[continued from previous message]
accident triage. And so would a trial by jury.
Imposing and enforcing mandatory regulations on DV industry products will establish governance accountability that partially balances profit pursuit
and public safety trust. Regulatory enforcement will slow DV innovation --
the playground will close up -- as a trade that enables deployment of
stable, though quirky (non-deterministic), DV fleets.
DV technology's safety promise, and public trust, remains to be earned by showing a significant reduction in traffic accidents, injuries, and
fatalities. Few elected officials possess the bravado, and enlightened
wisdom, to approve local deployments that place their electorates in harm's way. Potentially unrecoverable losses: brand outrage and human causalities represent the DV industry's Darwinian survival challenge.
(The latest reporting about Waymo's Phoenix deployment can be found here: "Angry Residents, Abrupt Stops: Waymo Vehicles Are Still Causing Problems in Arizona," 31MAR2021
https://www.phoenixnewtimes.com/news/waymo-arizona-abrupt-stops-angry-residents-are-still-a-problem-11541896
------------------------------
Date: Wed, 7 Apr 2021 20:49:49 -0400
From: Gabe Goldberg <
gabe@gabegold.com>
Subject: Supreme Court & Facebook Unwanted Automated Texts (Consumer Reports)
The court ruling could open door for a flood of unwanted robocalls and texts
on consumers' cell phones
The Supreme Court on Thursday unanimously ruled (PDF) in favor of Facebook
in a dispute over whether unwanted text notifications sent by the social
media giant violated a 30-year-old federal law designed to protect consumers from abusive telemarketing practices. ...
George Slover, senior policy counsel at Consumer Reports, which joined in an amicus brief in the case, says that in winning the case, Facebook has “succeeded in punching a huge loophole in the law's core protection.”
https://www.consumerreports.org/robocalls/supreme-court-sides-with-facebook-over-unwanted-automated-texts/
------------------------------
Date: Wed, 07 Apr 2021 11:40:20 -0700
From: Henry Baker <
hbaker1@pipeline.com>
Subject: Foreign intel services could abuse ad networks for spying
When a *bipartisan* group of lawmakers suddenly develops a respect for
privacy, I suddenly become suspicious. I can only assume that there was an
'Oh Sh*t' moment(*) that occurred during a classified briefing. The last
time I can recall such a *bipartisan* interest in privacy was the hastily passed "Video Privacy Protection Act (1988)", when a Supreme Court nominee's video rental preferences became public.
(*) A technical term describing temporary loss of bowel control in a SCIF as
a result of receiving disquieting information.
https://www.vice.com/en/article/88aw73/congress-foreign-intelligence-agencies-bidstream-real-time-bidding
Congress Says Foreign Intel Services Could Abuse Ad Networks for Spying
A group of bipartisan lawmakers asked Google, Twitter, and others about the transfer of bidstream data to foreign entities.
by Joseph Cox April 6, 2021, 1:00pm
A group of bipartisan lawmakers, including the chairman of the intelligence committee, have asked ad networks such as Google and Twitter what foreign companies they provide user data to, over concerns that foreign intelligence agencies could be leveraging them to harvest sensitive information on
U.S. users, including their location.
"This information would be a goldmine for foreign intelligence services that could exploit it to inform and supercharge hacking, blackmail, and influence campaigns," a letter signed by Senators Ron Wyden, Mark Warner, Kirsten Gillibrand, Sherrod Brown, Elizabeth Warren, and Bill Cassidy, reads. The lawmakers sent the letter last week to AT&T, Verizon, Google, Twitter, and a number of other companies that maintain advertisement platforms.
The concerns center around the process of so-called real-time bidding, and
the flow of "bidstream" data. Before an advertisement is displayed inside of
an app or a browsing session, different companies bid to get their ad into
that slot. As part of that process, participating companies obtain sensitive data on the user, even if they don't win the ad placement.
"Few Americans realize that some auction participants are siphoning off and storing 'bidstream' data to compile exhaustive dossiers about them. In turn, these dossiers are being openly sold to anyone with a credit card, including
to hedge funds, political campaigns, and even to governments," the letter continued.
Venntel, a government contractor that sells location data to Immigration and Customs Enforcement (ICE) and other law enforcement agencies obtains
bidstream data, Motherboard previously reported. Israeli surveillance companies Rayzone and Bsightful also source this sort of data, Forbes
reported.
"This is a deeply problematic practice when Western governments are abusing
the data flows, and it becomes a national security emergency when these same global advertising companies are not vetting their own partners," Zach
Edwards, a researcher who has closely followed the supply chain of various sources of data, told Motherboard in an online chat.
"It's long overdue for Congress to begin asking the largest tech companies
in the world tough questions about their real-time-data-breach technology
that underpins global advertising auctions and user data supply chains," Edwards continued. "Every time a person loads a website or a mobile app,
it's likely that their data is being shared with at least dozens of
companies, and when that user is interacting with an app or site with banner ads, typically several thousand companies could be receiving data about that visit in order to give those companies 'the opportunity to bid to show ads
to that user.'"
The letter asked the ad companies to name the foreign-headquartered or foreign-majority owned firms that they have provided bidstream data from
users in the U.S. to in the past three years. The other companies the
lawmakers sent the letter to were Index Exchange, Magnite, OpenX, and
PubMatic.
Mark Tallman, assistant professor at the Department of Emergency Management
and Homeland Security at the Massachusetts Maritime Academy, told
Motherboard in an email that "It's difficult to imagine any policy solution
or technical sorcery that can fully 'secure' consumers' private data such
that applications and platforms can collect it, and the publishing and advertising industries can access it, while guaranteeing that cybercriminals and foreign intelligence agencies will never get it. Our adversaries already know that they can buy (or steal) data from our marketplace that they could only dream of collecting on such a broad swath of Americans twenty years
ago."
In March lawyers filed a class action suit against Google for what they described as selling users' data as part of the real-time bidding process.
------------------------------
Date: Thu, 8 Apr 2021 12:06:21 +0000 ()
From: danny burstein <
dannyb@panix.com>
Subject: NJ town: Our IT vendor ate our e-mails (North Jersey)
https://www.northjersey.com/story/news/bergen/englewood-cliffs/2021/04/07/englewood-cliffs-nj-sues-intrep-solutions-over-lost-emails/7111650002/
------------------------------
Date: Tue, 6 Apr 2021 10:57:10 +0800
From: Richard Stein <
rmstein@ieee.org>
Subject: Loot boxes in video games deemed close enough to gambling to
warrant regulation (medicalxpress.com)
https://medicalxpress.com/news/2021-04-loot-video-games-deemed-gambling.html
"One of the biggest concerns about loot boxes is that they are very often
used by children. The researchers suggest that not only do children
sometimes spend amounts of money their parents were not expecting, but some show early signs of gambling addiction."
Risk: Adolescent gambling addiction
Similar to nicotine in cigarettes: once the dopamine starts flowing, it is difficult to stop consumption.
https://en.wikipedia.org/wiki/Problem_gambling#Prevalence (retrieved on 06APR2021) indicates ~0.6 to ~2.5% of population are either problem or pathological gamblers. In the US, that's ~10M people with a gambling
problem.
Regulating Internet games for content seems problematic. Product terms of service often include age access restrictions, but enforcement mechanisms (corporate fines, CxO indictment, personal account lockout or exclusions)
are challenging to uniformly apply.
------------------------------
Date: Wed, 7 Apr 2021 12:01:21 -0700
From: Rob Slade <
rslade@gmail.com>
Subject: "Work From Home" being blamed for security risks
A report from Verizon says that WFH policies are harming information
security. However, there doesn't seem to be any evidence of anything
harmful happening, and I strongly suspect that the report is yet another opinion survey.
https://lite.cnn.com/en/article/h_b2745246f3d05396ac778da686852fff
If there *is* any increase in security threats, I'm sure the real culprits
are:
- a huge surge in spam, fraud, and phishing emails. This has been going on
ever since the pandemic started, and it's gotten worse in the past couple
of months.
- a lack of "work from home" policies on the part of businesses, and no
real thought about the risks involved in simply sending people home and
telling them to carry on as usual (in a highly unusual situation).
- no provision or budget for the computers, devices, and security software
that might be needed to provide extra protection in WFH situations.
------------------------------
Date: Mon, 5 Apr 2021 16:53:32 -0400
From: Gabe Goldberg <
gabe@gabegold.com>
Subject: He Built a $10 Billion Investment Firm. It Fell Apart in Days.
(NYTimes)
https://www.nytimes.com/2021/04/03/business/bill-hwang-archegos.html
Leverage and inexplicable derivatives, what could go wrong?
------------------------------
Date: Thu, 8 Apr 2021 20:50:18 -0400
From: Gabe Goldberg <
gabe@gabegold.com>
Subject: Marylanders could soon be fined $100 for intentionally releasing
balloons (DCist)
The Balloon Council, a national balloon trade group, supports efforts to prevent balloon releases, but argues that balloon release bans are not the answer.
“It's really people's behavior that needs to change,” Lorna O'Hara, the council's executive director, told WAMU/DCist last year when the balloon
bill was first introduced in the Maryland legislature. “Balloons are not the culprit.”
O'Hara said mass balloon releases are not nearly as common as they were in decades past, and she credits education efforts. She said more education is what's needed now, not a balloon release ban. “It's a slippery slope from a release ban to banning the product altogether.”
Several other states already have some sort of balloon release ban in place, including Virginia, which prohibits the release of more than 50 balloons
within one hour, subject to a fine of up to $5 per balloon.
https://dcist.com/story/21/04/08/marylanders-could-soon-be-fined-100-for-intentionally-releasing-balloons/
Don't pick on innocent balloons, says the Balloon Council, who should
know. First they'll ban releasing balloons, then they'll register them, then the ultimate goal -- confiscating them.
------------------------------
Date: Wed, 7 Apr 2021 20:45:11 -0400
From: Gabe Goldberg <
gabe@gabegold.com>
Subject: She called off her Wedding. The Internet will never forget (WiReD)
In 2019, she made a painful decision. But to the algorithms that drive Facebook, Pinterest, and a million other apps, she's forever getting
married.
https://www.wired.com/story/weddings-social-media-apps-photos-memories-miscarriage-problem/
The risk? Too much remembering. Like getting LinkedIn nudges to congratulate dead people on their work anniversaries.
------------------------------
Date: Fri, 9 Apr 2021 11:49:55 -0400 (EDT)
From: ACM TechNews <
technews-editor@acm.org>
Subject: Scientists Create Online Games to Show Risks of AI Emotion
Recognition (Nicola Davis)
Nicola Davis, *The Guardian*, 4 Apr 2021 via ACM TechNews 9 Apr 2021
Scientists at the U.K.'s University of Cambridge have created emojify.info,
a website where the public can test emotion recognition systems via online games, using their own computer cameras. One game has players make faces to fake emotions in an attempt to fool the systems; another challenges the technology to interpret facial expressions contextually. Cambridge's Alexa Hagerty cited a lack of public awareness of how widespread the technology
is, adding that its potential benefits should be weighed against concerns
about accuracy, racial bias, and suitability. Hagerty said although the technology's developers claim these systems can read emotions, in reality
they read facial movements and combine them with existing assumptions that these movements embody emotions (as in, a smile means one is happy). The researchers said their goal is to raise awareness of the technology and to encourage dialogue about its use.
https://orange.hosting.lsoft.com/trk/click?ref=znwrbbrs9_6-2a66dx22a2fcx069908&
------------------------------
Date: Wed, 14 Apr 2021 19:39:17 -0400
From: Gabe Goldberg <
gabe@gabegold.com>
Subject: AI Comes to Car Repair, and Body Shop Owners Aren't Happy (WiReD)
During the pandemic, insurers accelerated the use of automated tools to estimate repair costs. Garage operators say the numbers can be wildly inaccurate.
https://www.wired.com/story/ai-car-repair-shop-owners-not-happy/
------------------------------
Date: Mon, 5 Apr 2021 18:52:45 -0400
From: Gabe Goldberg <
gabe@gabegold.com>
Subject: The Foundations of AI Are Riddled With Errors (WiReD)
The labels attached to images used to train machine-vision systems are often wrong. That could mean bad decisions by self-driving cars and medical algorithms.
https://www.wired.com/story/foundations-ai-riddled-errors/
------------------------------
Date: Thu, 15 Apr 2021 17:40:02 -0400
From: Gabe Goldberg <
gabe@gabegold.com>
Subject: We tested the first state's vaccine passport: Here's what to expect
(WashPost)
New York's Excelsior Pass has some solid privacy protections. But it's complicated to use and easy to fake.
Vaccine passports could leave us exposed to the “worst of both worlds,” says
Cahn — a complicated digital system that puts up new barriers to access businesses, while not actually stopping fraudsters. “Despite its invasiveness, Excelsior Pass won't advance the underlying public health
goals it claims to support,” he says.
It isn't clear how wide a problem vaccine passport fraud could become, or
how dangerous it would be. Passports could persuade people to let down their guard about masks and other protections. Madison Square Garden, for one,
says it wasn't aware of any cases of people trying to enter the venue with
an Excelsior Pass that wasn't their own.
“To be clear, Excelsior Pass is a voluntary system that creates a digital copy of a preexisting paper record — it is not a standalone identification document,” said Kristin Devoe, a spokeswoman for Empire State Development, the umbrella organization that created Excelsior Pass. To fight fraud, New
York says venues accepting Excelsior Pass are supposed to check people's
photo IDs.
But instituting new ID checks at businesses that didn't used to require them creates new social barriers. One senior citizen tester was too old to have a driver's license.
https://www.washingtonpost.com/technology/2021/04/08/vaccine-passport-new-york-excelsior-pass/
------------------------------
Date: Fri, 9 Apr 2021 11:54:03 -0700
From: Rob Slade <
rslade@gmail.com>
Subject: GoToMeeting/GoToWebinar
OK, I've presented on Zoom, and Teams, and Meet, and some others during this crisis. And, tomorrow, I'm doing yet another pres, and they are using GoToWebinar (I think. One of the two.) So I asked for a test run.
First off, unlike Zoom and Teams (and unnecessary on Meet) the GoToMeeting
link didn't automatically download the app. (A "button," on the weirdly formatted reminder the system sent, did, so there is obviously some
additional stuff in there besides the meeting link.)
When I *did* get the app installed on the laptop, I got on to the test
meeting, but obviously nobody could hear me. Through a variety of testing, involving switching my (one) microphone back and forth between computers,
and a phone call, I finally figured out that GoToWebinar (at least) doesn't check or even allow for external microphones (even if you try and get
Windows to tell it to). (Except that it *would* accept the external
microphone on my desktop, which has no built-in microphone.) I am hypothesizing that this might be in regard to the extremely tight control
that GoToWebinar seems to provide, by default, completely cutting off presenters from any form of contact with attendees.
We did, eventually figure out a kludge, where I could run the slides and set
up the microphone on my desktop, and simply use the laptop for the Webcam so people could see me. However, they finally decided nobody needed to see me (which is no great loss).
Isn't videoconferencing fun? (NOT!)
------------------------------
Date: Mon, 5 Apr 2021 20:33:06 -0400
From: =?iso-8859-1?Q?Jos=E9 Mar=EDa?= Mateos <
chema@rinzewind.org>
Subject: Re: Antiscience Movement Is ... Killing Thousands (RISKS-32.59)
I had just finished reading "The Revolt of the Public and the Crisis of Authority in the New Millennium" by Margin Gurri (
https://en.wikipedia.org/wiki/Martin_Gurri); I started reading it after
Matt Taibbi brought it to my attention in this article
https://taibbi.substack.com/p/interview-with-martin-gurri-a-short.
While I found the book to be worse than I expected (there are a few factual errors I could catch, and it can definitely be way shorter), the thesis is interesting. It can be summarized pretty closely by that quote by Henry or
in the author's own words (opening of Chapter 5): ``My story -- I repeat -- concerns the tectonic collision between a public which will not rule and institutions of authority progressively less able to do so.''
The "will not rule" is a very important part of the thesis: the public is protesting (yes, against the elites), but there's no apparent long-term
plan. Echoes of January 6th, in South Park form:
1. Storm the Capitol.
2. ???
3. Victory!
José María (Chema) Mateos ||
https://rinzewind.org
------------------------------
Date: Mon, 5 Apr 2021 11:52:52 +0300
From: Amos Shapir <
amos083@gmail.com>
Subject: Re: Antiscience Movement Is ... Killing Thousands (RISKS-32.59)
Henry Baker's reply is a serious analysis, but it seems to be more about anti-economism than antiscience.
I think that the original article was about the attitude made popular lately
by interest groups, which debases science by using any scientific division
or debate (which is the lifeline of science) as an excuse to claim "these so-called "experts" don't know what they're talking about!".
Such attitudes, about any subject related to science -- moon landings,
climate change, vaccines, 5G -- are often manifested by declarations like
"We don't care that these elitist scientists had spent years studying their fields, relying on data gathered by thousands of people who went to the ends
of the Earth to collect it; WE have read an *internet article*!"
------------------------------
Date: Sat, 17 Apr 2021 13:22:58 PDT
From: Peter G Neumann <
neumann@csl.sri.com>
Subject: People Count: Contact-Tracing Apps and Public Health (Susan Landau,
MIT Press 2021)
This a rather short new book that nevertheless manages to nontrivially
address diverse privacy-relevant topics including pandemics, the role of contact tracing in ending disease, how the apps work, and the policy issues
of efficacy and equity.
<
https://mitpress.mit.edu/books/people-count>
Susan Landau <
susan.landau@privacyink.org>
------------------------------
Date: Mon, 1 Aug 2020 11:11:11 -0800
From:
RISKS-request@csl.sri.com
Subject: Abridged info on RISKS (comp.risks)
The ACM RISKS Forum is a MODERATED digest. Its Usenet manifestation is
comp.risks, the feed for which is donated by panix.com as of June 2011.
SUBSCRIPTIONS: The mailman Web interface can be used directly to
subscribe and unsubscribe:
http://mls.csl.sri.com/mailman/listinfo/risks
SUBMISSIONS: to risks@CSL.sri.com with meaningful SUBJECT: line that
includes the string `notsp'. Otherwise your message may not be read.
*** This attention-string has never changed, but might if spammers use it.
SPAM challenge-responses will not be honored. Instead, use an alternative
address from which you never send mail where the address becomes public!
The complete INFO file (submissions, default disclaimers, archive sites,
copyright policy, etc.) is online.
<
http://www.CSL.sri.com/risksinfo.html>
*** Contributors are assumed to have read the full info file for guidelines!
OFFICIAL ARCHIVES: http://www.risks.org takes you to Lindsay Marshall's
searchable html archive at newcastle:
http://catless.ncl.ac.uk/Risks/VL.IS --> VoLume, ISsue.
Also,
ftp://ftp.sri.com/risks for the current volume/previous directories
or
ftp://ftp.sri.com/VL/risks-VL.IS for previous VoLume
If none of those work for you, the most recent issue is always at
http://www.csl.sri.com/users/risko/risks.txt, and index at /risks-32.00
ALTERNATIVE ARCHIVES:
http://seclists.org/risks/ (only since mid-2001)
*** NOTE: If a cited URL fails, we do not try to update them. Try
browsing on the keywords in the subject line or cited article leads.
Apologies for what Office365 and SafeLinks may have done to URLs.
Special Offer to Join ACM for readers of the ACM RISKS Forum:
<
http://www.acm.org/joinacm1>
------------------------------
End of RISKS-FORUM Digest 32.60
************************
--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)