RISKS-LIST: Risks-Forum Digest Monday 6 January 2020 Volume 31 : Issue 53

ACM FORUM ON RISKS TO THE PUBLIC IN COMPUTERS AND RELATED SYSTEMS (comp.risks) Peter G. Neumann, moderator, chmn ACM Committee on Computers and Public Policy

***** See last item for further information, disclaimers, caveats, etc. ***** This issue is archived at <http://www.risks.org> as
<http://catless.ncl.ac.uk/Risks/31.53>
The current issue can also be found at
<http://www.csl.sri.com/users/risko/risks.txt>

Contents: [Happy New Year?]
The Ghost of Y2K hits Hamburg (Hamburger Abendblatt)
Software Glitch Affects 14,000 New York City Parking Meters (WSJ+)
The Internet Is No Longer a Disruptive Technology (Bloomberg)
'Shattered' -- Inside the secret battle to save America's undercover
spies in the digital age (WashPost)
737 MAX Crashes Strengthen Resolve of Boeing to Automate Flight (WSJ + NYT
item)
Europe rejects patent applications signed with AI inventor (Charlie Osborne) Amazon' Next-Day Delivery Has Brought Chaos And Carnage To America's
Streets, But The World' Biggest Retailer Has A System To Escape The Blame
(Michelle Thompson)
Company shuts down because of ransomware, leaves 300 without jobs just
before holidays (Catalin Cimpanu)
Fresh Cambridge Analytica leak 'shows global manipulation is out of control'
(Carole Cadwalladr)
Re: What happens if your mind lives forever on the Internet? (Martin Ward) Abridged info on RISKS (comp.risks)

----------------------------------------------------------------------

Date: Thu, 2 Jan 2020 23:31:13 +0100
From: Debora Weber-Wulff <weberwu@HTW-Berlin.de>
Subject: The Ghost of Y2K hits Hamburg (Hamburger Abendblatt)

The city of Hamburg in Germany has 120 new DT5 trains - and 95 of
them still won't work after the new decade has blown in. As soon as a
train reaches the end of the line and has to reverse its direction (and
the train driver must turn it off and walk to the other end to drive it
back), it won't turn on again. At all.

The Hamburger Abendblatt reports in that an informer told them that this is attributable to a date problem, with the year flipping from 19 to 20.

https://www.abendblatt.de/hamburg/article228038743/U-Bahn-Hamburg-DT5-ausgefallen-Hochbahn-Software-Fehler-Verkehr-Verspaetung-Stoerung.html

All the trains stopped dead in their tracks, so to say. They have
managed to fix the software on 25 of them, but so many are missing
they are having to run short trains in the hopes of even keeping
up with the schedule.

A bit later in the article an update is mentioned as being at fault, the
rest of the article is politicians blathering on.

Their troubles don't stop there: a passenger purchased a ticket on 1 Jan
2020 that is not valid until 1.1.2040. Picture included.

I can't quite imagine what exactly went wrong in both of these cases,
but I'd sure like to find out. Any readers with more information?

------------------------------

Date: Sat, 4 Jan 2020 02:34:42 -0500
From: Monty Solomon <monty@roscom.com>
Subject: Software Glitch Affects 14,000 New York City Parking Meters (WSJ+)

A software glitch has left 14,000 electronic parking meters across New York City unable to read credit cards since the start of the new year, city officials said Friday.

The glitch involved an antifraud security setting in meters made by software provider Flowbird that disables card payments beyond Jan. 1, 2020, according
to the city's Department of Transportation.

https://www.wsj.com/articles/software-glitch-affects-14-000-new-york-city-parking-meters-11578088811

[Jan Wolitzky noted *The NYTimes item: https://www.nytimes.com/2020/01/03/nyregion/nyc-parking-meters.html>
while danny burstein seemed to have the correct analysis:
``Sounds like the "sliding calendar" kluge to get around the
original Y2K problem, with a "if year = 0 to 19", etc.''
PGN]

------------------------------

Date: Thu, 2 Jan 2020 10:47:13 -1000
From: geoff goodfellow <geoff@iconia.com>
Subject: The Internet Is No Longer a Disruptive Technology (Bloomberg)

The disruptive innovators of 10 years ago are today's stable incumbents

Internet-enabled industry disruption defined business strategy in the 2010s, but as 2020 begins, that era appears to be winding down. The disruptors have largely become the new establishment, and unlike a decade ago, it doesn't
look like the new leaders will be displaced any time soon. Today's
Internet is a mature and mainstream technology.

This was not the case a decade ago. In 2009, multiple industries were in the midst of upheaval thanks to Internet-enabled transformations. The iPhone was only two years old. In the music industry, compact discs still represented a plurality of revenues, and most of the rest came from digital purchases. Streaming, whether of music or on Netflix, was still in its infancy. We were
in the middle of the transition from print ads to digital ones; 2009 was the last year the newspaper industry had higher ad revenues than Google, and the last year Facebook's revenues were less than $1 billion. E-commerce was growing, but Sears and Kmart were still large retail chains. YouTube was
known mostly for a handful of viral videos (Susan Boyle, anyone?).

Today, much has changed. The music industry has become the streaming
industry, with compact discs and digital sales becoming less and less important; today's industry growth is powered by subscriptions. Beginning
a few years ago, total revenues have started to grow again after 15 years of declines. The competitive threats to the leader in music streaming, Spotify, come from well-financed competitors with similar offerings, like Apple Music and Amazon Music, rather than a brand-new technology. The music industry may have been the first to be threatened by internet-related disruption in the
late 1990s, with the growth of mp3 sharing and Napster, and is now perhaps
the first industry to have completed its transformation.

The advertising industry has been transformed by Google and Facebook. Early
in the 2010s, there was a popular chart showing that online ad revenues represented a much smaller share of total ad revenues than internet use represented for total time spent consumer content. The reverse was true for print media and print ads. Today that gap has closed. Print and radio now account for just 15% of total ad spend.

Perhaps no industry has been hurt more by the internet this decade than physical retail. E-commerce has continued to gain market share. Many
retailers have gone bankrupt. Malls keep closing. Sears and Kmart have
closed hundreds of stores, and their parent company flirts with bankruptcy.
Yet we've also seen that Walmart, Target and Costco are more formidable competitors than the retailers that have disappeared, and all three have
stock prices near all-time highs. Top-tier malls have reinvented themselves
by adding restaurants, apartments and hotels. E-commerce is starting to have its share of growing pains due to high customer acquisition costs as online
ad rates have soared, and some online firms are finding that building their
own stores makes good business sense. The future of shopping is more complex than just e-commerce crushing brick-and-mortar stores. [...]

https://finance.yahoo.com/news/internet-no-longer-disruptive-technology-150035326.html
https://www.bloomberg.com/opinion/articles/2020-01-02/the-internet-is-no-longer-a-disruptive-technology

------------------------------

Date: Thu, 2 Jan 2020 10:48:05 -1000
From: geoff goodfellow <geoff@iconia.com>
Subject: 'Shattered' -- Inside the secret battle to save America's
undercover spies in the digital age (WashPost)

EXCERPT:

When hackers began slipping into computer systems at the Office of Personnel Management in the spring of 2014, no one inside that federal agency could
have predicted the potential scale and magnitude of the damage. Over the
next six months, those hackers -- later identified as working for the
Chinese government -- stole data on nearly 22 million former and current American civil servants, including intelligence officials.

The data breach, which included fingerprints, personnel records and security clearance background information, shook the intelligence community to its
core. Among the hacked information's other uses, Beijing had acquired a potential way to identify large numbers of undercover spies working for the U.S. government. The fallout from the hack was intense, with the CIA
reportedly pulling its officers out of China. <https://www.washingtonpost.com/world/national-security/cia-pulled-officers-from-beijing-after-breach-of-federal-personnel-records/2015/09/29/1f78943c-66d1-11e5-9ef3-fde182507eac_story.html>
(The director of national intelligence later denied this withdrawal.) <https://www.washingtonpost.com/world/national-security/us-intelligence-head-cia-did-not-pull-officers-from-beijing-after-opm-hack/2015/11/02/8631aa4e-81a5-11e5-a7ca-6ab6ec20f839_story.html>

Personal data was being weaponized like never before. In one previously unreported incident, around the time of the OPM hack, senior intelligence officials realized that the Kremlin was quickly able to identify new CIA officers in the U.S. Embassy in Moscow -- likely based on the differences in pay between diplomats, details on past service in *hardship* posts, speedy promotions and other digital clues, say four former intelligence officials. Those clues, they surmised, could have come from access to the OPM data, possibly shared by the Chinese, or some other way, say former officials.

The OPM hack was a watershed moment, ushering in an era when big data and
other digital tools may render methods of traditional human intelligence gathering extinct, say former officials. It is part of an evolution that
poses one of the most significant challenges to undercover intelligence work
in at least a half century -- and probably much longer. [...] https://news.yahoo.com/shattered-inside-the-secret-battle-to-save-americas-undercover-spies-in-the-digital-age-100029026.html

------------------------------

Date: Wed, 1 Jan 2020 11:16:18 -0500
From: Monty Solomon <monty@roscom.com>
Subject: 737 MAX Crashes Strengthen Resolve of Boeing to Automate Flight
(WSJ + NYT item)

Boeing, Airbus and industry experts for long have planned more technology to prevent pilot error

https://www.wsj.com/articles/max-crashes-strengthen-resolve-of-boeing-to-automate-flight-11577816304

*The NYTimes* on 6 Jan 2020 notes that Boeing reported to the FAA in early
January 2020 that they had discovered the cabling controlling the
tail-plane stabilizers on the 737 Max had wires whose close proximity
could result in a short, which could result in catastrophe. This appears
to require only a minor fix, although it may also affect the the earlier
737 MG aircraft as well. (However, it has not been a problem to date, so
this will be a proactive fix.) PGN]

------------------------------

Date: Fri, 03 Jan 2020 15:21:33 -0800
From: Gene Wirchenko <gene@shaw.ca>
Subject: Europe rejects patent applications signed with AI inventor
(Charlie Osborne)

Charlie Osborne for Between the Lines | 3 Jan 2020
AI-generated ideas and concepts are at the center of a heated ownership debate. https://www.zdnet.com/article/europe-rejects-patent-applications-signed-with-ai-as-the-inventor/

The European Patent Office (EPO) has rejected two patent applications in
which artificial intelligence (AI) was designated as the inventor.

Current rules dictate that humans must be attributed as inventors behind a patent application in order to prevent full corporate inventorship from becoming a recognized practice for ideas. Now, the idea of AI having a form
of 'ownership' has clashed with this traditional stance.

The team argues that "inventorship should not be restricted to natural persons," and "a machine that would meet inventorship criteria if it were a natural person should also qualify as an inventor."

------------------------------

Date: Fri, 03 Jan 2020 15:46:57 -0800
From: Gene Wirchenko <gene@shaw.ca>
Subject: Amazon' Next-Day Delivery Has Brought Chaos And Carnage To
America's Streets, But The World' Biggest Retailer Has A System To Escape
The Blame (Michelle Thompson)

Deaths and devastating injuries. A litany of labor violations. Drivers
forced to urinate in their vans. Here is how Amazon's gigantic,
decentralized, next-day delivery network brought chaos, exploitation, and danger to communities across America. (BuzzFeed News)

opening text:

Valdimar Gray was delivering packages for Amazon at the height of the pre-Christmas rush when his three-ton van barreled into an 84-year-old grandmother, crushing her diaphragm, shattering several ribs, and fracturing her skull.

``Oh my god!'' screamed Gray as he leaped out of his van. It was a bright, clear afternoon on Dec. 22, 2016, and the 29-year-old had been at the wheel
of the white Nissan since early that morning, racing to drop Amazon packages
on doorsteps throughout Chicago. He stood in anguish next to Telesfora Escamilla as she lay dying, her blood pooling on the pavement just three
blocks from her home. After the police arrived, Gray submitted to drug and alcohol tests, which came up clean. He would later be charged with reckless homicide.

[Sadly, not the only case.]

------------------------------

Date: Fri, 03 Jan 2020 15:54:33 -0800
From: Gene Wirchenko <gene@shaw.ca>
Subject: Company shuts down because of ransomware, leaves 300 without jobs
just before holidays (Catalin Cimpanu)

Catalin Cimpanu for Zero Day | 3 Jan 2020
Company tells employees to seek new employment after suspending all
operations right before Christmas.

https://www.zdnet.com/article/company-shuts-down-because-of-ransomware-leaves-300-without-jobs-just-before-holidays/phone-numbers-pad.jpg

selected text:

An Arkansas-based telemarketing firm sent home more than 300 employees and
told them to find new jobs after IT recovery efforts didn't go according to plan following a ransomware incident that took place at the start of October 2019.

A former The Heritage Company employee told KATV that they've lost any faith the company is going to ever recover from the ransomware attack.

"Most of us are convinced that they're not going to reopen. I'm pretty sure they're just buying time because they know as soon as they're not going to reopen we're going to have to get a settlement and I think they just don't
want us to take them to court," the employee told KATV.

What happened to The Heritage Company is not an isolated incident. Over the past two years, there have been many cases where smaller companies decided
to shut down for good, lacking the funds to pay a ransom demand to get their data back or lacking the funds needed to rebuild their IT infrastructure.

For example, in April 2019, doctors at a medical practice office in Michigan decided to shut down their business and retire one year ahead of schedule, rather than deal with the fallout from a ransomware infection.

Similarly, a second medical office, based in Simi Valley, California,
reached the same conclusion in September 2019, deciding to shut down all operations after they were infected with ransomware a month before and
lacked the funds to pay the ransom.

------------------------------

Date: January 5, 2020
From: Dewayne Hendricks <dewayne@warpspeed.com>
Subject: Fresh Cambridge Analytica leak 'shows global manipulation is out of
control' (Carole Cadwalladr)

Company's work in 68 countries laid bare with release of more than 100,000 documents

Jan 4 2020 <https://www.theguardian.com/uk-news/2020/jan/04/cambridge-analytica-data-leak-global-election-manipulation>

An explosive leak of tens of thousands of documents from the defunct data
firm Cambridge Analytica is set to expose the inner workings of the company that collapsed after the Observer revealed it had misappropriated 87 million Facebook profiles.

More than 100,000 documents relating to work in 68 countries that will lay
bare the global infrastructure of an operation used to manipulate voters on ``an industrial scale'' is set to be released over the next months.

It comes as Christopher Steele, the ex-head of MI6's Russia desk and the intelligence expert behind the so-called *Steele dossier* into Trump's relationship with Russia, said that while the company had closed down, the failure to properly punish bad actors meant that the prospects for
manipulation of the US election this year were even worse.

The release of documents began on New Year's Day on an anonymous Twitter account, @HindsightFiles, with links to material on elections in Malaysia, Kenya and Brazil. The documents were revealed to have come from Brittany Kaiser, an ex-Cambridge Analytica employee turned whistleblower, and to be
the same ones subpoeaned by Robert Mueller's investigation into Russian interference in the 2016 presidential election.

Kaiser, who starred in the Oscar-shortlisted Netflix documentary The Great Hack, decided to go public after last month's election in Britain. ``It's so abundantly clear our electoral systems are wide open to abuse,'' she
said. ``I'm very fearful about what is going to happen in the US election
later this year, and I think one of the few ways of protecting ourselves is
to get as much information out there as possible.''

The documents were retrieved from her email accounts and hard drives, and though she handed over some material to parliament in April 2018, she said there were thousands and thousands more pages which showed a ``breadth and depth of the work'' that went ``way beyond what people think they know about =98the Cambridge Analytica scandal'''.

Steele made a rare public intervention to comment on the leaks. He said that while he didn't know what was in them, the context couldn't be more
important because ``on our current trajectory these problems are likely to
get worse, not better, and with crucial 2020 elections in America and
elsewhere approaching, this is a very scary prospect. Something radical
needs to be done about it, and fast.''

He said authorities in the west had failed to punish those practising social and other media manipulation, and ``the result will be that while CA may
have been exposed and eventually shut down, other, even more sophisticated actors will have been emboldened to interfere in our elections and sow
social divisions''.

Kaiser said the Facebook data scandal was part of a much bigger global operation that worked with governments, intelligence agencies, commercial companies and political campaigns to manipulate and influence people, and
that raised huge national security implications.

The unpublished documents contain material that suggests the firm was
working for a political party in Ukraine in 2017 even while under
investigation as part of Mueller's inquiry and emails that Kaiser says described how the firm helped develop a ``sophisticated infrastructure of
shell companies that were designed to funnel dark money into politics''.

``There are emails between these major Trump donors discussing ways of obscuring the source of their donations through a series of different
financial vehicles. These documents expose the entire dark money machinery behind US politics.'' The same machinery, she says, was deployed in other countries that Cambridge Analytica worked in, including, she claims,
Britain.

Emma Briant, an academic at Bard College, New York, who specialises in investigating propaganda and has had access to some of the documents for research, said that what had been revealed was ``the tip of the iceberg''.

------------------------------

Date: Sun, 5 Jan 2020 15:21:59 +0000
From: Martin Ward <martin@gkc.org.uk>
Subject: Re: What happens if your mind lives forever on the Internet?
(Rees and Shapir, RISKS-31.52)

Re: Rees:

The point of the Turing Test is to determine if a machine can think like a human being, *not* to attempt to fool people into believing that the machine
is intelligent (when it actually is not). Cases where people were fooled
into thinking that they were talking to a person, when they did not know
that it was possible that they were talking to a machine, are therefore irrelevant.

Re: Shapir:

If the aim is to "fool people", then the the AI developers will be hardest,
if not impossible, to fool (as you assert).

If, however, the aim is to develop an intelligent machine, using the Turing Test as the best method of testing that we have devised so far, then the AI developers should be *easiest* to be convinced: they have programmed
behaviour into the system which they believe is actual intelligent thinking,
as similar as possible to real human thinking, so if the machine cannot convince them, then it is unlikely to convince anyone else! To convince the creators, the program would have to exhibit behaviour beyond any specific responses programmed into it: this is simply a basic requirement for any
real AI.

I suspect that Amos is correct in his opinion that "no AI program could ever fool the people who create it": but if he is correct, then the reason is
that AI is impossible, not that the goal posts keep being moved. If the AI program cannot convince the people who created it then, a fortiori, it
cannot convince the ordinary person, and it is not an intelligent machine.

------------------------------

Date: Mon, 14 Jan 2019 11:11:11 -0800
From: RISKS-request@csl.sri.com
Subject: Abridged info on RISKS (comp.risks)

The ACM RISKS Forum is a MODERATED digest. Its Usenet manifestation is
comp.risks, the feed for which is donated by panix.com as of June 2011.

SUBSCRIPTIONS: The mailman Web interface can be used directly to

subscribe and unsubscribe:
http://mls.csl.sri.com/mailman/listinfo/risks

SUBMISSIONS: to risks@CSL.sri.com with meaningful SUBJECT: line that

includes the string `notsp'. Otherwise your message may not be read.
*** This attention-string has never changed, but might if spammers use it.

SPAM challenge-responses will not be honored. Instead, use an alternative

address from which you never send mail where the address becomes public!

The complete INFO file (submissions, default disclaimers, archive sites,

copyright policy, etc.) is online.
<http://www.CSL.sri.com/risksinfo.html>
*** Contributors are assumed to have read the full info file for guidelines!

OFFICIAL ARCHIVES: http://www.risks.org takes you to Lindsay Marshall's

searchable html archive at newcastle:
http://catless.ncl.ac.uk/Risks/VL.IS --> VoLume, ISsue.
Also, ftp://ftp.sri.com/risks for the current volume
or ftp://ftp.sri.com/VL/risks-VL.IS for previous VoLume
If none of those work for you, the most recent issue is always at
http://www.csl.sri.com/users/risko/risks.txt, and index at /risks-31.00
Lindsay has also added to the Newcastle catless site a palmtop version
of the most recent RISKS issue and a WAP version that works for many but
not all telephones: http://catless.ncl.ac.uk/w/r
ALTERNATIVE ARCHIVES: http://seclists.org/risks/ (only since mid-2001)
*** NOTE: If a cited URL fails, we do not try to update them. Try
browsing on the keywords in the subject line or cited article leads.
Apologies for what Office365 and SafeLinks may have done to URLs.

Special Offer to Join ACM for readers of the ACM RISKS Forum:

<http://www.acm.org/joinacm1>

------------------------------

End of RISKS-FORUM Digest 31.53
************************

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)