RISKS-LIST: Risks-Forum Digest Tuesday 1 November 2022 Volume 33 : Issue 50

ACM FORUM ON RISKS TO THE PUBLIC IN COMPUTERS AND RELATED SYSTEMS (comp.risks) Peter G. Neumann, founder and still moderator

***** See last item for further information, disclaimers, caveats, etc. ***** This issue is archived at <http://www.risks.org> as
<http://catless.ncl.ac.uk/Risks/33.50>
The current issue can also be found at
<http://www.csl.sri.com/users/risko/risks.txt>

Contents:
Tesla under US criminal investigation over self-driving claims,
(The Guardian)
Science Has a Nasty Photoshopping Problem (Elisabeth Bik)
'Deepfakes' of Celebrities Appearing in Ads (Patrick Coffee)
Musk, Twitter, and Disinformation (Lauren Weinstein via PGN)a
Facebook's Ad-Delivery Algorithm Discriminates Based on Race, Gender, Age
(Northeastern)
Confirming Election Results with Risk-Limiting Audits (Rice U.)
Self-Driving Cars Face Uncertain Path to U.S. Deployment (Reuters)
One month aftermath of the Nord Stream pipeline explosion (Switch-Plan)
Square sells access to your inbox. No one seems toknow if the law
cares. (Protocol)
Steve Bannon and democracy? (Lauren W., PGN retitled)
Many UFO Reports Are Just Spy Drones or Airborne Trash (NYTimes)
Re: NYC's Emerg. Med. Svc 911 system was crippled 'cuz (Dick Mills)
Re: GPS interference caused the FAA to reroute Texas air traffic.
(Richard S. Russell)
Re: Iran Hackers Behind Attempt on US Election Are Still Active
(Steve Bacher)
Abridged info on RISKS (comp.risks)

----------------------------------------------------------------------

Date: Wed, 26 Oct 2022 13:57:31 -0700
From: Lauren Weinstein <lauren@vortex.com>
Subject: Tesla under US criminal investigation over self-driving claims,
(The Guardian)

https://www.theguardian.com/technology/2022/oct/26/tesla-criminal-investigation-self-driving-claims-sources

------------------------------

Date: Mon, 31 Oct 2022 00:25:31 +0000
From: Henry Baker <hbaker1@pipeline.com>
Subject: Science Has a Nasty Photoshopping Problem (Elisabeth Bik)

Elisabeth Bik, *The New York Times*, 29 Oct 2022

If this 'scientific disinformation' problem isn't stopped quickly, the
recent rejections of COVID science will seem a walk in the park.

https://www.nytimes.com/interactive/2022/10/29/opinion/science-fraud-image-manipulation-photoshop.html

One evening in January 2014, I sat at my computer at home, sifting through scientific papers. Being a microbiologist, this wasn't unusual, although I certainly didn't expect to find what I did that night.

These particular papers were write-ups of medical research, with many
including photographs of biological samples, like tissue. One picture caught
my eye. Was there something familiar about it? Curious, I quickly scrolled
back through other papers by the same authors, checking their images against each other.

There it was. A section of the same photo being used in two different
papers to represent results from three entirely different experiments.

What's more, the authors seemed to be deliberately covering their
tracks. Although the photos were of the same sample, one appeared to have
been flipped back-to-front, while the other appeared to have been stretched
and cropped differently.

Although this was eight years ago, I distinctly recall how angry it made me. This was cheating, pure and simple. By editing an image to produce a desired result, a scientist can manufacture proof for a favored hypothesis, or
create a signal out of noise. Scientists must rely on and build on one another's work. Cheating is a transgression against everything that science should be. If scientific papers contain errors or -- much worse --
fraudulent data and fabricated imagery, other researchers are likely to
waste time and grant money chasing theories based on made-up results.

But were those duplicated images just an isolated case? With little clue
about how big this would get, I began searching for suspicious figures in biomedical journals. [...[

By day I went to my job in a lab at Stanford University, but I was soon spending every evening and most weekends looking for suspicious images. In 2016, I published an analysis of 20,621 peer-reviewed papers, discovering problematic images in *no fewer than one in 25*. Half of these appeared to
have been manipulated deliberately &mdash; rotated, flipped, stretched or otherwise photoshopped. With a sense of unease about how much bad science
might be in journals, I quit my full-time job in 2019 so that I could devote myself to finding and reporting more cases of scientific fraud.

[Elisabeth appears to be a very gifted sleuth-sayer!]

------------------------------

Date: Wed, 26 Oct 2022 12:03:32 -0400 (EDT)
From: ACM TechNews <technews-editor@acm.org>
Subject: 'Deepfakes' of Celebrities Appearing in Ads (Patrick Coffee)

Patrick Coffee, *The Wall Street Journal*, 25 Oct 2022,
via ACM TechNews; 26 Oct 2022

Deepfakes of celebrities have started to appear in ads, with and without
their consent. Experts say the growing use of deepfake software could change the marketing industry significantly while raising new legal and ethical issues, making it difficult for celebrities to rein in unauthorized digital reproductions and brand manipulation. U.S. legislative efforts to contain deepfakes include criminalization of their use in revenge porn in Virginia,
and a Texas ban on their use in political campaigns. However, experts cite a lack of legislation addressing deepfake usage in commercials, and anticipate
as a result deepfakes will become increasingly popular in advertising.

[The annoying orange-hosting URLs will henceforth be expunged.]

------------------------------

Date: Wed, 26 Oct 2022 21:27:17 -0700
From: Lauren Weinstein <lauren@vortex.com>
Subject: Musk, Twitter, and Disinformation

[PGN compilation of various comments over 6 days, in approximate
chronological order.]

1. How to part fools from their money, Twitter goes big on NFTs!
Of course. Crypto. How to part fools from their money. The new Twitter. https://decrypt.co/113007/twitter-buy-sell-nfts-tweets-magic-eden-dapper-rarible

2. How to report hate speech, etc. on Twitter to Google Play Store https://support.google.com/googleplay/answer/2853570?hl=en&co=GENIE.Platform%3DAndroid

3. In all seriousness, I wish only the best for @Twitter -- and despite
Musk's dramatic flare the most interesting thing to watch will be the
degree to which he acknowledges his lack of experience in this area and
reaches out to experts who understand the national and global
implications. -L

4. Musk starts firing execs, having them thrown out of the offices REPORT:
CEO, CFO, top legal and policy exec, and general counsel fired, one
"escorted" out of the office. Unclear if he was handcuffed.
[Twitter informs me that news stories claiming firing of data engineering
team are FALSE. -L]

5. EU Official Warns Elon Musk After Twitter Deal: 'The Bird Will Fly by
Our Rules' https://www.wsj.com/articles/eu-official-warns-elon-musk-after-he-buys-twitter-the-bird-will-fly-by-our-rules-11666963706

6. Elon Musk's Twitter 'bird will fly by EU rules,' Brussels warns after
billionaire takes control https://www.euronews.com/next/2022/10/28/done-deal-elon-musk-now-has-control-of-twitter-and-has-already-fired-its-top-executives

7. Twitter Debates Musk's Proposed 'Moderation Council' as Users Volunteer https://www.newsweek.com/twitter-debates-musks-proposed-moderation-council-users-volunteer-1755546

9. My sense at the moment is that Twitter under Musk would continue to
moderate hate speech per se pretty much as they have, but tend to let
disinformation run amok. The latter has much more potential to have
political impact, and "fits the profile" so to speak. -L

9. [Sen] Murphy calls for national security review of foreign investors in
Musk Twitter acquisition consortium https://thehill.com/policy/technology/3712679-murphy-calls-for-national-security-review-of-foreign-investors-in-musk-twitter-acquisition-consortium/

10. Elon Musk tells Europe that Twitter will comply with bloc's illegal
speech rules
https://techcrunch.com/2022/10/31/elon-musk-twitter-dsa-comply/

11. Hate speech vs. disinformation

There is of course a hazy gray area between hate speech and
disinformation, and it can be assumed that this will be exploited to the
maximal extent possible for evil. -L

12. Revenue idea for Elon's Twitter!

Revenue idea for @Twitter - charge per original tweet sent & number of
followers. Charging algorithm will add 100x weight for each blue check
recipient. Average tweet across platform would cost ~$5. You can rake it
in Elon! Tesla & SpaceX will be revenue babes in comparison! -L

13. Bailing out Elon

Keep in mind the bottom line. Musk has admitted that he overpaid for
@Twitter -- and now he wants us to pay for it and essentially bail out
the richest man on the planet. What's wrong with this picture?

[Also: Gabe Goldberg:
Elon Musk Takes Twitter, and Tech Deals, to Another Level. Silicon
Valley moguls used to buy yachts and islands. Now they are rich enough,
and perhaps arrogant enough, to acquire companies they fancy. https://www.nytimes.com/2022/10/28/technology/twitter-deal-musk-tech-companies.html
PGN]

------------------------------

Date: Wed, 26 Oct 2022 12:03:32 -0400 (EDT)
From: ACM TechNews <technews-editor@acm.org>
Subject: Facebook's Ad-Delivery Algorithm Discriminates Based on Race,
Gender, Age (Northeastern)

Cody Mello-Klein, News@Northeastern, 25 Oct 2022,
via ACM TechNews; 26 Oct 2022

Northeastern University researchers found Facebook's ad-delivery algorithm sends advertising to users based on their race, gender, and age. For
example, "When you choose to include a picture of a woman versus a man, in general it will go more to women, except images of young women, which go
more to older men," explained Northeastern's Alan Mislove. Facebook's
algorithm is trained on the data parent company Meta has collected from all
ads run on the platform and the responses those ads received. Northeastern's Piotr Sapiezynski said the algorithm uses race, gender, and age to make
"very crude" estimations about where to transmit ads.

------------------------------

Date: Wed, 26 Oct 2022 12:03:32 -0400 (EDT)
From: ACM TechNews <technews-editor@acm.org>
Subject: Confirming Election Results with Risk-Limiting Audits (Rice U.)

Mike Williams, Rice University News, 24 Oct 2022,
via ACM TechNews; 26 Oct 2022

Rice University's Dan Wallach, working with Matthew Bernhard at nonprofit VotingWorks, found risk-limiting audits (RLAs) can be used to confirm
election outcomes. Bernhard said RLAs offer "a high degree of accuracy and transparency without the enormous undertaking that is counting every contest
on every ballot by hand." The researchers said most scenarios would fit one
of three RLA levels. Ballot comparison audits, described as most efficient
and precise, involve paper ballots being individually numbered by the ballot scanner, so auditors can verify the corresponding electronic record. Less precise are ballot-polling audits, which compare a random sample of ballots
to electronic totals, and batch comparison audits, which compare groups of ballots.

------------------------------

Date: Mon, 31 Oct 2022 11:47:02 -0400 (EDT)
From: ACM TechNews <technews-editor@acm.org>
Subject: Self-Driving Cars Face Uncertain Path to U.S. Deployment (Reuters)

David Shepardson, Reuters. 28 Oct 2022, via ACM TechNews, 31 Oct 2022

The difficult path to deploying autonomous vehicles (AVs) was highlighted by
an announcement on Oct. 26 that Ford Motor Co. and Volkswagen AG would close their self-driving startup Argo AI, citing the fact that the technology is still a long way off. This comes as legislation to amend regulations to
include self-driving cars remains stalled in Congress, and officials at the U.S. National Highway Traffic Safety Administration (NHTSA) have not
revealed when they might act on petitions to grant initial approval to self-driving vehicles without human controls. Meanwhile, lawmakers and
industry representatives have called on U.S. Transportation Secretary Pete Buttigieg to develop a comprehensive federal framework for AVs to ensure the nation remains competitive, especially as China has made substantial investments in autonomous and connected vehicle technologies.

------------------------------

Date: Wed, 26 Oct 2022 08:53:56 +0000
From: kendall.clarke@papernest.com
Subject: One month aftermath of the Nord Stream pipeline explosion
(Switch-Plan)

The Aftermath of the Nord Stream Pipeline <https://www.switch-plan.co.uk/news/nord-stream-pipeline/>

This covers topics from what the Nord Stream Pipeline is and who is behind
the explosion.

I'm the content manager working with Switch Plan, a major player in the UK telecommunications market. Please avoid problems with copywriting and plagiarism defined by Google [by not posting the entire article].

------------------------------

Date: Thu, 27 Oct 2022 14:06:16 -0400
From: Gabe Goldberg <gabe@gabegold.com>
Subject: Square sells access to your inbox. No one seems to know if the law
cares. (Protocol)

When his work inbox got flooded with reminders of his most twee shopping habits, he found out the Block-owned service throws up obstacles to getting
out of its marketing business.

https://www.protocol.com/policy/block-square-privacy

Interesting, in that I use Square a lot -- mostly farmers market vendors, though some brick/mortar stores too -- and Square-originated email I get is almost exclusively receipts.

------------------------------

Date: Thu, 27 Oct 2022 16:54:10 -0700
From: Lauren Weinstein <lauren@vortex.com>
Subject: Steve Bannon and democracy? [PGN retitled]

Steve Bannon promises to threaten "every member of Congress" "by
bayonet" if they don't fall in line

https://www.mediamatters.org/steve-bannon/steve-bannon-promises-threaten-every-member-congress-bayonet-if-they-dont-fall-line

------------------------------

Date: Sun, 30 Oct 2022 16:10:21 -0400
From: Gabe Goldberg <gabe@gabegold.com>
Subject: Many UFO Reports Are Just Spy Drones or Airborne Trash (NYTimes)

Forget space aliens or hypersonic technology; classified assessments show
that many episodes have ordinary explanations.

https://www.nytimes.com/2022/10/28/us/politics/ufo-military-reports.html

Surprise.

Well, no.

------------------------------

Date: Sun, 30 Oct 2022 16:40:33 -0400
From: "Dick Mills" <dickandlibbymills@gmail.com>
Subject: Re: NYC's Emerg. Med. Svc 911 system was crippled 'cuz ...
(RISKS-33.49)

This type of snafu was much more common prior to (guess what) Y2K? In the years 1998 and 1999, countless computer systems, and their backups were re-evaluated. In many cases, they were replaced. Y2K was a grand excuse
for IT departments to receive generous funding for modernization. Prior to then, they had to live with "If it ain't broke, don't fix it."

Prior to 2000, backups were so poorly designed and poorly tested, that
comedic outcomes were almost the norm. After 2000 less so. The pinnacle of success came on 9/11/2001, when the operations centers of hundreds of vial companies were destroyed. Every one of them, without exception, transferred
to off-site backups within seconds. I'm sure that if the attack had
happened prior to 1998, the outcome would have been very different. The
power grid also was able to contain blackouts to the destroyed city blocks. There were zero cascading failures.

Of course, prior to 2000 we had companies like Tandem Computers and Digital Equipment Corporation that offered superbly reliable computers able to fail over to backups including off-site backups. However, those technologies
were only used in a tiny fraction of all installations.

If the NYC 911 center was truly modern, that EPO button would have been
pressed dozens of times during acceptance testing, and probably once per
month during testing of fail over to backups.

------------------------------

Date: Sat, 29 Oct 2022 17:21:57 -0500
From: "Richard S. Russell" <RichardSRussell@tds.net>
Subject: Re: GPS interference caused the FAA to reroute Texas air traffic.
(RISKS-33.49)

The advisory read in part: ATTN ALL AIRCRAFT. GPS REPORTED UNRELIABLE
WITHIN 40 NM OF DFW.

[This is the perl unscrambling.]
And of course, when you issue your advisories in ALL CAPS (What, are they
still using TeleTypes, which don't even recognize the â¢â%â@â
alone the ââ¬ât tell the difference between a nautical mile and a nano metre.

[This is the original received text.]
And of course, when you issue your advisories in ALL CAPS (What, are they
still using TeleTypes, which don't even recognize the
=E2=80=9C=C2=A2=E2=80=9D, =E2=80=9C%=E2=80=9D, or =E2=80=9C@=E2=80=9D characters, let alone the =E2=80=9C=E2=82=AC=E2=80=9D?), you can't tell the difference between a nautical mile and a nanometre.

[I think you get the idea. PGN]

If the FAA's technology is that obsolete, it;s a wonder we don't have a
major air disaster every other day.

------------------------------

Date: Wed, 26 Oct 2022 18:30:53 +0000 (UTC)
From: Steve Bacher <sebmb1@verizon.net>
Subject: Re: Iran Hackers Behind Attempt on US Election Are Still Active
(RISKS-33.49)

"The group has a preference for websites and online portals running PHP
code or those with externally accessible mySQL databases. It uses
open-source penetration testing tools such as SQLmap and Acunetix."

Have the RISKS of open-source penetration testing tools been discussed here?

[They have, but probably too long ago. TNX for reopening it up. PGN]

------------------------------

Date: Mon, 1 Aug 2020 11:11:11 -0800
From: RISKS-request@csl.sri.com
Subject: Abridged info on RISKS (comp.risks)

The ACM RISKS Forum is a MODERATED digest. Its Usenet manifestation is
comp.risks, the feed for which is donated by panix.com as of June 2011.

SUBSCRIPTIONS: The mailman Web interface can be used directly to

subscribe and unsubscribe:
http://mls.csl.sri.com/mailman/listinfo/risks

SUBMISSIONS: to risks@CSL.sri.com with meaningful SUBJECT: line that

includes the string `notsp'. Otherwise your message may not be read.
*** This attention-string has never changed, but might if spammers use it.

SPAM challenge-responses will not be honored. Instead, use an alternative

address from which you never send mail where the address becomes public!

The complete INFO file (submissions, default disclaimers, archive sites,

copyright policy, etc.) is online.
<http://www.CSL.sri.com/risksinfo.html>
*** Contributors are assumed to have read the full info file for guidelines!

OFFICIAL ARCHIVES: http://www.risks.org takes you to Lindsay Marshall's

searchable html archive at newcastle:
http://catless.ncl.ac.uk/Risks/VL.IS --> VoLume, ISsue.
Also, ftp://ftp.sri.com/risks for the current volume/previous directories
or ftp://ftp.sri.com/VL/risks-VL.IS for previous VoLume
If none of those work for you, the most recent issue is always at
http://www.csl.sri.com/users/risko/risks.txt, and index at /risks-33.00
ALTERNATIVE ARCHIVES: http://seclists.org/risks/ (only since mid-2001)
*** NOTE: If a cited URL fails, we do not try to update them. Try
browsing on the keywords in the subject line or cited article leads.
Apologies for what Office365 and SafeLinks may have done to URLs.

Special Offer to Join ACM for readers of the ACM RISKS Forum:

<http://www.acm.org/joinacm1>

------------------------------

End of RISKS-FORUM Digest 33.50
************************

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)