RISKS-LIST: Risks-Forum Digest Saturday 5 June 2021 Volume 32 : Issue 70

ACM FORUM ON RISKS TO THE PUBLIC IN COMPUTERS AND RELATED SYSTEMS (comp.risks) Peter G. Neumann, founder and still moderator

***** See last item for further information, disclaimers, caveats, etc. ***** This issue is archived at <http://www.risks.org> as
<http://catless.ncl.ac.uk/Risks/32.70>
The current issue can also be found at
<http://www.csl.sri.com/users/risko/risks.txt>

Contents
WARNING to RISKS readers (PGN)
Tesla activates in-car camera to monitor drivers using Autopilot
(TechCrunch)
Tesla brings the strategies pioneered by Apple to the auto industry
(WashPost)
Tesla apologizes after man in S.China locked in his car due to power failure
(Global Times)
A "lethal" weaponized drone "hunted down a human target" without being told
to for the first time (Business Insider)
AI in medicine (Statnews via Wendy Grossman)
AI Drone May Have Acted on Its Own in Attacking Fighters, U.N. Says
(NYTimes)
Don't End Up on This Artificial Intelligence Hall of Shame (WiReD)
Bug in Siemens PLCs.... (The Hacker News bia Robert Mathews)
Cyberattack closes JBS meat-packing facilities in Canada, U.S. and Australia
(CBC)
How to Negotiate with Ransomware Hackers (The New Yorker)
Malware Can Use This Trick to Bypass Ransomware Defense in Antivirus
Solutions (The Hacker News)
This $5 billion insurance company likes to talk up its AI.
Now it's in a mess over it. (cnn.com)
Steamship authority targeted in ransomware attack
(The Martha's Vineyard Times)
Cybersecurity insurance, if you can get it (knowbe4)
Supreme Court narrows cybercrime law (The Hill)
High-tech policing: Suspect identified after posting pic of his hand
holding cheese (LinkedIn)
Our digital pasts weren't supposed to be weaponized like this (NYTimes)
Will the Excelsior Pass, New York's Vaccine Passport, CatchOn? (NYTimes)
How do you know this isn't a fake posting? (Rob Slade)
Amazon "stealing" your data is not the same as what Comcast is doingxo
(Lauren Weinstein)
Amazon Sidewalk Poised to Sweep You Into Its Mesh (ThreatPost)
Emergency Amazon (Rob Slade)
Amazon home devices may now use part of your WAN uplink for a mesh network
with neighbors' Amazon Devices (Newser)
FCC's emergency connectivity funds ineligible for school and library
self-provisioned networks (Broadband Breakfast)
E-Commerce liability cases could open floodgates for lawsuites,
panelists agree (Broadband Breakfast)
Norton Antivirus Is Now a Cryptominer; Wait, what (Review Geek)
The Mayor of Reno Is Betting Big on the Blockchain (WiReD)
Oximeters used to be designed for equity. What happened? (WiReD)
One blessing of the Cybersecurity Executive Order (Hagai Bar-El)
CDC loosened mask guidance to encourage vaccination -- it failed
spectacularly (Beth Mole, Ars Technica)
Deter prying eyes by locking your own letters (Atlas Obscura)
Facebook systematically censoring "vaccine concerns", regardless of
truthfulness (Project Veritas)
Facebook suspends Trump for 2 years in response to Oversight Board ruling
(WashPost)
Google made it nearly impossible for users to keep their location private
(Business Insider)
Security Engineering: A Guide to Building Dependable Distributed
Systems (Ross Anderson, reviewed by Sven Dietrich)
Re: Risks: Colonial Pipeline accused of negligence in proposed class action
(John Bechtel)
Re: Florida governor signs law to block *deplatforming* of Florida
politicians (San Steingold)
Re: Irish Health Service hit by ransomware (Patrick O'Beirne)
Re: Why GitHub Refuses to Provide Key Evidence to a Man on Death Row
(Stephen E. Bacher)
Re: NoScript is immoral? (Eli the Bearded, Kaufmann, John Levine)
Re: Security of the IMPs (Henry Baker)
Re: Truth, Lies, and Automation (Toebs Douglass)
Abridged info on RISKS (comp.risks)

----------------------------------------------------------------------

Date: Sat, 5 Jun 2021 13:12:19 PDT
From: Peter Neumann <neumann@csl.sri.com>
Subject: WARNING to RISKS readers

It is still taking me several hours to get rid of all the detritus in what
is being submitted to RISKS. Office 365 is adding over a hundred lines of cruft in headers to each message. All of the encoded characters created by different mail systems have to be dealt with separately. Therefore, as a cruelty to readers instead of cruelty to myself, the next issue will be RAW RECEIVED TEXT. Perhaps I will first remove the Office 365 cruft on most of
the messages, but leave them in for the lead message just for kicks. This
will save me a few hours, but perhaps give you some ideas of why this is so painful, and how contributors might be able to simplify my efforts with just
a little awareness of what is being produced.

Dan Jacobson has kindly offered a bunch of excellent suggestions, only some
of which I have been able to adopt.

------------------------------

Date: Wed, 2 Jun 2021 12:23:54 -0400 (EDT)
From: ACM TechNews <technews-editor@acm.org>
Subject: Tesla activates in-car camera to monitor drivers using Autopilot
(TechCrunch)

Kirsten Korosec, TechCrunch, 27 May 2021, via ACM TechNews, 2 Jun 2021

Electric-vehicle manufacturer Tesla has turned the in-car camera in its
Model 3 and Model Y vehicles into a monitor for when its Autopilot advanced driver assistance system is in use. A Tesla software update specified that
the ``cabin camera above the rearview mirror can now detect and alert driver inattentiveness while Autopilot is engaged,'' and that the system can save
or transit information [only] if data sharing is intentionally enabled.
Tesla has been criticized for failing to activate its in-vehicle driver monitoring technology amid growing evidence that owners were misusing Autopilot. Jake Fisher (*Consumer Reports*) said, ``If the new system
proves effective, it could help prevent distraction and be a major
improvement for safety -- potentially saving lives.''

https://orange.hosting.lsoft.com/trk/click?ref=znwrbbrs9_6-2b464x22b90ex067267&

[I hope someone inside the Tesla organization reads RISKS, and suggests
that this monitor needs to be super-reliable, survivable, resilient -- and
non-hackable -- because it is ultimately a single point of failure whose
failure is likely to result in nasty lawsuits. PGN

------------------------------

Date: Mon, 31 May 2021 15:24:56 -0400
From: Gabe Goldberg <gabe@gabegold.com>
Subject: Tesla brings the strategies pioneered by Apple to the auto industry
(WashPost)

Tesla is bringing the strategies pioneered by Apple to the auto
industry. Consumers are learning that's not always a good thing.

SAN FRANCISCO -- Tesla released its futuristic *Full Self-Driving* package
last year to great fanfare, criticism and the usual stream of video uploads showing off cars that could seemingly drive themselves.

Then something strange happened.

The electric-vehicle giant revoked access for some drivers, it said. Tesla
CEO Elon Musk announced on Twitter in March that some users who had received access to the company's most advanced driver-assistance features “did not
pay sufficient attention to the road.” Tesla did not say how it made the determination or who among the feature's 2,000 beta testers — who shelled
out thousands for the package that Tesla now priced at $10,000 — would lose access. [...]

The cars' groundbreaking over-the-air updates mean users can be subject to sudden performance changes if products become out of date — like battery throttling for which Apple has come under fire. Tesla's unique systems have also proved difficult for government authorities investigating crashes to decode, a problem that echoes federal authorities' difficulty unlocking
Apple devices. [...]

Months after buying a used Tesla Model S for nearly $46,000, Harpreet Singh began to notice the car wouldn't travel far enough on a single charge to
cover his work trips frequently stretching more than 200 miles.

Tesla had taken about 40 miles of range off his used Model S, which began
with 265 miles, in what Tesla said was an effort to protect the battery. The update also slowed down charging times, Singh said. Tesla ultimately agreed
to replace what it later concluded was a faulty battery, but at the expense
of what Singh has found is slower acceleration.

After the car and its new battery were working properly, Singh began to
dread system updates, because they introduced new problems like the shorter range and decreased charging rates.

Singh said he thinks about it like other tech updates. “I'm so comfortable with Windows 8. … Why do I have to change to Windows 10? And then everything breaks,” said Singh, 33, of Cypress, Tex. “Same thing here. … They can do anything to do it.” [...]

Full self-driving features are also not transferrable between cars, meaning
an owner who has shelled out $10,000 for the software would have to buy it
for their next Tesla as well.

Musk has said, however, that Tesla will look into upping the trade-in value
for a vehicle with Full Self-Driving, after some owners complained about
having to purchase it twice.

https://www.washingtonpost.com/technology/2021/05/14/tesla-apple-tech/

------------------------------

From: geoff goodfellow <geoff@iconia.com>
Date: Fri, 4 Jun 2021 13:18:36 -1000
Subject: Tesla apologizes after man in S.China locked in his car
due to power failure (Global Times)

https://www.globaltimes.cn/page/202106/1225359.shtml

------------------------------

Date: May 31, 2021 6:17:29 JST
From: Paul Davey <pd@pdc.co.uk>
Subject: A "lethal" weaponized drone "hunted down a human target" without
being told to for the first time (Business Insider)

https://www.businessinsider.com/killer-drone-hunted-down-human-target-without-being-told-un-2021-5?r=US&IR=T

A "lethal" weaponized drone "hunted down a human target" without being told
to for the first time, according to a UN report seen by the New Scientist.

The March 2020 incident saw a KARGU-2 quadcopter autonomously attack a human during a conflict between Libyan government forces and a breakaway military faction, led by the Libyan National Army's Khalifa Haftar, the Daily Star reported.

The Turkish-built KARGU-2, a deadly attack drone designed for asymmetric warfare and anti-terrorist operations, targeted one of Haftar's soldiers
while he tried to retreat, according to the paper.

[Also noted by Amnos Shapir.
For those who were wondering "what can possibly go wrong" -- it already
did,
PGN]

------------------------------

Date: Wed, 2 Jun 2021 11:11:57 +0100
From: "Wendy M. Grossman" <wendyg@pelicancrossing.net>
Subject: AI in medicine (Statnews)

Statnews reports on a study of 400 AI models proposed during the pandemic
for spotting illness and predicting which patients are most likely to have serious illness...and finds that all of them are flawed in surprisingly
obvious ways. Underlying problems of methodology is the paucity of large, available, diverse data sets. https://www.statnews.com/2021/06/02/machine-learning-ai-methodology-research-flaws/

The great thing about machine learning is it does RISKS at scale. WG

------------------------------

Date: Sat, 5 Jun 2021 17:45:25 -0400
From: Gabe Goldberg <gabe@gabegold.com>
Subject: AI Drone May Have Acted on Its Own in Attacking Fighters, U.N. Says
(NYTimes)

A United Nations report suggested that a drone, used against militia
fighters in Libya's civil war, may have selected a target autonomously.

https://www.nytimes.com/2021/06/03/world/africa/libya-drone.html

[Also noted by Jan Wolitzky, PGN]

------------------------------

Date: Thu, 3 Jun 2021 19:46:43 -0400
From: Gabe Goldberg <gabe@gabegold.com>
Subject: Don't End Up on This Artificial Intelligence Hall of Shame
(WiReD)

A list of incidents that caused, or nearly caused, harm aims to prompt developers to think more carefully about the tech they create.

https://www.wired.com/story/artificial-intelligence-hall-shame/

------------------------------

Date: Fri, 04 Jun 2021 12:57:00 -0700
From: "Robert Mathews (OSIA)" <mathews@hawaii.edu>
Subject: Bug in Siemens PLCs....

*"A New Bug in Siemens PLCs Could Let Hackers Run Malicious Code Remotely"* Ravie Lakshmanan, *The Hacker News*, 31 May 2021

https://thehackernews.com/2021/05/a-new-bug-in-siemens-plcs-could-let.html--

------------------------------

Date: Wed, 2 Jun 2021 06:45:23 -0600
From: "Matthew Kruk" <mkrukg@gmail.com>
Subject: Cyberattack closes JBS meat-packing facilities in Canada,
U.S. and Australia (CBC)

https://www.cbc.ca/news/business/jbs-meat-cyberattack-1.6048942

A ransomware attack against Brazilian meat-packing giant JBS has disrupted production in the U.S., Canada and Australia. JBS is the world's largest meatpacker and the attack caused its Australian operations to shut down on Monday and stopped livestock slaughter at its plants in several U.S. states
and the company's facility near Brooks, Alta.

The ransomware attack follows one last month on Colonial Pipeline, the
largest fuel pipeline in the U.S., which crippled fuel delivery for several days in the southeastern part of the country.

[Jan Wolitzky noted
Ransomware disrupts meat plants in latest attack on critical
U.S. business <https://www.nytimes.com/2021/06/01/business/meat-plant-cyberattack-jbs.html
PGN]

------------------------------

Date: Mon, 31 May 2021 12:25:54 -0400
From: Jan Wolitzky <jan.wolitzky@gmail.com>
Subject: How to Negotiate with Ransomware Hackers (The New Yorker)

Rachel Monroe, Annals of Technology, 7 Jun 2021

Kurtis Minder finds the cat-and-mouse energy of outsmarting criminal
syndicates deeply satisfying, 31 May 2021

https://www.newyorker.com/magazine/2021/06/07/how-to-negotiate-with-ransomware-hackers

------------------------------

Date: Tue, 1 Jun 2021 10:03:23 -1000
From: geoff goodfellow <geoff@iconia.com>
Subject: Malware Can Use This Trick to Bypass Ransomware Defense
in Antivirus Solutions ()

Researchers have disclosed significant security weaknesses in popular
software applications that could be abused to deactivate their protections
and take control of allow-listed applications to perform nefarious
operations on behalf of the malware to defeat anti-ransomware defenses.

The twin attacks, detailed <https://dl.acm.org/doi/10.1145/3431286> by academics from the University of Luxembourg and the University of London,
are aimed at circumventing the protected folder feature offered by antivirus programs to encrypt files (aka "Cut-and-Mouse") and disabling their
real-time protection by simulating mouse "click" events (aka "Ghost
Control").

"Antivirus software providers always offer high levels of security, and they are an essential element in the everyday struggle against criminals," said <https://wwwen.uni.lu/university/news/latest_news/researchers_discover_fix_vulnerability_in_antivirus_software>
Prof. Gabriele Lenzini, chief scientist at the Interdisciplinary Center for Security, Reliability, and Trust at the University of Luxembourg. "But they
are competing with criminals which now have more and more resources, power,
and dedication."

Put differently, shortcomings in malware mitigation software could not just permit unauthorized code to turn off their protection features, design flaws
in Protected Folders solution provided by antivirus vendors could be abused
by, say, ransomware to change the contents of files using an app that's provisioned write access to the folder and encrypt user data, or a wipeware
to irrevocably destroy personal files of victims. [...]

https://thehackernews.com/2021/06/malware-can-use-this-trick-to-bypass.html

------------------------------

Date: Tue, 1 Jun 2021 11:59:46 +0800
From: Richard Stein <rmstein@ieee.org>
Subject: This $5 billion insurance company likes to talk up its AI.
Now it's in a mess over it. (cnn.com)

https://edition.cnn.com/2021/05/27/tech/lemonade-ai-insurance/index.html

"But in Lemonade's IPO paperwork, filed with the Securities and Exchange Commission last June, the company wrote that AI Jim 'handles the entire
claim through resolution in approximately a third of cases, paying the
claimant or declining the claim without human intervention.'"

Lemonade walked-back that statement -- post-IPO, and after Twitter blasted
the brand for claiming their AI 'Jim' dispensed claim adjustment based on facial recognition.

Expect one or more lawsuits from investors who drank the lemonade without reading the label.

Risk: Overtrust reliance on AI business solution capabilities and commercial viability.

------------------------------

Date: Wed, 2 Jun 2021 15:17:04 PDT From: Peter Neumann <neumann@csl.sri.com> Subject: Steamship authority targeted in ransomware attack
(The Martha's Vineyard Times)

https://www.mvtimes.com/2021/06/02/ssa-targeted-ransomware-attack/

[Wiped out the ability to run operations online. Long delays.]

------------------------------

Date: Tue, 1 Jun 2021 10:39:32 -0700
From: Paul Burke <box1320@gmail.com>
Subject: Cybersecurity insurance, if you can get it (knowbe4)

Article from IT security consultant, about ransomware insurance: https://blog.knowbe4.com/cybersecurity-insurance-landscape-is-fundamentally-changing-right-now

- "Ransomware has been so successful in compromising victims and getting
big payouts that it has led to a rapid, fundamental change in the
cybersecurity industry. Many previous cybersecurity insurance players are
getting out of the industry or refusing to insure for ransomware and
other cyber crime. Those that are left are charging more, insuring for
less and requiring proof of far stronger controls before a policy is
issued...

- They contract with experienced companies that respond to hundreds to
thousands of ransomware events a year...

- Ransomware gangs had obviously searched for and found a victim's
insurance policy after breaking into the victim's environment...
ransomware gang would respond with the maximum figure they knew the
victim was insured for. So, a hint to anyone who has a cybersecurity
policy, make sure that document is not online or specially protect it...

- They will ascertain your current risk, make recommendations, and
constantly monitor your status. You need someone to read your logs or
patch your computers, your friendly cybersecurity insurance company may
be able to do that for you..."

------------------------------

Date: Thu, 3 Jun 2021 10:21:14 PDT
From: Peter Neumann <neumann@csl.sri.com>
Subject: Supreme Court narrows cybercrime law (The Hill)

Chris Mills Rodrigo, 3 Jun 2021

https://thehill.com/policy/technology/556686-supreme-court-narrows-cybercrime-law

The Supreme Court limited the scope of a crucial federal computer fraud law Thursday by overturning the conviction of a former police officer accused of misusing a government database.

The justices sided 6-3 with Georgia police sergeant Nathan Van Buren in his appeal of a conviction under the Computer Fraud and Abuse Act. Conservative Justices Clarence Thomas, John Roberts and Samuel Alito dissented.

The 1986 law prohibits accessing a computer “without
authorization or exceeding authorized access."

The Justice Department had argued that Van Buren ran afoul of that law when
he took a bribe to access a woman's license plate information in what was a 2015 FBI sting operation. The former officer had argued that that interpretation was too broad because he did have legitimate access to the database, even if he misused it.

If simply violating the terms of a system is illegal under the CFAA, his
team argued, then people could be charged for things as mundane as using
work computers for personal use.

The majority opinion, penned by Amy Coney Barrett, echoed that assessment.
"The Government's interpretation of the 'exceeds authorized access' clause would attach criminal penalties to a breathtaking amount of commonplace computer activity," the opinion reads. "For instance, employers commonly
state that computers and electronic devices can be used only for business purposes. On the Government's reading, an employee who sends a personal
e-mail or reads the news using a work computer has violated the CFAA."

------------------------------

Date: Wed, 2 Jun 2021 13:29:52 -0400
From: Gabe Goldberg <gabe@gabegold.com>
Subject: High-tech policing: Suspect identified after posting pic
of his hand holding cheese (LinkedIn)

https://www.linkedin.com/posts/christian-quinn_innovation-technology-policy-activity-6803646475923443712-H7ph/

------------------------------

Date: Sat, 5 Jun 2021 17:46:21 -0400
From: Gabe Goldberg <gabe@gabegold.com>
Subject: Our digital pasts weren't supposed to be weaponized like this
(NYTimes)

A recent firing at The Associated Press is the latest example of the way in which our digital pasts are never far from the present, despite what early internet evangelists thought.

https://www.nytimes.com/2021/05/29/technology/emily-wilder-firing-ap.html

------------------------------

Date: Tue, 1 Jun 2021 20:26:58 -0400
From: Monty Solomon <monty@roscom.com>
Subject: Will the Excelsior Pass, New York's Vaccine Passport, CatchOn?

More than 1 million Excelsior passes have been downloaded since they were introduced, but officials are hoping they will be adopted more widely.

https://www.nytimes.com/2021/06/01/nyregion/excelsior-pass-vaccine.html

------------------------------

Date: Tue, 1 Jun 2021 10:19:00 -0700
From: Rob Slade <rslade@gmail.com>
Subject: How do you know this isn't a fake posting? (Rob Slade)

90% of Americans think they are better than average at detecting *fake
news*, Which is impossible, and they aren't as good as they think they are.

https://lite.cnn.com/en/article/h_077b962ec93232039cadc784d15124a5

Krueger-Dunning lives ...

------------------------------

Date: Sun, 30 May 2021 08:42:59 -0700
From: Lauren Weinstein <lauren@vortex.com>
Subject: Amazon "stealing" your data is not the same as what Comcast is
doing

There is some confusion about what Comcast is doing when it sets up public Wi-Fi using customers' in-home modems, vis-a-vis what Amazon's new data "stealing" scheme is doing. There are big differences.

1) Comcast is setting up essentially a separate virtual LAN for the
public Wi-Fi that does not interact with your normal data flows.

2) Comcast is adjusting for that secondary usage so that it has no
impact on your usage costs or usable bandwidth.

Amazon is just taking your data without your affirmative permission, to
service their other customers.

------------------------------

Date: Fri, 4 Jun 2021 13:59:27 -0400
From: Monty Solomon <monty@roscom.com>
Subject: Amazon Sidewalk Poised to Sweep You Into Its Mesh (ThreatPost)

https://threatpost.com/amazon-sidewalk-to-sweep-you-into-its-mesh/166581/

------------------------------

Date: Tue, 1 Jun 2021 10:43:33 -0700
From: Rob Slade <rslade@gmail.com>
Subject: Emergency Amazon

Amazon is partnering with aid organizations, including the Red Cross, to get disaster relief materials to where they are needed in a disaster. https://lite.cnn.com/en/article/h_bc341a644b497f6388fd9bfdbc8a6db3

On the one hand, it's great to see a giant corporation helping out.

On the other hand, does Amazon become a single point of failure for
disaster relief?

------------------------------

Date: Thu, 3 Jun 2021 07:32:38 -0400
From: Bob Gezelter <gezelter@rlgsc.com>
Subject: Amazon home devices may now use part of your WAN uplink
for a mesh network with neighbors' Amazon Devices (Newser)

An interesting and unsettling development on multiple levels. First, there
is the technical issue of whether the implementation is truly secure,
including whether information can be deduced from such activity. Second,
there is a question of propriety. Is it desirable for that level of personal observation to be transmitted outside the residence. Thirdly, is taking any amount of my paid for bandwidth legal and acceptable? An additional, and perhaps more important question is whether such a feature should be enabled
by default. NOTE: The referenced article contains a number of web references
to The Guardian, Ars Technica, and other mainstream sources.

https://www.newser.com/story/306874/amazon-is-about-to-take-and-share-a-slice-of-your-internet.html

------------------------------

Date: Tue, 1 Jun 2021 14:17:53 -0400
From: Gabe Goldberg <gabe@gabegold.com>
Subject: FCC's emergency connectivity funds ineligible for school and
library self-provisioned networks (Broadband Breakfast)

But when the rules on how to spend the money were finalized on May 10th, the FCC's Report and Order declared that schools and libraries could not use Connectivity Funds to build self-provisioned networks, but instead could
only use the funds to purchase Wi-Fi hotspots, modems, routers, and
connected devices, such as laptop computers and tablets.

The one exception in which schools and libraries can use Connectivity Funds
to build self-provisioned networks is in “areas where no service is
available for purchase,” based on data self-reported by private ISPs.

The Report and Order indicates the agency was not convinced allowing schools and libraries to build their own networks with the funds would be consistent with the goals Congress intended for the program, as the language in the
Rescue Plan states that the Connectivity Fund is limited to the purchase of eligible equipment or advanced telecommunications and information services,
as defined here.

What's striking about that FCC interpretation is that it is completely at
odds with what the Biden Administration has been espousing in the American
Jobs Plan: that building publicly-owned community networks and investing in future-proof infrastructure are a crucial part of closing the digital
divide. This FCC decision is a recipe for cutting students off from
broadband Internet access as soon as Congressional appropriations run out rather than using those funds for solutions that will operate sustainably
into the future.

Not Trying to Rock the Big Telco Boat

When the Connectivity Fund was first introduced, smaller Internet Service Providers, public interest groups, and education advocates petitioned the
FCC to allow for the federal funds headed to schools and libraries to be eligible for use to build school and community networks.

The Schools, Health and Libraries Broadband Coalition; the American Library Association; and the Consortium for School Networking all found that self-provisioned networks are the most cost-effective way to permanently
close the homework gap. They advocated for giving schools and libraries the most flexibility to spend these dollars and maintained that local administrators are best positioned to decide how to bridge gaps in connectivity.

Instead, the Connectivity Fund is now set to give limited remote learning
funds to the same corporate ISPs that gave rise to the homework gap in the first place. The program gives a strong preference to funding hotspots
provided by existing wireless mobile service providers, mainly AT&T,
Verizon, and T-Mobile. (In fact, AT&T, Verizon, and CenturyLink all lobbied
the agency to disqualify [pdf] self-provisioning from being eligible for ECF support.)

The agency has also announced that the program will be forward-looking; therefore, lower priority will be placed on reimbursing schools and
libraries for equipment purchased over the past year to expand existing networks or build new networks to serve students and library patrons.

https://broadbandbreakfast.com/2021/05/fccs-emergency-connectivity-funds-ineligible-for-school-and-library-self-provisioned-networks/

------------------------------

Date: Tue, 1 Jun 2021 14:20:16 -0400
From: Gabe Goldberg <gabe@gabegold.com>
Subject: E-Commerce liability cases could open floodgates for lawsuits,
panelists agree (Broadband Breakfast)

Amazon is entangled in local legal cases that could set off lawsuits for third-party products sold on its platform.

May 27, 2021—Emerging legal rulings holding online retailers
liable for defective third-party products could cause a ripple effect of lawsuits if more courts across the nation adopt that position, according to
a panel of legal experts at an event hosted by the Information Technology & Innovation Foundation on Wednesday.

Product liability law has traditionally held that the
“seller” of products are responsible for the defects
those products may have. You buy a curling iron from Target, for instance,
not directly from Dyson. Target is the seller, and in the case of product defection, Target may be the responsible party.

But Amazon has avoided the legal distinction of seller until recently by arguing that they merely act as the middleman in transactions, and that when items are purchased from its website, business is done directly with the manufacturer, which would be responsible in any legal proceeding. Some have argued that this insulation from liability has made e-commerce companies
like Amazon far too powerful.

But two rulings in California and one outstanding case in Texas are
challenging that assumption.

https://broadbandbreakfast.com/2021/05/e-commerce-liability-cases-could-open-floodgates-for-lawsuits-panelists-agree/

------------------------------

Date: Fri, 4 Jun 2021 18:08:52 -0400
From: Gabe Goldberg <gabe@gabegold.com>
Subject: Norton Antivirus Is Now a Cryptominer; Wait, what (Review Geek)

You can't be serious. Norton 360, the somewhat-frustrating antivirus
software that comes preinstalled on many Windows computers, will soon have a built-in Ethereum cryptominer. In its press release, NortonLifeLock says
that Norton Crypto will empower people to mine with a “brand they
trust” instead of taking risks and running “unvetted
code” on their computers. [...]

But let's be realistic for a second—the kind of people
who will use Norton Crypto probably wouldn't go out of their way
to download a spooky, “unvetted” cryptomining
software. They will only use Norton Crypto because it came preinstalled on their computer and, at a glance, produces free money. Norton Crypto users
may not fully understand how the software works, the impact that
cryptomining has on their computer's lifespan, the tax
requirements for cryptomining, or the risks involved with crypto trading.

At its launch, Norton Crypto will only produce Ethereum, which is difficult
to mine on a single laptop or desktop. As noted by the BBC, it looks like NortonLifeLock will get around the problem by combining miners'
computing power into a “pool” and divvying up
earnings. Problem is, it's common for crypto pools to have a 1%
fee. If Norton Crypto relies on such a system, then NortonLifeLock could develop an extremely lucrative revenue stream at the expense of its
customers' computer hardware and naïvety.

https://www.reviewgeek.com/86346/norton-antivirus-is-now-a-cryptominer-wait-what/

News that sounds like a joke. I ran Norton SystemWorks, then Norton 360.
Gave it up because ... I forget why; maybe too heavy a footprint, too expensive, maybe Windows Defender and such became good enough. I've never missed it or Norton itself.

------------------------------

Date: Wed, 2 Jun 2021 00:37:33 -0400
From: Gabe Goldberg <gabe@gabegold.com>
Subject: The Mayor of Reno Is Betting Big on the Blockchain (WiReD)

But this spring, [Mayor] Schieve (pronounced SHE-vee) devised a potential solution: a non-fungible token, or NFT, offered for sale on a blockchain
called Tezos. The new owner would receive a .CAD file and a video from the artist, but the actual, physical sculpture would stay in that downtown Reno plaza. The proceeds would raise funds for the city to clean up the whale and preserve it for the public to enjoy. Schieve realized this type of semi-symbolic sale might require some sweetening. So she was contemplating offering benefits, like tagging along on her annual trip to Burning Man with

[continued in next message]

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)