RISKS-LIST: Risks-Forum Digest 1 May 2020 Volume 31 : Issue 77

ACM FORUM ON RISKS TO THE PUBLIC IN COMPUTERS AND RELATED SYSTEMS (comp.risks) Peter G. Neumann, founder and still moderator

***** See last item for further information, disclaimers, caveats, etc. ***** This issue is archived at <http://www.risks.org> as
<http://catless.ncl.ac.uk/Risks/31.77>
The current issue can also be found at
<http://www.csl.sri.com/users/risko/risks.txt>

Contents:
Red-Flagging Misinformation Could Slow the Spread of Fake News on
Social Media (NYU)
Statistics and protection (Rob Slade)
Trust in experts has increased quite substantially over the last
(geoff goodfellow)
Footstep Sensors Identify People by Gait (Scientific American)
How AI Steered Doctors Toward Possible Coronavirus Treatment (Cade Metz)
States Made It Harder to Get Jobless Benefits. Now That's Hard to Undo
(NYTimes)
Would you have fallen for this phone scam? (Krebs via geoff)
Re: Online voting is too vulnerable (3daygoaty)
Re: After prolonged service outage, Petnet shuts down (Martin Ward)
Abridged info on RISKS (comp.risks)

----------------------------------------------------------------------

Date: Fri, 1 May 2020 12:08:33 -0400 (EDT)
From: ACM TechNews <technews-editor@acm.org>
Subject: Red-Flagging Misinformation Could Slow the Spread of Fake News on
Social Media (NYU)

NYU Tandon School of Engineering, 27 Apr 2020, via ACM TechNews, 1 May 2020

Researchers at the New York University Tandon School of Engineering found
that pairing headlines with credibility alerts from fact-checkers, the
public, news media, and artificial intelligence (AI) programs can reduce people's intention to share fake news. While the effectiveness of these
alerts varies with political orientation and gender, official fact-checking sources are overwhelmingly trusted. The team studied 1,500 individuals to measure the effectiveness among different groups of four "credibility indicators" displayed beneath headlines. The researchers found that
Republicans and men are less likely to be influenced by any of the
credibility indicators, and are more inclined to share fake news on social media. https://orange.hosting.lsoft.com/trk/click?ref=3Dznwrbbrs9_6-24f88x221ecbx069835&

------------------------------

Date: Thu, 30 Apr 2020 10:50:39 -0700
From: Rob Slade <rmslade@shaw.ca>
Subject: Statistics and protection

Remdesivir works against CoVID-19! https://lite.cnn.com/en/article/h_1a62255cc20919cda25d487543ad9118

Sort of.

When it comes to trials of this kind, you have to look at the details, not
just the headlines. This trial does appear to have good design, with randomization and a control group with a placebo. That's good.

The results, as reported so far, are positive. That's good.

For those who took the remdesivir, recovery time was shorter. That's good.
But the recovery time was an average of 11 days, versus 15 days for the
control group. That's not exactly earth-shaking. Also, we probably need to look at the definition of "recovery," and, particularly, look at long term effects like ongoing respiratory and neurological problems that have been reported in some "recovered" patients.
j
For those who took the remdesivir, mortality was lower. That's good. But
the mortality was still 8% for those on remdesivir versus 11.6% for those on placebo. Again, not a result that you want to rely on when people start thinking "oh, there *is* a treatment, so I don't have to worry as much about getting infected!"

------------------------------

Date: Thu, 30 Apr 2020 01:12:00 -1000
From: geoff goodfellow <geoff@iconia.com>
Subject: Trust in experts has increased quite substantially over the last
years

``84% of the British population trust scientists to tell the truth. This is
up from 64% back in 1997. All others listed here (except priests)= are also trusted more than in the past.

https://twitter.com/MaxCRoser/status/1254697157275287552

------------------------------

Date: Fri, 1 May 2020 10:34:42 +0800
From: Richard Stein <rmstein@ieee.org>
Subject: Footstep Sensors Identify People by Gait (Scientific American)

https://www.scientificamerican.com/article/footstep-sensors-identify-people-by-gait/

In the future, AI-trained gait detector networks can be used to identify chronic diseases like muscular dystrophy. "Fighting the noise is the biggest challenge we have."

A gait detector network installed at Fred Astaire Dance School during a
waltz? There's bound to be a few missteps.

https://catless.ncl.ac.uk/Risks/27/44#subj5.1 identifies false alarms and
alarm fatigue attributed to earthquake and building sensor networks in
Japan.

[How about people in wheelchairs? on tip-toes? sneaking? ... BTW,
We already have gate detectors, as in this old dialog:
Hark, sire, a stranger waits without the gate.
Well, give him the gate.
PGN]

------------------------------

Date: Fri, 1 May 2020 12:08:33 -0400 (EDT)
From: ACM TechNews <technews-editor@acm.org>
Subject: How AI Steered Doctors Toward Possible Coronavirus Treatment
(Cade Metz)

Cade Metz, *The New York Times*, 30 Apr 2020, via ACM TechNews, 1 May 2020

In January, researchers at U.K.-based artificial intelligence (AI) startup BenevolentAI mined scientific literature about the coronavirus to uncover a potential treatment within two days. BenevolentAI's technology can pinpoint information buried in massive volumes for the design of new drugs, using universal language models that teach themselves to understand written and spoken language by analyzing digital text. The company's engineers employed automated language tools to generate an interconnected database of
biological processes related to the coronavirus, then BenevolentAI's Peter Richardson applied additional tools to browse the findings. He plotted out linkages between human genes and the biological processes affected by the virus, and identified two particular genes. Using a digital flow chart to outline how current medications targeted these genes, the researchers identified the anti-inflammatory drug baricitinib as a possible treatment
that may block the coronavirus from entering cells; the drug is being
prepared for clinical testing. https://orange.hosting.lsoft.com/trk/click?ref=3Dznwrbbrs9_6-24f88x221ecax069835&

------------------------------

Date: Fri, 1 May 2020 10:52:40 +0800
From: Richard Stein <rmstein@ieee.org>
Subject: States Made It Harder to Get Jobless Benefits. Now That's Hard to Undo
(NYTimes)

https://www.nytimes.com/2020/04/30/upshot/unemployment-state-restrictions-pandemic.html

'"In a time when pretty much everybody who's applying should be eligible,
we're working with a system that got us to a 26 percent recipiency rate,"
said Steve Gray, the director of Michigan's Unemployment Insurance
Agency. That means Michigan was giving aid to one in four unemployed workers
in 2019, following restrictions adopted by the Michigan legislature after
the Great Recession. That system, Mr. Gray said, was "built to assume that you're guilty and make you prove that you're innocent."'

Risk: Change management agility and governance resilience planning to accommodate emergencies.

[On this item, Monty Solomon noted
Systems that were devised to treat each case as potentially fraudulent
are now rushing to deal with millions of newly unemployed people.
PGN]

------------------------------

Date: Thu, 30 Apr 2020 01:11:00 -1000
From: geoff goodfellow <geoff@iconia.com>
Subject: Would you have fallen for this phone scam?

You may have heard that today's phone fraudsters like to use use caller ID spoofing services to make their scam calls seem more believable. But you probably didn't know that these fraudsters also can use caller ID spoofing
to trick your bank into giving up information about recent transactions on
your account -- data that can then be abused to make their phone scams more believable and expose you to additional forms of identity theft.

Last week, KrebsOnSecurity told the harrowing tale of a reader (a security expert, no less) who tried to turn the tables on his telephonic tormentors
and failed spectacularly. In that episode, the people impersonating his
bank not only spoofed the bank's real phone number, but they were also pretending to be him in a separate call at the same time with his bank. https://krebsonsecurity.com/2020/04/when-in-doubt-hang-up-look-up-call-back/

This foiled his efforts to make sure it was really his bank that called him, because he called his bank with another phone and the bank confirmed they currently were in a separate call with him discussing fraud on his account (however, the other call was the fraudster pretending to be him).

Shortly after that story ran, I heard from another reader -- we'll call him
Jim since he didn't want his real name used for this story -- whose wife was the target of a similar scam, albeit with an important twist: The scammers
were armed with information about a number of her recent financial transactions, which he claims they got from the bank's own automated phone system just by spoofing her phone number. [...] https://krebsonsecurity.com/2020/04/would-you-have-fallen-for-this-phone-sc= am/

------------------------------

Date: Thu, 30 Apr 2020 12:16:01 +1000
From: "3daygoaty ." <threedaygoaty@gmail.com>
Subject: Re: Online voting is too vulnerable (Economist, RISKS-31.76)

I think the difficulty with online voting can be illustrated in one
particular use case. If bright sparks can solve this, we would be a lot closer. They can't, and we aren't.

As an older, non-English speaking person who does not have great fluency in computer use, I want to use the iPhone my son has given me so I can vote online. Since I understand there are risks in voting this way, I want the phone to let me confirm my vote was recorded as I intended it. I would like this to be a simple task I can complete after voting, but the result of this task needs to prove to me definitely that my vote *did not make it*, if this
is indeed the case.

In other words, it has to be "impossible" to subvert the mechanism that verifies recorded-as-cast, and only the voter can do this test, without
prior training, easily, non-optionally. When this test fails, the user
needs to understand, and then take some course of action (and not to a fake call centre). I include non-English speaking because of the inherent biases
in election and technology design. I could have included users with
barriers and impairments to paper voting since these electors are typically
the guinea pigs for I-voting. The military being young, technically literate, able bodied, and English speakers are at the opposite spectrum in terms of capability. A much easier use case.

Of course many other use cases define the vote making it safely into
reported results, only the right people voting, only voting once, privacy,
and so on. But I think understanding the above use case is understanding
the challenge of I-voting.

Good luck with that! TDG

------------------------------

Date: Fri, 1 May 2020 12:34:31 +0100
From: Martin Ward <martin@gkc.org.uk>
Subject: Re: After prolonged service outage, Petnet shuts down (RISKS-31.75)

"A distributed system is one in which the failure of a computer you didn't
even know existed can render your own computer unusable" (Leslie Lamport).

We can update this to: "The Internet of Things is a system in which the
failure of a computer you didn't even know existed can render your own
things unusable"

------------------------------

Date: Mon, 14 Jan 2019 11:11:11 -0800
From: RISKS-request@csl.sri.com
Subject: Abridged info on RISKS (comp.risks)

The ACM RISKS Forum is a MODERATED digest. Its Usenet manifestation is
comp.risks, the feed for which is donated by panix.com as of June 2011.

SUBSCRIPTIONS: The mailman Web interface can be used directly to

subscribe and unsubscribe:
http://mls.csl.sri.com/mailman/listinfo/risks

SUBMISSIONS: to risks@CSL.sri.com with meaningful SUBJECT: line that

includes the string `notsp'. Otherwise your message may not be read.
*** This attention-string has never changed, but might if spammers use it.

SPAM challenge-responses will not be honored. Instead, use an alternative

address from which you never send mail where the address becomes public!

The complete INFO file (submissions, default disclaimers, archive sites,

copyright policy, etc.) is online.
<http://www.CSL.sri.com/risksinfo.html>
*** Contributors are assumed to have read the full info file for guidelines!

OFFICIAL ARCHIVES: http://www.risks.org takes you to Lindsay Marshall's

searchable html archive at newcastle:
http://catless.ncl.ac.uk/Risks/VL.IS --> VoLume, ISsue.
Also, ftp://ftp.sri.com/risks for the current volume
or ftp://ftp.sri.com/VL/risks-VL.IS for previous VoLume
If none of those work for you, the most recent issue is always at
http://www.csl.sri.com/users/risko/risks.txt, and index at /risks-31.00
Lindsay has also added to the Newcastle catless site a palmtop version
of the most recent RISKS issue and a WAP version that works for many but
not all telephones: http://catless.ncl.ac.uk/w/r
ALTERNATIVE ARCHIVES: http://seclists.org/risks/ (only since mid-2001)
*** NOTE: If a cited URL fails, we do not try to update them. Try
browsing on the keywords in the subject line or cited article leads.
Apologies for what Office365 and SafeLinks may have done to URLs.

Special Offer to Join ACM for readers of the ACM RISKS Forum:

<http://www.acm.org/joinacm1>

------------------------------

End of RISKS-FORUM Digest 31.77
************************

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)