RISKS-LIST: Risks-Forum Digest Wednesday 3 June 2020 Volume 31 : Issue 94

ACM FORUM ON RISKS TO THE PUBLIC IN COMPUTERS AND RELATED SYSTEMS (comp.risks) Peter G. Neumann, founder and still moderator

***** See last item for further information, disclaimers, caveats, etc. ***** This issue is archived at <http://www.risks.org> as
<http://catless.ncl.ac.uk/Risks/31.94>
The current issue can also be found at
<http://www.csl.sri.com/users/risko/risks.txt>

Contents:
REvil Ransomware Gang Starts Auctioning Victim Data (Krebs)
Misinformation About George Floyd Protests Surges on Social Media (NYTimes) America is awash in cameras, a double-edged sword for protesters and police
(WashPost)
Australian Federal Government's automated debt recovery 'Robodebt' was
illegal. A$721M to be refunded and compensation case underway. (ABC)
Just Stop the Superspreading (NYTimes)
The Militarization of Artificial Intelligence (UNODA, Stanley Center,
Stimson Center)
Limits on Autonomy in Weapon Systems (SIPRI)
White nationalist group posing as antifa called for violence on twitter
(NBC News)
Re: Minnesota is now using contact tracing to track protestors, as
demonstrations escalate (Vox)
Re: Resuscitate The Internet Fairness Doctrine (Richard Stein)
Abridged info on RISKS (comp.risks)

----------------------------------------------------------------------

Date: June 3, 2020 12:20:04 JST
From: geoff goodfellow <geoff@iconia.com>
Subject: REvil Ransomware Gang Starts Auctioning Victim Data (Krebs)

The criminal group behind the REvil ransomware enterprise has begun
auctioning off sensitive data stolen from companies hit by its malicious software. The move marks an escalation in tactics aimed at coercing victims
to pay up -- and publicly shaming those who don't. But it may also signal
that ransomware purveyors are searching for new ways to profit from their crimes as victim businesses struggle just to keep the lights on during the unprecedented economic slowdown caused by the COVID-19 pandemic.

Over the past 24 hours, the crooks responsible for spreading the ransom
malware *CREvil* (a.k.a. Sodin and Sodinokibi) used their Dark Web Happy
Blog to announce its first ever stolen data auction, allegedly selling files taken from a Canadian agricultural production company that REvil says has so far declined its extortion demands...

https://krebsonsecurity.com/2020/06/revil-ransomware-gang-starts-auctioning-victim-data/

------------------------------

Date: Tue, 2 Jun 2020 00:39:49 -0400
From: Monty Solomon <monty@roscom.com>
Subject: Misinformation About George Floyd Protests Surges on Social Media
(NYTimes)

In the universe of false online information, Mr. Floyd remains alive and
George Soros is to blame for the protests.

https://www.nytimes.com/2020/06/01/technology/george-floyd-misinformation-online.html

------------------------------

Date: Wed, 3 Jun 2020 13:37:11 -0400
From: Monty Solomon <monty@roscom.com>
Subject: America is awash in cameras, a double-edged sword for protesters
and police (WashPost)

Smartphone cameras, home security cameras, traffic cameras — digital eyes
are a boon and danger to protesters.

https://www.washingtonpost.com/technology/2020/06/03/cameras-surveillance-police-protesters/

------------------------------

Date: Tue, 2 Jun 2020 15:38:33 +1000
From: Ian Hayden <ian8hayden@gmail.com>
Subject: Australian Federal Government's automated debt recovery 'Robodebt'
was illegal. A$721M to be refunded and compensation case underway. (ABC)

https://www.abc.net.au/news/2020-05-30/robodebt-stuart-robert-scott-morrison/12303322?section=analysis

"A more targeted approach to managing people" is how the now Prime Minister
had described it in mid-2016.

The story of how the data-matching scheme was invented with vim by a coterie
of high-powered bureaucrats and sold to starry-eyed ministers is fabled in Canberra. "Give our Department some extra money, and we'll get you an extra
$2 billion" was the pitch.

Never mind that in their zeal, the Human Services Department would actually remove humans entirely from the process of identifying alleged debts and mailing what amounted to letters of demand to more than 370,000 people. Nor had anyone evidently stopped to take rigorous legal advice on whether the
brave new world of data-matched welfare recovery actually stood up to the
laws of the land, which stand as the barrier between Government excess and
the protection of the people.

Although it's almost never released, we now know that subsequent legal
advice to the Government warned its chances of defending numerous court
actions would be close to zero.

------------------------------

Date: Tue, 02 Jun 2020 08:02:17 -0700
From: Henry Baker <hbaker1@pipeline.com>
Subject: Just Stop the Superspreading (NYTimes)

The NYTimes article below attributes the bulk of COVID19 spread to "superspreaders" and "superspreading events".

Unfortunately, we're going to get an unplanned full-scale test of this
theory due to the large-scale protests in almost every hot spot of COVID19
in the country. Even worse, many of those protesting are at much higher
risk of serious complications from the disease.

We can only hope that Santayana was wrong this time (see 1918 flu below).

https://www.nytimes.com/2020/05/31/health/protests-coronavirus.html

Will Protests Set Off a Second Viral Wave?

"People of color have been particularly hard hit, with rates of hospitalizations and deaths among black Americans far exceeding those of whites."

https://www.smithsonianmag.com/history/philadelphia-threw-wwi-parade-gave-thousands-onlookers-flu-180970372/

Philadelphia Threw a WWI Parade That Gave Thousands of Onlookers the Flu

"Within 72 hours of the parade, every bed in Philadelphia's 31 hospitals was filled. In the week ending October 5, some 2,600 people in Philadelphia had died from the flu or its complications. A week later, that number rose to
more than 4,500. With many of the city's health professionals pressed into military service, Philadelphia was unprepared for this deluge of death."

"On a single October day, 759 people died in the city and more than 12,000 Philadelphians would die in a matter of weeks."

https://www.nytimes.com/2020/06/02/opinion/coronavirus-superspreaders.html

Just Stop the Superspreading

In our study, 20 percent of Covid-19 cases accounted for 80 percent of transmissions.

By Dillon C. Adam and Benjamin J. Cowling June 2, 2020, 6:35 a.m. ET
Mr. Adam and Prof. Cowling are epidemiologists.

HONG KONG -- You must have heard about some of these outbreaks; they're
almost emblematic of the Covid-19 pandemic by now: that megachurch in South Korea, meatpacking plants in the United States, a wedding in Jordan,
funerals around the world.

You've also probably heard of SARS-CoV-2's R0 (R-naught), or basic
reproductive number, the average number of people to whom an infected
person passes on a new virus when no measures to contain it have been
taken. This coronavirus's R0 is thought to range between 2 and 3; an
epidemic is curbed when that figure drops below 1, the replacement
rate.

But that figure has limitations: It doesn't convey the vast range between
how much some infected people transmit the virus and how little others do.

This is why epidemiologists also look at a virus's dispersion factor, known
as "k," which captures that range and so, too, the potential for
superspreading events. To simplify: The fewer the number of cases of
infection responsible for all transmissions, the lower k generally is
(though other factors, like the R0, also are relevant).

https://www.sciencemag.org/news/2020/05/why-do-some-covid-19-patients-infect-many-others-whereas-most-don-t-spread-virus-all

In the case of SARS-CoV-2, evidence is growing that superspreading is a
hugely significant factor of total transmission.

Take Hong Kong, which as of June 2 had 1,088 confirmed or probable cases
(and four deaths), for a population of about 7.5 million. The city has
managed to largely suppress local outbreaks of Covid-19 without a lockdown
or mandatory blanket stay-at-home orders, favoring instead a strategy of testing people suspected of being infected, tracing and quarantining their contacts and isolating confirmed cases in the hospital -- coupled with
outright bans or other restrictions on large social gatherings.

After these measures were progressively relaxed in recent weeks, a new
outbreak of seven cases, possibly a superspreading event, has been reported over the past few days: Three are employees of a food-packing company; the other four live in the same housing estate as one of the employees.

We recently published a preprint (a preliminary paper, still to be peer-reviewed) about 1,038 cases of SARS-CoV-2 in Hong Kong between Jan. 23
and April 28 that, using contact-tracing data, identified all local clusters
of infection.

https://www.researchsquare.com/article/rs-29548/v1

We found that superspreading has overwhelmingly contributed to the
transmission of SARS-CoV-2 in the city overall.

Of the 349 local cases we identified -- the remaining 689 cases were
imported from other territories -- 196 were linked to just six
superspreading events. One person alone appears to have infected 73
individuals after frequenting several bars in late March. Weddings, temples, hot-pot dinners, work parties and karaoke venues featured in the other clusters.

In our study, just 20 percent of cases, all of them involving social gatherings, accounted for an astonishing 80 percent of transmissions.
(That, along with other things, suggests that the dispersion factor, k, of SARS-CoV-2 is about 0.45).

Another 10 percent of cases accounted for the remaining 20 percent of transmissions -- with each of these infected people on average spreading the virus to only one other person, maybe two people. This mostly occurred
within households.

No less astonishing was this corollary finding: Seventy percent of the
people infected did not pass on the virus to anyone.

Now you might be wondering if our study, or the experience of Hong Kong,
with its small number of total infections, is more broadly
representative. We think so.

An analysis of early cases in the city of Wuhan, China, the site of the original outbreak, published by researchers in Switzerland in late January,
was inconclusive about the frequency of superspreading. But more and more studies support the conclusion that in places other than Hong Kong, too, superspreading is a major driver of overall transmission.

A study published in The Lancet in late April, based on data from Shenzhen, southern China, about suspected cases among travelers from around Wuhan, concluded that 80 percent of transmissions were caused by 8-9 percent of
cases.

Another (also peer-reviewed) paper from late April found that 94 out of 216 employees on the 11th floor of a crowded call center in South Korea likely
were infected by a single index case in late February and early March.

A recent preprint (not yet peer-reviewed) about 212 Covid-19 cases in Israel between late February and late April traced 80 percent of the transmissions back to just 1-10 percent of cases.

According to mathematical modeling by Akira Endo, of the London School of Hygiene and Tropical Medicine, and others, about 10 percent of SARS-CoV-2
cases might account for 80 percent of transmissions worldwide (and the virus might have a dispersion factor, k, of about 0.1).

With other coronaviruses like SARS and MERS as well, a small group of superspreaders was responsible for a large majority of all transmissions.

During the SARS outbreak of 2002-03, hospitals, airplanes and densely
populated housing complexes were all implicated in large superspreading
events.

A 2005 study of SARS cases in Singapore -- considered seminal in the field
-- found that just 6 percent of cases accounted for 80 percent of all transmissions, while 73 percent of infected people appeared not to have
spread the infection. The k factor seemed to be about 0.16.

In Hong Kong, one patient is thought to have infected 138 people in a single hospital during two to three weeks in March 2003; a cluster of 331
infections was traced back to a single resident in the Amoy Gardens housing complex.

For MERS, which first surfaced in Saudi Arabia in 2012, about 14 percent of cases are thought to have accounted for 80 percent of transmissions, with k=0.26, and most MERS superspreading events have been linked to hospitals.

This data in turn raise this crucial question: Why are some cases superspreaders and others not?

Superspreading is a complex phenomenon, and it depends on several factors:
an infected person's degree of infectiousness, the length of other people's exposure to them, the setting of that exposure.

We are not aware of any study having been published that identifies
individual characteristics that might account for an infected person's
degree of infectiousness or could otherwise help predict who may be a superspreader.

This much, though, is known: The infectiousness of SARS-CoV-2 appears to
peak within the first few days of the onset of Covid-19 symptoms and then decrease with time. That said, one can be contagious before displaying
symptoms or without ever displaying any symptoms. (Hence the importance of
face masks.)

It stands to reason, too, that a highly contagious person is more likely to spread the infection in a crowd (at a wedding, in a bar, during a sporting event) than in a small group (within their household), and when contact is extensive or repeated.

Transmission is more likely during gatherings indoors than outdoors. Simply ventilating a room can help. We believe that with the South Korean
call-center cluster, the essential factor of transmission was the extent of time spent in a crowded office area.

Also consider this counterexample: Japan. The government recently lifted a state of emergency after controlling its epidemic without having put in
place any stringent social distancing measures or even doing much
testing. Instead, it relied on largely voluntary measures encouraging people
to stay at home and advice to avoid overcrowding in public venues.

In essence, Japan adopted an anti-superspreading strategy. The approach was targeted at limiting what some researchers from Tohoku University have
called the "three Cs": closed spaces, crowds and close contacts.

We believe that despite Japan's success so far, Hong Kong's suppression strategy, which includes testing and contact-tracing as well, is preferable
in the long run, if only because it's better preparation for any future outbreaks.

But the record in both places, and elsewhere, points to the same conclusion: It's not just that superspreading events are happening with SARS-CoV-2; they appear to be driving much of the pandemic.

This fact is alarming and reassuring at the same time.

It's alarming because it suggests a virus swift and efficient, and so
seemingly unstoppable.

But the considerable role of superspreading in this pandemic should be reassuring, too, because it also suggests a way to stop SARS-CoV-2 that is
both less onerous and more effective than many of the strategies that have
been pursued so far.

The epidemic's growth can be controlled with tactics far less disruptive, socially and economically, than the extended lockdowns or other extreme
forms of social distancing that much of the world has experienced over the
past few months.

Forget about maintaining -- or, if infections resurge, resuming -- sweeping measures designed to stem the virus's spread in all forms. Just focus on stopping the superspreading.

Dillon C. Adam is a visiting research fellow at the University of Hong
Kong, where Benjamin J. Cowling is a professor of infectious disease epidemiology.

------------------------------

Date: Wed, 03 Jun 2020 21:29:04 +0200
From: "Diego.Latella" <diego.latella@isti.cnr.it>
Subject: The Militarization of Artificial Intelligence
(UNODA, Stanley Center, Stimson Center)

The Militarization of Artificial Intelligence (https://www.un.org/disarmament/the-militarization-of-artificial-intelligence/)
Melanie Sisson - Defense Strategy and Planning Program Stimson Center
Jennifer Spindel - University of New Hampshire
Paul Scharre - Center for a New American Security
China Arms Control and Disarmament Association
Vadim Kozyulin - PRI Center (Russian Center for Policy Research)
United Nations Office for Disarmament Affairs, the Stanley Center
for Peace and Security, and the Stimson Center.
June 3, 2020

Link available also in the "Computers: National security, War, and Civil Rights" page (http://www.uspid.org/compwa.html) of the USPID web site (www.uspid.org)

------------------------------

Date: Tue, 02 Jun 2020 18:36:12 +0200
From: "Diego.Latella" <diego.latella@isti.cnr.it>
Subject: Limits on Autonomy in Weapon Systems (SIPRI)

Vincent Boulanin, Neil Davison, Netta Goussac and Moa Peldán Carlsson Limits on Autonomy in Weapon Systems: Identifying Practical Elements of Human
Control, SIPRI, ICRC June 2020 https://www.sipri.org/sites/default/files/2020-06/2006_limits_of_autonomy_0.pdf

Accessible also from the USPID web site (www.uspid.org) at page
"Computers: National security, War, and Civil Rights" (http://uspid.org/compwa.html)

------------------------------

Date: Mon, 1 Jun 2020 17:45:09 -0700
From: Lauren Weinstein <lauren@vortex.com>
Subject: White nationalist group posing as antifa called for violence on
twitter (NBC News)

https://www.nbcnews.com/tech/security/twitter-takes-down-washington-protest-disinformation-bot-behavior-n1221456

------------------------------

Date: Tue, 2 Jun 2020 00:34:48 -0400
From: Monty Solomon <monty@roscom.com>
Subject: Re: Minnesota is now using contact tracing to track protestors,
as demonstrations escalate (Vox)

Minnesota law enforcement isn't contact-tracing protesters, despite an official's comment.

The appropriation of the term could undermine public health efforts.

https://www.vox.com/recode/2020/6/1/21277393/minnesota-protesters-contact-tracing-covid-19

------------------------------

Date: Wed, 3 Jun 2020 10:09:52 +0800
From: Richard Stein <rmstein@ieee.org>
Subject: Re: Resuscitate The Internet Fairness Doctrine (The Hill)

John -- I agree with your arguments [well, The Hill's. PGN]

Constructing a machine to auto-cook speech labels for politicians of every stripe and flavor, let alone for any/all Twitter subscribers? A current impossibility, unless one is prepared to accept high error rates for
contextual and semantic interpretation with unpredictable latency.

Selling confusion, falsehood and inaccuracy to the public has always
tarnished political speech. Harry S. Truman said, "If you can't convince
them, confuse them!" The volume and frequency of confusing political
messages, at times, comprises a nefarious torrent.

Section 230 of the Communications Decency Act establishes an explicit
platform exemption: "No provider or user of an interactive computer service shall be treated as the publisher or speaker of any information provided by another information content provider."

Twitter policy on violence or other inflammatory content is quite clear (https://help.twitter.com/en/rules-and-policies#general-policies).

That a Twitter subscriber expresses umbrage when their content is labeled demonstrates platform policy enforcement via editorial oversight.

Does the President's content submission deserve an exemption to Twitter
policy enforcement? In my opinion, no.

Technologically, Khanna's ideas are no-ops. If a manually constructed, GUI-visible label can squelch a digital bullhorn, an approximate speech fairness path already exists.

------------------------------

Date: Mon, 1 Jun 2020 11:11:11 -0800
From: RISKS-request@csl.sri.com
Subject: Abridged info on RISKS (comp.risks)

The ACM RISKS Forum is a MODERATED digest. Its Usenet manifestation is
comp.risks, the feed for which is donated by panix.com as of June 2011.

SUBSCRIPTIONS: The mailman Web interface can be used directly to

subscribe and unsubscribe:
http://mls.csl.sri.com/mailman/listinfo/risks

SUBMISSIONS: to risks@CSL.sri.com with meaningful SUBJECT: line that

includes the string `notsp'. Otherwise your message may not be read.
*** This attention-string has never changed, but might if spammers use it.

SPAM challenge-responses will not be honored. Instead, use an alternative

address from which you never send mail where the address becomes public!

The complete INFO file (submissions, default disclaimers, archive sites,

copyright policy, etc.) is online.
<http://www.CSL.sri.com/risksinfo.html>
*** Contributors are assumed to have read the full info file for guidelines!

OFFICIAL ARCHIVES: http://www.risks.org takes you to Lindsay Marshall's

searchable html archive at newcastle:
http://catless.ncl.ac.uk/Risks/VL.IS --> VoLume, ISsue.
Also, ftp://ftp.sri.com/risks for the current volume
or ftp://ftp.sri.com/VL/risks-VL.IS for previous VoLume
If none of those work for you, the most recent issue is always at
http://www.csl.sri.com/users/risko/risks.txt, and index at /risks-31.00
ALTERNATIVE ARCHIVES: http://seclists.org/risks/ (only since mid-2001)
*** NOTE: If a cited URL fails, we do not try to update them. Try
browsing on the keywords in the subject line or cited article leads.
Apologies for what Office365 and SafeLinks may have done to URLs.

Special Offer to Join ACM for readers of the ACM RISKS Forum:

<http://www.acm.org/joinacm1>

------------------------------

End of RISKS-FORUM Digest 31.94
************************

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)