• Risks Digest 31.52 (1/2)

    From RISKS List Owner@21:1/5 to All on Thu Jan 2 16:28:27 2020
    RISKS-LIST: Risks-Forum Digest Thursday 2 January 2020 Volume 31 : Issue 52

    ACM FORUM ON RISKS TO THE PUBLIC IN COMPUTERS AND RELATED SYSTEMS (comp.risks) Peter G. Neumann, moderator, chmn ACM Committee on Computers and Public Policy

    ***** See last item for further information, disclaimers, caveats, etc. ***** This issue is archived at <http://www.risks.org> as
    <http://catless.ncl.ac.uk/Risks/31.52>
    The current issue can also be found at
    <http://www.csl.sri.com/users/risko/risks.txt>

    Contents:
    China flight systems jammed by pig farm's African swine fever defences
    (SCMP)
    Boeing spacecraft lands safely in New Mexico desert, a successful end to a
    flawed test mission (The Washington Post)
    Laser-based attacks for controlling voice-activated systems such as
    Amazon's Alexa (Light Commands)
    Science Under Attack: How Trump Is Sidelining Researchers and Their Work
    (The NY Times)
    Bumble blocked Sharon Stone, thinking she was a fake (WashPost)
    U.S. Coast Guard discloses Ryuk ransomware infection at maritime facility
    (DCO)
    CIA devised way to restrict missiles given to allies, researcher says
    (Reuters)
    Chinese Cloud Hopper hacking campaign is worse than thought (The Verge)
    Wawa Data Breach: DC, VA Customers Could Be Affected (Patch)
    Hackers steal data for 15 million patients, then sell it back to
    lab that lost it (Ars Technica)
    Executive dies, taking investor cryptocurrency with him. Now they want the
    body exhumed (Charlie Osborne)
    Driving surveillance: What does your car know about you? We hacked a 2017
    Chevy to find out. (WashPost)
    Cars towed in South End due to city error (The Boston Globe)
    How tourists take their lives into their own hands (WashPost)
    Some junk for sale on Amazon is very literally garbage, report finds
    (ArsTechnica)
    This alleged Bitcoin scam looked a lot like a pyramid scheme (WiReD)
    Apple's new Screen Time Communication Limits are easily beaten with a bug
    (ArsTechnica)
    2019 Apple Platform Security guide shows what it is doing to 'push the
    boundaries' of security and privacy (9to5Mac)
    Wave of Ring surveillance camera hacks tied to podcast, report finds
    (Ars Technica)
    How to Track President Trump (*The New York Times*)
    India's Internet shutdown shows normal practice for sovereign countries
    (Prashanth Mundkur)
    Resignation of Board Members from Verified Voting (Rebecca Mercuri)
    Meet Cliff Stoll, the Mad Scientist Who Invented the Art of Hunting Hackers
    (WiReD)
    Planned Obsolescence (npr.org)
    Re: Human error installing SCADA system leads to 7.5 million gallons of, raw
    sewage dumped in Valdosta, GA (Martin Ward)
    Re: What happens if your mind lives for ever on the Internet? (Amos Shapir,
    Roderick Rees)
    Re: Bates v Post Office litigation: reliability of computers
    (Kelly Bert Manning)
    Abridged info on RISKS (comp.risks)

    ----------------------------------------------------------------------

    From: Monty Solomon <monty@roscom.com>
    Date: Sat, 21 Dec 2019 18:23:25 -0500
    Subject: China flight systems jammed by pig farm's African swine fever
    defences (SCMP)

    https://www.scmp.com/news/china/society/article/3042991/china-flight-systems-jammed-pig-farms-african-swine-fever

    ------------------------------

    Date: Sun, 22 Dec 2019 10:26:18 -0500
    From: Gabe Goldberg <gabe@gabegold.com>
    Subject: Boeing spacecraft lands safely in New Mexico desert, a successful
    end to a flawed test mission (The Washington Post)

    Because of a software problem, the uncrewed capsule had to abort its flight
    to the International Space Station

    https://www.washingtonpost.com/technology/2019/12/22/boeing-spacecraft-lands-safely-new-mexico-desert-successful-end-flawed-test-mission/

    ------------------------------

    Date: Tue, 31 Dec 2019 10:44:26 PST
    From: "Peter G. Neumann" <neumann@csl.sri.com>
    Subject: Laser-based attacks for controlling voice-activated systems
    such as Amazon's Alexa.

    https://lightcommands.com/

    [Thanks to Steven Cheung at SRI.]

    ------------------------------

    Date: December 29, 2019 18:46:13 JST
    From: Dewayne Hendricks <dewayne@warpspeed.com>
    Subject: Science Under Attack: How Trump Is Sidelining Researchers and Their
    Work (The NY Times)

    Brad Plumer and Coral Davenport, *The New Work Times*, 28 Dec 2019
    [Long item truncated for RISKS. PGN]

    In three years, the administration has diminished the role of science in policymaking while disrupting research projects nationwide. Experts say the effects could be felt for years.

    https://www.nytimes.com/2019/12/28/climate/trump-administration-war-on-science.html

    WASHINGTON -- In just three years, the Trump administration has diminished
    the role of science in federal policymaking while halting or disrupting research projects nationwide, marking a transformation of the federal government whose effects, experts say, could reverberate for years.

    Political appointees have shut down government studies, reduced the
    influence of scientists over regulatory decisions and in some cases
    pressured researchers not to speak publicly. The administration has particularly challenged scientific findings related to the environment and public health opposed by industries such as oil drilling and coal mining. It has also impeded research around human-caused climate change, which
    President Trump has dismissed despite a global scientific consensus.

    But the erosion of science reaches well beyond the environment and climate. [...]

    ``When we decapitate the government's ability to use science in a
    professional way, that increases the risk that we start making bad
    decisions, that we start missing new public health risks,'' said Wendy
    E. Wagner, a professor of law at the University of Texas at Austin who
    studies the use of science by policymakers.

    ------------------------------

    Date: Tue, 31 Dec 2019 03:48:35 -0500
    From: Monty Solomon <monty@roscom.com>
    Subject: Bumble blocked Sharon Stone, thinking she was a fake (WashPost)

    “Looks like our users thought you were too good to be true,” the company wrote to Stone on Twitter.

    https://www.washingtonpost.com/business/2019/12/30/sharon-stone-was-kicked-off-bumble-because-users-thought-she-was-impersonating-sharon-stone/

    ------------------------------

    From: geoff goodfellow <geoff@iconia.com>
    Date: Tue, 31 Dec 2019 11:05:05 -1000
    Subject: U.S. Coast Guard discloses Ryuk ransomware infection at maritime
    facility (DCO)

    *Ransomware infection led to a disruption of camera and physical access
    control systems, and loss of critical process control monitoring systems*

    EXCERPT:

    An infection with the Ryuk ransomware took down a maritime facility for more than 30 hours; the US Coast Guard said in a security bulletin it published before Christmas. <https://www.dco.uscg.mil/Portals/9/DCO%20Documents/5p/MSIB/2019/MSIB_10_19.pdf>

    The agency did not reveal the name or the location of the port authority; however, it described the incident as recent.

    "Forensic analysis is currently ongoing but the virus, identified as 'Ryuk' ransomware," the US Coast Guard (USCG) said in a security bulletin meant to
    put other port authorities on alert about future attacks. POINT OF ENTRY: PHISHING EMAIL

    USCG officials said they believe the point of entry was a malicious email
    sent to one of the maritime facility's employees.

    "Once the embedded malicious link in the email was clicked by an employee,
    the ransomware allowed for a threat actor to access significant enterprise Information Technology (IT) network files, and encrypt them, preventing the facility's access to critical files," the agency said.

    The USCG security bulletin describes a nightmare scenario after this point, with the virus spreading through the facility's IT network, and even
    impacting "industrial control systems that monitor and control cargo
    transfer and encrypted files critical to process operations."

    Coast Guard officials said the Ryuk infection caused "a disruption of the entire corporate IT network (beyond the footprint of the facility),
    disruption of camera and physical access control systems, and loss of
    critical process control monitoring systems."

    The maritime facility -- believed to be a port authority -- was forced to
    shut down its entire operations for more than 30 hours, the Coast Guard
    said.

    INCREASE IN MARITIME CYBER THREATS...

    https://www.zdnet.com/article/us-coast-guard-discloses-ryuk-ransomware-infection-at-maritime-facility/

    ------------------------------

    Date: Tue, 31 Dec 2019 11:03:05 -1000
    From: geoff goodfellow <geoff@iconia.com>
    Subject: CIA devised way to restrict missiles given to allies, researcher
    says (Reuters)

    EXCERPT:

    The U.S. Central Intelligence Agency has devised technology to restrict the
    use of anti-aircraft missiles after they leave American hands, a researcher said, a move that experts say could persuade the United States that it would
    be safe to disseminate powerful weapons more frequently.

    The new technology is intended for use with shoulder-fired missiles called Man-Portable Air-Defense Systems (MANPADS), Dutch researcher Jos Wetzels
    told a cybersecurity conference here in Leipzig, Germany on Saturday.
    Wetzels said the system was laid out in a batch of CIA documents published
    by WikiLeaks in 2017 but that the files were mislabeled and attracted little public attention until now.

    Wetzels said the CIA had come up with a *smart arms control solution* that would restrict the use of missiles ``to a particular time and a particular place.'' The technique, referred to as *geofencing*, blocks the use of a device outside a specific geographic area.

    Weapons that are disabled when they leave the battlefield could be an attractive feature. Supplied to U.S. allies, the highly portable missiles
    can help win wars, but they have often been lost, sold, or passed to extremists...

    https://www.reuters.com/article/us-usa-cyber-missiles/cia-devised-way-to-restrict-missiles-given-to-allies-researcher-says-idUSKBN1YY1BF

    ------------------------------

    From: geoff goodfellow <geoff@iconia.com>
    Date: Tue, 31 Dec 2019 11:04:06 -1000
    Subject: Chinese Cloud Hopper hacking campaign is worse than thought
    (The Verge)

    *Much worse than original reported*

    The global hacking campaign known as *Cloud Hopper* perpetrated by government-sponsored Chinese hackers was much worse than originally
    reported, according to an investigation by the *Wall Street Journal* <https://www.wsj.com/articles/ghosts-in-the-clouds-inside-chinas-major-corporate-hack-11577729061> you should read in full.

    The report says that at least a dozen cloud providers were affected, but focuses on HP to illustrate the severity of the intrusions and the tactics
    used to attack and defend. ``The Journal found that Hewlett Packard
    Enterprise Co. was so overrun that the cloud company didn't see the hackers re-enter their clients' networks, even as the company gave customers the all-clear.''

    ``Inside the clouds, the hackers, known as APT10 to Western officials and researchers, had access to a vast constellation of clients. The Journal's investigation identified hundreds of firms that had relationships with
    breached cloud providers, including Rio Tinto, Philips, American Airlines
    Group Inc., Deutsche Bank AG, Allianz SE, and GlaxoSmithKline PLC.'' [...]

    ``They came in through cloud service providers, where companies thought
    their data was safely stored. Once they got in, they could freely and anonymously hop from client to client, and defied investigators' attempts to kick them out for years.''

    A lot of this was known in broad terms, as revealed by a *Reuters* investigation in June. <https://www.reuters.com/investigates/special-report/china-cyber-cloudhopper/> The more detailed *WSJ* investigation <https://www.wsj.com/articles/ghosts-in-the-clouds-inside-chinas-major-corporate-hack-11577729061>
    shows just how vulnerable our data is when stored by a third party, and how aggressively state-sponsored hackers continue to pursue it.

    https://www.theverge.com/2019/12/31/21044173/cloud-hopper-apt10-china-hackers

    ------------------------------

    Date: Thu, 19 Dec 2019 23:38:49 -0500
    From: Gabe Goldberg <gabe@gabegold.com>
    Subject: Wawa Data Breach: DC, VA Customers Could Be Affected (Patch)

    https://patch.com/virginia/annandale/s/gyddx/wawa-data-breach-dc-va-customers-could-be-affected

    ------------------------------

    Date: Fri, 20 Dec 2019 11:32:01 -0500
    From: Monty Solomon <monty@roscom.com>
    Subject: Hackers steal data for 15 million patients, then sell it back to
    lab that lost it (Ars Technica)

    https://arstechnica.com/information-technology/2019/12/clinical-lab-pays-hackers-for-the-return-of-data-of-15-million-patients/

    ------------------------------

    Date: Wed, 18 Dec 2019 17:19:23 -0800
    From: Gene Wirchenko <gene@shaw.ca>
    Subject: Executive dies, taking investor cryptocurrency with him. Now they
    want the body exhumed (Charlie Osborne)

    ["Paging Monty Python ..."]

    Charlie Osborne for Zero Day | 18 Dec 2019 https://www.zdnet.com/article/an-executive-died-taking-investor-cryptocurrency-with-him-now-they-want-the-body-exhumed/
    Executive dies, taking investor cryptocurrency with him. Now they want the
    body exhumed. The CEO of Quadriga was the only one who could access user funds, but claims of his death have not satisfied everyone.

    opening text:

    The former Quadriga CX CEO Gerald Cotten died suddenly this year, taking the keys required to access cryptocurrency funds belonging to investors with
    him.

    Now, these same traders, devoid of millions in investment, have requested
    that the body of the firm's former CEO be exhumed to confirm his death.


    [Monty Solomon noted this on Ars Technica:
    Exhume dead cryptocurrency exec who owes us $250 million, creditors demand
    https://arstechnica.com/information-technology/2019/12/cryptocurrency-investors-want-to-exhume-ceo-who-took-250-million-to-his-grave/
    PGN]

    ------------------------------

    Date: Thu, 26 Dec 2019 17:08:53 -0500
    From: Gabe Goldberg <gabe@gabegold.com>
    Subject: Driving surveillance: What does your car know about you? We hacked
    a 2017 Chevy to find out. (WashPost)

    https://www.washingtonpost.com/technology/2019/12/17/what-does-your-car-know-about-you-we-hacked-chevy-find-out/

    ------------------------------

    Date: Sat, 21 Dec 2019 11:53:06 -0500
    From: Monty Solomon <monty@roscom.com>
    Subject: Cars towed in South End due to city error (The Boston Globe)

    https://www.boston.com/news/local-news/2019/12/20/south-end-cars-towed-city-error

    ------------------------------

    Date: Mon, 23 Dec 2019 09:58:25 +0800
    From: Richard Stein <rmstein@ieee.org>
    Subject: How tourists take their lives into their own hands (WashPost)

    https://www.washingtonpost.com/opinions/how-tourists-take-their-lives-into-their-own-hands/2019/12/22/668a30d8-2342-11ea-bed5-880264cc91a9_story.html

    This essay describes a two-step risk process which tourists consciously (or unconsciously) perform when considering travel destination activities.

    The process is apparently not unique to vacation planning, but seems to characterize the conduct in large, human-structured entities such as businesses, and governments. Organizational structures, when unethically or capriciously governed, can manufacture products or publish services that
    injure public health and safety.

    From the article, the process is outlined as:

    a) Risk Denied -- Trek to an active volcano for a once in a lifetime photograph. For White Island, the volcano's historical and current eruption potential/activity level has been tracked since 1975 and available via https://www.geonet.org.nz/about/volcano/whiteisland.

    b) Risk Economized -- Business profit priority over rigorous life cycle practices compromise public safety. Messages from 2016, prior to 737 MAX deployment certification, indicated flight simulation MCAS anomalies that
    were not communicated to regulators (until very recently), and were
    generally shirked by senior Boeing governance given triple constraint
    (scope, schedule, cost) impact.

    Risk: Governance situation awareness denial, aka myopia.

    ------------------------------

    Date: Fri, 20 Dec 2019 11:35:00 -0500
    From: Monty Solomon <monty@roscom.com>
    Subject: Some junk for sale on Amazon is very literally garbage, report finds
    (ArsTechnica)

    https://arstechnica.com/tech-policy/2019/12/some-junk-for-sale-on-amazon-is-very-literally-garbage-report-finds/

    ------------------------------

    Date: Fri, 20 Dec 2019 11:44:27 -0500
    From: Monty Solomon <monty@roscom.com>
    Subject: This alleged Bitcoin scam looked a lot like a pyramid scheme (WiReD)

    https://www.wired.com/story/alleged-bitcoin-scam-like-pyramid-scheme/

    ------------------------------

    Date: Fri, 20 Dec 2019 11:46:10 -0500
    From: Monty Solomon <monty@roscom.com>
    Subject: Apple's new Screen Time Communication Limits are easily beaten with
    a bug (ArsTechnica)

    https://arstechnica.com/gadgets/2019/12/apples-new-screen-time-communication-limits-are-easily-beaten-with-a-bug/

    ------------------------------

    Date: Sat, 21 Dec 2019 00:45:34 -0500
    From: Gabe Goldberg <gabe@gabegold.com>
    Subject: 2019 Apple Platform Security guide shows what it is doing to 'push
    the boundaries' of security and privacy (9to5Mac)

    https://9to5mac.com/2019/12/19/2019-apple-platform-security-guide-shows-what-it-is-doing-to-push-the-boundaries-of-security-and-privacy/

    ------------------------------

    Date: Fri, 20 Dec 2019 11:49:56 -0500
    From: Monty Solomon <monty@roscom.com>
    Subject: Wave of Ring surveillance camera hacks tied to podcast, report
    finds (Ars Technica)

    https://arstechnica.com/tech-policy/2019/12/wave-of-ring-surveillance-camera-hacks-tied-to-podcast-report-finds/

    ------------------------------

    Date: Sat, 21 Dec 2019 17:14:38 -0500
    From: Gabe Goldberg <gabe@gabegold.com>
    Subject: How to Track President Trump (*The New York Times*

    https://www.nytimes.com/interactive/2019/12/20/opinion/location-data-national-security.html

    ------------------------------

    Date: Thu, 19 Dec 2019 05:38:26 +0000
    From: Prashanth Mundkur <prashanth.mundkur@sri.com>
    Subject: India's Internet shutdown shows normal practice for sovereign
    countries (People.CN)

    China is now using Indian actions to shut down the Internet as a
    justification for its own throttling:

    17 Dec 2019
    http://en.people.cn/n3/2019/1217/c90000-9641267.html

    ------------------------------

    Date: Thu, 19 Dec 2019 19:36:42 -0500
    From: Rebecca Mercuri <notable@mindspring.com>
    Subject: Resignation of Board Members from Verified Voting

    [News summary provided by Rebecca Mercuri, Ph.D. <mercuri@acm.org>.]

    https://www.fastcompany.com/90441559/two-experts-quit-election-accountability-group-over-claims-it-has-been-endorsing-untrustworthy-machines

    Richard DeMillo <https://www.cc.gatech.edu/people/richard-demillo>, a
    Georgia Tech professor who sat on Verified Voting’s advisory board, and UC Berkeley statistics professor and associate dean Philip Stark <https://www.stat.berkeley.edu/~stark/>, a VV board member, have resigned
    from the advocacy group, stating that they believe that Verified Voting has been giving election officials false confidence in some voting machines and providing cover for the companies that make and sell these machines.

    In DeMillo's December 1 resignation letter to Barbara Simons (chair of VV's board of directors), he claimed that ``Verified Voting’s policy positions were unpredictable, contradictory, and not aligned with the values I once believed we shared. On more than one occasion, Verified Voting has taken contradictory public stances in the span of a few days, undercutting allies
    and supporters. The pattern of espousing new positions and making public statements that take local VV stakeholders by surprise is nothing
    new. Rather than seeking out advice, Verified Voting has gone to great
    lengths to avoid it.''

    With respect to VV's involvement in a Risk Limiting Audit (RLA) pilot in Georgia, DeMillo claimed that ``Verified Voting's seal of approval for the security theatrics in Bartow County undermines efforts to make elections
    more accountable. ... No audit based on an untrustworthy audit trail can confirm the correctness of the outcome. Billing such an exercise as an RLA
    and touting it as a proof of security plays into the hands of cynics.''

    Stark, who resigned on November 21, accused VV of being on the *wrong side* saying: ``Our message to jurisdictions that buy poorly designed, insecure, universal-use BMD [ballot marking device systems] should be, `We tried to
    warn you. You need a better voting system' ... Instead, we're saying, ‘Don't worry: VV will teach you to sprinkle magic RLA dust and fantasies about parallel testing on your untrustworthy election. All will be fine; you can
    use our authority and reputation to silence your critics.''

    ------------------------------

    Date: Thu, 19 Dec 2019 23:36:51 -0500
    From: Gabe Goldberg <gabe@gabegold.com>
    Subject: Meet Cliff Stoll, the Mad Scientist Who Invented the Art of Hunting
    Hackers (WiReD)

    https://www.wired.com/story/meet-the-mad-scientist-who-wrote-the-book-on-how-to-hunt-hackers/

    ------------------------------

    Date: Fri, 20 Dec 2019 18:08:40 +0800
    From: Richard Stein <rmstein@ieee.org>
    Subject: Planned Obsolescence (npr.org)

    https://www.npr.org/2019/12/18/789436174/the-phoebus-cartel

    [NOTE: See http://catless.ncl.ac.uk/Risks/30/11#subj7.1 for the first
    mention of 'Phoebus Cartel' in comp.risks.]

    Planned obsolescence encompasses two key business priorities that fuel the consumer marketplace:

    1) Products are designed and manufactured to fail within a certain service
    lifetime interval;

    2) Product obsolescence promotes incremental improvements, and new versions
    become available for consumer purchase, often promoted as 'greener,
    reduced operational cost expenditure, faster, more reliable, etc.' than
    their predecessors to induce sales.

    Brand loyalty or guilt from being 'left behind' can compel a repurchase decision.

    Light bulbs were originally designed and manufactured to never fail. Their nascent longevity and resilience testifies to engineering pride and demonstrable human ingenuity. However, light bulb manufacturing businesses observed that a marketplace saturated with very durable illumination
    products limits future sales: revenue capture and realization stall, and long-term profit potential and earnings drop.

    And the light bulb's initially immutable nature, since reduced to ~1000 continuous hours (for the old wire filament type), taught business that
    product innovation via incremental change can promote future profit
    generation.

    In structured business organizations, product change embodies processes governed according to a risk management framework that weighs requirements, process alternatives, and operational key performance metrics against
    concrete business outcome potentials (market-share capture and revenue
    growth, reputation improvement, etc.).

    For technological devices, a new software revision or hardware enhancement represents a product change that requires sophisticated, accountable, and ethically motivated process governance. The evolution or introduction of cellphones, smart home appliances, aircraft maneuvering augmentation
    systems, pharmaceutical infusion devices, robotic surgery platforms,
    implanted medical devices, etc. epitomize incremental technological change.

    Tom Wolfe's "The Right Stuff" states concisely: "No bucks, no Buck Rogers." Technological change is "Buck Rogers." Incremental product change requires investment. Risk -- to the public, to the business, to the environment -- arises from change, especially so for software, multi-billion transistor
    chips, neuromorphics, memristors, quantum computers, etc. The creators and builders of these products constitute considerable business expenses; intellectual property innovation is not free, unless it is stolen.

    Business risk planning and mitigation cannot be 100% complete or
    accurate. Capricious collaboration, peculiar organizational behavior, and mistake can be inimical to successful risk planning initiatives. Perfection does not, and cannot, exist anywhere in a business or project life cycle context.

    Technological systems or devices embody complexity that cannot be completely characterized or profiled for risk. Consequently, product failures, or unexpected field operations, materialize as consumer inconvenience, brand outrage, and/or fatality.

    An ethical and accountable governance process is expected to engage to forestall catastrophe when change management processes are pressurized or corrupted to overlook relevant risks that potentially sacrifice product viability, especially if public safety is jeopardized by these
    circumstances.

    Product change abandonment, and conscientious evaluation by root cause
    analysis is essential when potential business profit sacrifice assumes
    priority over public risk exposure. A product that does no harm is more
    likely to sell than one that injures the public. Automobiles constitute an acknowledge exception on this point, as do fire-arms, cigarettes, opioid pharmaceuticals, etc. All of these products are subject to regulation and enforcement in the US. Regulatory enforcement effectiveness is unfortunately debatable.

    Business risk blindness, and profit pursuit, have repeatedly jeopardized
    public safety. In an era where regulatory arbitrage, and regulatory capture, enables and sponsors risk blindness, profit motives become brand outrage's
    and disaster's bridesmaid. Rigorous regulatory structures, strict
    enforcement and penalties that deters reckless business governance conduct
    is essential. Businesses must cease exploitation of product change that sacrifices public blood and treasure.

    ------------------------------

    Date: Fri, 20 Dec 2019 16:16:30 +0000
    From: Martin Ward <martin@gkc.org.uk>
    Subject: Re: Human error installing SCADA system leads to 7.5 million
    gallons of, raw sewage dumped in Valdosta, GA (RISKS-31.51)

    The cause is described as "human error": but surely it is a design
    error if a disconnected sensor is indistinguishable from a connected
    sensor reporting that everything is OK?

    ------------------------------

    Date: Sat, 21 Dec 2019 17:32:06 +0200
    From: Amos Shapir <amos083@gmail.com>
    Subject: Re: What happens if your mind lives forever on the Internet?
    (Ward, RISKS-31.51)

    Of course I'm aware of the Turing Test, but I think its definition of an "evaluator" who cannot distinguish between a human and a machine on-line, is also a moving target. The more we're used to interacting with "talking machines", the more we become adept at distinguishing between these and
    "real" humans.

    I think no machine could ever fool its own creators; for them, at least, the answer to the question "When will machines become as intelligent as humans", would therefore always be "20 year from now".

    ------------------------------

    Date: Thu, 19 Dec 2019 15:22:38 -0800
    From: Roderick Rees <jp3vampire@gmail.com>
    Subject: Re: What happens if your mind lives forever on the Internet?

    Martin Ward writes that The definition of "machines as intelligent as
    humans" was established back in 1950 in the seminal paper by Alan Turing: "Computing Machinery and Intelligence", which described the "Turing Test".
    It should (still) be required reading for any software engineer.


    The concept of machine intelligence is faulty because there is o clear and generally accepted concept of human intelligence. It is not merely the intellectual capability of manipulating logic, and humans survived very well for a long time without formal logic.

    Also, despite Turing's clearly superior mathematical mind, he did not sufficiently understand human thinking. For consider, in the early days of language and thinking with language, there was no need to distinguish
    between speech from a human and speech from, say, a rock. If you heard
    speech, then of course you would normally assume it was a human speaking.
    And the first recorded case of a human reacting to words from a machine as
    if they were from a human was in the Doctor and Eliza experiments, with only the most primitive processing of language. The "Turing Test" is not valid.

    ------------------------------

    Date: Tue, 31 Dec 2019 14:41:39 -0500 (EST)
    From: Kelly Bert Manning <bo774@freenet.carleton.ca>
    Subject: Re: Bates v Post Office litigation: reliability of computers
    (RISKS-31.51)

    There is an older UK case, going back to around Eternal September or before, involving a British Police Officer who was initially convicted of attempted fraud simply for asking about the details of an unrecognized withdrawal from his bank account.

    I will check old dead tree issues of *Privacy Journal* to see if I can
    find more details in those.

    If memory serves the only detail he ever got from the bank was a clerk
    asking him if he enjoyed his Irish Vacation. He had not been to Ireland.

    The bank had a draconian response to his simple request for details of what
    we would now regard as an obvious case of ATM error or card cloning fraud insisting that the Officer was trying to defraud them, rather than providing details such as the location of the ATM and the time of day.

    The Officer was convicted at the lowest level court, which got him fired, as well as convicted. Things only turned around when the British Computer
    Society got involved, providing Expert Opinion during the appeal about the unreliability of the bank's ATM system and supposed iron clad
    evidence. "Trust us, it is all in the computer and the computer is always correct" should never be allowed to pass unchallenged in court.

    ------------------------------

    Date: Thu, 19 Dec 2019 10:32:19 -0500 (EST)
    From: poitras@pobox.com (Don Poitras)
    Subject: Re: RISKS-31.51

    In the USA, we are cursed by close elections where every vote counts. Recounts after close elections too often lead to viscous fights over recount

    I for one, would love to see those "viscous" fights filmed and put up on you-tube. Perhaps we could make the politicians fight it out in huge tubs
    of honey.

    ------------------------------

    Date: Mon, 14 Jan 2019 11:11:11 -0800
    From: RISKS-request@csl.sri.com
    Subject: Abridged info on RISKS (comp.risks)

    The ACM RISKS Forum is a MODERATED digest. Its Usenet manifestation is
    comp.risks, the feed for which is donated by panix.com as of June 2011.
    SUBSCRIPTIONS: The mailman Web interface can be used directly to
    subscribe and unsubscribe:
    http://mls.csl.sri.com/mailman/listinfo/risks

    SUBMISSIONS: to risks@CSL.sri.com with meaningful SUBJECT: line that
    includes the string `notsp'. Otherwise your message may not be read.
    *** This attention-string has never changed, but might if spammers use it.
    SPAM challenge-responses will not be honored. Instead, use an alternative
    address from which you never send mail where the address becomes public!
    The complete INFO file (submissions, default disclaimers, archive sites,
    copyright policy, etc.) is online.
    <http://www.CSL.sri.com/risksinfo.html>
    *** Contributors are assumed to have read the full info file for guidelines!

    OFFICIAL ARCHIVES: http://www.risks.org takes you to Lindsay Marshall's
    searchable html archive at newcastle:
    http://catless.ncl.ac.uk/Risks/VL.IS --> VoLume, ISsue.
    Also, ftp://ftp.sri.com/risks for the current volume
    or ftp://ftp.sri.com/VL/risks-VL.IS for previous VoLume
    If none of those work for you, the most recent issue is always at
    http://www.csl.sri.com/users/risko/risks.txt, and index at /risks-31.00
    Lindsay has also added to the Newcastle catless site a palmtop version
    of the most recent RISKS issue and a WAP version that works for many but
    not all telephones: http://catless.ncl.ac.uk/w/r
    ALTERNATIVE ARCHIVES: http://seclists.org/risks/ (only since mid-2001)
    *** NOTE: If a cited URL fails, we do not try to update them. Try
    browsing on the keywords in the subject line or cited article leads.
    Apologies for what Office365 and SafeLinks may have done to URLs.
    Special Offer to Join ACM for readers of the ACM RISKS Forum:

    [continued in next message]

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)