RISKS-LIST: Risks-Forum Digest Friday 2 October 2020 Volume 32 : Issue 30

ACM FORUM ON RISKS TO THE PUBLIC IN COMPUTERS AND RELATED SYSTEMS (comp.risks) Peter G. Neumann, founder and still moderator

***** See last item for further information, disclaimers, caveats, etc. ***** This issue is archived at <http://www.risks.org> as
<http://catless.ncl.ac.uk/Risks/32.30>
The current issue can also be found at
<http://www.csl.sri.com/users/risko/risks.txt>

Contents:
Microsoft says Russia behind most nation-state cyber-attacks (Bloomberg) Conservative operatives face felony charges in connection with robocalls
seeking to mislead voters (WashPost)
More on Cambridge Analytica (UK Channel 4)
Error discovered on Georgia touchscreens in US Senate race (Mark Niesse) Maryland's web-delivered ballots must be hand-copied to be counted
(WashPost)
Tokyo Stock Market Halts Trading for a Day, Citing Glitch (NYTimes)
Is The Internet falling apart? (The Hill)
Apple marches to a different beat (Henry Baker)
Robots smaller than the width of a hair (bbc.com)
Could future AI turn animals against us? (The Next Web)
This Is How Much Top Hackers Are Earning From Bug Bounties (Steve Ranger) Windows XP source code leaks online (The Verge)
File under `feature interaction' (BBC)
Third-Party Code Bug Left Instagram Users at Risk of Account Takeover
(Alex Scroxton)
MIT Media Lab develops sleep-tracking device that alters dreams to boost
creativity (Science Times)
Privacy of biometric data in DHS hands in doubt, IG says (RollCall)
New homeowner 'freaked out' when stranger took control of her security
system (CBC.CA)
Alarm company "overlooked" change of home ownership (CBC.CA)
Teacher saw a BB gun in 9-year-old's room during online class, who faced
expulsion (WashPost)
Using deep learning to control the unconsciousness level of patients in an
anesthetic state (Techxplore.com)
Re: A Tesla driver was caught sleeping on Autopilot (Martin Ward)
Re: Tribune staff furious as cybersecurity test email makes cruel promises
(John Beattie)
Re: D.C.'s New Area Code Will Be... 771 (Wol)
Re: Pandemic spurs journalists to go it alone via email
(Steve and Micki Bacher)
Abridged info on RISKS (comp.risks)

----------------------------------------------------------------------

Date: Wed, 30 Sep 2020 10:52:08 -1000
From: geoff goodfellow <geoff@iconia.com>
Subject: Microsoft says Russia behind most nation-state cyber-attacks
(Bloomberg)

Targets have ranged from elections to the Olympic Games* Hackers in Iran
and China have also been active, report says

Russia-based hackers are responsible for the majority of nation-state
attacks on Microsoft customers, according to new data from company.

Microsoft Corp. has issued 13,000 alerts about nation-state hacking
attempts to its customers in the last two years, with 52% of incidents
between July 2019 and June 2020 related to Russian hackers -- whose targets have ranged from elections to the Olympics, according to a report published Tuesday. Iran was responsible for a quarter of the alerts while China was responsible for 12%. The remainder of the nation-state activity observed by Microsoft came from North Korea and other countries.

Russian hackers have targeted elections and political organizations in
multiple countries, as well as non-profit groups, professional services and higher education, according to Microsoft. Kremlin-linked hackers also tried
to break into 16 sporting and anti-doping organizations on three continents amid doping investigations into Russia athletes.

``We see nation-state actors constantly evolving, trying new techniques,''
said Tom Burt, a vice president at Microsoft. ``As it stands today the attackers are winning in that they are so well resourced, so determined and
so agile.'' Foreign hackers have continued to target organizations related
to American politics in recent weeks, he said.

Iranian hackers have also been prolific, stepping up the volume of their attacks in the last six months, according to Burt. In August 2019 alone, Iranian hackers attacked 241 Microsoft accounts associated with a U.S. presidential campaign, current and former U.S. officials, political
journalists and well-known Iranians living abroad, the report said. While
only four of these attacks were successful, Microsoft anticipates an
increase activity as the U.S. election approaches.

Hackers based in China have ``attempted to gain intelligence on
organizations associated with the upcoming U.S. presidential election,'' according to Microsoft. Those hackers have also been active in cyber-attacks related to medical research. Among multiple attempts to hack medical
research institutions in the U.S. and Asia, China-based hackers attacked an unnamed U.S. university that was researching a coronavirus vaccine in March. [...]

https://www.bloomberg.com/news/articles/2020-09-29/microsoft-says-russia-behind-most-nation-state-hacking-attempts
-or- https://www.msn.com/en-us/news/world/microsoft-says-russia-behind-most-nation-state-cyber-attacks/ar-BB19xXsj

------------------------------

Date: Fri, 2 Oct 2020 02:30:14 -0400
From: Monty Solomon <monty@roscom.com>
Subject: Conservative operatives face felony charges in connection with
robocalls seeking to mislead voters (WashPost)

If convicted, the pair could face up to 24 years in prison each

https://www.washingtonpost.com/politics/2020/10/01/wohl-robocall-michigan/

------------------------------

Date: September 30, 2020 23:04:14 JST
From: David Isenberg <isen@isen.com>
Subject: More on Cambridge Analytica (UK Channel 4)

[Via Dave Farber]

Channel 4 in the UK has released an amazing 20 minute video that is the best explanation I've seen of how Cambridge Analytica used Facebook data to micro-target voters to influence the 2016 US election and the Brexit vote: https://www.youtube.com/embed/KIf5ELaOjOk

There's also another most interesting video from the same project
that digs into one guy's Facebook/Cambridge Analytica file" https://www.youtube.com/watch?v=5Swqc2NjEXM

This second video shows one particular guy's file, which contains his psychographic profile, including openness, conscientiousness, extroversion, agreeableness and neuroticism scores by percentile.

It "knows" what kind of car the individual has, that he's a gamer, what his investments are, what his diet is, whether he uses coupons, if he writes a blog, how he uses The Internet and social media, whether he has a home
office and what charities he gives to. And a bunch of other things.

From these aggregated data, it's easy to imagine how CA could determine

things like who he'd vote for and the strength of his commitment to the
voting process, and target manipulative ads and messages from "friends" accordingly.

In my humble opinion, both videos are must-watch for all who consider themselves to be technology literate.

------------------------------

Date: Sat, 26 Sep 2020 17:19:27 PDT
From: "Peter G. Neumann" <neumann@csl.sri.com>
Subject: Error discovered on Georgia touchscreens in US Senate race
(Mark Niesse)

Mark Niesse, *Atlanta Journal Constitution( <https://www.ajc.com/politics/error-discovered-on-georgia-touchscreens-in-us-senate-race/M7CJDSSZHRDBJFGTHYCPJ4APHM/>

Election officials working to correct issue before early voting begins 12
Oct. Georgia election officials said Saturday they found a programming
error on the state's voting touchscreens that caused a row of candidates in
the 21-person U.S. Senate special election to disappear at times when
flipping back and forth between screens. This will require reprogramming
the state's 30,000 new touchscreens. The issue occurred in the U.S. Senate special election, which includes Republican U.S. Sen. Kelly Loeffler and
U.S. Rep. Doug Collins, along with Democrats Raphael Warnock, Matt Lieberman and Ed Tarver.

[Long item PGN-ed]

------------------------------

Date: Sun, 27 Sep 2020 14:15:01 -0400
From: Gabe Goldberg <gabe@gabegold.com>
Subject: Maryland's web-delivered ballots must be hand-copied to be counted
(WashPost)

The rush to vote from home this year left Maryland election judges with a burden that plagues no other state in the country: Ballots delivered online cannot be read by the state's scanning machines. To be counted, each of
those ballots must instead be hand-copied by election judges onto a
cardstock ballot. And each week, more requests for those Web-delivered
ballots are rolling into election offices around the state, dramatically increasing the pressure on a system built for a far different type of
election.

A month ahead of the deadline, more than 111,000 people have requested Web-delivered blank ballots -- nearly twice the volume of the previous election. About 924,000 voters have so far asked for ballots to be mailed
to them.

The Web-delivered ballots offer front-end expediency for voters, who can
follow a link in their email, enter credentials on a website and download a ballot packet to print at home on regular paper. But on the back end, that plain paper becomes a first draft, and every voter's choices must be transcribed onto oversize cardstock that can be scanned.

For transparency's sake, the transcription is done by a pair of judges --
one a Republican, the other a Democrat. One judge reads the ballot choices aloud, and the other marks them down on the ballot. Then the judges switch
jobs to check each other's work.

The process takes about five minutes per ballot, election officials said. As
of Thursday, that added up to more than 9,000 hours of work just to get the ballots ready to be scanned.

https://www.washingtonpost.com/local/md-politics/maryland-web-ballots-hand-copied/2020/09/23/73221310-f2bd-11ea-999c-67ff7bf6a9d2_story.html

No good deed goes unpunished.

------------------------------

Date: Thu, 1 Oct 2020 09:38:34 -0400
From: Monty Solomon <monty@roscom.com>
Subject: Tokyo Stock Market Halts Trading for a Day, Citing Glitch (NYTimes)

The exchange's operator said it planned to resume trading on Friday after a technical problem left investors unable to place orders.

https://www.nytimes.com/2020/09/30/business/tokyo-stock-market-glitch.html

------------------------------

Date: Wed, 30 Sep 2020 10:39:56 -1000
From: geoff goodfellow <geoff@iconia.com>
Subject: Is The Internet falling apart? (The Hill)

The president's two August Executive Orders banning the mobile app TikTok <https://www.whitehouse.gov/presidential-actions/executive-order-addressing-threat-posed-tiktok/>
and the mobile app WeChat <https://www.whitehouse.gov/presidential-actions/executive-order-addressing-threat-posed-wechat/>,
along with the State Department's major foreign policy initiative for a ``clean'' internet within the United States <https://www.state.gov/the-clean-network-safeguards-americas-assets/> are
only the most recent signs that the once open, global Internet is slowly
being replaced by 200, nationally-controlled, separate internets. And, while these separate American, Chinese, Russian, Australian, European, British,
and other ``internets'' may decide to have some things in common with each other, the laws of political gravity will slowly pull them further apart as interest groups in each country lobby for their own concerns within their
own country. Moreover, we will probably see the emergence of a global alternat[iv]e internet before long.

Some of this nationalistic dis-integration of The Internet has been foreseen <http://www3.weforum.org/docs/WEF_FII_Internet_Fragmentation_An_Overview_2016.pdf>
as the 1990s' open/global Internet gradually became a principal domain of
war, news, espionage, politics, propaganda, banking, commerce,
entertainment, and education since around 2005. The process of creating hundreds of individual, national internets has been slow because the global Internet -- the network of networks =94 was never designed to recognize national borders and because the United States had been a forceful opponent
of a fragmented set of national internets. Both of these conditions have changed and they are changing rapidly.

To oversimplify, the genesis of the internet, the U.S. Defense
Department=99s DARPANET, was designed to allow completely different computer networks (think IBM and UNIVAC, or PC and Mac) to connect with each other by inserting between them a gateway that converts each network=99s computer language into a common internet language, called internet protocols. The
genius behind the concept is that not all computer networks needed to use
the same computer language they only had to convert to a common language at
a gateway, which then routed everyone on every network to everyone on every other network. And -- since computer networks do not inherently notice or
care which city, province, state or country they=99re in or the nationality
of their human user -- the technology was not designed to take national
borders into account. This contrasts markedly with such media as
broadcasting and telecommunications, which basically grew with the
permission of national governments from within countries, and then
governments allowed the interconnection of their national network to others under government-controlled technical and substantive arrangements.

As background, it's important to recognize that -- by almost any measure -4
the global Internet is controlled by businesses and non-profits subject to
the jurisdiction of the United States government. Within a roughly
1,000-mile strip of land stretching from San Diego to Seattle lie most major Internet businesses and network control or standards bodies (and those that aren=99t there likely lie elsewhere in the United States). So =94 as the governments of China, Russia and Iran never tire of explaining =94 while Americans constitute around 310 million out of the world=99s 4.3 billion Internet users (around 8 percent) <https://en.wikipedia.org/wiki/List_of_countries_by_number_of_Internet_users>, the U.S. government exercises influence or control over more than 70 percent
of the Internet's controls and services.

It took China millions -- perhaps billions =94 of dollars and well over a decade to demonstrate that the inherently non-nationalistic nature of the internet could be managed through both technical and legal means, sometimes described as ``The Great Firewall of China <https://en.wikipedia.org/wiki/Great_Firewall>.'' Without listing the wide range of methods that China has used to create an internet within China that
is different from the Internet in the U.S. or Europe, suffice it to say that unless someone in China has extraordinary technical means and is willing to risk breaking the rules, the internet in China is noticeably different
(e.g. no Google, Facebook or Twitter <https://www.businessinsider.com/major-us-tech-companies-blocked-from-operating-in-china-2019-5#tumblr-6>).
China's ability to control the Internet experience within its borders
between roughly 2005 and 2018 taught many other countries that doing so,
even if costly, is possible. This lesson was not lost on Russia, Iran, Australia, Turkey, Saudi Arabia, the EU and many other countries, which
began developing legal (and sometimes technical) means to control Internet content within their borders. This legal/technical nationalization over the past decade was significantly boosted by the realization that it was
actually not very difficult for a government to substantially shut down the Internet within a territory. [...]

https://thehill.com/opinion/technology/518762-is-the-internet-falling-apart

[MODERATOR's NOTE: I have long tried to make a distinction between The
Internet (initial caps) and what are otherwise might be called "subnets of
the Internet" or even ``othernets'' that are *not* The Internet. This
worked nicely when there has been only *one Internet*. I have done some
editing here to try to make this distinction clearer. PGN]

------------------------------

Date: Mon, 28 Sep 2020 11:38:33 -0700
From: Henry Baker <hbaker1@pipeline.com>
Subject: Apple marches to a different beat

Is it just me, or do other people find that MacOS keeps their clock 2-3 *minutes* early?

I noticed that MacOS was several minutes ahead of the opening bell of the
NYSE, and started watching over the next several days. It was not a fluke.

I rebooted the machine, which got MacOS to sync with an *Apple* time server, and it was still 2-3 minutes early.

I didn't see any easy way to change the time server that this machine
consults, so it remains early.

Among other things, this time difference is a security risk, because someone might be able to utilize a *specific* time difference to identify a
particular computer.

------------------------------

Date: Tue, 29 Sep 2020 13:40:13 +0800
From: Richard Stein <rmstein@ieee.org>
Subject: Robots smaller than the width of a hair (bbc.com)

https://www.bbc.com/news/technology-54327412

The video demonstrates that silicon-device manufacturing techniques can mass produce microscopic mobile robots. The device creators suggest these
devices might one day deliver targeted chemotherapy payloads or other substances to treat human diseases.

For size comparison purposes:

a) Human blood cell diameter is ~6 to 8 micrometers (see https://en.wikipedia.org/wiki/Red_blood_cell#Human, retrieved on 29SEP2020).

b) Human hair diameter ranges between ~17 micrometers to ~181 micrometers. Thickness attributed to various genetic factors (see https://hypertextbook.com/facts/1999/BrianLey.shtml

Tablets (with silicon dioxide) are apparently used to treat osteoporosis,
heart disease, hair loss, Alzheimer's disease, etc (see https://www.webmd.com/vitamins/ai/ingredientmono-1096/silicon, retrieved on 29SEP2020). Silicon dust, if inhaled, is toxic (see https://en.wikipedia.org/wiki/Silicon#Safety, retrieved on 29SEP2020).

Risk: Unmetabolized silicon robot carcasses (toxic waste), including other minerals used to manufacture the robot, or metabolites from robot
interaction with human blood.

Double-blind clinical study needed to determine therapeutic safety.

------------------------------

Date: Fri, 2 Oct 2020 08:49:16 -1000
From: geoff goodfellow <geoff@iconia.com>
Subject: Could future AI turn animals against us? (The Next Web)

https://thenextweb.com/neural/2020/09/30/elon-musk-put-a-computer-interface-in-a-pigs-brain-could-future-ai-turn-the-animals-against-us/

------------------------------

Date: Mon, 28 Sep 2020 13:12:20 PDT
From: "Peter G. Neumann" <neumann@csl.sri.com>
Subject: This Is How Much Top Hackers Are Earning From Bug Bounties

Steve Ranger, ZDNet, 22 Sep 2020 via the ACM Tech News, 28 Sep 2020

More than $44.75 million in bounties was awarded to hackers worldwide over
the past year, up 86% annually, according to HackerOne, which operates bug bounty programs. The average bounty paid for critical vulnerabilities rose
8% over the past year to $3,650, and the average amount paid per
vulnerability was $979. To date, more than 181,000 vulnerabilities have been reported, and hackers have been paid more than $100 million. Almost nine out
of 10 of the hackers enrolled with HackerOne are under 35, and hacking is
the only source of income for one in five of the program's hackers.
HackerOne reported that, in less than a decade, nine individual hackers have been paid $1 million in total bounty earnings, more than 200 hackers have earned more than $100,000, and 9,000 hackers have earned "at least
something."

https://orange.hosting.lsoft.com/trk/click?ref=znwrbbrs9_6-27364x225229x065996&

[One might wonder how many of them are double-dipping, and selling off
their findings on the dark web as well. Probably a bad idea if they get
caught, although persistent separation of aliases in the dark web may be
less easy to match with their HackerOne identities. PGN]

------------------------------

Date: Sat, 26 Sep 2020 00:03:59 -0400
From: Monty Solomon <monty@roscom.com>
Subject: Windows XP source code leaks online (The Verge)

https://www.theverge.com/2020/9/25/21455655/microsoft-windows-xp-source-code-leak

------------------------------

Date: Sat, 26 Sep 2020 19:12:00 +0100
From: Martyn Thomas <martyn@72f.org>
Subject: File under `feature interaction' (BBC)

https://www.bbc.co.uk/news/uk-england-oxfordshire-54310800

If this story is true it appears that the alcohol mist is automatic -- and
so is the sensor to detect alcohol in the driver's breath. But surely it
must have been tested ...

------------------------------

Date: Mon, 28 Sep 2020 12:50:25 -0400 (EDT)
From: ACM TechNews <technews-editor@acm.org>
Subject: Third-Party Code Bug Left Instagram Users at Risk of Account Takeover
(Alex Scroxton)

Alex Scroxton, *Computer Weekly*, 24 Sep 2020 via ACM TechNews, 28 Sep 2020

Security teams at Check Point and Facebook reported a third-party remote
code execution flaw in the Instagram photo-sharing platform, which could
have enabled malefactors to hijack accounts and use victims' devices for surveillance. Facebook calls the bug an integer overflow leading to a heap buffer overflow, and was present in Mozjpeg, an open source, third-party
JPEG decoder that Instagram uses to upload images to the application. Check Point's Yaniv Balmas highlighted the risks of using third-party code
libraries to build app infrastructures without checking for flaws. Although patched six months ago, the Mozjpeg bug is only being disclosed now in the
hope that a sufficient number of users have updated their apps to ameliorate its impact.

https://orange.hosting.lsoft.com/trk/click?ref=znwrbbrs9_6-27364x225232x065996&

------------------------------

Date: Wed, 30 Sep 2020 10:47:07 -1000
From: geoff goodfellow <geoff@iconia.com>
Subject: MIT Media Lab develops sleep-tracking device that alters dreams to
boost creativity (Science Times)

Scientists from MIT have found a way to implant ideas on the minds of people
as they fall asleep to create bizarre and abstract dreams. The researchers
used the targeted dream incubation to guide people's dreams towards
particular themes by repeating information during the first stage of
sleep. That stage is called hypnagogia, which is responsible for dreams
about psychedelic phenomena.

The technology consists of a wrist-worn electronic device that tracks sleep, called Dormio, connected to an app that delivers audio prompts during hypnagogia.

The researchers influenced the dreams of most of its study participants to dream about a tree during the earliest stage of sleep during the trials. An
MIT computer scientist also used the Dormio system to make himself dream
about the chocolate fountain seen in the classic 1971 film 'Willy Wonka and
the Chocolate Factory.' Dreams in the Hypnagogia Stage. [...] <https://www.media.mit.edu/projects/sleep-creativity/overview/>

https://www.sciencetimes.com/articles/27501/20200929/mit-sleep-alter-dreams-creativity.htm

[Think of what hacking Dormio or the app might do to a person's sanity!
Forget Willie Wonka. I remember the 1944 movie *Gaslight*, with Charles
Boyer, Ingrid Bergman, Joseph Cotten, and Angela Lansbury. PGN]

------------------------------

Date: Wed, 30 Sep 2020 10:56:15 -1000
From: geoff goodfellow <geoff@iconia.com>
Subject: Privacy of biometric data in DHS hands in doubt, IG says (RollCall)

*CBP failed to protect 184,000 facial images of cross-border travelers
before massive data breach last year, according to report* [...] https://www.rollcall.com/2020/09/29/privacy-of-biometric-data-in-dhs-hands-in-doubt-inspector-general-says/

------------------------------

Date: Mon, 28 Sep 2020 06:45:57 -0600
From: "Matthew Kruk" <mkrukg@gmail.com>
Subject: New homeowner 'freaked out' when stranger took control of her
security system (CBC.CA)

Weak laws leave thousands vulnerable, former privacy commissioner says.

The message came out of the blue for Taylor Fornell. A stranger told her he
had complete control over the home security system in her new house in Stony Plain, Alta., and could prove it.

As she stood alone in her front hall, she watched in disbelief as the man unarmed the system, unlocked doors and windows and told her he could track
when she left the house - all with a few clicks on the security company's
app. "I felt a little sick to my stomach . It's just really creepy and a breach of trust," Fornell told Go Public, referring to Vivint, the security company that installed and ran the system.

Fornell was lucky. The stranger who connected with her on Facebook was the former owner of the house.

https://www.cbc.ca/news/business/security-system-app-homeowner-stranger-1.5733444

------------------------------

Date: Mon, 28 Sep 2020 07:53:35 -0600
From: Jonathan Levine <jonathan.canuck.levine@gmail.com>
Subject: Alarm company "overlooked" change of home ownership (CBC.CA)

https://www.cbc.ca/news/business/security-system-app-homeowner-stranger-1.5733444

------------------------------

Date: Fri, 25 Sep 2020 23:08:50 -0400
From: Monty Solomon <monty@roscom.com>
Subject: Teacher saw a BB gun in 9-year-old's room during online class,
who faced expulsion

``They're applying on-campus rules to these children, even though they're learning virtually in their own homes,''said the family's attorney, Chelsea Cusimano.

https://www.washingtonpost.com/nation/2020/09/25/louisiana-student-bbgun-expulsion/

------------------------------

Date: Mon, 28 Sep 2020 15:08:19 +0800
From: Richard Stein <rmstein@ieee.org>
Subject: Using deep learning to control the unconsciousness level
of patients in an anesthetic state (Techxplore.com)

https://techxplore.com/news/2020-09-deep-unconsciousness-patients-anesthetic-state.html

"Essentially, Schamberg and his colleagues developed a deep neural network
and trained it to control anesthetic dosing using reinforcement learning
within a simulated environment. They specifically focused on the dosage of Propofol, a medication that decreases people's level of consciousness and is commonly used to perform general anesthesia or sedation on patients who are undergoing medical procedures."

The report concludes with this text:

"So far, our approach outperformed the commonly used proportional-integral-derivative controller and was robust across a variety
of patient variations in drug metabolism and effect," Schamberg said. "We
would now love to test the proposed paradigm on humans in controlled
clinical settings."

Modern anesthesia practice demonstrates dramatically low patient injury or mortality. See https://pubs.asahq.org/anesthesiology/article/110/4/759/10557/Epidemiology-of-Anesthesia-related-Mortality-in
(retrieved 28SEP2020) which estimates 1 death per 100000 anesthesia
procedures since ~2000.

General anesthesia application encompasses a procedural life cycle. Patient sedation comprises one life cycle phase (see https://my.clevelandclinic.org/health/treatments/15286-anesthesiology, retrieved on 28SEP2020).

Numerous devices, depending on surgical procedure, are used to administer sedation and for post-operative recovery: Needles, catheters, sedative injections, gas mixtures, etc. Several instruments are applied to measure patient sedation and overall vitality while under the knife: blood oxygen level, blood pressure, sedative flow, patient pulse, respiration rate, etc.

The FDA's Total Product Life Cycle reporting system reveals product codes representing widely deployed commercial anesthesia delivery systems and
kits.

This query yields 28 product codes. Individual medical device reports (MDR) attributed to the three-letter product code, and the commercial anesthesia devices it classifies, can be accessed: https://www.accessdata.fda.gov/scripts/cdrh/cfdocs/cftplc/tplc.cfm?start_search=1&devicename=anesthesia&productcode=&deviceclass=&regulationnumber=&min_report_year=2015&pagenum=50

Since 2015, the product codes with the biggest MDR density appear to be: BSZ and OGE. BSZ applies to "gas machine, anesthesia" devices; OGE applies to "anesthesia, epidural kit" devices.

It is notable that the top 3 MDR problems for each product code indicate
device or component issue that DID NOT impact the patient. The events run
the gamut: contaminated syringe, stuck catheter, leak, system shutdown,
foreign body in patient, broken knob, kink in suction line,
etc. Fortunately, a skilled professional intervened to mitigate.

The Top-10 Patient Problems for BSZ:

Patient Problems,MDRs with this Patient Problem,Events in those MDRs
No Patient Involvement,7245,7245
No Consequences Or Impact To Patient,3203,3203
No Known Impact Or Consequence To Patient,633,633
Low Oxygen Saturation,55,55
No Information,33,33
Death,31,31
Awareness during Anaesthesia,22,22
No Code Available,14,14
Cardiac Arrest,11,11
Hypoxia,9,9

The Top-10 Patient for OGE:

Patient Problems,MDRs with this Patient Problem,Events in those MDRs
No Consequences Or Impact To Patient,260,260
No Information,148,148
No Known Impact Or Consequence To Patient,115,115
Foreign Body In Patient,66,66
Device Embedded In Tissue or Plaque,29,29
Cerebrospinal Fluid Leakage,18,18
No Patient Involvement,15,15
Needle Stick/Puncture,10,10
Pain,9,9
No Code Available,6,6

------------------------------

Date: Sat, 26 Sep 2020 15:54:23 +0100
From: Martin Ward <martin@gkc.org.uk>
Subject: Re: A Tesla driver was caught sleeping on Autopilot (RISKS-32.29)

Basically, the Tesla Autopilot replaces a good driver by a poor driver. (If you are a poorer driver than Tesla Autopilot, then you should not be allowed
to drive!). But, Tesla might argue, its OK because the good driver has to continuously watch over the poor driver and take control the moment the poor driver makes a mistake.

This makes driving much more tiring for the human driver: having to
concentrate all the time without being in control is much more work than actually driving. It also makes the journey less safe: the good driver is
now having to *react* to mistakes made by the autopilot instead of being proactive in anticipating and avoiding potentially dangerous situations. Advanced driving is all about anticipation and avoidance to reduce the possibility that a dangerous situation occurs, it is not about lightning reflexes to get out of trouble.

Some examples:

* You catch a glimpse through the trees of a car on a slip road approaching
a junction at high speed. At his current speed he is on a collision course
with you: he might slow down behind the trees, but just in case, you take
avoidance action. Would Tesla Autopilot do the same?

* Driving down a town street the driver in front keeps glancing from side to
side. You deduce that he is looking for a parking spot, is not paying
attention to you, and is liable to slam on the brakes without warning. So
you drop back and give him room. Would Tesla Autopilot do the same?

* Also on a town street, there are bairns (small children) on the pavement:
so in my opinion the speed limit is now 20 mph, regardless of what the
signs say. A child might run into the road and be killed and at 20 mph
they have a much better chance of surviving. Even though it is the childs
"fault": I still don't want to kill a child just for running into the
road! Does Tesla Autopilot follow this rule?

* Does Tesla Autopilot notice L plates on a car and give it extra room?

In each case, instead of just instinctively avoiding the possible danger,
you also have to decide if and when to take over from the autopilot, and
then manage the transition while avoiding the danger.

------------------------------

Date: Mon, 28 Sep 2020 12:28:59 +0100
From: John Beattie <jkb@jkbsc.co.uk>
Subject: Re: Tribune staff furious as cybersecurity test email makes cruel
promises (RISKS-32.29)

I disagree that this is the fault of the WaPo staff.

First off, journalists are paid to be inquisitive, so clicking on links
should be fine.

Second, they probably didn't particularly believe the email anyway but
wanted to see more to understand what was going on. I've been subject to

[continued in next message]

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)