RISKS-LIST: Risks-Forum Digest Monday 25 May 2020 Volume 31 : Issue 87
ACM FORUM ON RISKS TO THE PUBLIC IN COMPUTERS AND RELATED SYSTEMS (comp.risks) Peter G. Neumann, founder and still moderator
***** See last item for further information, disclaimers, caveats, etc. ***** This issue is archived at <
http://www.risks.org> as
<
http://catless.ncl.ac.uk/Risks/31.87>
The current issue can also be found at
<
http://www.csl.sri.com/users/risko/risks.txt>
Contents:
Tesla owner locked thief in car with his iPhone app (Facebook)
See Boston Dynamics' robodog herd sheep and explore in New Zealand
(Mashable)
Inside the NSA's Secret Tool for Mapping Your Social Network
(Barton Gellman)
Nobel laureates and science groups demand NIH review decision to kill
coronavirus grant (Science)
Doctors tweet about coronavirus to make facts go viral (WSJ)
Re: IS: Cannonball Run record is broken SEVEN times over ...
(Winston Goodfellow)
Re: The ultimate Turing test (Henry Baker)
Misinformation (Peter Ladkin)
Abridged info on RISKS (comp.risks)
----------------------------------------------------------------------
Date: Mon, 25 May 2020 05:59:00 -1000
From: geoff goodfellow <
geoff@iconia.com>
Subject: Tesla owner locked thief in car with his iPhone app (Facebook)
<
https://www.facebook.com/barstow.detectives/photos/a.1666780900212509/2660921050798484/?type=3>
The driver of a Tesla managed to foil a carjacker by using his iPhone app to lock the thief in the car. According to a Facebook post by the police department in Barstow, Calif., the owner was sitting in his Tesla T3 when
the thief approached and made him get out of the car.
At that point, the owner of the car was able to remotely turn off the engine and lock the thief inside until police arrived. *Business Insider*
identified the phone as an iPhone. <
https://www.businessinsider.com/tesla-owner-traps-suspected-thief-locking-model-3-iphone-app-2020-5>
<
https://appleinsider.com/articles/20/05/24/tesla-detains-would-be-thief-a-senators-iphone-is-seized-in-the-apple-crime-blotter>
------------------------------
Date: Mon, 25 May 2020 06:04:00 -1000
From: geoff goodfellow <
geoff@iconia.com>
Subject: See Boston Dynamics' robodog herd sheep and explore in New Zealand
(Mashable)
Spot, the robotic "dog" design from Boston Dynamics, has had a busy
pandemic, between counseling patients and enforcing social distancing guidelines, Now, a new partnership with a New Zealand robotics firm is
setting up the four-legged automaton for a new line of work: farming. <
https://mashable.com/article/boston-dynamics-telemedicine-robot-dog/> <
https://mashable.com/video/boston-dynamics-spot-patrols-park-social-distancing/>
Technically, the partnership is much bigger than that. Rocos specializes in
the remote monitoring and operation of robot fleets. By working together,
the capabilities of Boston Dynamics robots like Spot will expand thanks to human operators who can manage their performance from a great distance.
Think of the farming thing as a proof-of-concept. A video released by Rocos shows Spot exploring rough terrain, inspecting crops, and herding sheep --
all of which is meant to serve as a demonstration of the various ways remote operation can be used to put robots to work. [...]
https://mashable.com/article/boston-dynamics-spot-herding-sheep-new-zealand/
------------------------------
Date: May 25, 2020 at 18:12:19 GMT+9
From: Dewayne Hendricks <
dewayne@warpspeed.com>
Subject: Inside the NSA's Secret Tool for Mapping Your Social Network
(Barton Gellman)
[Note: This item comes from friend Jock Gill. DLH]
Barton Gellman, *WiReD*, 24 May 2020
Inside the NSA's Secret Tool for Mapping Your Social Network <
https://www.wired.com/story/inside-the-nsas-secret-tool-for-mapping-your-social-network/>
Edward Snowden revealed the agency's phone-record tracking program. But
thanks to ``precomputed contact chaining,'' that database was much more powerful than anyone knew.
In the summer of 2013, I spent my days sifting through the most extensive archive of top-secret files that had ever reached the hands of an American journalist. In a spectacular act of transgression against the National
Security Agency, where he worked as a contractor, Edward Snowden had transmitted tens of thousands of classified documents to me, the columnist Glenn Greenwald, and the documentary filmmaker Laura Poitras.
One of those documents, the first to be made public in June 2013, revealed
that the NSA was tracking billions of telephone calls made by Americans
inside the US. The program became notorious, but its full story has not been told.
The first accounts revealed only bare bones. If you placed a call, whether local or international, the NSA stored the number you dialed, as well as the date, time and duration of the call. It was domestic surveillance, plain and simple. When the story broke, the NSA discounted the intrusion on
privacy. The agency collected `only metadata', it said, not the content of telephone calls. Only on rare occasions, it said, did it search the records
for links among terrorists.
I decided to delve more deeply. The public debate was missing important information. It occurred to me that I did not even know what the records
looked like. At first I imagined them in the form of a simple, if
gargantuan, list. I assumed that the NSA cleaned up the list -- date goes
here, call duration there -- and converted it to the agency's preferred ``atomic sigint data format.'' Otherwise I thought of the records as
inert. During a conversation at the Aspen Security Forum that July, six
weeks after Snowden's first disclosure and three months after the Boston Marathon bombing, Admiral Dennis Blair, the former director of national intelligence, assured me that the records were stored, untouched, until the next Boston bomber came along.
Even by that account, the scale of collection brought to mind an evocative phrase from legal scholar Paul Ohm. Any information in sufficient volume, he wrote, amounted to a ``database of ruin.'' It held personal secrets that
``if revealed, would cause more than embarrassment or shame; it would lead
to serious, concrete, devastating harm.'' Nearly anyone in the developed world, he wrote, ``can be linked to at least one fact in a computer database that an adversary could use for blackmail, discrimination, harassment, or financial or identity theft.'' Revelations of ``past conduct, health, or family shame,'' for example, could cost a person their marriage, career,
legal residence, or physical safety.
Mere creation of such a database, especially in secret, profoundly changed
the balance of power between government and governed. This was the Dark
Mirror embodied, one side of the glass transparent and the other blacked
out. If the power implications do not seem convincing, try inverting the relationship in your mind: What if a small group of citizens had secret
access to the telephone logs and social networks of government officials?
How might that privileged knowledge affect their power to shape events? How might their interactions change if they possessed the means to humiliate and destroy the careers of the persons in power? Capability matters, always, regardless of whether it is used. An unfired gun is no less lethal before it
is drawn. And in fact, in history, capabilities do not go unused in the long term. Chekhov's famous admonition to playwrights is apt not only in drama,
but in the lived experience of humankind. The gun on display in the first
act -- nuclear warheads, weaponized disease, Orwellian cameras tracking
faces on every street -- must be fired in the last. The latent power of new inventions, no matter how repellent at first, does not lie forever dormant
in government armories.
These could be cast as abstract concerns, but I thought them quite real. By September of that year, it dawned on me that there were also concrete
questions that I had not sufficiently explored. Where in the innards of the
NSA did the phone records live? What happened to them there? The Snowden archive did not answer those questions directly, but there were clues.
I stumbled across the first clue later that month. I had become interested
in the NSA's internal conversation about *bulk collection*, the acquisition
of high-volume data sets in their entirety. Phone records were one of
several kinds. The agency had grown more and more adept, brilliantly
creative in fact, at finding and swallowing other people's information
whole. Lately the NSA had begun to see that it consumed too much to
digest. Midlevel managers and engineers sounded notes of alarm in briefings prepared for their chains of command. The cover page of one presentation
asked ``Is It the End of the SIGINT World as We Have Come to Know It?'' The authors tried for a jaunty tone but had no sure answer. The surveillance infrastructure was laboring under serious strain.
One name caught my eye on a chart that listed systems at highest risk:
Mainway. I knew that one. NSA engineers had built Mainway in urgent haste
after September 11, 2001. Vice President Dick Cheney's office had drafted orders, signed by President George W. Bush, to do something the NSA had
never done before. The assignment, forbidden by statute, was to track
telephone calls made and received by Americans on American soil. The
resulting operation was the lawless precursor of the broader one that I was looking at now.
Mainway came to life alongside Stellarwind, the domestic surveillance
program created by Cheney in the first frantic weeks after al Qaeda flew passenger airplanes into the Pentagon and World Trade Center. Stellarwind defined the operation; Mainway was a tool to carry it out.
At the time, the NSA knew how to do this sort of thing with foreign
telephone calls, but it did not have the machinery to do it at home.
When NSA director Mike Hayden received the execution order on October 4,
2001 for the Vice President's special program, NSA engineers assembled a
system from bare metal and borrowed code within a matter of days, a
stupendous achievement under pressure. They commandeered 50 state-of-the-art computer servers from Dell, which was about to ship them to another
customer, and lashed them into a quick and dirty but powerful cluster.
Hayden cleared out space in a specially restricted wing of OPS 2B, an inner sanctum of the gleaming, mirrored headquarters complex at Fort Meade MD.
When the cluster expanded, incorporating some 200 machines, Mainway spilled into an annex in the Tordella Supercomputer Facility nearby. Trusted lieutenants began calling in a small group of analysts, programmers, and mathematicians on October 6 and 7. [...]
------------------------------
Date: Mon, 25 May 2020 19:25:37 +0900
From: Dave Farber <
farber@gmail.com>
Subject: Nobel laureates and science groups demand NIH review decision to
kill coronavirus grant (Science)
https://www.sciencemag.org/news/2020/05/preposterous-77-nobel-laureates-blast-nih-decision-cancel-coronavirus-grant-demand
------------------------------
Date: May 25, 2020 at 02:13:51 GMT+9
From: Kimi Wei <
kimiwei88@gmail.com>
Subject: Doctors tweet about coronavirus to make facts go viral (WSJ)
[Via David Farber's IP list]
Georgia Wells, *The Wall Street Journal*, 15 May 2020
Doctors Are Tweeting About Coronavirus to Make Facts Go Viral
https://www.wsj.com/articles/doctors-are-tweeting-about-coronavirus-to-make-facts-go-viral-11589558880
As dubious Covid-19 claims circulate online, UCSF's Dr. Bob Wachter and
others are taking to Twitter
SAN FRANCISCO -- Bob Wachter, the chairman of the department of medicine
at the University of California, San Francisco, has had a front-row seat
to the coronavirus pandemic.
Dr. Wachter's job, at least in part, is to keep the department's 3,000 or so faculty, trainees and staff current on developments in research, education and clinical care. But most days he sets aside at least two hours to keep another group informed: his
Twitter followers.
Dr. Wachter, 62 years old, is part of a growing group of scientists and public-health officials who are increasingly active and drawing large
audiences on social media. They say they feel a moral obligation to provide credible information online and steer the conversation away from dubious claims, such as those in *Plandemic*, a video espousing Covid-19 conspiracy theories that drew millions of views last week.
Former Federal Drug Administration commissioner Scott Gottlieb and University of Washington biologistCarl Bergstrom sometimes tweet dozens of times a day. Dr. Wachter said his follower count has tripled since mid-March to more than 64,000.
``Those of us who are the good guys and gals here feel like we have an obligation to put out information that is as correct as it can be,'' said
Dr. Wachter.
That isn't easy. A new paper in the journal Nature this week found that antivaccination views are drowning out the more mainstream voices online, partly due to the ways antivaccination advocates interact with some users of social media platforms. As a result, researchers predict, antivaccination
views ``will dominate in a decade.''
Scientists are driven to participate on social media due to ``sheer
frustration with seeing the misinformation that is going out there,'' said Karen James, an independent researcher with a Ph.D. in genetics and an
expert in how scientists use social media.
Twitter Inc., which this week said it would start labeling misleading tweets about Covid-19, also says it aims to amplify medical voices on the platform. Since mid-March, Twitter said, it has verified hundreds of Covid-19 experts globally, including
scientists and academics. Verifying users adds a blue check mark to their profiles that confer status and indicates that the company has confirmed the user's credentials.
Part of what motivated Dr. Wachter to start tweeting was anxiety about the potential tragedy for the Bay Area, after watching China, Italy and Seattle grappling with outbreaks. ``I thought we were on the cusp of an
apocalypse,'' he said.
Later, when it appeared that the region was flattening the curve, Dr. Wachter was one of the first people to say so publicly, even before the city's department of public health.
Colleagues told him they were reluctant to advise people that San Francisco appeared to be doing well, for fear residents would think the crisis was
past and ease up on social distancing. ``I am not state media,''
Dr. Wachter said. ``I will say what I think is going on.''
About 35 people in San Francisco have died of Covid-19, compared with more
than 20,000 in New York. ``It became a feel-good story at a time when there were very few feel-good stories,'' he said.
Dr. Wachter typically writes his tweets in threads, long strings of posts on a single topic or idea; on Wednesday, he posted about masks.
------------------------------
Date: Mon, May 25, 2020 at 3:33 AM
From: Winston Goodfellow <
lp4001974@yahoo.com>
Subject: Re: IS: Cannonball Run record is broken SEVEN times over ...
(RISKS-31.76)
[From geoff goodfellow, from
https://winstongoodfellow.com/ AND
https://www.facebook.com/pg/TheWinstonGoodfellow/
who prolifically writes about cars
https://amzn.to/2A7sGmB]
That was the idea behind the Cannonball in the beginning -- to show that you can go at high speeds safely. Particularly when a car is properly
engineered. There is a great book on the whole thing called "Cannonball The World's Greatest Outlaw Road Race" written by Brock Yates, who started it
all. It's a fabulous and very entertaining road trip (excuse the unintended pun) back into the mindset that existed in the 1970s, what brought the event about, the escapades that happened on it, and the creativity in what guys
and gals would do to try and cross the country as fast as possible when the police were really out to stop them.
------------------------------
Date: Sun, 24 May 2020 16:18:48 -0700
From: Henry Baker <
hbaker1@pipeline.com>
Subject: Re: The ultimate Turing test (Shapir, RISKS-31.86)
Re: virtual company of fake servicemen
Isn't this taking the old joke "they pretend to pay us; we pretend to work" thing a little too seriously?
Reminds me of Patton's "Ghost Army" from WWII, which we honor on Memorial
Day (today) in the U.S.
And famous double agent "Garbo/Alaric"'s fake network of 27 fake spies presumably simultaneously paid by both the Germans and the Brits, who
received both the MBE (Brit) and Iron Cross (German) for his outstanding
work for both sides in WWII.
Perhaps the famous Russian "Internet Research Agency" is virtually hiring
fake trolls to push fake news via Twitter bots?
Now *that* would be a Netflix original movie for this *Truman Show*
pandemic...
------------------------------
Date: 25-May-2020 9:09:29-GMT
From: Peter Bernard Ladkin <
ladkin@causalis.com>
Subject: Misinformation (RISKS-31.84 and 31.85)
It is somewhat ironic that, in the RISKS-31.85, in which an article on misinformation and its drawbacks for dealing effectively with Covid-19 is commended, one of the Digest's frequent and usually reliable contributors distributes misinformation. As did another in the edition before,
RISKS-31.84.
Dmitri Maziuk deprecates what he claims are Neil Ferguson's predictions over the years for various epidemic phenomena. He says inter alia
``And apparently during the 2001 Foot and Mouth outbreak "Ferguson warned
the government that 150,000 people could die. Six million animals were
slaughtered as a precaution, costing the country billions in farming
revenue. In the end, 200 people died." -- ibid''
First, nobody died from Foot and Mouth disease in GB in 2001. It is not an illness of humans. I think it is very unlikely indeed that, of all people, Prof. Ferguson suggested that anyone could die of it.
Second, all the predictions Maziuk quotes use the word "could". Not "would"
or "will" but "could". Maziuk continues:
``Whether the code is a steaming Pile Of Software is immaterial, really
(after 20 years dealing with `academic software' I'm pretty sure it is),
when it has a proven track record of being wrong.''
By the time anyone reads this note, I could be dead. If I am still alive, is
my last sentence wrong? No. It remains true. If I repeat it in every email
I write from now on, will I accumulate "a proven track record of being
wrong"? No, at least not through repeating a practical truism.
Predictively modeling the course of an epidemic is what the numerical
analysts call an ill-conditioned problem. Wiggle the inputs a little bit and you can get radically different answers to certain outputs, such as "how
many die". That is a property of the problem, not particularly of anyone's code, and is well known to epidemiological modelers. Public pronouncements
are caveated by necessarily inexact assumptions concerning key parameter
values and other inputs such as social/organisational relationships. Outputs are given in terms of medians and confidence intervals, and those intervals
are often very large. Those caveats of inputs and outputs often disappear
when reported in the press, and they are not present in Maziuk's summary either.
Prof. Ferguson heads the Medical Research Council Centre for Global
Infectious Disease Analysis (GIDA), hosted at Imperial College, London. MRC GIDA produced a report on March 16th (the famous "Report 9") which said, according to news reports, there could be 250,000 dead from Covid-19 in GB
https://www.imperial.ac.uk/media/imperial-college/medicine/mrc-gida/2020-03-16-COVID19-Report-9.pdf
Nine days later, on 25 March, Prof. Ferguson, quoting the very same report, told the House of Commons Science and Technology Committee that "fatalities would probably be unlikely to exceed about 20,000." See the answer to Q24 at
https://committees.parliament.uk/oralevidence/237/pdf/ Better yet, read the entire evidence for background on what advice the UK government was
receiving from scientists, and how.
So did "Prof. Ferguson" say 250,000 fatalities, or did "he" say 20,000 fatalities, in that Report 9? That is, of course, a strikingly ill-posed question. First, the report has 31 authors, and was written "On behalf of
the Imperial College COVID-19 Response Team", so there is an organisation behind its conclusions, not a person. Not only that, but we can assume it
was discussed by colleagues at other institutions, as well as by GIDA
people, in the UK government's SAGE advisory committee, which was meeting
twice a week, and its various subcommittees. Second, what your guess might
be as to the total number of fatalities is dependent on your guess as to the values of key parameters of an ill-conditioned problem.
The ill-conditioning is well-illustrated by a thought experiment by James Annan, quoted by the journalist George Monbiot in The Guardian last week
https://www.theguardian.com/commentisfree/2020/may/19/uk-government-pandemic Annan pointed out that starting the UK lockdown a week earlier could have reduced the death toll by a factor of five.
https://bskiesresearch.wordpress.com/2020/05/12/the-human-cost-of-delaying-lockdown/
Whatever you might think of Annan's modeling (and Henry Baker wouldn't
think much, because it is SIR, see below), those figures are an aspect of
the real-world problem, not an artifice of the model.
Finally, let me remark on Maziuk's contention that he is "pretty sure" that
the code Ferguson's group uses is a "steaming Pile of Software". Ferguson's group is the only one I know with an in-house dedicated software engineering team (personal communication). Evidently both the Medical Research Council
and GIDA Director Prof. Ferguson are convinced that software engineering is
an important activity well worth supporting financially. As am I. I am glad they are doing so.
Now on to misinformation purveyed by Henry Baker. Baker says in Risks 31.84 that
[begin quote]
``... century-old Ross/Kermack-McKendrick "R0" differential equation models
are still being (ab)used, even though they are fatally flawed. ...''
[end quote]
"[F]atally flawed"? Do models die? Whatever. First, it is good to get the history right. Let us do so. The SIR model is indeed Kermack-McKendrick
1927, as is the alternative model used by Fraser. But the reproduction
number comes from George McDonald in the 1950's, emphasised and elaborated
by Klaus Dietz 20 years later, and finally entered mainstream with the Anderson-May monograph in 1991. See pp53-4 of Adam Kucharski, The Rules of Contagion, Profil Books/Wellcome Collection 20, which refers to Hans Heesterbeek's historical survey, A Brief History of R0 and a Recipe for its Calculation, Acta Biotheoretica 2002, available from
https://www.researchgate.net/publication/216638420_A_brief_history_of_R_0_and_a_recipe_for_its_calculation
Second, Baker doesn't like R0 (or R/Re/Rt, I take it), for reasons which I
fail to understand even after corresponding with him privately. Amongst
other things, R is very useful when formulating policy and communicating it
to the public. Here is German Chancellor Angela Merkel explaining in a press conference why German states were implementing "lockdown" measures, in terms
of when the German health system could be expected to be at capacity, given various values for Rt:
https://www.youtube.com/watch?v=3DmKdwp_A8Kow This
video went viral in Europe, for reasons which are apparent when you watch
it. Colleagues in other countries told me they wished they had such politicians.
To me, Baker writes as if all epidemiological modeling is based on the differential-equation SIR conception. There are other models being used, including one based on non-homogeneous Poisson Processes by Grassly and
Fraser, and I understand the MRC GIDA model discussed above is agent-based,
not SIR. It is worth noting that SIR-based models have made some quite
accurate predictions about the current outbreak, including one from the
London School of Hygiene and Tropical Medicine CMMID on when the Wuhan
Covid-19 outbreak was likely to peak (for references see p2 of my Notes on Covid-19 Part 1: 2020-02-24 to 2020-03-20, accessible from
https://scsc.uk/gv ).
------------------------------
Date: Mon, 14 Jan 2019 11:11:11 -0800
From:
RISKS-request@csl.sri.com
Subject: Abridged info on RISKS (comp.risks)
The ACM RISKS Forum is a MODERATED digest. Its Usenet manifestation is
comp.risks, the feed for which is donated by panix.com as of June 2011.
SUBSCRIPTIONS: The mailman Web interface can be used directly to
subscribe and unsubscribe:
http://mls.csl.sri.com/mailman/listinfo/risks
SUBMISSIONS: to risks@CSL.sri.com with meaningful SUBJECT: line that
includes the string `notsp'. Otherwise your message may not be read.
*** This attention-string has never changed, but might if spammers use it.
SPAM challenge-responses will not be honored. Instead, use an alternative
address from which you never send mail where the address becomes public!
The complete INFO file (submissions, default disclaimers, archive sites,
copyright policy, etc.) is online.
<
http://www.CSL.sri.com/risksinfo.html>
*** Contributors are assumed to have read the full info file for guidelines!
OFFICIAL ARCHIVES: http://www.risks.org takes you to Lindsay Marshall's
searchable html archive at newcastle:
http://catless.ncl.ac.uk/Risks/VL.IS --> VoLume, ISsue.
Also,
ftp://ftp.sri.com/risks for the current volume
or
ftp://ftp.sri.com/VL/risks-VL.IS for previous VoLume
If none of those work for you, the most recent issue is always at
http://www.csl.sri.com/users/risko/risks.txt, and index at /risks-31.00
Lindsay has also added to the Newcastle catless site a palmtop version
of the most recent RISKS issue and a WAP version that works for many but
not all telephones:
http://catless.ncl.ac.uk/w/r
ALTERNATIVE ARCHIVES:
http://seclists.org/risks/ (only since mid-2001)
*** NOTE: If a cited URL fails, we do not try to update them. Try
browsing on the keywords in the subject line or cited article leads.
Apologies for what Office365 and SafeLinks may have done to URLs.
Special Offer to Join ACM for readers of the ACM RISKS Forum:
<
http://www.acm.org/joinacm1>
------------------------------
End of RISKS-FORUM Digest 31.87
************************
--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)