[continued from previous message]
financial history envied by Linus Van Pelt's security blanket.
------------------------------
Date: Mon, 29 Mar 2021 08:56:22 -1000
From: geoff goodfellow <
geoff@iconia.com>
Subject: PHP's Git Server Hacked to Insert Secret Backdoor to Its
Source Code
https://thehackernews.com/2021/03/phps-git-server-hacked-to-insert-secret.html
------------------------------
Date: Sat, 27 Mar 2021 11:51:09 +0800
From: Richard Stein <
rmstein@ieee.org>
Subject: New wave of hacktivism adds twist to cybersecurity woes
(reuters.com)
https://www.reuters.com/article/idUSKBN2BH3HJ
"Wrapping oneself in an allegedly altruistic motive does not remove the criminal stench from such intrusion, theft and fraud," Seattle-based Acting U.S. Attorney Tessa Gorman said.
According to a U.S. counter-intelligence strategy released a year ago, "ideologically motivated entities such as hacktivists, leaktivists, and
public disclosure organizations," are now viewed as "significant threats," alongside five countries, three terrorist groups, and transnational criminal organizations."
Corporate "terms of service" exempt business and government from accountability. They serve a free-pass when "intrusion, theft, and fraud"
arise from Internet-enabled products and services. The question of the Internet's viability as an enabling economic vehicle and transformative
agent is specious.
Freelancers and advanced persistent threats stealing or liberating monetized
or classified information expose the sadly ironic, asymmetric nature of
infosec practice. To plan/initiate/execute intrusion/exfiltration action is substantially less expensive than fielding an effective defense that
prevents occurrence.
If governments and businesses cannot safely operate, and consistently defend and protect information against Internet theft, fraud, or intrusion, why do they persist at the attempt? Do they expect to achieve a different result,
as Einstein's definition of insanity suggests?
Internet vulnerability to intrusion and exfiltration reveals the "elephant
on the table," visible since at least the Morris worm some 32 years ago (see
https://en.wikipedia.org/wiki/Morris_worm). Why aren't the employees or
brands that build, sell, and use the products that enable intrusion, theft,
and fraud subject to greater accountability? Don't they have some hand in
this gyre of breach?
If no one is above the law, and "corporations are people too," one would
expect more prosecutions for product liability and negligence arising from these incidents. Sadly, there's more lip service than public accountability.
If the hypothesized prosecutions materialized, would the infosec-theater industry fold up? Would technology-heavy entities rethink their product engineering and deployment efforts, and be suitably motivated to tighten
their practices against intrusion, theft, and fraud? Would these
prosecutions initiate an economic upheaval that effectively required a nationalized technology industry (imagine google.gov or amazon.gov) to
prevent future mushroom cloud-size liability insurance premiums from bankrupting startups as a precaution to "go-live parties?"
Internet-facing entities are repeatedly assaulted with impunity. They are
slow to learn and embrace history. And, there's always feckless private
sector governance to demand profit over probity. Each incident speaks
volumes about organizational governance competence. Accountability must be enforced to teach lessons when porous Internet defenses are deployed and information tumbles out undetected for months.
Unless governments and businesses are held to strict account for ineffective Internet defenses, there will be no end to pleas for bigger checks written
to fund infosec budgets.
Procurement standards for Internet-facing and enabling technologies must elevate and be rigidly enforced for compliance with strict, standardized digital security measures.
Competent and fair enforcement will require an army of skilled engineers.
Can labor.com supply the talent without breach?
18APR1999 comp.risks identifies 'hacktivist' for the first time. The 'leaktivist' label is not used. Other references:
http://catless.ncl.ac.uk/Risks/20/31#subj3.1 http://catless.ncl.ac.uk/Risks/21/7#subj9.1 http://catless.ncl.ac.uk/Risks/21/75#subj8.1 http://catless.ncl.ac.uk/Risks/22/54#subj16.1 http://catless.ncl.ac.uk/Risks/29/9#subj11.1
------------------------------
Date: Mon, 29 Mar 2021 18:02:23 -0700
From: Rob Slade <
rmslade@shaw.ca>
Subject: Blockchain is causing female green sea turtles
When green sea turtles lay their eggs, the gender is not yet determined. If the sand is above thirty degrees celsius, the hatchlings turn out to be
female. If the sand is cooler than thirty degrees, the hatchlings turn out
to be male.
Global warming is driving an imbalance in sea turtle gender.
Blockchain is driving global warming.
I used to say that Flash was causing global warming. I mean, when you went
to a news media Website (and they used a *lot* of Flash to run videos, video ads, and animations) and you were using a MacBook or similar, you could actually *see* the battery life cut in half. Flash used a *lot* of power,
and, multiplied by all the visitors to news Websites, it must have been a
huge use of power resources.
However, now I think that blockchain is to blame.
First off, blockchain is not a thing. It's a collection of technologies.
Part digital signature, part distributed database, and extremely variable in implementation.
It's also heavily tied to cryptocurrencies. Most of the cryptocurrencies
use blockchain of some type. Part of the power drain is not actually blockchain's fault, since so many people are chasing the elusive lure of cryptocurrency "mining." To create a new cryptocurrency "coin," you have to find a number with certain cryptographic (and therefore numerical) characteristics. It takes a lot of computing power to find such numbers, particularly as the "easy" ones are found first, and the later ones get
harder and harder to calculate.
But after the mining, it's all blockchain.
Part of the blockchain is digitally signing a transaction. There a little
bit of a power drain there, every time you use part of a cryptocoin to buy a pizza. But that's minor. The thing is, the other part of blockchain is a distributed database. Everybody who is using a cryptocurrency is a portion
of the distributed database. They don't just keep track of their *own* transactions, but also a certain proportion of *all* the transactions made
with that cryptocurrency. So, even if *you* aren't buying silly things with your cryptocurrency, *other* people who are using the same cryptocurrency
for trivial transactions are causing transactions to be recorded, and
digitally signed, on your computer. And on thousands, or even millions, of other computers, all over the world. For each and every transaction. And,
as they say, a few million milli-amp-hour milliseconds here, a few million milli-amp-hour milliseconds there, pretty soon it adds up to a real power drain.
We should be developing actual digital cash, if we want that, rather than
this kludge of cryptocurrency that is backed up by a rather weak blockchain backstop.
Now, in addition to cryptocurrency, there are Non-Fungible Transactions, or NFTs. Cryptocurrency is based on a belief in the value of the scarcity of numbers with certain properties. NFTs are based on the belief that people
will speculate on anything. Or even nothing. NFTs are pretty close to nothing. Some of them are possibly valid artworks. Others are simply based
on the promise that they are the only one in the world. Since digital art
can be endlessly copied, and the copies, to any generation you want, are completely identical to the original, the promise of singularity is attested
by a digital signature. Backed up by a blockchain. And each time you trade
or speculate on a Non-Fungible Transaction, all kinds of computers, all over the world, are adding their contribution to global warming.
The law of unintended consequences. Blockchain is causing female green sea turtles.
------------------------------
Date: Mon, 29 Mar 2021 01:02:21 -0400
From: Gabe Goldberg <
gabe@gabegold.com>
Subject: Your right to repair: COVID-19 is sending businesses, hospitals,
and consumers to the breaking point (ZDNet)
People are spending a lot more time at home, using their products, and stuff
is breaking down.
Right now, when the speaker in your iPhone stops working or a memory stick
in your laptop malfunctions, you're often left with one option: Take it to
an authorized service center and pay for someone else to repair it for
you. It's costly, expensive, and something that needs to change. But as
right to repair legislation is gaining popularity across the country, that change may happen sooner than later.
https://www.zdnet.com/article/the-right-to-repair-covid-19-sending-businesses-hospitals-and-consumers-to-the-tipping-point/
This is similar to a long-ago controversy when IBM crippled customers'
ability to understand/improve/repair mainframe operating systems, by withdrawing their source code. Doing that doesn't seem to have benefited customers or IBM but the people who did it aren't around to own the consequences.
------------------------------
Date: Mon, 29 Mar 2021 21:32:05 +0800
From: Richard Stein <
rmstein@ieee.org>
Subject: Wetware data retrieval: Forensic analysis and data recovery from
water-submerged hard drives (Techxplore)
https://techxplore.com/news/2021-03-wetware-forensic-analysis-recovery-water-submerged.html
"However, if the device has been submerged in saltwater, then irreparable damage can occur within 30 minutes. The situation is worse for a solid-state drive which will essentially be destroyed within a minute of saltwater
ingress. The research provides a useful guide for forensic investigators retrieving hard drives that have been submerged in water."
Anyone possessing indictable data? Predisposed to juggle hard disks or thumb drives near the ocean?
------------------------------
Date: March 24, 2021 4:02:31 JST
From: geoff goodfellow <
geoff@iconia.com>
Subject: Scientists can implant false memories -- and reverse them...
Scientists figure out two new ways to root out false memories.
Memories are tricky and can comprise much more than our actual
recollections.
Our minds can make memories out of stories we've heard, or photographs we've seen, even when the actual recollections are long forgotten. And, new
research suggests, this can happen even when the stories aren't true.
``I find it so interesting, but also scary, that we base our entire identity and what we think about our past on something that's so malleable and fallible,'' psychologist Aileen Oeberst at the University of Hagen in
Germany tells Inverse.
Oeberst is the first author of a study released Monday in the Proceedings of the National Academy of Sciences that examines false memories and what can
be done to reverse them. False memories, the study suggests, are more than unsettling. When they take root, they can disrupt a courtroom -- and the
fate of the individuals there. [...]
https://www.inverse.com/mind-body/how-to-reverse-false-memories-study
------------------------------
Date: Wed, 24 Mar 2021 19:21:40 -0400
From: Gabe Goldberg <
gabe@gabegold.com>
Subject: Suez Canal Blocked After Giant Container Ship Gets Stuck
(NY Times)
The ship, stretching more than 1,300 feet, ran aground and blocked one of
the world's most vital shipping lanes, leaving more than 100 ships stuck at each end of the canal.
https://www.nytimes.com/2021/03/24/world/middleeast/suez-canal-blocked-ship.html
[A little digging, tugging, and high tide on Monday/Tuesday apparently
loosened the ship, after enormous queueueueueueing up in both directions.
But this massive blockage was just another event for RISKS that was
waiting to happen. PGN]
------------------------------
Date: Thu, Mar 25, 2021 at 11:26 AM
From: Geoff Kuenning <
geoff@cs.hmc.edu>
Subject: Suez Canal from Space
What's fascinating about this photo (which seems to be aerial, not space) is the comments. I didn't bother using a translator on the ones in Dutch, but
the ones in English show significant ignorance of the way the world works.
The ship has a capacity of 20,000 TEU, which translates to 10,000 containers
if we assume that they're all 40-footers. A commenter suggested using helicopters to offload the ship. Let's assume optimistically that two
choppers can simultaneously pick up containers, one at the bow and one amidships, working backwards. Thinking *very* optimistically, it might take five minutes for a chopper to hover over a container, workers below to
attach cables, the aircraft to lift the container to the nearby shore and
set it down, workers there to free it, and the helicopter to fly back to the ship. That translates to 416 hours, or 17 days, of continuous helicopter
use. And of course five minutes is absurd, and the work probably can't continue at night (or at least it can't continue as fast). And you'd have
to refuel the choppers or have spares, etc., etc.
To be fair, you might be able to free the ship after offloading
only half the cargo, so maybe it'd only take 9 days. Or more
realistically, a month.
Oh, and although an empty container weighs about 8000-9000 pounds, a loaded
one can be up to 67K pounds. The world's biggest heavy-lift helicopter, the M-26, can only handle 44K pounds. So at least some of those containers
aren't going to be lifted by air. It looks like there are land-based cranes that can reach and lift at least some of the containers, but again it would
be a slow process since you'd have to account for things like boom swing.
It would probably take at least 15 minutes per container, and it's not clear
to me (a complete non-expert) whether you could have more than one crane working at the same time.
BTW, researching all of the above took me about ten minutes.
https://twitter.com/wmiddelkoop/status/1375150101581160456
------------------------------
Date: Fri, 26 Mar 2021 08:18:02 -0700
From: Tom Van Vleck <
thvv@multicians.org>
Subject: 'Agile' F-35 fighter software dev techniques failed to speed up
supersonic jet deliveries (The Register)
https://www.theregister.com/2021/03/25/f35_gao_report_fy2020_software_woes/ They used "C2D2, or Continuous Capability Development and Delivery."
Don't get me started...
------------------------------
Date: Fri, 26 Mar 2021 17:25:59 -0400
From: Gabe Goldberg <
gabe@gabegold.com>
Subject: F-35 vs. bird
$100M airplane vulnerable to small birds. Brilliant.
https://www.youtube.com/watch?v=EFo-5TBIRPI
Too bad they skimped on this one.
[EGULLite' or EAGLEite'? FraTERNite'? LiBERTe'? (and what do we do with
Bert's friend Rubber Duckie? Canard en caoutchouc? Unfortunately,
airplanes susceptible to birds are another old story in RISKS -- sucked
into jet engines, shattering the pilot's window, and more, such as these:
* Bird strikes cause crash of Ethiopian Airlines 737, killing 31
(ACM SIGSOFT Software Engineering Notes 14 2)
* Migratory birds jam FAA radar in Midwest (R 17 44)
* It's A Bird... It's A Plane... It's NonLethalDrone (R 28 93)
]
------------------------------
Date: Fri, 26 Mar 2021 08:18:02 -0700
From: Tom Van Vleck <
thvv@multicians.org>
Subject: Radiation Upset confused computers and caused false alarm on
International Space Station (The Register)
https://www.theregister.com/2021/03/26/iss_radiation_false_alarm/
They fixed it by switching power supplies and rebooting.
------------------------------
Date: Tue, 30 Mar 2021 22:23:38 +0000
From: Vanessa Teague <
Vanessa.Teague@anu.edu.au>
Subject: Vote-by-mail fraud in Australia
Some somewhat-interesting news from Melbourne: one of our local councillors
(in the adjacent council to my place) has recently been arrested for vote-by-mail fraud.
https://www.theage.com.au/politics/victoria/labor-councillor-arrested-in-moreland-council-fraud-probe-20210325-p57e1r.html
The allegations relate to an apparent spate of double-voting during recent local government elections, which are conducted exclusively by mail. The Victorian Electoral Commission became suspicious when a larger-than-usual number of voters called up to say they hadn't received a ballot, despite the VEC having already received a returned vote from them. The allegation is
that someone fished blank ballots out of people's mail boxes, filled them
in, and fraudulently returned them.
However, the clarity of the case is complicated by strange behaviour from
the electoral commission. The commission refuses to publish the votes, and declined a FoI request from me:
https://www.righttoknow.org.au/request/request_for_full_preference_data#incoming-19850
so it's not possible for anyone outside the VEC to examine the voting
patterns they allege are suspicious. (Indeed, it's not possible for anyone else to even check that they counted properly.)
On the bright side, this makes me even gladder for the support of the
Victorian League of Women Voters in opposing a legislative proposal from a
few years ago which would have allowed the entire election to be conducted
over the Internet. At least this way, we have a fair idea that fraud
occurred and some chance of successfully prosecuting an (alleged)
perpetrator.
[Included in RISKS from a non-public list, with permission. PGN]
------------------------------
Date: Thu, 25 Mar 2021 10:41:50 -0400
From: Monty Solomon <
monty@roscom.com>
Subject: How Facebook got addicted to spreading misinformation (TechReview)
The company's AI algorithms gave it an insatiable habit for lies and hate speech. Now the man who built them can't fix the problem.
https://www.technologyreview.com/2021/03/11/1020600/facebook-responsible-ai-misinformation/
------------------------------
Date: Wed, 24 Mar 2021 09:36:16 +0100
From: Anthony Thorn <
tony@thorns.ch>
Subject: No security on Website intended to prove that Swiss are vaccinated
The Swiss Covid-Vaccination website (
https://www.meineimpfungen.ch/) was
taken offline after the Federal Data Protection registrar opened formal proceedings against the operator of the platform after a report castigating
its security in the magazine Republik.
The website is operated by a foundation, but sponsored by the Federal Department of health, and 9 Cantons.
The report in German:
https://www.republik.ch/2021/03/23/wollen-sie-wissen-womit-viola-amherd-geimpft-ist
The problems identified:
Comprehensive access rights:
* Every medical professional who is registered on the platform has
comprehensive access to the vaccination and health data of all recorded
private individuals. For example, they could easily manipulate anybody's
covid-relevant vaccination data.
* Inadequate verification: When registering as a medical specialist for the
first time, there is no actual identity verification. The verification is
based solely on the information provided by the applicant. That means: It
is easy to pretend to be a "doctor".
* Security gaps: Hackers can steal the Covid-19 vaccination cards of all
previously vaccinated people on the platform relatively easily. With a
little technical knowledge, they can also manipulate vaccination data and
other health data.
Worrying about the security of health data may be paranoid, but it's
evidently justified.
------------------------------
Date: Mon, 29 Mar 2021 11:03:47 -0700
From: Lauren Weinstein <
lauren@vortex.com>
Subject: Volkswagen apparently changing their name in U.S.
Volkswagen is apparently (I'm not kidding) changing name of U.S. ops to "Voltswagen" to emphasize electric cars. Dunno where all these people forced
to use electric cars are going to charge them, especially on a power grid
that collapses in many areas when you add a light bulb.
[Is that known as re-volting? PGN]
------------------------------
Date: Mon, 29 Mar 2021 22:17:16 +0900
From: Dave Farber <
farber@keio.jp>
Subject: Remote Work Is Here to Stay. Manhattan May Never Be the Same
(NYTimes)
Jonah Markowitz, *The New York Times*, 29 Mar 2021
Remote Work Is Here to Stay. Manhattan May Never Be the Same.
https://www.nytimes.com/2021/03/29/nyregion/remote-work-coronavirus-pandemic.html
New York City, long buoyed by the flow of commuters into its towering off=
ice buildings, faces a cataclysmic challenge, even when the pandemic ends.
------------------------------
Date: Thu, 25 Mar 2021 23:23:35 -0400
From: David Lesher <
wb8foz@panix.com>
Subject: Where Are Those Shoes You Ordered? Check the Ocean Floor
(RISKS-32.57)
There is another RISK of containers lost overboard.
A sailor friend noted because the contents, especially electronics, are well-packed in urethane foam. As a result, rather than rapidly sinking to
the sea floor, the escaping containers submerge only a few feet. A passing sailboat hitting such an invisible obstacle gets its bottom ripped open and goes down quickly.
------------------------------
Date: Wed, 31 Mar 2021 00:47:17 -0400
From: Gabe Goldberg <
gabe@gabegold.com>
Subject: Cautionary story about cryptocurrencies, apps, security...
He downloaded the Trezor app on iOS. It was a scam and stole $1 million in bitcoin. *The Washington Post*
https://www.washingtonpost.com/technology/2021/03/30/trezor-scam-bitcoin-1-million/
Be careful out there...
------------------------------
Date: Tue, 30 Mar 2021 13:40:22 -1000
From: geoff goodfellow <
geoff@iconia.com>
Subject: Energy-harvesting card treats 5G networks as wireless power grids
A team from Georgia Tech has just announced a world-first: a 3D-printed rectifying antenna the size of a playing card that can harvest
electromagnetic energy from 5G signals and use it to power devices, turning
5G networks into wireless power grids.
Wireless communications put a lot of energy into the air, and over the
years we've covered a number of efforts to harvest that energy. Short-range Wi-Fi signals have been the target of several projects, TV broadcasts and
radio signals have been the focus of others. One device even hopes to
increase the life of a smartphone's battery by 30 percent just by
harvesting some of the radio waves the phone itself is generating.
But 5G communications offer a whole new opportunity. "5G has been designed
for blazing fast and low-latency communications," reads the Georgia Tech
team's latest study, published in the peer-reviewed journal *Scientific Reports*. "To do so, mm-wave frequencies were adopted and allowed
unprecedently high radiated power densities by the FCC. Unknowingly, the architects of 5G have, thereby, created a wireless power grid capable of powering devices at ranges far exceeding the capabilities of any existing technologies."
Millimeter-wave energy harvesting has been possible for some time, says the team, but hasn't been practical in many cases because long-range power harvesting tends to require large rectifying antennas, and the larger these rectennae get, the narrower their field of view becomes; you have to keep
the rectenna pointed right at the wave energy source to make them work...
[...]
https://newatlas.com/energy/5g-energy-harvesting-wireless-power/
------------------------------
Date: Tue, 30 Mar 2021 12:05:54 -0700
From: Rob Slade <
rmslade@shaw.ca>
Subject: Yet another 5G attack vector
OK, 5G is definitely going to be a problem.
https://community.isc2.org/t5/I/5/m-p/19525/
But usually the problem parts are kind of unintended consequences, the "gee,
we didn't think that allowing other people to run stuff on your phone could
be *misused*" type of thing.
But this time, it seems to be something that might have been originally intended to be a form of security. 5G has provisions for a sort of
virtual LAN type of operation. And, almost inevitably, somebody has
found out how to use it to attack.
https://therecord.media/new-5g-protocol-vulnerabilities-allow-location-tracking/
You can crash system segments, and also extract user data.
Granted, you have to be in a situation where 5G is being used with older technology, but how many people will be in a "pure" 5G environment? And
a fix is being worked on, but that, of course, inevitably leads to
situations where you are going to have a mix of "old" 5G and "patched" 5G,
so ...
------------------------------
Date: Mon, 29 Mar 2021 04:00:09 +0000
From: Douglas Lucas <
dal@riseup.net>
Subject: Re: No good evidence that 5G harms humans, new studies find
(RISKS-32.57)
RISKS-32.57 includes a post from geoff goodfellow that links several
Gizmodo articles about 5G and two studies published this month in the
Journal of Exposure Science and Environmental Epidemiology suggesting little
to no adverse health effects from such radiation.
For a lengthy list of 1000+ peer-reviewed studies to the contrary,
consult Powerwatch at:
https://www.powerwatch.org.uk/science/studies.asp
For a 3-minute video warning of EMF dangers by Columbia University scientist
Dr Martin Blank, see here:
https://www.youtube.com/watch?v=2Ijs5lrebac
Despite this contrary evidence, those against EMF dangers are lumped in with various disreputable groups and then dismissed, without the contrary
evidence actually being addressed.
------------------------------
Date: Wed, 24 Mar 2021 11:16:56 -0400
From: Dick Mills <
dickandlibbymills@gmail.com>
Subject: Re: Cybersecurity in retrospect: not good! (RISKS-32:57)
New laws, new government powers are not needed. But we just need to apply strict procurement practices to the software supply chain. If the Solar
WInds company had to pass meet the same qualifications and quality audits as
a vendor of F35 fighter planes, this probably never would have happened.
Remember, that the goat of terrorism is to make the victims change their society. If every cyber attack or otherwise
scary new story pushes us into giving the government more powers and more
laws, we are being driven to self
destruction. (As I write, the news of a mass shooting is causing the
President to call for new powers, new laws.)
See Bruce Schneier's essay on the economics of companies like Solar Winds.
The surprise is that selling low quality software is perfectly rational economic behavior.
https://www.schneier.com/essays/archives/2021/02/why-was-solarwinds-so-vulnerable-to-a-hack.html
------------------------------
Date: Wed, 24 Mar 2021 11:30:20 -0500
From: Bob Wilson <
wilson@math.wisc.edu>
Subject: Re: How far should humans go to help species adapt? (RISKS-32.57)
This is a very valid question, and I am glad to see it being discussed. But
as written it repeats what I think is a very common mistake.
Everywhere we look people are objecting to "gene editing". They mean gene editing using recently created tools, but they do not demonstrate
understanding of that. Humans have been editing genes for millennia! Only
the methods have changed. Selecting animal or plant offspring with desired characteristics, and arranging for them to breed true, is certainly gene editing. If there had not been genetic change, the results would not have
been passed along to subsequent generations. This was gene editing long
before people had any idea what a gene or chromosome was.
The people who say they won't eat foods raised using edited genes would be
very hard to find any foods that are not!
------------------------------
Date: Wed, 24 Mar 2021 17:14:58 -0400
From: Sam Steingold <
sds@gnu.org>
Subject: Re: Too much choice is hurting America (Baker, RISKS-32.55)
I am afraid you misunderstood Krugman.
He is uncomfortable with too much choice for *others*, not for *himself*.
In his ideal world the Government (run by people like him) will be making
most choices for the hoi polloi/deplorables (i.e., people not like him)
because the latter are making the choices he does not like.
Risk: thinking that people like you will make choices that you like. E.g.: Stalin and his top-ranking victims (Trotsky, Zinoviev et al) were very
similar, but Stalin's choices of who to execute were not very beneficial to
his victims.
------------------------------
Date: 25 Mar 2021 15:21:08 -0400
From: John Levine <
johnl@iecc.com>
Subject: Re: Risk transfer and Doordash (Slade, RISKS-32.57)
In terms of risk management, there are our four basic strategies: risk avoidance, risk acceptance, risk mitigation, and risk transfer.
Nicely put.
[Food delivery] is a big part of the "gig economy," and the gig economy is
a massive "race to the bottom" in terms of wages and working standards.
The entire point of the gig economy is risk transfer away from the
businesses that have historically managed the risk and priced it into the product, to the not-employees and the customers who are rarely aware of the
new risks they've accepted until they learn the hard way.
Look at taxis vs. gig drivers. A lot of taxi regulation is about risk mitigation. Drivers need commercial licenses, taxis need special plates with extra inspections, taxi companies are part of the workers comp pool, and so forth. There are also regulations that are about protecting the income of incumbent drivers, fixed fares and medallions that limit entry, but when
Uber and Lyft ignored all the rules, there was quite a lot of baby in that bathwater. Passengers take on more risk that the driver is unqualified, the
car is unsafe, and that if there is an accident, there's no
insurance. (Lyft's innovation was insurance fraud, drivers taking paying passengers in private cars that their insurance didn't cover.) Drivers took
on the risk that if they got injured in an accident, there's no workers'
comp to pay the bills while they recover.
The risk parts and the income parts are quite separable; New York city made
the gig companies comply with existing car service laws requiring inspection and insurance. There's even an argument to be made for some limits on the number of gig drivers. When Uber and Lyft came to NYC, it added 100,000 new vehicles driving around midtown waiting for fares and clogging traffic, five times the number of taxis, which made traffic much slower for everyone and
smog worse.
It was always possible to set up pirate taxis, and in some areas fairly
common, e.g., gypsy cabs working in the outer boroughs of NYC where taxis
are hard to find. Mobile phones and apps made it a lot easier for pirate dispatchers to connect with pirate taxis, and the disruption techobabble blinded people to the fact that the main innovation was risk shifting onto
the unwary.
------------------------------
Date: Mon, 29 Mar 2021 12:14:35 -0400 (EDT)
From: ACM TechNews <
technews-editor@acm.org>
Subject: TikTok Does Not Pose Overt Threat to U.S. National Security,
Researchers Say (Eva Xiao)
Eva Xiao, *The Wall Street Journal*, 22 Mar 2021
via ACM TechNews, Monday, March 29, 2021
Cybersecurity researchers at the University of Toronto's Citizen Lab in
Canada said TikTok's underlying computer code does not pose a national
security threat to the U.S. The researchers said a technical analysis of the app, owned by China's ByteDance Ltd., found no evidence of "overtly
malicious behavior." Although they determined that TikTok's data collection practices are no more intrusive than Facebook's, the researchers
acknowledged there could be security issues they did not uncover. Further, ByteDance could be forced to turn data over to the Chinese government under
the country's national security laws. ByteDance said it was committed to working with authorities to resolve their concerns.
https://orange.hosting.lsoft.com/trk/click?ref=znwrbbrs9_6-2a309x229bd1x070963&
------------------------------
Date: Mon, 1 Aug 2020 11:11:11 -0800
From:
RISKS-request@csl.sri.com
Subject: Abridged info on RISKS (comp.risks)
The ACM RISKS Forum is a MODERATED digest. Its Usenet manifestation is
comp.risks, the feed for which is donated by panix.com as of June 2011.
[continued in next message]
--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)