RISKS-LIST: Risks-Forum Digest Friday 14 August 2020 Volume 32 : Issue 19

ACM FORUM ON RISKS TO THE PUBLIC IN COMPUTERS AND RELATED SYSTEMS (comp.risks) Peter G. Neumann, founder and still moderator

***** See last item for further information, disclaimers, caveats, etc. ***** This issue is archived at <http://www.risks.org> as
<http://catless.ncl.ac.uk/Risks/32.19>
The current issue can also be found at
<http://www.csl.sri.com/users/risko/risks.txt>

Contents:
The Iconic Arecibo Telescope Goes Quiet After Major Damage (WiReD)
The Tragic Physics of the Deadly Explosion in Beirut (WiReD)
North Korean Hacking Group Attacks Israeli Defense Industry (NYTimes) Researchers discovered significant vulnerability in Amazon's Alexa
(The Hill)
Bald eagle attacks government drone and sends it to bottom of Lake Michigan
(The Guardian)
Vulnerabilities in Qualcomm Chips Expose Billions of Devices to Attacks
(You Tube)
Snapdragon chip flaws put >1 billion Android phones at risk of data theft
(Ars Techica)
Flaws in Samsung Phones Exposed Android Users to Remote Attacks
(The Hacker News)
Microsoft plugs at least 120 Windows security holes (Krebs on Security)
Coming Next: The Greater Recession (Paul Krugman via Randall Head)
Social media and misinformation (Rob Slade)
Deepfakes or not??? (Mark Thorson)
A protester tried to ID a police officer on Twitter. Now he faces a felony
-- along with four who retweeted him. (WashPost)
Scientists rename human genes to stop Microsoft Excel from misreading them
as dates (The Verge)
You do know you are being tracked, right? (WSJ)
Thousands of cases went unreported in California when a computer server
failed (NYTimes)
Blackstone to acquire Ancestry.com for $4.7 billion (Oguh)
USG Contractor Embedded Software in Apps to Track Phones (WSJ)
Illiterate cell phone user experience (Dan Jacobson)
Photoshop Will Help ID Images That Have Been Photoshopped (WiReD)
Is it the AI That's Racist, or is it the Humans That Create the AI?
(AI Daily)
AI bias detection ... (PGN)
Leaked Documents Reveal What TikTok Shares with Authorities -- in the U.S.
(The Intercept via Richard Forno)
Why & Where You Should You Plant Your Flag (Krebs on Security)
Postal Service warns 46 states their voters could be disenfranchised by
delayed mail-in ballots (WashPost)
Mailer To DC Voters Prompts Widespread Confusion (DCist)
Trump's lapdog Postmaster General wants to more than double costs for states
to mail ballots to voters! Crooked through and through. (Law and Crime) Unwanted Truths: Inside Trump's Battles With U.S. Intelligence Agencies
(NYTimes)
The quest to liberate $300,000 of bitcoin from an old ZIP file
(Ars Technica)
Risk of driving while Black in conjunction with computer risks (anon)
Why climate change is about to make your bad commute worse (WashPost)
Chrome will start hiding most of URLs, but you can opt-out -- AND YOU
SHOULD! (Lauren Weinstein)
How romance scams are thriving during quarantine. (The Verge)
No to Blockchain Credentials of COVID-19 Test Results for Entry to Public
Spaces (EFF)
Virginia launches contact-tracing app COVIDWISE using Apple, Google
technology (WashPost)
The nuclear mistakes that could have ended civilisation (bbc.com)
Re: Omniviolence Is Coming and the World Isn't Ready (Eric Sosman)
Re: Blackbaud breach (A Michael W Bacon)
Re: City outage (A Michael W Bacon)
Re: Beirut explosion (A Michael W Bacon)
Re: Beirut Blast (3daygoaty)
Re: Tom's Hardware goes dark/side/ (Steve Singer)
Re: When tax prep is free, you may be paying with your privacy
(David Damerell)
Abridged info on RISKS (comp.risks) ----------------------------------------------------------------------

Date: Wed, 12 Aug 2020 15:52:12 -0400
From: Gabe Goldberg <gabe@gabegold.com>
Subject: The Iconic Arecibo Telescope Goes Quiet After Major Damage (WiReD)

A cable cut a large gash into the radio telescope this week and it's
uncertain when it will be back in working order.

https://www.wired.com/story/the-iconic-arecibo-telescope-goes-quiet-after-major-damage/

------------------------------

Date: Sat, 8 Aug 2020 21:14:45 -0400
From: Gabe Goldberg <gabe@gabegold.com>
Subject: The Tragic Physics of the Deadly Explosion in Beirut (WiReD)

A blast injury specialist explores the chemistry -- and history -- of explosions like the one captured in videos that swept across the world.

https://www.wired.com/story/tragic-physics-deadly-explosion-beirut/

------------------------------

Date: Wed, 12 Aug 2020 20:56:34 -0400
From: Monty Solomon <monty@roscom.com>
Subject: North Korean Hacking Group Attacks Israeli Defense Industry
(NYTimes)

Israel says the attack was thwarted, but a cybersecurity firm says it was successful. Some officials fear that classified data stolen by North Korea could be shared with Iran.

https://www.nytimes.com/2020/08/12/world/middleeast/north-korea-hackers-israel.html

------------------------------

Date: Thu, 13 Aug 2020 13:38:45 -1000
From: geoff goodfellow <geoff@iconia.com>
Subject: Researchers discovered significant vulnerability in Amazon's Alexa
(The Hill)

Researchers at cybersecurity provider Check Point uncovered a flaw in
Amazon's Alexa virtual assistant that left owner's personal information vulnerable before it was patched in June.

The researchers detailed the vulnerability in a report released Thursday, saying potential hackers could have hijacked the voice assistant devices
using malicious Amazon links.

Once those links were clicked, hackers would be able to install or remove "Skills" -- essentially apps -- from Alexa devices.

They would also be able to access the user's voice history with their
device as well as personal information as sensitive as banking data and home addresses. [...]

https://thehill.com/policy/technology/511746-researchers-discovered-significant-vulnerability-in-amazons-alexa

Also: https://www.wired.com/story/amazon-alexa-bug-exposed-voice-history-hackers/

------------------------------

Date: Fri, 14 Aug 2020 11:24:48 -0700
From: Peter Neumann <neumann@csl.sri.com>
Subject: Bald eagle attacks government drone and sends it to bottom of Lake
Michigan (The Guardian)

There is something appropriately symbolic in this ....

https://www.theguardian.com/us-news/2020/aug/14/eagle-drone-attack-lake-michigan

------------------------------

Date: Mon, 10 Aug 2020 12:10:10 -1000
From: geoff goodfellow <geoff@iconia.com>
Subject: Vulnerabilities in Qualcomm Chips Expose Billions of Devices to
Attacks (You Tube)

*Security researchers have identified hundreds of vulnerabilities that
expose devices with Qualcomm Snapdragon chips to attacks.*

During a presentation <https://www.youtube.com/watch?v=CrLJ29quZY8&feature=youtu.be> at DEF CON
last week, Check Point security researcher Slava Makkaveev revealed how vulnerabilities in the compute digital-signal processor (DSP) -- a subsystem that enables the processing of data with low power consumption -- could open the door for Android applications to perform malicious attacks.

The proprietary subsystem is licensed for programming to OEMs and a small number of application developers, and the code running on DSP is signed,
but the security researchers have identified ways to bypass Qualcomm's signature and run code on DSP.

Vendors can build software for DSP using the Hexagon SDK, and serious
security flaws in the development kit itself have resulted in hundreds of vulnerabilities being introduced in code from Qualcomm and partner vendors.

According to Makkaveev, almost all of the DSP executable libraries that
come embedded in Qualcomm-based smartphones are exposed to attacks through
the issues identified in the Hexagon SDK.

The discovered flaws, over 400 in total, are tracked as CVE-2020-11201, CVE-2020-11202, CVE-2020-11206, CVE-2020-11207, CVE-2020-11208 and CVE-2020-11209 and have already been acknowledged by Qualcomm.

Check Point has yet to publish technical details on these vulnerabilities,
but says <https://blog.checkpoint.com/2020/08/06/achilles-small-chip-big-peril/> that attackers able to exploit them would require no user interaction to
exfiltrate large amounts of information, including users' photos and
videos, and GPS and location data, or to spy on users by recording calls or turning on the microphone.

Denial of service attacks are also possible, with the device remaining permanently unresponsive, thus making the information stored on it
unavailable. Furthermore, malicious code installed on the device could hide activities entirely and become unremovable.

With Qualcomm's chips present in approximately 40% of the smartphones out there, including high-end devices from Google, LG, OnePlus, Samsung,
Xiaomi, and others, at least 1 billion mobile users are affected by these vulnerabilities. [...] https://www.securityweek.com/vulnerabilities-qualcomm-chips-expose-billions-devices-attacks

------------------------------

Date: Sun, 9 Aug 2020 14:57:23 -0400
From: Monty Solomon <monty@roscom.com>
Subject: Snapdragon chip flaws put >1 billion Android phones at risk of data
theft (Ars Techica)

There's no word on when Google and phone makers will incorporate fix from Qualcomm.

A billion or more Android devices are vulnerable to hacks that can turn them into spying tools by exploiting more than 400 vulnerabilities in Qualcomm's Snapdragon chip, researchers reported this week.

The vulnerabilities can be exploited when a target downloads a video or
other content that's rendered by the chip. Targets can also be
attacked by installing malicious apps that require no permissions at all.

From there, attackers can monitor locations and listen to nearby audio in

real time and exfiltrate photos and videos. Exploits also make it possible
to render the phone completely unresponsive. Infections can be hidden from
the operating system in a way that makes disinfecting difficult. ...

https://arstechnica.com/information-technology/2020/08/snapdragon-chip-flaws-put-1-billion-android-phones-at-risk-of-data-theft/

------------------------------

Date: Thu, 13 Aug 2020 13:37:45 -1000
From: geoff goodfellow <geoff@iconia.com>
Subject: Flaws in Samsung Phones Exposed Android Users to Remote Attacks
(The Hacker News)

New research disclosed a string of severe security vulnerabilities in the
'Find My Mobile' -- an Android app that comes pre-installed on most Samsung smartphones -- that could have allowed remote attackers to track victims' real-time location, monitor phone calls, and messages, and even delete data stored on the phone.

Portugal-based cybersecurity services provider Char49 revealed its findings <https://char49.com/tech-reports/fmmx1-report.pdf> on Samsung's Find My
Mobile Android app at the DEF CON conference last week and shared details
with the Hacker News.

"This flaw, after setup, can be easily exploited and with severe
implications for the user and with a potentially catastrophic impact:
permanent denial of service via phone lock, complete data loss with factory reset (SD card included), serious privacy implication via IMEI and location tracking as well as call and SMS log access," Char49's Pedro Umbelino said
in technical analysis.

The flaws, which work on unpatched Samsung Galaxy S7, S8, and S9+ devices,
were addressed by Samsung after flagging the exploit as a "high impact vulnerability."

Samsung's Find My Mobile <https://findmymobile.samsung.com/> service allows owners of Samsung devices to remotely locate or lock their smartphone or tablet, back up data stored on the devices to Samsung Cloud, wipe local
data, and block access to Samsung Pay.

According to Char49, there were four different vulnerabilities in the app
that could have been exploited by a malicious app installed on the targeted device, thus creating a man-in-the-disk attack <https://thehackernews.com/2018/08/man-in-the-disk-android-hack.html> to
hijack communication from the backend servers and snoop on the victim. [...] https://thehackernews.com/2020/08/samsung-find-my-phone-hacking.html

------------------------------

Date: Tue, 11 Aug 2020 16:40:45 -1000
From: geoff goodfellow <geoff@iconia.com>
Subject: Microsoft plugs at least 120 Windows security holes
(Krebs on Security)

Microsoft today released updates to plug at least 120 security holes in its Windows operating systems and supported software, including two newly discovered vulnerabilities that are actively being exploited. Yes, good
people of the Windows world, it's time once again to backup and patch up!
[...]

https://krebsonsecurity.com/2020/08/microsoft-patch-tuesday-august-2020-edition/

------------------------------

Date: August 8, 2020 at 8:48:42 PM EDT
From: Randell Head <rvh40@insightbb.com>
Subject: Coming Next: The Greater Recession (Paul Krugman)

[Via Dewayne Hendricks]

Paul Krugman, *The New York Times*, 6 Aug 2020

The suspension of federal benefits would create damage almost as terrifying as the economic effects of the coronavirus.
<https://www.nytimes.com/2020/08/06/opinion/coronavirus-us-recession.html>

"Greater Recession"? Dr. K is too shy by a long shot.

Pretty much every multi-tenant office building and almost all shopping malls
in this country are owned by REITs, almost exactly all of which are
mortgaged to the limits of their bankers' tolerance.

Those mortgages are based on the assessed value of the real estate. Those assessments assume a roughly 80% occupancy rate.

The malls are undergoing a calamity of their own, which everyone knows about
- Shopped at Sears, lately?

But the office buildings - ah, the office buildings!

Many of their tenants will not survive. Of those who do survive, all will
have noticed how much cheaper it is to give every employee a laptop and
cable modem than it is to pay rent on those downtown or suburban office
towers.

Yeah, perhaps most of them will keep some sort of office, but when it comes time to renew the leases, they will be able to point to the hundreds of thousands of square feet of empty space in the neighboring towers, so they
will reduce their leased space and they will largely get a lower price per square foot. (If they don't get a reduction, they need to fire whoever is negotiating on their behalf).

This means the office buildings are assessed too high.

If they are reassessed, most of the loans against them are suddenly unsecured.

Those REITs I mentioned?

THey're not going to be able to make their mortgage payments, once 25% of
their tenants go under or break (or fail to renew) their leases, which means that the banks and hedge funds which hold those mortgages are suddenly insolvent.

Few people have any sympathy for hedge funds, thinking no one they know has
any money with them, but a very large percentage of pension funds have some money with hedge funds.

That's not the big deal, though. The big deal is the insolvent banks.

Remember the early days of the 2008 Crash? Banks were refusing to make Guaranteed Student Loans.

Reading this, I assumed that was just your usual "Rich Folks, sticking up
the government" scam, but I was wrong - they didn't make Guaranteed Student Loans because they COULDN'T -- insolvent banks can't lend any money, not
even when they have the Full Faith and Credit of the US Government backing
the loans.

A middling-sized bank which in January had twenty billion dollars of
commercial loans, secured by liens against $25B of office towers and
shopping malls, now has twenty billion dollars of commercial loans, secured
by liens against $18B of real property.

Sure, the property is still assessed at $25B, but what would it bring on the open market? $18B is probably too generous.

If you thought it was fun, bailing out the FSLIC, you're gonna *love*
bailing out the FDIC, especially when every advanced economy on the planet
is busy bailing out its own banks.

------------------------------

Date: Sat, 8 Aug 2020 17:41:05 -0700
From: Rob Slade <rmslade@shaw.ca>
Subject: Social media and misinformation

This article provides laudable and important sentiments: https://www.pressreader.com/canada/the-london-free-press/20200808/281711206997706

And the authors are dangerously over-optimistic. I've been waiting 40
years (since before the Internet was called the Internet) for people to wake up, and it hasn't happened yet.

------------------------------

Date: Sat, 8 Aug 2020 12:07:19 -0700
From: Mark Thorson <eee@dialup4less.com>
Subject: Deepfakes or not???

I have noticed a lack of tight synchronization between the audio and picture
on commercial over-the-air broadcast television is surprisingly common, and
I'm wondering whether this may be a marker for video that has been faked.

I first noticed this around the time of conversion from analog to digital,
when one channel was particularly annoying with its poor synchronization.
The problem becomes more obvious when you develop some ability to read lips. Certain sounds, especially "p" and "b", require the lips to come together,
and they make tracking the audio against the picture much simpler. It does
not take much practice to become proficient, though I still can't tell what words are being said from the picture alone. Any video passing through Zoom cannot be analyzed this way because there isn't enough temporal resolution
to make this comparison.

An argument against deepfakes is that this phenomenon is very widespread. I can't give you anything approaching a number based on data, but my
impression is at least 20% of all broadcast television exhibits this problem
-- including a large amount for which there would be no obvious motive. Why would you fake the talking heads on a news broadcast or the presentation of
a comedy routine? I suspect it may be a weakness of the digital video standard, though I suppose there may be other explanations. It's either
that, or we are awash in fake video.

------------------------------

Date: Fri, 7 Aug 2020 17:42:11 -0400
From: Monty Solomon <monty@roscom.com>
Subject: A protester tried to ID a police officer on Twitter. Now he faces a
felony -- along with four who retweeted him. (WashPost)

Kevin Alfaro and four people who retweeted the post have been charged with cyber harassment, a 4th degree felony with up to 18 months of incarceration
and a $10,000 fine.

https://www.washingtonpost.com/nation/2020/08/07/black-lives-matter-tweet-police-felony/

------------------------------

Date: Fri, 7 Aug 2020 15:13:47 -0700 (PDT)
From: Thomas Dzubin <dzubint@vcn.bc.ca>
Subject: Scientists rename human genes to stop Microsoft Excel from
misreading them as dates (The Verge)

"Excel is a behemoth in the spreadsheet world and is regularly used by scientists to track their work and even conduct clinical trials. But its default settings were designed with more mundane applications in mind, so
when a user inputs a gene's alphanumeric symbol into a spreadsheet, like "MARCH1" which is short for "Membrane Associated Ring-CH-Type Finger 1",
Excel converts that into a date: "1-Mar"

https://www.theverge.com/2020/8/6/21355674/human-genes-rename-microsoft-excel-misreading-dates

And yes, I know that people can set the formatting of cells, rows & columns
of cells to be 'don't change what I entered' format, it's the defaults that
are supposed to make our lives easier which is breaking things.

------------------------------

Date: Thu, 13 Aug 2020 11:37:28 +0200
From: Anthony Thorn <anthony.thorn@atss.ch>
Subject: You do know you are being tracked, right? (WSJ)

"The Wall Street Journal." 7 Aug 2020 https://www.wsj.com/articles/u-s-government-contractor-embedded-software-in-apps-to-track-phones-11596808801

"U.S. Government Contractor Embedded Software in Apps to Track Phones
Anomaly Six has ties to military, intelligence agencies and draws location
data from more than 500 apps with hundreds of millions of users

The U.S. government is using app-generated marketing data based on the movements of millions of cellphones around the country for some forms of law enforcement. We explain how such data is being gathered and sold.

WASHINGTON -- A small U.S. company with ties to the U.S. defense and intelligence communities has embedded its software in numerous mobile apps, allowing it to track the movements of hundreds of millions of mobile phones world-wide, according to interviews and documents reviewed by The Wall
Street Journal. Anomaly Six LLC a Virginia-based company founded by two
U.S. military veterans with a background in intelligence, said in marketing material it is able to draw location data from more than 500 mobile applications, in part through its own software development kit, or SDK, that
is embedded directly in some of the apps. An SDK allows the company to
obtain the phone's location if consumers have allowed the app containing the software to access the phone's GPS coordinates. App publishers often allow third-party companies, for a fee, to insert SDKs into their apps. The SDK
maker then sells the consumer data harvested from the app, and the app publisher gets a chunk of revenue. But consumers have no way to know
whether SDKs are embedded in apps; most privacy policies don't disclose that information. Anomaly Six says it embeds its own SDK in some apps, and in
other cases gets location data from other partners. Anomaly Six is a
federal contractor that provides global-location-data products to branches
of the U.S. government and private-sector clients. The company told The
Wall Street Journal it restricts the sale of U.S. mobile phone movement
data only to nongovernmental, private-sector clients. Numerous agencies of
the U.S. government have concluded that mobile data acquired by federal agencies from advertising is lawful. Several law-enforcement agencies are
using such data for criminal-law enforcement, the Journal has reported,
while numerous U.S. military and intelligence agencies also acquire this
kind of data."

------------------------------

Date: Sat, 8 Aug 2020 21:29:21 -0400
From: Monty Solomon <monty@roscom.com>
Subject: Thousands of cases went unreported in California when a computer
server failed. (NYTimes)

https://www.nytimes.com/2020/08/07/world/covid-19-news.html

As California surpassed 10,000 coronavirus deaths this week, the head of the state's Health and Human Services Agency, Dr. Mark Ghaly, said a breakdown
in the main disease reporting system had undercounted as many as 300,000
test results. ``Our data system failed, and that failure led to inaccurate case numbers.''

The malfunctions in the data system were compounded in recent days by huge backlogs in testing -- in some California counties results are taking more
than two weeks to process -- muddying the overall picture of the virus's progression in the nation's most populous state.

------------------------------

Date: August 6, 2020 20:36:27 JST
From: Richard Forno <rforno@infowarrior.org>
Subject: Blackstone to acquire Ancestry.com for $4.7 billion (Oguh)

(You likely do NOT want your genetic data owned by China *or* a private
equity firm, even one based in America. --rick) <via Dave Farber>

Chibuike Oguh, Reuters, Blackstone to acquire Ancestry.com for $4.7B

https://www.reuters.com/article/us-ancestry-m-a-blackstone-group/blackstone-to-acquire-ancestry-com-for-4-7-billion-idUSKCN2512ES

(Reuters) - Blackstone Group Inc (BX.N) said on Wednesday it agreed to
acquire genealogy provider Ancestry.com Inc from private equity rivals for
$4.7 billion, including debt, placing a big bet on family-tree chasing as
well as personalized medicine.

Ancestry.com is the world's largest provider of DNA services,
allowing customers to trace their genealogy and identify genetic health
risks with tests sent to their home.

Blackstone is hoping that more consumers staying at home amid the COVID-19 pandemic will turn to Ancestry.com for its services.

``We believe Ancestry has significant runway for further growth as people of all ages and backgrounds become increasingly interested in learning more
about their family histories and themselves,'' David Kestnbaum, a Blackstone senior managing director, said in a statement.

The deal is Blackstone's first acquisition out of Blackstone Capital
Partners VIII, the largest-ever private equity fund that raised $26 billion from investors last year.

Ancestry.com has more than 3 million paying customers in about 30 countries, and earns more than $1 billion in annual revenue. Launched in 1996 as a
family history website, it harnessed advances in DNA testing and mobile
phone apps in the following two decades to expand its offerings.

Blackstone is buying Ancestry.com from private equity firms Silver Lake, Spectrum Equity and Permira. Singapore's sovereign wealth fund GIC, another Ancestry.com investor, said it will continue to maintain a significant
minority stake in the company.

The acquisition's price tag represents a significant jump to Ancestry.com's valuation from four years ago, when Silver Lake and GIC invested in the
Lehi, Utah-based company at a $2.6 billion valuation.

------------------------------

Date: Mon, 10 Aug 2020 9:33:38 PDT
From: "Peter G. Neumann" <neumann@csl.sri.com>
Subject: USG Contractor Embedded Software in Apps to Track Phones (WSJ)

*The Wall Street Journal*, 7 Aug 2020
Anomaly Six has ties to military, intelligence agencies and draws location
data from more than 500 apps with hundreds of millions of users

Consumers have no way of knowing whether software-development kits that can track their locations are embedded in their apps.

https://www.wsj.com/articles/u-s-government-contractor-embedded-software-in-apps-to-track-phones-11596808801

Washington -- A small U.S. company with ties to the U.S. defense and intelligence communities has embedded its software in numerous mobile apps, allowing it to track the movements of hundreds of millions of mobile phones world-wide, according to interviews and documents reviewed by The Wall
Street Journal.

------------------------------

Date: Thu, 13 Aug 2020 07:26:20 +0800
From: Dan Jacobson <jidanni@jidanni.org>
Subject: Illiterate cell phone user experience

A web search finds lots of articles about illiterate cellphone users.
Usually the elderly or people in undeveloped countries.

My first experience instructing one over the phone: "OK, under my picture
there should be a Add Friend button." "Probably red and green
buttons... push the green one." They said: "Oops, I already pushed the red one." (Which blocked me. The block list being within a menu that they
needed to be literate to find. Alas...)

------------------------------

Date: Thu, 13 Aug 2020 18:36:54 -0400
From: Gabe Goldberg <gabe@gabegold.com>
Subject: Photoshop Will Help ID Images That Have Been Photoshopped (WiReD)

Adobe is adding technology to tag images with metadata, part of an effort to identify deepfakes and other efforts at manipulation.

https://www.wired.com/story/photoshop-id-images-photoshopped-deepfake/

------------------------------

Date: Tue, 11 Aug 2020 16:38:45 -1000
From: geoff goodfellow <geoff@iconia.com>
Subject: Is it the AI That's Racist, or is it the Humans That Create the AI?
(AI Daily)

Racism is a poison in our society, one which until recently, AI was thought immune to. Underlying this is the notion that AI are incapable of conscious thought, so they cannot consciously discriminate. However, much like humans
can have unconscious bias, so can AI. Over the last decade there have been countless examples of racial bias displayed in AI algorithms, or AI learning racism through machine learning. As a mixed-race individual, I want to know where AI has been racist and why this was the case.

MIT were embarrassed in July this year, when they were forced to take
offline an AI training data-set which, following an investigation by *The Register*, was found to be describing people with racist, misogynistic and discriminatory language. The data-set had been used to train machine
learning models to identify people and items in images. However, the descriptions of those people were often highly derogatory and contained
highly offensive language. The issue here was, due to a lack of oversight,
that the models were accidentally trained using discriminatory data. While
this problem is easily rectified once identified, it does highlight the risk that machine learning algorithms with poorly constructed data-sets pose, especially if the *racism* in those data-sets is more subtle, such as an machine learning algorithm which scores negative points for *non-British
names* on CVs.

Google was forced to apologise in April after its *Vision AI*, an algorithm which labels images based on their content, was found to come up with very different results dependent on the skin colour of people in the image. This
is demonstrable by the image below, where when a black person holds a thermometer, it is labeled as a *gun* but when a white person holds the
same thermometer, it is labeled as a *tool*. This result purports the
racial stereotype that black people are violent, leading to concerns that
the algorithm was racially biased. Yet again, we see an issue with a poor dataset used to train the algorithm unintentionally leading to racial bias, which further affirms just how important it is that the datasets are
properly curated before training. [...] https://aidaily.co.uk/articles/is-the-ai-racist-or-is-it-the-humans-that-create-it

------------------------------

Date: Sat, 8 Aug 2020 11:24:48 -0700
From: Peter Neumann <neumann@csl.sri.com>
Subject: AI bias detection ... (RISKS-32.18)

I had a complaint out of band, which applies to all items that deal
broadly with specific aspects of AI:

It would be very nice if the people who post numbers like these would
provide the definition of *AI* that they are using. A definition that
allows us to look at a program and tell whether it is AI or not is
necessary to make such numbers meaningful.

More generally, I think it is difficult to argue about trustworthiness of
AI overall, especially when the systems in which it is embedded are not trustworthy. PGN

------------------------------

Date: August 11, 2020 8:52:32 JST
From: Richard Forno <rforno@infowarrior.org>
Subject: Leaked Documents Reveal What TikTok Shares with Authorities -- in
the U.S.

[Via Dave Farber]

A glimpse at what the social media platform does in the U.S. underscores
that data privacy issues extend beyond China.

https://theintercept.com/2020/08/10/blueleaks-tiktok-law-enforcement-privacy/

------------------------------

Date: Thu, 13 Aug 2020 13:36:41 -1000
From: geoff goodfellow <geoff@iconia.com>
Subject: Why & Where You Should You Plant Your Flag (Krebs on Security)

Several stories here have highlighted the importance of creating accounts online tied to your various identity, financial and communications services before identity thieves do it for you. This post examines some of the key places where everyone should plant their virtual flags.

As KrebsOnSecurity observed back in 2018 <https://krebsonsecurity.com/2018/06/plant-your-flag-mark-your-territory/>, many people -- particularly older folks -- proudly declare they avoid using
the Web to manage various accounts tied to their personal and financial
data -- including everything from utilities and mobile phones to retirement benefits and online banking services. From that story:

``The reasoning behind this strategy is as simple as it is alluring: What's
not put online can't be hacked. But increasingly, adherents to this mantra
are finding out the hard way that if you don't plant your flag online, fraudsters and identity thieves may do it for you.''

``The crux of the problem is that while most types of customer accounts
these days can be managed online, the process of tying one's account number
to a specific email address and/or mobile device typically involves
supplying personal data that can easily be found or purchased online -- such
as Social Security numbers, birthdays and addresses.''


[continued in next message]

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)