RISKS-LIST: Risks-Forum Digest Friday 17 April 2020 Volume 31 : Issue 68

ACM FORUM ON RISKS TO THE PUBLIC IN COMPUTERS AND RELATED SYSTEMS (comp.risks) Peter G. Neumann, founder and still moderator

***** See last item for further information, disclaimers, caveats, etc. ***** This issue is archived at <http://www.risks.org> as
<http://catless.ncl.ac.uk/Risks/31.68>
The current issue can also be found at
<http://www.csl.sri.com/users/risko/risks.txt>

Contents:
US Senate tells members not to use Zoom (Ars Technica)
Over 500,000 Zoom Accounts Sold on the Dark Web and Hacker Forums
(MacRumors)
Man accidentally ejects himself from fighter jet during surprise flight
(The Guardian)
Do Some Surgical Implants Do More Harm Than Good? (The New Yorker)
Seeking Software That Hears Better (Scientific American)
Reese Witherspoon's Fashion Line Offered Free Dresses to Teachers
but Didn't Mean Every Teacher (NYTimes)
The Pentagon Hasn't Fixed Basic Cybersecurity Blind Spots (WiReD)
Interactive exhibit mapping corruption (Prospect)
Linux Security: Chinese State Hackers May Have Compromised 'Holy
Grail' Targets Since 2012 (Davey Winde)
The US Is Waging War on Digital Trade Barriers (WiReD)
California Allows Startup Nuro to Test Driverless Delivery Vehicles
(Reuters)
Couple Fined For Violating Lockdown After Posting Old Vacation Photos to
Facebook (Gizmodo)
Fertility apps can be 'misleading' for women, review finds (cnn.com)
Legit email/websites considered harmful, or RISKs in the time of COVID-19
(Cris Pedregal Martin)
Rotimatic -- the robotic roti-maker (Richard Stein)
Cell Network Outage - Baltimore/Washington DC Area (Gabe Goldberg)
Messaging App Signal Threatens to Dump US Market if Anti-Encryption
Bill Passes (PCMag)
Efficacy of location surveillance (Ross Anderson)
Keeping the DNS Secure During the Coronavirus Pandemic (ICANN)
Getting Back To Normal: Big Tech's SolutionDepends On Public Trust (npr.org) COVID-Tech: Emergency responses to COVID-19 must not extend beyond the
crisis AND COVID-19 pandemic adversely affects digital rights
in the Balkans (EDRi-gram 18.7 via Diego Latella)
Your COVID-19 Internet problems might be COVID-19 Wi-Fi problems
(Ars Technica)
New CDC Study Shows Coronavirus Can Survive For Hours On Floors,
Walls, Shoes (Typer Durden)
How Coronavirus Is Eroding Privacy (WSJ)
Coronavirus Rumor Control (FEMA)
Risks of mass announcements in a Corona environment (danny burstein)
UK government using confidential patient data in coronavirus response
(The Guardian)
Error rates and CoVID-19 antibody tests (Rob Slade)
Re: Masking the CoVID-19 problem (Robert Weaver)
Re: Can Legislatures Safely Vote by Internet? (Chuck Petras)
Re: Should we teach children about quantum computing? (John Levine)
Abridged info on RISKS (comp.risks)

----------------------------------------------------------------------

Date: Sat, 11 Apr 2020 17:00:52 -0400
From: Monty Solomon <monty@roscom.com>
Subject: US Senate tells members not to use Zoom (Ars Technica)

https://arstechnica.com/tech-policy/2020/04/us-senate-tells-members-not-to-use-zoom/

[We hope they are using zoom.gov, not zoom (with some of its servers in
China)

------------------------------

Date: Tue, 14 Apr 2020 14:57:05 -0400
From: Monty Solomon <monty@roscom.com>
Subject: Over 500,000 Zoom Accounts Sold on the Dark Web and Hacker Forums
(MacRumors)

https://www.macrumors.com/2020/04/14/zoom-accounts-sold-on-dark-web-hacker-forums/

------------------------------

Date: Tue, 14 Apr 2020 17:53:58 -0400
From: Monty Solomon <monty@roscom.com>
Subject: Man accidentally ejects himself from fighter jet during surprise
flight (The Guardian)

Sixty-four-year-old lands in field after grabbing ejection handle to steady himself, French air investigators find

https://www.theguardian.com/world/2020/apr/14/man-accidentally-ejects-himself-from-fighter-jet-during-surprise-flight

------------------------------

Date: Wed, 15 Apr 2020 15:01:23 +0800
From: Richard Stein <rmstein@ieee.org>
Subject: Do Some Surgical Implants Do More Harm Than Good? (The New Yorker)

https://www.newyorker.com/magazine/2020/04/20/do-some-surgical-implants-do-more-harm-than-good

A sobering read on a frequently reported comp.risks subject. Caveat emptor, especially for those in the US subject to an overly corporate-friendly
medical device regulatory system.

Best to read up on the device your surgeon advocates BEFORE undergoing
elective surgery. Ask questions about device implant safety: infection risk, tissue perforation risk, historical injury or malfunction trends, any
monetary incentive they receive for promoting the recommended device,
etc. Any evidence of historical device efficacy and patient outcome NOT prepared or sponsored by the manufacturer?

------------------------------

Date: Wed, 15 Apr 2020 23:13:17 +0800
From: Richard Stein <rmstein@ieee.org>
Subject: Seeking Software That Hears Better (Scientific American)

Wade Rousch, Scientific American, May 2020, p.26

"In the speech-recognition business, 95 percent accuracy might as well be zero." That's 1 of every 20 words erroneously transcribed automatically.

'ASR systems may never reach 100 percent accuracy. After all, humans do not always speak fluently, even in their native languages. And speech is so full
of homophones that comprehension always depends on context. (I have seen transcription services render `iOS' as `ayahuasca' -- and `your podcast' as `your punk ass'.

A misplaced comma in a business document can dramatically affect legal judgment. Proofreading remains an important editorial function. (see https://www.bbc.com/worklife/article/20180723-the-commas-that-cost-companies-millions .)

Risk: Over-reliance on ASRaaSWP -- automated speech recognition as a service without proofreading.

In contrast to ASR, https://www.nytimes.com/2020/04/08/technology/ai-transcription-human-services.html
testifies to the effectiveness of human-driven transcription. Subject matter comprehension, contextual awareness, and conversational immersion elevate transcription quality. These factors are substantially out-of-reach for ASR.

The technological race to improve ASR, and retire human transcription,
reminds me of "John Henry" per https://en.wikipedia.org/wiki/John_Henry_(folklore). Perhaps an undiscovered Agatha Christie story entitled "Death by Transcription" offers a
post-mortem?

------------------------------

Date: Wed, 15 Apr 2020 14:32:44 -0400
From: Monty Solomon <monty@roscom.com>
Subject: Reese Witherspoon's Fashion Line Offered Free Dresses to Teachers
but Didn't Mean Every Teacher (NYTimes)

Draper James had a well-intentioned giveaway. But it went very wrong.

https://www.nytimes.com/2020/04/15/fashion/reese-witherspoon-draper-james-coronavirus.html

------------------------------

Date: Wed, 15 Apr 2020 18:34:18 -0400
From: Gabe Goldberg <gabe@gabegold.com>
Subject: The Pentagon Hasn't Fixed Basic Cybersecurity Blind Spots (WiReD)

Five years ago, the Department of Defense set dozens of security hygiene
goals. A new report finds that it has abandoned or lost track of most of
them.

https://www.wired.com/story/pentagon-cybersecurity-blind-spots/

------------------------------

Date: Mon, 13 Apr 2020 10:54:52 -0700
From: "Peter G. Neumann" <neumann@csl.sri.com>
Subject: Interactive exhibit mapping corruption (Prospect)

[A colleague sent this to me. It seems relevant in our
quest in RISKS for transparency and integrity. PGN]

https://prospect.org/mapping-corruption-interactive

The Trump administration has brought its brand of corruption and
self-dealing to every agency in the federal government, and it's hard for
anyone to keep on top of it all. We've mapped it out for you. Click on any
agency building below, and unlock an extensive dossier of the activities
happening inside.

Accompanying article by Jim Lardner, April 9, 2020: https://prospect.org/power/mapping-corruption-donald-trump-executive-branch/

------------------------------

Date: Mon, 13 Apr 2020 12:23:40 -0400 (EDT)
From: ACM TechNews <technews-editor@acm.org>
Subject: Linux Security: Chinese State Hackers May Have Compromised 'Holy
Grail' Targets Since 2012 (Davey Winde)

Davey Winde, Forbes 7 Apr 2020 via ACM TechNews, 13 Apr 2020

A BlackBerry research and intelligence team said five Chinese advanced persistent threat groups have long been attacking Linux servers that
"comprise the backbone of the majority of large data centers responsible for the some of the most sensitive enterprise network operations." Particularly worrying is evidence of the attackers using a previously undocumented Linux malware toolkit including at least two kernel-level rootkits and three backdoors, actively deployed since March 13, 2012. Analysis associated this toolkit with one of the largest Linux botnets ever found, with a significant number of organizations likely infected. Targets include Red Hat Enterprise, CentOS, and Ubuntu Linux environments for purposes of cyber-espionage and intellectual property theft, with researchers describing Linux defensive capabilities as immature at best. Former U.K. Military Intelligence Colonel Philip Ingram said mitigating such exploits entails "treating [the threats]
as if they are ... as much a threat as any other operating system." https://orange.hosting.lsoft.com/trk/click?ref=3Dznwrbbrs9_6-24b68x22187fx068278&

------------------------------

Date: Sat, 11 Apr 2020 19:43:57 -0400
From: Gabe Goldberg <gabe@gabegold.com>
Subject: The US Is Waging War on Digital Trade Barriers (WiReD)

As Washington tries to take China, Russia, and India to task, these nations
are mounting defenses in the name of `cybersovereignty'.

The US and other democratic states don't engage in many of the Chinese or Russian activities that so worry policymakers in Washington, like
intellectual property theft. Clearly, these behaviors directly contradict
what many countries deem to be fair trade practices. But some issues, like
data localization mandates and data security regulations, are bound to
receive more domestic focus from the US and its democratic allies and
partners. How American policymakers reconcile these facts when addressing perceived digital trade barriers elsewhere -- all the while combatting [*] false equivalencies is crucial for digital diplomacy and trade going
forward.

https://www.wired.com/story/the-us-is-waging-war-on-digital-trade-barriers/

[* The official spelling in RISKS is "combatting" as in batting averages
and cotton batting, and "the internet" is The Internet -- in case you
wondered. I note that COVID-19, CoVID-19, and Covid are all likely to
appear, and recently it seems often to be novel coronavirus, or just
coronavirus (oversimplified). PGN]

------------------------------

Date: Mon, 13 Apr 2020 12:23:40 -0400 (EDT)
From: ACM TechNews <technews-editor@acm.org>
Subject: California Allows Startup Nuro to Test Driverless Delivery Vehicles
(Reuters)

Munsif Vengattil and Ayanti Bera, Reuters, 7 Apr 2020
via ACM TechNews, 13 Apr 2020

California's Department of Motor Vehicles has authorized an autonomous technology startup to test two driverless delivery vehicles in nine
cities. Startup Nuro will use its driverless low-speed R2 vehicle to begin conducting deliveries with local retail partners. The startup has been
testing autonomous vehicles with safety drivers on the state's roads since 2017. Said Nuro's David Estrada, "Our R2 fleet is custom-designed to change
the very nature of driving, and the movement of goods, by allowing people to remain safely at home while their groceries, medicines, and packages, are brought to them." In February, Nuro was granted permission by the National Highway Traffic Safety Administration to deploy up to 5,000 low-speed
electric delivery vehicles without any human controls in Houston. https://orange.hosting.lsoft.com/trk/click?ref=3Dznwrbbrs9_6-24b68x221883x068278&

------------------------------

Date: Tue, 14 Apr 2020 14:45:35 -0400
From: Monty Solomon <monty@roscom.com>
Subject: Couple Fined For Violating Lockdown After Posting Old Vacation
Photos to Facebook (Gizmodo)

https://gizmodo.com/couple-fined-for-violating-lockdown-after-posting-old-v-1842855076

------------------------------

Date: Sun, 12 Apr 2020 10:14:13 +0800
From: Richard Stein <rmstein@ieee.org>
Subject: Fertility apps can be 'misleading' for women, review finds
(cnn.com)

https://edition.cnn.com/2020/04/06/health/fertility-period-contraceptive-apps-trackers-wellness/index.html

Without calibrated biochemical sensor input and feedback, trusting this app
to accurately calculate and/or predict a biological function is more like roulette. As Mad Magazine's Alfred E. Neuman profoundly stated, "What, me worry?"

------------------------------

Date: Tue, 14 Apr 2020 19:18:56 -0700
From: Cris Pedregal Martin <cris@acm.org>
Subject: Legit email/websites considered harmful, or RISKs in the time of
COVID-19

Earlier this month I received an email purporting to be an offer from UCSF
(a premier medical school/hospital in on the US West Coast) to access information about COVID-19 through a third party (Emmi Solutions, LLC --
emmi in the sequel). Clicking on the appropriate "personalized code" button landed on a sparse webpage that demanded my date of birth (DOB), so I
stopped.

Being about COVID-19, and associated with UCSF, this seems to be nice
example of the counterpart of a typical RISK: the legitimate email/website causes more harm than if they were malicious!

To wit:

(1) The DOB requirement in the emmi landing page is a red flag, so many
*recipients will refrain from going further and actually receiving the
information* (like I did).

(2) The style and content of the email message *train recipients into
vulnerability to malicious emails/websites,* by exposing them to red flags
that turn out to be harmless.

Red flags include:

(i) Design language (if we can call it that!) / *branding inconsistent with
the UCSF branding* - looks as if someone pasted a logo on something
designed in 2005;

(ii) The *URLs contained in the email *lie*: the button says startemmi.com,
but actually links to my-emmi.com. ("my-ucsf.com", anyone?)

(iii) I found no mention of this email campaign or emmi resources of in the
UCSF COVID-19 page <https://coronavirus.ucsf.edu/>; *the emmi webpage
looks unrelated to UCSF.

(iv) the aforementioned DOB requirement at the emmi landing page.

(3) The campaign *unnecessarily enables emmi to associate DOBs with IP and
MAC addresses* (at least). Why is this necessary? This *undermines trust
patients have in UCSF.

(4) By allowing emmi to collect DOBs, the campaign exposes emmi and through
emmi UCSF, and importantly, recipients of the email, aka UCSF* patients,
to* the risk of *unauthorized disclosures of personally identifiable data
(PII). Given the association of email address to the specific code, there
is a strong likelihood the information matched via the website landing
includes a lot more PII and is stored by emmi.

------------------------------

Date: Thu, 16 Apr 2020 12:59:34 +0800
From: Richard Stein <rmstein@ieee.org>
Subject: Rotimatic -- the robotic roti-maker

https://rotimatic.com/

Roti is a South Asian, Indian subcontinent flat bread usually stuffed with curry. Delicious.

This robot stamps them out, fully baked and ready-to-eat on command.
According to the manufacturer's website, The Rotimatic is "The world's most popular food robot."

Why is this kitchen gizmo WiFi-enabled? Convenience? To sustain business revenue via subscription maintenance?

Risks: Botnet co-option and kitchen fire from thermal runaway-initiated
malware sabotage.

------------------------------

Date: Thu, 16 Apr 2020 13:47:00 -0400
From: Gabe Goldberg <gabe@gabegold.com>
Subject: Cell Network Outage - Baltimore/Washington DC Area

This is a message from Fairfax (VA) Alerts

There are reports of intermittent issues making wireless calls with all wireless carriers within the last hour. If you receive a busy signal when
you use your wireless phone for an emergency call, you can send a text to
911 message, or use a landline phone. You can continue to try and make
contact with your wireless phone also.

------------------------------

Date: April 10, 2020 at 11:43:26 AM GMT+9
From: Richard Forno <rforno@infowarrior.org>
Subject: Messaging App Signal Threatens to Dump US Market if Anti-Encryption
Bill Passes (PCMag)

[via Dave Farber]

https://uk.pcmag.com/security-5/125569/messaging-app-signal-threatens-to-dump-us-market-if-anti-encryption-bill-passes

------------------------------

Date: Sun, 12 Apr 2020 16:04:43 +0100
From: Ross Anderson <Ross.Anderson@cl.cam.ac.uk>
Subject: Efficacy of location surveillance

Having seen the reality of the app proposed for our [UK] NHS, and the great distance between our public health folks' assumptions and those of assorted tech companies and academics proposing private contact tracing, I blogged
about the issue:

https://www.lightbluetouchpaper.org/2020/04/12/contact-tracing-in-the-real-world/

The time for contact tracing is past, for this wave. If we're going to use
it next wave then the 5,000 public-health officers on the UK local
government payroll won't be anything like enough. But we have a couple of million people being paid by the government to do nothing. If we follow the South Korean / Taiwanese example we'll want to start training lots of
them. It's important not to distract policymakers from that decision by offering techno-magical promises on which we cannot deliver.

There have recently been several proposals for pseudonymous contact tracing, including from Apple and Google. To both cryptographers and privacy
advocates, this might seem the obvious way to protect public health and
privacy at the same time. Meanwhile other cryptographers have been pointing
out some of the flaws.

There are also real systems being built by governments. Singapore has already deployedand open-sourced one that uses contact tracing based on bluetooth beacons. Most of the academic and tech industry proposals follow this strategy, as the *obvious* way
to tell who's been within a few metres of you
and for how long. The UK's National Health Service is working on one too,
and I'm one of a group of people being consulted on the privacy
and security. [...]

------------------------------

Date: April 13, 2020 6:43:01 JST
From: Lauren Weinstein <lauren@vortex.com>
Subject: Keeping the DNS Secure During the Coronavirus Pandemic (ICANN)

https://www.icann.org/news/blog/keeping-the-dns-secure-during-the-coronavirus-pandemic

The role of the ICANN community, Board, and organization in maintaining a secure, stable, and unified Internet has always been important, but at this time, when reliance on the Internet has skyrocketed, our collective role has become all the more vital. ICANN's mission frames our concern about cybercriminals who are exploiting the pandemic by perpetrating scams and victimizing Internet users. Some are selling phony cures, treatments, and vaccines. Some are using domain names as part of their efforts to prey on people at this time when many are experiencing anxiety, fear, and
loneliness.

------------------------------

Date: Wed, 15 Apr 2020 11:19:41 +0800
From: Richard Stein <rmstein@ieee.org>
Subject: Getting Back To Normal: Big Tech's SolutionDepends On Public Trust
(npr.org)

https://www.npr.org/2020/04/14/834460127/apple-google-team-up-to-develop-cellphone-data-contact-tracing

'Weitzner said the Bluetooth concept works by identifying proximity, not location. "We don't need to know where you were close to someone, just that
you were close to someone," he said."'

Common wisdom says that 'close' only counts for horseshoes and tossing hand grenades.

Pandemic contact tracing, and proximity notification alerts, relies on human civility and restraint. People are timorous, and on high-alert given
community spread potential. While social distancing protocols are generally deployed and enforced, there's little risk of a riot.

A crowd of people protesting lock-down or other confinement restriction who receive a proximity alert notification, given COVID-19 serological test
latency or a false-positive test result, might turn ugly very quickly.

------------------------------

Date: Thu, 16 Apr 2020 10:38:17 +0200
From: Diego Latella <DIego.Latella@isti.cnr.it>
Subject: COVID-Tech: Emergency responses to COVID-19 must not extend
beyond the crisis AND COVID-19 pandemic adversely affects digital rights
in the Balkans (EDRi-gram 18.7)

EDRi-gram 18.7, 15 April 2020

https://edri.org/emergency-responses-to-covid-19-must-not-extend-beyond-the-crisis/

Among other things you read:

"On 19 March 2020, the [Poland] efforts to tackle the spread of coronavirus received widespread attention when the government announced the use of a
'Civil Quarantine' app which they explained would require people in
quarantine to send geo-located selfies within 20 minutes of receiving an
alert - or face a visit from the police. according to the announcement, the
app even uses controversial facial recognition technology to scan the
selfies. Early in April, the Polish government looked to make the use of
the app mandatory"

and

"The UK's Coronavirus Act was passed on 25 March 2020, giving the UK
government a suite of extraordinary powers for a period of 2 years. [ ... ]
The UK has also come under fire for the sharp rise in disproportionate
police responses since the introduction of the Bill, including stopping
people from using their own gardens or using drones to chastise dog
walkers. If not properly limited by law, these powers (and their abuse) have the potential to continue in ordinary times, further feeding the
government's surveillance machine."

COVID-19 pandemic adversely affects digital rights in the Balkans https://edri.org/covid-19-pandemic-adversely-affects-digital-rights-in-the-balkans/

Among other things you read:

"Governments in Montenegro and Moldova made public the personal health data
of people infected with COVID-19, while official websites and hospital
computer systems suffered cyber-attacks in Croatia and Romania. Some
countries like Slovakia are considering lifting rights enshrined under the
EU General Data Protection Regulation (GDPR), while Serbia imposed
surveillance and phone tracking to limit freedom of movement."

and

"In neighboring Montenegro, the National Coordination Body for Infectious Diseases decided to publish the names and surnames of people who must
undergo quarantine online, after it determined that certain persons violated the measure, and as a result "exposing the whole Montenegro to risk.""

------------------------------

From: Dave Farber <farber@gmail.com>
Date: Fri, 17 Apr 2020 08:05:36 +0900
Subject: Your COVID-19 Internet problems might be COVID-19 Wi-Fi problems |
(Ars Technica)

https://arstechnica.com/gadgets/2020/04/remote-work-lagging-if-you-cant-plug-it-in-upgrade-to-mesh/

------------------------------

Date: April 13, 2020 22:00:59 JST
From: Dewayne Hendricks <dewayne@warpspeed.com>
Subject: New CDC Study Shows Coronavirus Can Survive For Hours On Floors,
Walls, Shoes (Typer Durden)

Tyler Durden, ZeroHedge, 13 Apr 2020 <https://www.zerohedge.com/geopolitical/new-cdc-study-shows-coronavirus-can-survive-hours-floors-walls-shoes>

A preview of a new study: <https://wwwnc.cdc.gov/eid/article/26/7/20-0885_article> by the US Centers
for Disease Control and Prevention - the CDC, for short - released last
night offers some distressing news for health-care workers, as well as their families, partners and friends: New research suggests that nurses, doctors
and others can track the virus out of the ward and into another - perhaps a more public, or less well-protected - environment, helping to spread the disease in a new way that public health officials haven't really considered.

The study, entitled "Aerosol and Surface Distribution of Severe Acute Respiratory Syndrome Coronavirus 2 in Hospital Wards, Wuhan, China, 2020",
was conducted in two wards at Wuhan's Huoshenshan Hospital by large team of Chinese researchers back in February and March. Though the team insisted
that "respiratory droplets and close contact" remain the primary vectors for the disease, the possibility for hospital workers to transmit the virus on their shoes and clothes wasn't really well understood, until now.

And unfortunately, if the data are confirmed, it would suggest that wards
where coronavirus patients are treated are literally crawling with the
virus, placing these health-care workers at extremely high risk for
infection.

According to the research, "94% of swabs taken from the ICU floor and 100%
of swabs taken from one of the general wards used to treat patients with
severe symptoms tested positive for coronavirus."

Here's a summary of the research that describes how the GW and ICU were
found to have the highest levels of the virus present on the floors and
walls, as well as in the air. The rate of positivity was higher for the ICU than the GW, which makes sense.

Even samples taken from the floor in the nearby hospital pharmacy showed
'weak positive' for the virus. Patients are not allowed in the pharmacy, meaning there's only one way the samples could have gotten there.

From February 19 through March 2, 2020, we collected swab samples from potentially contaminated objects in the ICU and GW as described

previously. The ICU housed 15 patients with severe disease and the GW housed
24 patients with milder disease. We also sampled indoor air and the air
outlets to detect aerosol exposure. Air samples were collected by using a
SASS 2300 Wetted Wall Cyclone Sampler at 300 L/min for of 30 min. We used sterile premoistened swabs to sample the floors, computer mice, trash cans, sickbed handrails, patient masks, personal protective equipment, and air outlets. We tested air and surface samples for the open reading frame (ORF)
1ab and nucleoprotein (N) genes of SARS-CoV-2 by quantitative real-time PCR.

Almost all positive results were concentrated in the contaminated areas (ICU 54/57, 94.7%; GW 9/9, 100%); the rate of positivity was much higher for the
ICU (54/124, 43.5%) than for the GW (9/114, 7.9%) (Tables 1, 2). The rate of positivity was relatively high for floor swab samples (ICU 7/10, 70%; GW
2/13, 15.4%), perhaps because of gravity and air flow causing most virus droplets to float to the ground. In addition, as medical staff walk around
the ward, the virus can be tracked all over the floor, as indicated by the
100% rate of positivity from the floor in the pharmacy, where there were no patients. Furthermore, half of the samples from the soles of the ICU medical staff shoes tested positive. Therefore, the soles of medical staff shoes
might function as carriers. The 3 weak positive results from the floor of dressing room 4 might also arise from these carriers. We highly recommend
that persons disinfect shoe soles before walking out of wards containing COVID-19 patients.

The authors suggested that "air flow" and the forces of gravity might be responsible for moving the samples to the floors and the walls.But this certainly doesn't bode well for anybody arguing that the subway and
restaurants will be able to go quickly back to normal, since an asymptomatic diner can leave the virus at their table for the next customer to pick up
even if the table sits empty for hours - or even overnight.

------------------------------

Date: Fri, 17 Apr 2020 12:17:16 -0400 (EDT)
From: ACM TechNews <technews-editor@acm.org>
Subject: How Coronavirus Is Eroding Privacy (WSJ)

Liza Lin, Timothy W. Martin, Dasl Yoon, et al., *The Wall Street Journal*,
15 Apr 2020, via ACM TechNews, Friday, April 17, 2020

Governments worldwide are using digital surveillance technologies to track
the spread of the coronavirus pandemic, raising concerns about the erosion
of privacy. Many Asian governments are tracking people through their
cellphones to identify those suspected of being infected with COVID-19,
without prior consent. European countries are tracking citizens' movements
via telecommunications data that they claim conceals individuals'
identities; American officials are drawing cellphone location data from
mobile advertising firms to monitor crowds, but not individuals. The biggest privacy debate concerns involuntary use of smartphones and other digital
data to identify everyone with whom the infected had recent contact, then testing and quarantining at-risk individuals to halt the further spread of
the disease. Public health officials say surveillance will be necessary in
the months ahead, as quarantines are relaxed and the virus remains a threat while a vaccine is developed. https://orange.hosting.lsoft.com/trk/click?ref=3Dznwrbbrs9_6-24c74x221a65x068377&

------------------------------

Date: Thu, 9 Apr 2020 13:52:34 -1000
From: geoff goodfellow <geoff@iconia.com>
Subject: Coronavirus Rumor Control (FEMA)

EXCERPT:

The purpose of this FEMA page is to help the public distinguish between
rumors and facts regarding the response to coronavirus (COVID-19) pandemic. Rumors can easily circulate within communities during a crisis.

Do your part to the stop the spread of disinformation by doing three easy things:

1. Don't believe the rumors.
2. Don't pass them along.
3. Go to trusted sources of information to get the facts about the
federal (COVID-19) response.

Always go to trusted sources of information like coronavirus.gov or your
state and local government's official websites or social media accounts
for instructions and information specific to your community.

For more information on the coronavirus, please visit coronavirus.gov <https://www.coronavirus.gov/>. You can also visit our coronavirus
(COVID-19) response <https://www.fema.gov/coronavirus> page for more updates
on the federal response. Follow state and local officials as well for instructions and information specific to your community. [...] https://www.fema.gov/coronavirus-rumor-control

[Unfortunately, `trust' is in the eye of the beholder.
Some people trust CNN, some people trust Fox News. PGN]

------------------------------

Date: Wed, 15 Apr 2020 16:34:36 -0400 (EDT)
From: danny burstein <dannyb@panix.com>
Subject: Risks of mass announcements in a Corona environment

So I just got a robot call from the NYC Department of Health in regards to C-19.

Aside from the misleading info in it, and no way to ask it to "repeat", and lots of fadeouts...

T-Mobile flagged it as a "scam likely".

Yes. Really

photo of the Caller ID/Name:

http://www.dburstein.com/images/nyc-doh.jpg

about 3 meg

------------------------------

Date: Mon, 13 Apr 2020 11:05:57 +0900
From: Dave Farber <farber@gmail.com>
Subject: UK government using confidential patient data in coronavirus
response (The Guardian)

https://www.theguardian.com/world/2020/apr/12/uk-government-using-confidential-patient-data-in-coronavirus-response

------------------------------

Date: Wed, 15 Apr 2020 18:13:12 -0700
From: Rob Slade <rmslade@shaw.ca>
Subject: Error rates and CoVID-19 antibody tests

In security, we know that there are errors that are false positives, and
errors that are false negatives, and that both can create problems.

At the moment, everybody is eagerly looking forward to serology tests for CoVID-19. These are tests (usually blood tests) that determine if you have antigens or antibodies related to defence against the SARS-CoV-2 virus.

At least, they *try* to determine that. Because, well, errors.

A good article on this is available at NPR. https://www.npr.org/sections/health-shots/2020/04/15/834497497/antibody-tests- for-coronavirus-can-miss-the-mark

If you want the tl:dr version:

If the test has 99% specificity, and you live in an area where only 1% of
the population is actually infected, then when you get a "positive" test,

[continued in next message]

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)