ac.uk/Risks/VL.IS --> VoLume, ISsue. Also, ftp://ftp.sri.com/risks for the current volume/previous directories or ftp://ftp.sri.com/VL/risks-VL.IS for previous VoLume If none of those work for you, the most recent issue is always at http://www.csl.sri.com/users/risko/risks.txt, and index at /risks-32.00 ALTERNATIVE ARCHIVES: http://seclists.org/risks/ (only since mid-2001) *** NOTE: If a cited URL fails, we do not try to update them. Try browsing on the keywords in the subject line or cited article leads. Apologies for what Office365 and SafeLinks may have done to URLs. ==> Special Offer to Join ACM for readers of the ACM RISKS Forum: <http://www.acm.org/joinacm1> ------------------------------ End of RISKS-FORUM Digest 32.74 ************************