RISKS-LIST: Risks-Forum Digest Monday 7 September 2020 Volume 32 : Issue 25

ACM FORUM ON RISKS TO THE PUBLIC IN COMPUTERS AND RELATED SYSTEMS (comp.risks) Peter G. Neumann, founder and still moderator

***** See last item for further information, disclaimers, caveats, etc. ***** This issue is archived at <http://www.risks.org> as
<http://catless.ncl.ac.uk/Risks/32.25>
The current issue can also be found at
<http://www.csl.sri.com/users/risko/risks.txt>

Contents:
Blistering Consumer Reports review of Tesla's $8000 full self-driving
package, including some serious safety concerns (Twitter)
Research questions (Gene Spafford)
Apple Accidentally Approved Malware to Run on MacOS (WiReD)
Parents Face Tech Issues On First Day Of School In Wash DC and Maryland
(DCist)
Man blows up part of house while chasing fly (bbc.com)
The surprising secret hidden in a pregnancy test (bbc.com)
It Has Come to This: Ignore the CDC (NYTimes OpEd)
Intel Slips, and a High-Profile Supercomputer Is Delayed (NYTimes)
Amazon Drivers Are Hanging Smartphones in Trees to Get More Work
(Bloomberg)
Russians Again Targeting Americans With Disinformation, Facebook
and Twitter Say (NYTimes)
FBI worried that Ring doorbells are spying on police (bbc.com)
The Subtle Tricks Shopping Sites Use to Make You Spend More (WiReD)
A Saudi Prince's Attempt to Silence Critics on Twitter (WiReD)
California: Tell Your Senators That Ill-Conceived Immunity Passports Won't
Help Us (EFF)
Online Voting Company Pushes to Make It Harder for Researchers to
Find Security Flaws (Alfred Ng)
Russian election interference continues (NYTimes)
"Vote early, vote often?"
Happy National Poll Worker Recruitment Day (Rebecca Mercuri)
Re: For Election Administrators, Death Threats Have Become Part of the Job
(Malcolm)
Court Approves Warrantless Surveillance Rules While Scolding FBI (NYTimes) Blanked-Out Spots On China's Maps Helped Us Uncover Xinjiang's Camps
(Buzzfeed)
How Four Brothers Allegedly Fleeced $19 Million From Amazon (WiReD)
A critical flaw is affecting thousands of WordPress sites (WiReD)
Is Your Chip Card Secure? Much Depends on Where You Bank (EPAM)
The Brain Implants That Could Change Humanity (NYTimes)
Neuralink: Elon Musk unveils pig he claims has computer implant in brain
(The Guardian)
New parking technology aims to manage curb space virtually (WashPost)
The Pod People Campaign: Driving User Traffic via Social Networks
(Courtney Falk via Gene Spafford)
Re: Humans Take a Step Closer to Flying Car (geoff goodfellow)
Re: Driverless cars are coming soon followup (Martin Ward)
Re: Tesla with Autopilot hits cop car; driver admits he was watching a movie
(Barry Gold)
Re: Date and time synchronization (David E. Ross, Terje Mathisen)a
Re: Dicekeys, an additional risk (Craig S. Cottingham, Bob Wilson)
Re: Greenland glacier melt (Amos Shapir, David Damerell)
Re: Grading by algorithm results in UK debacle (John Murrell)
Abridged info on RISKS (comp.risks)

----------------------------------------------------------------------

Date: Fri, 4 Sep 2020 16:02:39 -1000
From: geoff goodfellow <geoff@iconia.com>
Subject: Blistering Consumer Reports review of Tesla's $8000 full
self-driving package, including some serious safety concerns (Twitter)

https://twitter.com/russ1mitchell/status/1302026681029283840

------------------------------

Date: Tue, 1 Sep 2020 10:25:33 -0400
From: Gene Spafford <spaf@purdue.edu>
Subject: Research questions

How sad that all the computing questions in Dave Farber's] list (at the URL
in the post) are devoted to AI/ML. We have an incredibly rich and broad
field with many important open problems in software engineering,
cybersecurity, privacy, HPC, programming environments, HCI, robotics, databases, machine architecture, distributed/cloud/fog computing, IoT, and more. I'm surprised that at least one of the other fads didn't show up,
such as quantum computing. (Thankfully, this was one list that didn't
include the death cult favorite *blockchain*.)

It seems about every 20 years the AI/ML *bug* bites people and causes a huge surge of interest. After all, the idea of creating *thinking* artifacts is rather appealing, especially to investors who would rather not be paying salaries of real people on an on-going basis, and to military planners who envision regiments of disposable killing machines. Many of the advancements
in the area have occurred simply because we have faster processing and more memory than the last time we made the big investments in this area =94 which are not advances in AI/ML per se, but came out of more traditional research. Our ability to make bad decisions is now so much faster than human thought (even augmented with bourbon or tequila) that it has far outstripped our willingness to think about ethics and human good. The results are
increasingly worrisome to those of us who believe, as a core value, precept
1.2 of the ACM Code of Ethics: Avoid Harm.

I remember reading Frank Herbert's Dune in about 1975. I thought the idea
of the *Butlerian Jihad* was quite interesting, especially in light of films such as The Corbin Project and Terminator. The Doomsday network in
Dr. Strangelove also comes to mind. (I could list another dozen movies and novels, including War Games, The Matrix, Ava, and 2001. Surely someone has
a list of these somewhere.) When I did some of my original research on computer viruses, *When Harley Was One* brought another view of the issues
to mind that was beginning to appear in the real world. One does not need
to turn to science fiction to see some of the issues. Regular readers of
the Risks Digest and works by Charles Perrow (e.g., *The Next Catastrophe*)
can see real-world examples and extrapolations.

My point in citing these works is not only that moving key decision-making
from humans to computers is potentially dangerous, but that some of those
same complexities and pitfalls are foreseeable -- or even predictable. Why, therefore, isn't the scoping, containment, and safe use of computing THE dominant research problem for our field -- and society, in general? Do we
need a Skynet to emerge and a Butlerian Jihad to occur to get on that path? We're already flirting with self-destruction with our damage to the
environment and some bio-engineering. Do we need to add cybernetic war to
the mix to ensure our demise? (Hmm, tongue-in-cheek thought experiment: as
the Russians are using social media to promote social division and turmoil, perhaps an extraterrestrial species is seeding our research to promote our self-destruction. While Elon Musk was showing off his porcine Neuralink, perhaps someone should have gotten a DNA sample from him to check his humanity?)

Fundamentally, we are building systems that are already too complex to make without flaws, and we continue to add layers and nodes. The people designing these systems may believe in a Star Trek future, but with human nature as it is, Blade Runner is more where we seem to be headed. The systems being
fielded are unsecurable and safety hazards. Devoting so much attention to adding further complexity that we don't fully understand and whose results
we can't explain is only making things worse; chaos emerges, entropy wins, eschatology comes to the fore.

If there is to be a list of major research challenges in CS published, let's have one that is representative of the breadth and richness of the field,
and that includes problems that have profound impact on people rather than representing current hype.

[Spaf's message was in response to Wendy M. Grossman's posting on Dave
Farber's IP list. <wendyg@pelicancrossing.net> I apparently overlooked
both, but fortunately Spaf submitted it directly to RISKS. This is very
relevant to past items on the risks of hype, AI, etc. PGN]

https://80000hours.org/articles/research-questions-by-discipline/

Research questions that could have a big social impact, organised by discipline

Introduction

People frequently ask us what high-impact research in different
disciplines might look like. This might be because they're already working
in a field and want to shift their research in a more impactful
direction. Or maybe they're thinking of pursuing an academic research
career and they aren't sure which discipline is right for them.

In any case, below you will find a list of disciplines and a handful of research questions and project ideas for each one. They are meant to be illustrative, in order to help people who are working or considering
working in these disciplines get a sense of what some attempts to approach them from a longtermist perspective might look like. They also represent projects that we think would be useful to pursue from a longtermist perspective.

The lists are not meant to be exhaustive; nor are they meant to express a considered view on what we think the most valuable questions and projects
in each area are. Our primary strategy in compiling these lists was to
look through research agendas and collections others have put together (linked throughout as well as at the end). We generally included questions
or projects that seemed both useful for informing decisions about how to improve the long-term future and like good examples of research in their respective disciplines. When choosing between a higher-value question or project and one that struck us as more illustrative, we often chose the latter.

------------------------------

Date: Tue, 1 Sep 2020 01:20:41 -0400
From: Gabe Goldberg <gabe@gabegold.com>
Subject: Apple Accidentally Approved Malware to Run on MacOS (WiReD)

The ubiquitous Shlayer adware has picked up a new trick, slipping past Cupertino's *notarization* defenses for the first time.

https://www.wired.com/story/apple-approved-malware-macos-notarization-shlayer/

------------------------------

Date: Mon, 31 Aug 2020 18:26:32 -0400
From: Gabe Goldberg <gabe@gabegold.com>
Subject: Parents Face Tech Issues On First Day Of School In Wash DC and
Maryland (DCist)

Hundreds of thousands of students in the District and Maryland powered on
their laptops Monday for the start of a school year like no other.

The first day of virtual classes hit some snags. In Montgomery County, error messages flashed on computer screens when students tried logging on to their first classes of the school year. In Prince George's County, two children missed half of their morning classes when pages on their school-issued Chromebooks would not load. [...]

Gabrielle Brown, a spokeswoman for Prince George's County Public Schools,
said two of the county's more than 200 schools experienced problems because
too many people were using the same web server.

Brown said the 133,000-student school system fixed the problem by moving the schools to different servers. She did not say which schools experienced the issues.

https://dcist.com/story/20/08/31/dc-maryland-virtual-school-first-day-technology-problems-coronavirus-pandemic/

Scalability, what's that...

------------------------------

Date: Mon, 7 Sep 2020 11:24:02 +0800
From: Richard Stein <rmstein@ieee.org>
Subject: Man blows up part of house while chasing fly (bbc.com)

https://www.bbc.com/news/world-europe-54051423

``The man, who is in his 80s, was about to tuck into his dinner when he
became irritated by a fly buzzing around him. He picked up an electric
racket designed to kill bugs and start swatting at it -- but a gas canister
was leaking in his Dordogne home.''

The non-electric flyswatter, perhaps less effective than the juiced-up
model, does not possess ignition risk.

[Perhaps he thought of Linoleum Blownapart? PGN]

------------------------------

Date: Mon, 7 Sep 2020 11:11:08 +0800
From: Richard Stein <rmstein@ieee.org>
Subject: The surprising secret hidden in a pregnancy test (bbc.com)

https://www.bbc.com/news/technology-54025997

"A teardown of a digital pregnancy test has created a buzz after revealing
it contained a standard paper test, similar to those used by GPs. The
experiment has raised questions about whether the extra cost of digital
pregnancy tests is justified. Some say the electronics give women a
clearer answer but others point to the e-waste created by digital test
kits. The experiment also found the digital test contained a
microprocessor more powerful than early home computers. But the
electronics themselves did not play a role in the hormone detection."

The clearblue.com website (https://www.clearblue.com/pregnancy-tests) yields two peer-reviewed references on home-based pregnancy tests. Among them is "Comparison of analytical sensitivity and women's interpretation of home pregnancy tests" @ https://pubmed.ncbi.nlm.nih.gov/25274958/ by Sarah
Johnson, Michael Cushion, Sharon Bond, Sonya Godbert, Joanna Pike retrieved
on 06SEP2020. I do not know if the publisher, "The Journal of Clinical Chemistry and Laboratory Medicine" requires reviewer conflict of interest disclosures.

Their conclusion: "Many home-based pregnancy tests commonly used by women
are not as accurate as their packaging information claims. International
test standards which define appropriate performance characteristics for home pregnancy tests are urgently required."

Computers leave no margin for doubt when they render output. Whether the correct result is rendered is another matter. False negative/positive rates
of detection are considerations. The cited reference suggests that "trust,
but verify" is the best strategy.

There is also the matter of e-waste disposal and/or recycling. https://www.thebalancesmb.com/e-waste-recycling-facts-and-figures-2878189 estimates 50 million metric tons world-wide annually by 2020.

------------------------------

Date: Tue, 1 Sep 2020 13:49:23 +0900
From: Dave Farber <farber@keio.jp>
Subject: It Has Come to This: Ignore the CDC (NYTimes OpEd)

[I consider this to be non-political. Dave Farber]

[I consider it to be right down the mainstream of RISKS items on
science, transparency, etc. PGN]

Harold Varmus and Rajiv Shah, *The New York Times, 31 Aug 2020

[Harold Varmus, a professor at Weill Cornell Medicine and a former
director of the National Institutes of Health, was a co-chair of President
Barack Obama's Council of Advisers on Science and Technology. Rajiv Shah
is president of the Rockefeller Foundation.]

https://www.nytimes.com/2020/08/31/opinion/cdc-testing-coronavirus.html <https://www.nytimes.com/2020/08/31/opinion/cdc-testing-coronavirus.html>

It Has Come to This: Ignore the CDC

The agency's new guidelines are wrong, so states have to step up on their
own to suppress the coronavirus.

We were startled and dismayed last week to learn that the Centers for
Disease Control and Prevention, in a perplexing series of statements had altered its testing to reduce the testing of asymptomatic people for the coronavirus. <https://www.nytimes.com/2020/08/27/us/politics/trump-coronavirus-testing.html> <https://www.cdc.gov/coronavirus/2019-ncov/hcp/testing-overview.html>

These changes by the CDC will undermine efforts to end the pandemic, slow
the return to normal economic, educational and social activities, and
increase the loss of lives.

Like other scientists and public health experts, we have argued that more asymptomatic people, not fewer, need to be tested to bring the pandemic
under control. Now, in the face of a dysfunctional CDC, it's up to states, other institutions and individuals to act. <https://www.rockefellerfoundation.org/national-covid-19-testing-and-tracing-action-plan>

Understanding what needs to be done requires understanding the different purposes of testing. Much of the current testing is diagnostic. People
should get tested if they have symptoms -- respiratory distress, loss of
smell, fever. There is no argument about this testing, and the altered CDC guidelines do not affect it.

But under its revised guidelines, the CDC seeks to dissuade people who are asymptomatic from being tested. Yet this group poses both the greatest
threat to pandemic control and the greatest opportunity to bring the
pandemic to an end. It is with this group that our country has failed most miserably.

Consider the logic. Without tests or a highly effective vaccine, the only certain way to prevent further spread of the virus would be to isolate
everyone from everyone else. In theory, this would work, but it is untenable
-- if not impossible -- because of the economic and social consequences of shutdowns.

Tests, however, can reduce the number of people who need to be isolated --
and only for as long as they are shown to be infected. If those tests were
to be performed frequently (even daily) and widely (even universally), it is almost certain that the pandemic would evaporate in just a few weeks.

That much diagnostic testing is not feasible, given the costs and logistics,
as well as the likelihood that some would refuse to comply.

So it makes sense to modulate the strategy by testing those who are at
greatest risk of infection, and those who are most likely to spread the
virus if they become infected.

We can make well-informed predictions about those who should be given
priority. Most obviously, testing is essential for those who are known to
have been significantly exposed to an infected person, as determined by
contact tracing. But testing is also important for those who have been or
will soon be mixing with large groups in close quarters at work; entering
the schools and colleges that are now reopening; and attending public events like concerts and sports matches.

The financial and other practical demands of widespread testing can be
lowered by making rational decisions about the optimal times for performing
the tests -- a few days after being in contact with an infected person, for instance, or just before congregating with many others.

The logistics and costs can be further reduced by simplifying the tests -- using saliva samples collected at home, rather than uncomfortable nasal
swabs that require trained personnel at specific locations; or by using so-called antigen tests, a cheap and rapid method to look for viral
proteins, rather than expensive laboratory machines to find viral RNA. Even
if these tests are a bit less accurate, their lower cost, higher speed and
more frequent use make up for it.

Some of these new methods have already been authorized for use by the Food
and Drug Administration. And the Department of Health and Human Services has also committed to purchasing large quantities of antigen tests. <https://www.nytimes.com/aponline/2020/08/26/health/ap-us-med-virus-outbreak-new-tests.html>
<https://www.nytimes.com/2020/08/27/world/covid-19-coronavirus.html>

These are practical and essential actions that need to be taken now. In the absence of sensible guidance from the CDC, what can the country do to
control the pandemic? We urge at least three actions.

State and local leaders should be emboldened to act independently of the federal government and do more testing. Some governors and local public
health officials, from both parties, are already doing so and are ignoring
the CDC's revisions <https://www.nytimes.com/2020/08/27/us/ca-covid-testing.html>. This position
is legally sound, since the CDC is an advisory agency, not a regulatory
one. Still, such discord undermines confidence in public health directives.

Insurance companies, city and state governments, and the Center for Medicare and Medicaid Services should recognize the economic and health benefits of testing prioritized, asymptomatic populations and provide reasonable reimbursement for these tests. A major impediment to more widespread testing has been the lack of coverage in the absence of symptoms or known contacts
with infected individuals. The costs of testing are decreasing as new
methods, like antigen testing, are introduced, and may be further reduced as the pooling of samples makes testing more efficient.

While more widespread testing for the virus is an essential factor in
pandemic control, we need to make it part of a broad program that helps
prevent transmission -- mask-wearing, hand-washing, quarantining and use of personal protective equipment.

The CDC, the federal agency that should be crushing the pandemic, is
promoting policies that prolong it. That means that local, state and organizational leaders will have to do what the federal government won't.

------------------------------

Date: Tue, 1 Sep 2020 21:13:29 +0800
From: Richard Stein <rmstein@ieee.org>
Subject: Intel Slips, and a High-Profile Supercomputer Is Delayed
(NYTimes)

https://www.nytimes.com/2020/08/27/technology/intel-aurora-supercomputer.html

The exascale computer: 1E9 GFLOP == 10^15 FLOPs, or 1 exaFLOP (1 EFLOP?), double-precision FLOPS @ 64-bit per IEEE-754-2008.

That Intel is tardy suggests a few foundry issues to address before they can cost-effectively stamp out the new "Ponte Vecchio" graphical processing
units (GPUs) for integration. A challenge to achieve high-yields for GPUs chiplets stacked ~70 angstroms apart -- the diameter of ~77 hydrogen atoms.

Aurora's paper specification can be found here: https://www.alcf.anl.gov/aurora. The box hosts a modest 10 petabytes of physical memory, a pool that will also serve as an excellent cosmic-ray
target. Assuming 1 Tbytes of physical memory per node (10 * 1024 * 10^12 10Pbytes) yields 10240 compute+memory modules in the box.

The chip and module packaging sophistication for cooling, signal routing,
power distribution, and message-passing network fabric constitutes a considerable challenge to engineer and to operate for sustained
uptime. Power consumption will likely be significant, and probably require a dedicated utility source.

There's been a longstanding race among nations and technology companies to achieve and apply massively parallel processing (MPP) computation. The "winner" gets bragging rights, and temporarily sustains a technological edge that eventually translates into consumer marketplace sales. MPPs currently represent the only affordable means to "out compute" strategic competitors.

MPP software is notoriously challenging to write and debug, given explicit message-passing dependencies (using OpenMPI), deadlock potential, and data
load balance issues to sort out. Logical concurrency representations of the computation, via Tony Hoare's communicating sequential process model, is
often applied in a single address space with multiple processes to show message-passing deadlock absence. It is far easier to detect and debug
deadlock in a single virtual address space than to attempt over a physically distributed memory structure. Once a logically concurrent process structure
is deadlock free, map it into the physical MPP architecture (using 10K+
nodes) to accelerate computation against a large (multi-Pbyte) dataset. Then there's the I/O for results interpretation. Factor in a few cosmic ray node crashes along the way. Not for the faint of heart, especially for sequential thinkers.

The PRC may have succeeded in being first to achieve and demonstrate an sustained eFLOP, though confirmation remains specious. See https://spectrum.ieee.org/computing/hardware/will-china-attain-exascale-supercomputing-in-2020.

------------------------------

Date: Tue, 1 Sep 2020 11:03:30 -1000
From: geoff goodfellow <geoff@iconia.com>
Subject: Amazon Drivers Are Hanging Smartphones in Trees to Get More Work
()

Someone seems to have rigged Amazon system to get orders first.
Operation reflects ferocious rivalry for gigs in a bad economy.
Phones hang in a tree outside a Whole Foods store in Evanston, Illinois,
on 29 Aug 2020.

A strange phenomenon has emerged near Amazon.com Inc. delivery stations and Whole Foods stores in the Chicago suburbs: smartphones dangling from trees. Contract delivery drivers are putting them there to get a jump on rivals seeking orders, according to people familiar with the matter.

Someone places several devices in a tree located close to the station where deliveries originate. Drivers in on the plot then sync their own phones
with the ones in the tree and wait nearby for an order pickup. The reason
for the odd placement, according to experts and people with direct
knowledge of Amazon's operations, is to take advantage of the handsets' proximity to the station, combined with software that constantly monitors Amazon's dispatch network, to get a split-second jump on competing drivers.

That drivers resort to such extreme methods is emblematic of the ferocious competition for work in a pandemic-ravaged U.S. economy suffering from double-digit unemployment. Much the way milliseconds can mean millions to
hedge funds using robotraders, a smartphone perched in a tree can be the
key to getting a $15 delivery route before someone else.

Drivers have been posting photos and videos on social-media chat rooms to
try to figure out what technology is being used to receive orders faster
than those lacking the advantage. Some have complained to Amazon that unscrupulous drivers have found a way to rig the company's delivery
dispatch system. [...] https://www.bloomberg.com/news/articles/2020-09-01/amazon-drivers-are-hanging-smartphones-in-trees-to-get-more-work
-or- https://tech.hindustantimes.com/tech/news/amazon-drivers-are-hanging-smartphones-in-trees-to-get-more-work-71598974024340.html

------------------------------

Date: Tue, 1 Sep 2020 20:14:01 -0400
From: Monty Solomon <monty@roscom.com>
Subject: Russians Again Targeting Americans With Disinformation, Facebook
and Twitter Say

The companies said the FBI had warned them that a so-called troll farm in
St. Petersburg set up a network of fake user accounts and a website.

https://www.nytimes.com/2020/09/01/technology/facebook-russia-disinformation-election.html

------------------------------

Date: Wed, 2 Sep 2020 08:38:29 +0800
From: Richard Stein <rmstein@ieee.org>
Subject: FBI worried that Ring doorbells are spying on police (bbc.com)

https://www.bbc.com/news/technology-53985418

"The 2017 incident describes how someone under investigation was able to 'covertly monitor law enforcement activity while law enforcement was on the premises' and alert his neighbour and landlord. It does not name the brand
of video doorbell used."

IoT doorbell devices that capture surveillance photos of "suspicious" individuals is acceptable? Enable the device settings for that option to prevent indiscriminate, pervasive surveillance.

Download the latest app that repairs the "allow cops to be photographed on duty" defect escape?

------------------------------

Date: Wed, 2 Sep 2020 00:47:22 -0400
From: Gabe Goldberg <gabe@gabegold.com>
Subject: The Subtle Tricks Shopping Sites Use to Make You Spend More (WiReD)

Through deceptive designs known as “dark patterns,” online retailers try to nudge you toward purchases you wouldn't otherwise make.

https://www.wired.com/story/amazon-online-retail-dark-patterns/

------------------------------

Date: Wed, 2 Sep 2020 01:01:09 -0400
From: Gabe Goldberg <gabe@gabegold.com>
Subject: A Saudi Prince's Attempt to Silence Critics on Twitter (WiReD)

An ongoing investigation reveals how Mohammed bin Salman's team allegedly infiltrated the platform -- and got away with it.

https://www.wired.com/story/mohammed-bin-salman-twitter-investigation/

------------------------------

Date: Wed, 2 Sep 2020 13:09:27 -0400
From: Gabe Goldberg <gabe@gabegold.com>
Subject: California: Tell Your Senators That Ill-Conceived Immunity
Passports Won't Help Us (EFF)

Electronic Frontier Foundation:

Californians should not be forced to present their smartphones to enter
public places. But that's exactly what A.B. 2004 would do, by directing the state to set up a blockchain-based system for immunity passports: a
verified health credential that shows the results of someone's last COVID-19 test, and uses those to grant access to public places.

By claiming that blockchain technology is part of a unique solution to the public health crisis we're in, AB 2004 is opportunism at its worst. We are proud to stand with Mozilla and the American Civil Liberties Union's
California Center for Advocacy and Policy in opposing this bill. We
encourage you to tell your senator to oppose it, too.

https://www.eff.org/deeplinks/2020/08/california-tell-your-senators-ill-conceived-immunity-passports-wont-help-us

------------------------------

Date: Fri, 4 Sep 2020 12:46:12 -0400 (EDT)
From: ACM TechNews <technews-editor@acm.org>
Subject: Online Voting Company Pushes to Make It Harder for Researchers to
Find Security Flaws (Alfred Ng)

Alfred Ng, CNET, 3 Sep 2020, via ACM TechNews, Friday, September 4, 2020

The Voatz electronic-voting company argued in a brief filed with the U.S. Supreme Court that security researchers should only seek flaws in e-voting systems with companies' permission. Voatz said, "Allowing for unauthorized research taking the form of hacks/attacks on live systems would lead to uncertain and often faulty results and conclusions, [and] makes
distinguishing between true researchers and malicious hackers difficult."
Voatz in February disputed Massachusetts Institute of Technology
researchers' conclusions that its e-voting platform was rife with vulnerabilities, claiming their findings were "relatively useless" because
the investigation was unauthorized. Researchers are pushing for the high
court to consider such work shielded from the Computer Fraud and Abuse Act, which deems any intentional, unauthorized access to a computer a federal
crime. They warned that malefactors will exploit the knowledge gap created
if flaw detection and disclosure are allowed only with companies' explicit consent, rendering security research ineffective. "https://www.cnet.com/news/online-voting-company-pushes-to-make-it-harder-for-researchers-to-find-security-flaws/"

[Voatz has had considerable controversy. For example, see https://www.supremecourt.gov/DocketPDF/19/19-783/153062/20200903122434600_Voatz%20Amicus%20Brief.pdf
PGN]

------------------------------

Date: Wed, 2 Sep 2020 15:17:23 PDT
From: "Peter G. Neumann" <neumann@csl.sri.com>
Subject: Russian election interference continues (NYTimes)

Politico reported (yesterday): Russians Again Targeting Americans With Disinformation, Facebook and Twitter Say <https://www.nytimes.com/2020/09/01/technology/facebook-russia-disinformation-election.html>

The companies said the F.B.I. had warned them that the Kremlin-backed Internet Research Agency set up a network of fake user accounts and a website.

------------------------------

Date: Wed, 2 Sep 2020 13:40:22 -0700
From: Lauren Weinstein <lauren@vortex.com>
Subject: "Vote early, vote often?"

Trump urges supporters to vote by mail AND in person, telling them to commit voter fraud

[It's a felony. PGN]

------------------------------

Date: Tue, 1 Sep 2020 08:47:43 -0400
From: DrM Rebecca Mercuri <notable@mindspring.com>
Subject: Happy National Poll Worker Recruitment Day

1 Sep [was] National Poll Worker Recruitment Day -- a national awareness day established by the U.S. Election Assistance Commission to encourage people
to help America vote by serving as poll workers. "By encouraging more
people to become poll workers in their communities, National Poll Worker Recruitment Day aims to address the critical shortage of poll workers, strengthen democracy, inspire greater civic engagement and volunteerism, and help ensure free and fair elections in November 2020 and beyond."

To sign up (do it soon) to get a PAID poll worker assignment in your local community, go to <https://www.eac.gov/help-america-vote>

[Rebecca is perhaps best known in the election community for her 2001
thesis on the voter-verified audit trail, Electronic Vote Tabulation
Checks and Balances. She is now Tweeting daily (through Nov 2020) on
election topics and voting security concerns. You can follow her at

[continued in next message]

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)