1. Forum
  2. Usenet
  3. COMP.RISKS

  • Risks Digest 31.54 (2/2)

    From RISKS List Owner@21:1/5 to All on Tue Feb 4 11:55:19 2020
    [continued from previous message]

    "The result was a draw: humans, 93.9 percent correct; AI, 94.6 percent." 'Correct'? No false-positive or false-negative AUC ROC measures?

    You should your physician -- they swear by the Hippocratic Oath. Trust the physician's tool supply chain? Not so fast.

    ------------------------------

    Date: Thu, 16 Jan 2020 04:01:34 -0700
    From: "Bob Gezelter" <gezelter@rlgsc.com>
    Subject: A Very Real Potential for Abuse: Using AI to Score Video Interviews
    (CNN)

    CNN has published an article on an interesting trend: the use of AI
    evaluations of candidate video interviews during the selection process for internships and jobs.

    As in other cases with AI-based evaluation of imagery, the potential for baked-in bias is clear. Without extensive study, is there a way to validate that such mechanisms are free of explicit or implicit bias concerning race, culture, and other factors. As an example, the subject of "word choice". In some cultures, directness is valued, in other cultures, precisely the
    opposite is true. It would be far too simple for a bot to downgrade a
    candidate for "lack of directness" when their cultural background values
    it. Would that not be effective discrimination on race, national origin, or other prohibited or suspect factor.

    A thought experiment: Consider scoring the statement "The patient has a
    tumor" with the all-but-required phrasing used by a radiologist "The
    patient's imagery is consistent with the presence of a tumor". Is one of
    these options "evasive"?

    One could argue that it is a matter of what questions are asked, but that presupposes a degree of sophistication which is likely not present in
    practice.

    https://www.cnn.com/2020/01/15/tech/ai-job-interview/index.html

    ------------------------------

    Date: Mon, 13 Jan 2020 13:19:47 -0500
    From: Gabe Goldberg <gabe@gabegold.com>
    Subject: 5G, AI, blockchain, quantum, ... (Marketoonist)

    Smart Devices and 5G cartoon | Marketoonist | Tom Fishburne

    With the imminent arrival of 5G, there’s a lot of euphoric talk about about the future of connected devices, which is leading to a fair amount of technology-for-technology-sake.  And there are many funny and no-so-funny bumps in the road.

    On the funny end of the spectrum, GE was mocked <https://www.marketwatch.com/story/this-ridiculous-ge-video-showing-14-steps-to-reset-a-smart-lightbulb-has-suddenly-gone-viral-2019-06-20>
    a few months ago for releasing a guide to reset their Smart Lightbulb.  It requires 14 complicated steps of turning it off and on at exact second
    counts with a stopwatch (“turn off for two seconds … turn on for eight seconds”).  Stephen Fry remarked <https://www.marketwatch.com/story/this-ridiculous-ge-video-showing-14-steps-to-reset-a-smart-lightbulb-has-suddenly-gone-viral-2019-06-20>,
    “This is insane enough to be joyous.”

    On the not-so-funny end of the spectrum, smart-device maker Wyze announced <https://www.marketwatch.com/story/smart-device-maker-wyze-confirms-data-breach-that-could-affect-millions-2019-12-29>
    two weeks ago that both of the company’s production databases were left entirely open to the Internet, exposing the data of 2.4 million users of
    their smart-home cameras and devices.

    These are all reflections of the awkward adolescent stage of technology
    we’re living and working in. We have to continually question just how “smart” all of this “smart” technology really is.

    https://marketoonist.com/2020/01/smart.html

    ------------------------------

    Date: January 8, 2020 8:14:28 JST
    From: Richard Forno <rforno@infowarrior.org>
    Subject: Inside the Billion-Dollar Battle Over .Org (Steve Lohr)

    [via Dave Farber]

    Steve Lohr, *The New York Times*, 7 Jan 2020

    A private equity firm wants to buy the Internet domain used by nonprofits. A group of online pioneers says it is not the place to maximize profits.

    Two months ago, Ethos Capital, a private equity firm, announced that it
    planned to buy the rights to a tract of Internet real estate for more than
    $1 billion. But it wasn't just any piece of digital property. It was
    dot-org, the cyber neighborhood that is home to big nonprofits and nongovernmental organizations like the United Nations (un.org) and NPR (npr.org), and to li ttle ones like neighborhood clubs.

    The deal was met with a fierce backlash. Critics argued that a less
    commercial corner of the Internet should not be controlled by a
    profit-driven private equity firm, as a matter of both principle and
    practice. Online petitions and letters of concern came from hundreds of organizations, thousands of individuals and four Democrats in Congress, including Senator Elizabeth Warren of Massachusetts.

    Rarely has the acronym-strewn realm of Internet addresses -- so-called
    domain names -- stirred such passion.

    Now, a group of respected Internet pioneers and nonprofit leaders is
    offering an alternative to Ethos Capital's bid: a nonprofit cooperative corporation. The incorporation papers for the new entity, the Cooperative Corporation of .ORG Registrants, were filed this week in California.
    [...] [PGN-ed, longish item, truncated]

    https://www.nytimes.com/2020/01/07/technology/dot-org-private-equity-battle.html?emc=3Drss&partner=3Drss

    ------------------------------

    Date: Thu, 9 Jan 2020 21:03:39 -0800
    From: Paul Saffo <paul@saffo.com>
    Subject: A lazy fix 20 years ago means the Y2K bug is taking down computers
    now (New Scientist)

    [Re: Martyn Thomas, This might be a genuine Y2K problem -- are there more?
    RISKS-31.50]

    Chris Stokel-Walker, *New Scientist*, 7 Jan 2020 https://www.newscientist.com/article/2229238-a-lazy-fix-20-years-ago-means-the-y2k-bug-is-taking-down-computers-now/

    [PGN-ed to avoid duplication with RISKS-31.50 and 53.]

    [...] Programmers wanting to avoid the Y2K bug had two broad options:
    entirely rewrite their code, or adopt a quick fix called ``windowing'',
    which would treat all dates from 00 to 20, as from the 2000s, rather than
    the 1900s. An estimated 80 per cent of computers fixed in 1999 used the quicker, cheaper option.

    ``Windowing, even during Y2K, was the worst of all possible solutions
    because it kicked the problem down the road,'' says Dylan Mulvin at the
    London School of Economics.

    Coders chose 1920 to 2020 as the standard window because of the significance
    of the midpoint, 1970. ``Many programming languages and systems handle
    dates and times as seconds from 1970/01/01, also called Unix time,'' says Tatsuhiko Miyagawa, an engineer at cloud platform provider Fastly.

    Unix is a widely used operating system in a variety of industries, and this v``epoch time'' is seen as a standard.

    The theory was that these windowed systems would be outmoded by the time
    2020 arrived, but many are still hanging on and in some cases the issue had been forgotten.

    ``Fixing bugs in old legacy systems is a nightmare: it's spaghetti and
    nobody who wrote it is still around,'' says Paul Lomax, who handled the Y2K
    bug for Vodafone. ``Clearly they assumed their systems would be long out of
    use by 2020. Much as those in the 60s didn't think their code would still be around in the year 2000.''

    Those systems that used the quick fix have now reached the end of that
    window, and have rolled back to 1920. Utility company bills have reportedly been produced with the erroneous date 1920, while tens of thousands of
    parking meters in New York City have declined credit card transactions
    because of the date glitch.

    Thousands of cash registers manufactured by Polish firm Novitus have been unable to print receipts due to a glitch in the register's clock. The
    company is attempting to fix the machines.

    WWE 2K20, a professional wrestling video game, also stopped working at
    midnight on 1 January 2020. Within 24 hours, the game's developers, 2K,
    issued a downloadable fix.

    Another piece of software, Splunk, which ironically looks for errors in computer systems, was found to be vulnerable to the Y2020 bug in
    November. The company rolled out a fix to users the same week -- which
    include 92 of the Fortune 100, the top 100 companies in the US.

    Some hardware and software glitches have been incorrectly attributed to the bug. One healthcare professional claimed Y2020 hit a system developed by McKesson, which produces software for hospitals. A spokesperson for McKesson told New Scientist the firm was unaware of any outage tied to Y2020.

    Exactly how long these Y2020 fixes will last is unknown, as companies
    haven't disclosed details about them. If the window has simply been pushed
    back again, we can expect to see the same error crop up.

    Another date storage problem also faces us in the year 2038. The issue again stems from Unix's epoch time: the data is stored as a 32-bit integer, which will run out of capacity at 3.14 am on 19 January 2038.

    [In response to a request from Eric Hofnagel, I pulled together a historical list of Y2K-related problems. It is now on my website http://www.csl.sri.com/neumann/neumann.html at http://www.csl.sri.com/neumann/y2k-pgn.txt
    PGN]

    ------------------------------

    Date: Mon, 13 Jan 2020 13:35:59 -0500
    From: Jeremy Epstein <jeremy.j.epstein@gmail.com>
    Subject: When 2 < 7 => failure (Ars Technica)

    Grocery store system does periodic audits of self-checkout users, but the system doesn't work if you have fewer than 7 items - the audit requires auditing exactly seven items.

    Granted, not the biggest risk in the world, but if the venue didn't
    have in-person employees, what would the customer do?

    https://arstechnica.com/staff/2020/01/how-i-broke-my-grocery-stores-app-by-not-buying-enough-stuff/

    ------------------------------

    Date: Tue, 7 Jan 2020 20:18:50 -0500
    From: Gabe Goldberg <gabe@gabegold.com>
    Subject: Make It Your New Year's Resolution Not to Share Misinformation
    (Mother Jones)

    https://www.motherjones.com/politics/2020/01/make-it-your-new-years-resolution-not-to-share-misinformation/

    Not profound but worth sharing with the less tech-savvy.

    ------------------------------

    Date: Fri, 17 Jan 2020 11:50:03 -0500
    From: Gabe Goldberg <gabe@gabegold.com>
    Subject: Inside the Feds' Battle Against Huawei (WiReD)

    https://www.wired.com/story/us-feds-battle-against-huawei/

    Long, interesting...

    ------------------------------

    Date: Mon, 6 Jan 2020 19:57:42 -0500
    From: Gabe Goldberg <gabe@gabegold.com>
    Subject: Apple Is Bullying a Security Company with a Dangerous DMCA Lawsuit
    (iFixit)

    https://www.ifixit.com/News/apple-is-bullying-a-security-company-with-a-dangerous-dmca-lawsuit

    ------------------------------

    Date: Mon, 6 Jan 2020 19:58:52 -0500
    From: Gabe Goldberg <gabe@gabegold.com>
    Subject: How to Protect Yourself From Real Estate Scams (NYTimes)

    https://www.nytimes.com/2020/01/03/realestate/how-to-protect-yourself-from-real-estate-scams.html

    Not entirely new, but worth reading how it works, what to do and not to.

    ------------------------------

    Date: Fri, 17 Jan 2020 10:14:25 -0500
    From: Gabe Goldberg <gabe@gabegold.com>
    Subject: Dutch Artists Celebrate George Orwell's Birthday By Putting Party
    Hats On Surveillance Cameras (BuzzFeed News)

    https://www.buzzfeednews.com/article/ellievhall/dutch-artists-celebrate-george-orwells-birthday-by-adorning

    ------------------------------

    Date: Mon, 06 Jan 2020 20:27:28 +0000
    From: Chris Drewe <e767pmk@yahoo.co.uk>
    Subject: Re: reliability of computers (RISKS-31.53)

    This brought back memories from a guy at the company where I used to work,
    as he told of being called in as an expert witness on something very similar back in the 1990s. As I recall, he said that two banks or building
    societies (mortgage providers) had merged; they had totally different
    computer systems, but the new managers simply fired one of the support teams and expected the other to cope with both systems, which they struggled to
    do. His expert opinion was that security on the unsupported system was a disaster area, with security features not enabled, passwords and log-ins
    left with default settings, etc. As mentioned, he felt sympathy for the
    police officer, who queried some transactions on his account and ended up
    being charged with attempting to obtain money by deception. The
    geographical location for the case was Woodbridge, Suffolk.

    By the way, there was a similar "our computers are never wrong" item on a
    BBC radio programme covering consumer affairs a couple of months ago. This featured a woman with a regular Chip&PIN credit/debit card, which had
    expired and been routinely replaced by the card provider. She was told to
    cut up the old one but forgot to do this, however she expected it to be cancelled anyway so wasn't concerned. Quite some time later she found unexpected transactions on the account and was told "the security with these cards has never failed so it must have been stolen", which she knew was
    untrue as she still had it in her hands. After much argument it turned out that the old card had *not* been cancelled, so the woman went through normal life unknowingly having a pair of duplicate cards, then didn't notice when
    one was stolen...

    ------------------------------

    Date: Mon, 14 Jan 2019 11:11:11 -0800
    From: RISKS-request@csl.sri.com
    Subject: Abridged info on RISKS (comp.risks)

    The ACM RISKS Forum is a MODERATED digest. Its Usenet manifestation is
    comp.risks, the feed for which is donated by panix.com as of June 2011.
    SUBSCRIPTIONS: The mailman Web interface can be used directly to
    subscribe and unsubscribe:
    http://mls.csl.sri.com/mailman/listinfo/risks

    SUBMISSIONS: to risks@CSL.sri.com with meaningful SUBJECT: line that
    includes the string `notsp'. Otherwise your message may not be read.
    *** This attention-string has never changed, but might if spammers use it.
    SPAM challenge-responses will not be honored. Instead, use an alternative
    address from which you never send mail where the address becomes public!
    The complete INFO file (submissions, default disclaimers, archive sites,
    copyright policy, etc.) is online.
    <http://www.CSL.sri.com/risksinfo.html>
    *** Contributors are assumed to have read the full info file for guidelines!

    OFFICIAL ARCHIVES: http://www.risks.org takes you to Lindsay Marshall's
    searchable html archive at newcastle:
    http://catless.ncl.ac.uk/Risks/VL.IS --> VoLume, ISsue.
    Also, ftp://ftp.sri.com/risks for the current volume
    or ftp://ftp.sri.com/VL/risks-VL.IS for previous VoLume
    If none of those work for you, the most recent issue is always at
    http://www.csl.sri.com/users/risko/risks.txt, and index at /risks-31.00
    Lindsay has also added to the Newcastle catless site a palmtop version
    of the most recent RISKS issue and a WAP version that works for many but
    not all telephones: http://catless.ncl.ac.uk/w/r
    ALTERNATIVE ARCHIVES: http://seclists.org/risks/ (only since mid-2001)
    *** NOTE: If a cited URL fails, we do not try to update them. Try
    browsing on the keywords in the subject line or cited article leads.
    Apologies for what Office365 and SafeLinks may have done to URLs.
    Special Offer to Join ACM for readers of the ACM RISKS Forum:
    <http://www.acm.org/joinacm1>

    ------------------------------

    End of RISKS-FORUM Digest 31.54
    ************************

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)