[32659] in RISKS Forum
Risks Digest 32.87
daemon@ATHENA.MIT.EDU (RISKS List Owner)
Sat Sep 11 15:26:11 2021
From: RISKS List Owner <risko@csl.sri.com>
Date: Sat, 11 Sep 2021 12:25:38 PDT
To: risks@mit.edu
RISKS-LIST: Risks-Forum Digest Saturday 11 September 2021 Volume 32 : Issue 87
ACM FORUM ON RISKS TO THE PUBLIC IN COMPUTERS AND RELATED SYSTEMS (comp.risks)
Peter G. Neumann, founder and still moderator
***** See last item for further information, disclaimers, caveats, etc. *****
This issue is archived at <http://www.risks.org> as
<http://catless.ncl.ac.uk/Risks/32.87>
The current issue can also be found at
<http://www.csl.sri.com/users/risko/risks.txt>
Contents:
Airbus flight computers shutdown (Rich Brown)
AI Can Help Patients—but Only If Doctors Understand It (WiReD)
USG Releases Draft Zero-Trust Guidance (PGN)
‘Breach of trust’: Police using QR check-in data to solve crimes
(Sydney Morning Herald)
ProtonMail provides Swiss authorities with user data (Proprivacy)
How Facebook Undermines Privacy Protections for Its 2 Billion WhatsApp Users
(Propublica)
Facebook made big mistake in data it provided to researchers, undermining
academic work (WashPost)
Brits hire ad agency to 'protect children' from E2EE (Henry Baker)
Misbehaving Microsoft Teams ad brings down the entire Windows 11 desktop
(Ars Technica)
Automated Hiring Software is Mistakenly Rejecting Millions of Viable Job
Candidates (Slashdot)
Government says polluters can dump raw sewage into rivers as Brexit disrupts
water treatment (The Independent)
Russia's Yandex says it repelled biggest DDoS attack in history (Reuters)
Singapore has moved from preventing cyberthreats to assuming breaches have
occurred (The Straits Times)
El Salvador’s Bitcoin Gamble Is Off to a Rocky Start (WiReD)
Revealed: LAPD officers told to collect social media data on every civilian
they stop (The Guardian)
Venice prepares to charge tourists, require booking (Reuters)
Sydney couple scammed out of almost $1 million (Sydney Morning Herald)
FOX News' Tucker Carlson defends making and selling fake covid vaccine cards
(The Independent)
As U.S. Prepares to Ban Ivermectin for Covid-19, More Countries in Asia
Begin Using It (Naked Capitalism)
Freezing his credit after yet another data breach (Rob Pegoraro)
That NYC subway outage? Someone pushed the wrong button. (danny burstein)
Re: fast vs slow repairs, Lights Flickered in New York City. (John Levine)
Re: Autonomous Vehicles, (Richard Stein)
Quote of The Day (CommonSense MD)
Abridged info on RISKS (comp.risks)
----------------------------------------------------------------------
Date: Tue, 7 Sep 2021 20:42:30 -0500
From: Rich Brown <rab@freemars.org>
Subject: Airbus flight computers shutdown
This report details how Airbus pilots saved the day when all three flight
computers failed on landing.
https://www.theregister.com/2021/09/06/a330_computer_failure/
------------------------------
Date: Sat, 11 Sep 2021 01:11:06 -0400
From: "Gabe Goldberg" <gabe@gabegold.com>
Subject: AI Can Help Patients—but Only If Doctors Understand It (WiReD)
Algorithms can help diagnose a growing range of health problems, but humans
need to be trained to listen.
Sepsis Watch got an anthropological close up because the Duke developers
knew there would be unknowns in the hospital’s hurly burly and asked Elish
for help. She spent days shadowing and interviewing nurses and emergency
department doctors and found the algorithm had a complicated social life.
The system threw up alerts on iPads monitored by the nurses, flagging
patients deemed moderate or high risk for sepsis, or to have already
developed the deadly condition. Nurses were supposed to call an emergency
department doctor immediately for patients flagged as high risk. But when
the nurses followed that protocol, they ran into problems.
Some challenges came from disrupting the usual workflow of a busy
hospital—many doctors aren’t used to taking direction from nurses. Others
were specific to AI, like the times Sarro faced demands to know why the
algorithm had raised the alarm. The team behind the software hadn’t built in
an explanation function, because as with many machine learning algorithms,
it’s not possible to pinpoint why it made a particular call.
One tactic Sarro and other nurses developed was to use alerts that a patient
was at high risk of sepsis as a prompt to review that person’s chart so as
to be ready to defend the algorithm’s warnings. The nurses learned to avoid
passing on alerts at certain times of day, and how to probe whether a doctor
wasn’t in the mood to hear the opinion of an algorithm. “A lot of it was
figuring out the interpersonal communication,” says Sarro. “We would gather
more information to arm ourselves for that phone call.”
Elish also found that in the absence of a way to know why the system flagged
a patient, nurses and doctors developed their own, incorrect, explanations—a
response to inscrutable AI. One nurse believed the system looked for
keywords in a medical record, which it does not. One doctor advised
coworkers that the system should be trusted because it was probably smarter
than clinicians.
https://www.wired.com/story/ai-help-patients-doctors-understand/
What a concept, consider human factors in health care.
------------------------------
Date: Tue, 7 Sep 2021 18:46:36 PDT
From: Peter G Neumann <neumann@csl.sri.com>
Subject: USG Releases Draft Zero-Trust Guidance
[ZERO TRUST? If I have ZERO TRUST in something, I don't want to have
anything to do with it. This is supremely badly named. RISKS readers
already should not trust very many things today -- or people, or *really
fake news*. I have always sought *trustworthiness* rather than
potentially misplaced trust. And, once again, just to be a RISKS-BORE, if
you cannot trust the hardware or the software or the app or the people,
trust would seem to be a meaningless concept.
<The following item is severely truncated.> PGN]
Biden Administration Releases Draft Zero-Trust Guidance
The documents form a roadmap for agencies to deploy the cybersecurity architectures by the end of fiscal 2024.
Aaron Boyd, 7 SEP 2021 04:05 PM ET, NextGov
https://www.nextgov.com/cybersecurity/2021/09/biden-administration-releases-draft-zero-trust-guidance/185166/
The federal government is pushing hard for agencies to adopt zero-trust
cybersecurity architectures, with new guidance released Tuesday from the
administration’s policy arm—the Office of Management
and Budget—and lead cybersecurity agency—the
Cybersecurity and Infrastructure Security Agency.
The administration released several documents Tuesday for public comment,
seeking feedback on the overarching federal policy from OMB and draft
technical reference architecture and maturity model from CISA. The guidance
follows a May executive order on bolstering cybersecurity across the federal
government, which cited specific security methods and tools such as
multifactor authentication, encryption and zero trust.
Zero-trust models continuously check on a user’s credentials as
they move throughout a network, verifying not only that they are who they
claim to be but also that the user has appropriate privileges to access
secure apps and data. In a mature zero-trust architecture, these checks are
performed routinely, including whenever a user attempts to access different
segments of the network.
“Never trust, always verify,” Federal Chief Information Officer Clare
Martorana said Tuesday in a statement, echoing the zero-trust architecture
refrain. “With today’s zero trust announcement, we are clearly driving home
the message to federal agencies that they should not automatically trust
anything inside or outside of their perimeters.”
Agencies were already under mandate to develop plans to implement zero trust
to meet the executive order. Now, with the new guidance and reference
architectures, OMB is requiring agencies to fold new deliverables into those
plans.
The memo from OMB gives agencies until the end of September 2024 to meet
five “specific zero trust security goals,” all of which should be added to
agency implementation plans. [...]
------------------------------
Date: Sun, 5 Sep 2021 21:27:44 +0000
From: "John Colville" <John.Colville@uts.edu.au>
Subject: ‘Breach of trust’: Police using QR check-in data to solve crimes
(Sydney Morning Herald)
https://www.smh.com.au/politics/federal/breach-of-trust-police-using-qr-check-in-data-to-solve-crimes-20210903-p58om8.html
The nation’s privacy watchdog has called for police forces to be banned from
accessing information from QR code check-in applications, after
law-enforcement agencies have sought to use the contact-tracing data on at
least six occasions to solve unrelated crimes.
------------------------------
Date: Sun, 5 Sep 2021 18:28:11 -0700
From: Lauren Weinstein <lauren@vortex.com>
Subject: ProtonMail provides Swiss authorities with user data (Proprivacy)
https://proprivacy.com/privacy-news/protonmail-authorities-user-data
------------------------------
Date: Tue, 7 Sep 2021 09:23:17 -0700
From: Lauren Weinstein <lauren@vortex.com>
Subject: How Facebook Undermines Privacy Protections for Its 2 Billion
WhatsApp Users (Propublica)
How Facebook Undermines Privacy Protections for Its 2 Billion WhatsApp Users
https://www.propublica.org/article/how-facebook-undermines-privacy-protections-for-its-2-billion-whatsapp-users
------------------------------
Date: Sat, 11 Sep 2021 10:21:17 PDT
From: Peter G Neumann <neumann@csl.sri.com>
Subject: Facebook made big mistake in data it provided to researchers,
undermining academic work (WashPost)
Craig Timberg, *The Washington Post*, 19 Sep 2021
The error resulted from Facebook accidentally excluding data from U.S. users
who had no detectable political leanings -- a group that amounted to roughly
half of all of Facebook's users in the United States.
https://www.washingtonpost.com/technology/2021/09/10/facebook-error-data-soc=
ial-scientists/
------------------------------
Date: Wed, 08 Sep 2021 23:42:10 +0000
From: "Henry Baker" <hbaker1@pipeline.com>
Subject: Brits hire ad agency to 'protect children' from E2EE
This ad campaign against Facebook's end-to-end encryption is reminiscent of
President Wilson's use of modern advertising/PR techniques to 'sell' the
U.S. on entering WWI: 'The War to End All Wars'
I can't wait for 'Let your fingers do the talking' (apologies to an
acquaintance of mine) and other modern memes, or perhaps the following:
'Can you overhear me now?'
'Where's the pix?'
'Just Decrypt It!'
'Facebook: Happiest Place on Earth (if you're a pedo)'
'Got Surveillance?'
'Encrypt Different'
'A Pedo is Forever'
Facebook: 'Breakfast of Paedophiles'
'Look ma, no porn pix!'
'The Uncryption!'
'The Ultimate Decryption Machine'
'Snap, Decrypt & Pop'
'When it absolutely, positively has to be there in the clear'
'You're in all hands with Facebook'
'Like a nosey neighbor, Facebook is there'
'The few. The proud. The spooks.'
- - - -
James Robinson for MailOnline, 6 Sep 2021
https://www.dailymail.co.uk/news/article-9961745/Priti-Patel-new-anti-Facebook-ad-campaign-attacking-plans-encrypt-messaging-services.html
Priti Patel backs new anti-Facebook ad campaign accusing the social media
giant of 'blindfolding' police as they investigate child sex abuse cases
Priti Patel to back charity-led advertising campaign to be launched within
weeks. Campaign will attack Facebook over its plans to encrypt its
messaging services Facebook say it will boost privacy for users on its
platforms, including Instagram. But security chiefs have warned it will
hamper investigations into paedophiles.
[Long item truncated here for RISKS. PGN]
------------------------------
Date: Tue, 7 Sep 2021 23:40:01 -0400
From: Gabe Goldberg <gabe@gabegold.com>
Subject: Misbehaving Microsoft Teams ad brings down the entire Windows 11
desktop (Ars Technica)
Microsoft recommends a registry edit to get things working normally again.
https://arstechnica.com/gadgets/2021/09/misbehaving-microsoft-teams-ad-brings-down-the-entire-windows-11-desktop/
------------------------------
Date: Mon, 6 Sep 2021 10:53:54 -0700
From: Lauren Weinstein <lauren@vortex.com>
Subject: Automated Hiring Software is Mistakenly Rejecting Millions of
Viable Job Candidates (Slashdot)
https://slashdot.org/story/21/09/06/1646259/automated-hiring-software-is-mistakenly-rejecting-millions-of-viable-job-candidates
------------------------------
Date: Tue, 7 Sep 2021 23:07:29 -0700
From: Lauren Weinstein <lauren@vortex.com>
Subject: Government says polluters can dump raw sewage into rivers as Brexit
disrupts water treatment (The Independent)
[Well, that turned out nicely, huh?]
https://www.independent.co.uk/climate-change/brexit-raw-sewerage-water-treatment-b1915765.html
------------------------------
Date: Thu, 9 Sep 2021 17:19:01 -0600
From: Jim Reisert AD1C <jjreisert@alum.mit.edu>
Subject: Russia's Yandex says it repelled biggest DDoS attack in history
(Reuters)
https://www.reuters.com/technology/russias-yandex-says-it-repelled-biggest-ddos-attack-history-2021-09-09/
MOSCOW, Sept 9 (Reuters) - A cyberattack on Russian tech giant Yandex's
servers (YNDX.O) in August and September was the largest known distributed
denial-of-service (DDoS) attack in the history of the internet, the company
said on Thursday.
The DDoS attack, in which hackers try to flood a network with unusually high
volumes of data traffic in order to paralyse it when it can no longer cope
with the scale of data requested, began in August and reached a record level
on Sept. 5.
"Our experts did manage to repel a record attack of nearly 22 million
requests per second (RPS). This is the biggest known attack in the history
of the Internet," Yandex said in a statement.
Yandex said it had seen 5.2 million RPS on Aug. 7, 6.5 million RPS on
Aug. 9, 9.6 million RPS on Aug. 29, 10.9 million RPS on Aug. 31 and finally
21.8 million RPS on Sept. 5.
U.S. cybersecurity firm Cloudflare (NET.N), which is widely used by
businesses and other organisations to help defend against DDoS attacks, said
in August the largest DDoS attack it was aware of reached 17.2 million RPS
earlier this year.
------------------------------
Date: Thu, 9 Sep 2021 13:09:12 +0800
From: Richard Stein <rmstein@ieee.org>
Subject: Singapore has moved from preventing cyberthreats to assuming
breaches have occurred (The Straits Times)
https://www.straitstimes.com/tech/tech-news/singapore-to-work-with-estonia-on-cyber-security-helping-firms-to-go-digital
With Cybersecurity being ``a 'wicked' problem that cannot be solved for
good, Singapore decided to shift its position from preventing threats to
assuming information technology systems have already been breached.''
A sobering revision to infosec defensive posture, by no less than a
sovereign government. This inherent breach assumption effectively
acknowledges the futility of safeguarding the information Internet-connected
systems capture and maintain against recurrent cybercrime and insider
exfiltration incidents.
The inherent breach assumption prioritizes the convenience enjoyed by
businesses and governments, in the interests of their customers and citizens
enabled via web services, as superior to privacy maintenance expectations. A
sterling example of realpolitik.
The UN Human Rights charter, Article 12 states: "No one shall be subjected
to arbitrary interference with his privacy, family, home or correspondence,
nor to attacks upon his honour and reputation. Everyone has the right to the
protection of the law against such interference or attacks." See
https://www.un.org/en/about-us/universal-declaration-of-human-rights
An aspirational, noble statement, but ineffective against technology easily
exploited for profit.
------------------------------
Date: Wed, 8 Sep 2021 19:32:24 -0400
From: "Gabe Goldberg" <gabe@gabegold.com>
Subject: El Salvador’s Bitcoin Gamble Is Off to a Rocky Start (WiReD)
Enthusiasm, fear, and light shows usher the country into the age of
cryptocurrency.
https://www.wired.com/story/el-salvador-bitcoin-rocky-start/
------------------------------
Date: September 8, 2021 23:27:13 JST
From: Richard Forno <rforno@infowarrior.org>
Subject: Revealed: LAPD officers told to collect social media data on every
civilian they stop (The Guardian)
[via Dave Farber]
The Los Angeles police department (LAPD) has directed its officers to
collect the social media information of every civilian they interview,
including individuals who are not arrested or accused of a crime, according
to records shared with the Guardian.
Copies of the “field interview cards” that police complete when they
question civilians reveal that LAPD officers are instructed to record a
civilian’s Facebook, Instagram, Twitter and other social media accounts,
alongside basic biographical information. An internal memo further shows
that the police chief, Michel Moore, told employees that it was critical to
collect the data for use in “investigations, arrests, and prosecutions”, and
warned that supervisors would review cards to ensure they were complete.
The documents, which were obtained by the not-for-profit organization the
Brennan Center for Justice, have raised concerns about civil liberties and
the potential for mass surveillance of civilians without justification.
https://www.theguardian.com/us-news/2021/sep/08/revealed-los-angeles-police-officers-gathering-social-media
------------------------------
Date: Tue, 7 Sep 2021 17:13:12 -1000
From: geoff goodfellow <geoff@iconia.com>
Subject: Venice prepares to charge tourists, require booking (Reuters)
>From a control room inside the police headquarters in Venice, Big Brother
is watching you.
To combat tourist overcrowding, officials are tracking every person who sets
foot in the lagoon city.
Using 468 CCTV cameras, optical sensors and a mobile phone-tracing system,
they can tell residents from visitors, Italians from foreigners, where
people are coming from, where they are heading and how fast they are moving.
Every 15 minutes, authorities get a snapshot of how crowded the city is -
alongside how many gondolas are sliding on the Canal Grande, whether boats
are speeding and if the waters rise to dangerous levels.
Now, a month after cruise ships were *banned from the lagoon*
<https://www.reuters.com/world/europe/exclusive-italy-legislate-keep-liners-out-venice-lagoon-sources-2021-07-13>,
city authorities are preparing to demand that tourists pre-book their visit
on an app and charge day-trippers between 3 and 10 euros to enter, depending
on the time of the year.
Airport-like turnstiles are being tested to control the flow of people and,
should the numbers become overwhelming, stop new visitors from getting
in. [...]
https://www.reuters.com/world/africa/venice-prepares-charge-tourists-require-booking-2021-09-06/
------------------------------
Date: Sun, 5 Sep 2021 21:30:24 +0000
From: "John Colville" <John.Colville@uts.edu.au>
Subject: Sydney couple scammed out of almost $1 million
(Sydney Morning Herald)
https://www.smh.com.au/national/nsw/sydney-couple-buying-property-scammed-out-of-almost-1-million-20210903-p58one.html
Anita and Nandos had just purchased the perfect investment property in
Macquarie Park last year. They were in the final stages of settlement and
just needed to transfer about $1 million to finalise the sale.
A day before they transferred the funds, the couple allegedly received what
appeared to be a legitimate email from their lawyer asking them to pay the
funds into a different account. Little did the couple know, scammers were
allegedly impersonating their lawyer. This type of scam is known as a
business email compromise (BEC) scam.
------------------------------
Date: Sun, 5 Sep 2021 14:17:32 -0700
From: Lauren Weinstein <lauren@vortex.com>
Subject: FOX News' Tucker Carlson defends making and selling fake covid
vaccine cards (The Independent)
https://www.independent.co.uk/news/world/americas/us-politics/tucker-carlson-defend-fake-vaccine-cards-b1914010.html
------------------------------
Date: Tue, 7 Sep 2021 13:33:10 -1000
From: geoff goodfellow <geoff@iconia.com>
Subject: As U.S. Prepares to Ban Ivermectin for Covid-19, More Countries in
Asia Begin Using It (Naked Capitalism)
*The information war takes a dark turn as the corporate media transitions
from misinformation and obfuscation to outright lies and fabrication.*
The campaign against ivermectin is intensifying in the US. Until recently
the health authorities appeared to be quite content merely to ridicule those
who take or prescribe the drug in order to treat or prevent Covid-19. A
couple of weeks ago, the FDA released a now-infamous *advertorial*
<https://twitter.com/us_fda/status/1429050070243192839> on twitter with the
heading “You are not a horse. You are not a cow. Seriously, y’all. Stop it.”
The subheading: “Using the drug Ivermectin to treat Covid-19 can be
dangerous and even lethal. The FDA has not approved the drug for that
purpose.”
It’s a subtle message that has been faithfully echoed by the corporate
media: ivermectin, a tried-and-tested drug that has won its discoverers a
Nobel Prize for the impact it has had on *human* health over the last 35
years, should only be given to animals. But now the information war is
taking a darker turn, as the media transitions from misinformation and
obfuscation to outright lies and fabrication.
At the end of last week, a string of American and British outlets, including
The Daily Mail, Rolling Stone, Huffington Post, The Independent, Newsweek,
The Guardian, and Yahoo News, ran a story about how people who had
“overdosed” on the “horse dewormer” were clogging up so many beds in a
hospital in Sequoyah, rural Oklahoma, that doctors were having to turn away
gunshot victims. The story, sourced to local Oklahoma outlet KFOR, turned
out to be completely false. On Sunday, the hospital in question released a
*statement* <https://twitter.com/AxXiom/status/1434290777828601863/photo/1>
that the doctor behind the allegations had not worked in its ER for two
months. More to the point, the hospital “had not treated any patients due
to complications relating to taking ivermectin.” There were no
overdoses. And it had turned no patients away.
In other words, everything about the story was false. A total fabrication.
Yet many of the mainstream outlets that covered the story did not retract
their article. Rolling Stone simply *“updated”*
<https://www.rollingstone.com/politics/politics-news/gunshot-victims-horse-dewormer-ivermectin-oklahoma-hospitals-covid-1220608/>
its
piece with the new information. *The Guardian* inserted a note *at the
bottom* of its article informing readers that Sequoyah NHS had released a
statement asserting that the doctor behind the allegations that formed the
entire basis of the story had not worked in its ER for two months. In other
words, you have to read all the way to the end of the article to find out
that its entire content is total bullshit. To make matters worse, *The
Guardian* did not even mention the hospital’s categorical denials that it
had treated patients for IVM overdose or that it had turned ER patients
away.
The Coming Crack Down. [...]
https://www.nakedcapitalism.com/2021/09/as-us-prepares-to-ban-ivermectin-for-covid-19-more-countries-in-asia-begin-using-it.html
------------------------------
From: Gabe Goldberg <gabe@gabegold.com>
Date: Mon, 6 Sep 2021 00:53:43 -0400
Subject: Freezing his credit after yet another data breach (Rob Pegoraro)
[Not cool!]
Author writes: The text message I was especially uninterested in receiving
hit my phone Sunday morning. “T-Mobile has determined that unauthorized
access to some business and/ or personal information related to your
T-Mobile business account has occurred,” it read. “This may include SSN,
names, addresses, phone numbers and dates of birth.”
T-Mobile’s texted non-apology for a data breach affecting tens of millions
of subscribers went on to note that “we have NO information that indicates
your business or personal financial/ payment information were accessed,” as
if those data points were the ones I couldn’t reset with a phone call or
three.
https://robpegoraro.wordpress.com/2021/08/27/not-cool-freezing-my-credit-after-yet-another-data-breach/
------------------------------
Date: Fri, 10 Sep 2021 17:48:16 +0000 ()
From: danny burstein <dannyb@panix.com>
Subject: That NYC subway outage? Someone pushed the wrong button.
Con Ed (electrical utility) had a system-wide very short hiccup.
The NYC subway "Rail Control Center", a fortress structure near midtown
built 1985ish to, well, control everything (much, much, more advanced than
the ones shown in The Taking of Pelham 1-2-3) was kicked. Emergency power,
etc., kicked in, but....
While the subway system itself had full 3rd rail power along with station
lighting, etc., the control signals for half the lines were dead for
_hours_, meaning trains were stuck on the trackbed, with passengers stuck
inside as well.
(There's really no excuse for not crawling, slowly, to the next station).
MTA worker sparked mayhem on 8 subway lines, Hochul finds
*NY Post*, with the Governor's report:
An MTA worker accidentally pressing a button "most likely" caused the
massive disruption of subway service for hours on multiple lines last month,
an outside investigation ordered by Gov. Kathy Hochul found.
The reports, conducted by a pair of engineering firms, revealed that the
loss of power at the New York City Transit Rail Control Center was caused by
a manual off switch on one of the building's power distribution units,
according to a press release from the governor.
The findings suggest that the emergency push button might have been
mistakenly pressed, since a plastic protector designed to prevent accidental
activation of it was missing, according to the summary of the investigation.
https://nypost.com/2021/09/10/mta-worker-sparked-mayhem-on-8-subway-lines-hochul-finds/
------------------------------
Date: 6 Sep 2021 15:17:43 -0400
From: "John Levine" <johnl@iecc.com>
Subject: Re: fast vs slow repairs, Lights Flickered in New York City.
(NYTimes, RISKS-32.85)
> Why Did the Subways Grind to a Halt?
In recent years the NY subway has shut down sections of line for a weekend
exactly so they can do maintenance and upgrade work that would take months
otherwise.
------------------------------
Date: Mon, 6 Sep 2021 08:54:40 +0800
From: "Richard Stein" <rmstein@ieee.org>
Subject: Re: Autonomous Vehicles, (Kruk, RISKS-32.86)
> As a first start, somebody please slap his face and say, "wake up and
> join reality".
A slap on the face will not deter Musk, or others of his ilk who are
incentive-driven to create dubious products. Restricting usage of
indemnification from terms of service might.
Indemnification is like a morality car wash for businesses: it excuses the
embodiment intellectual property through a commercial transaction, even if
the product can harm public safety or health. Indemnification establishes
commercial impunity: the right to sell a product without personal
responsibility for it. See http://www.thedevilsdictionary.com/c.html#CORP_
for the "precise" definition.
Ever read the terms of service for a product? A layperson's interpretation
of corporate terms of service reads like: "We take your money, and you can't
hold us accountable for using our product when/if something goes wrong and
you experience injury (or worse), unless we are truly negligent and
liable. So: prove it, and maybe we'll settle, maybe not."
Laws enable, and regulations accelerate, the manufacturing and deployment of
technology-based products; some products possess troublesome features,
others are abominations.
Legislation and rigorous regulatory enforcement is needed to control the
incentives that technology-based products exploit while the resultant
public risk accrues and compounds.
------------------------------
Date: Thu, 9 Sep 2021 08:45:17 -1000
From: geoff goodfellow <geoff@iconia.com>
Subject: Quote of The Day (CommonSense MD)
"In my 30+ years of practice, I've never before come across a disease for
which censorship was one of the main treatments."
https://twitter.com/CommonSenseMD1/status/1435795248513437702
------------------------------
Date: Mon, 1 Aug 2020 11:11:11 -0800
From: RISKS-request@csl.sri.com
Subject: Abridged info on RISKS (comp.risks)
The ACM RISKS Forum is a MODERATED digest. Its Usenet manifestation is
comp.risks, the feed for which is donated by panix.com as of June 2011.
=> SUBSCRIPTIONS: The mailman Web interface can be used directly to
subscribe and unsubscribe:
http://mls.csl.sri.com/mailman/listinfo/risks
=> SUBMISSIONS: to risks@CSL.sri.com with meaningful SUBJECT: line that
includes the string `notsp'. Otherwise your message may not be read.
*** This attention-string has never changed, but might if spammers use it.
=> SPAM challenge-responses will not be honored. Instead, use an alternative
address from which you never send mail where the address becomes public!
=> The complete INFO file (submissions, default disclaimers, archive sites,
copyright policy, etc.) is online.
<http://www.CSL.sri.com/risksinfo.html>
*** Contributors are assumed to have read the full info file for guidelines!
=> OFFICIAL ARCHIVES: http://www.risks.org takes you to Lindsay Marshall's
searchable html archive at newcastle:
http://catless.ncl.ac.uk/Risks/VL.IS --> VoLume, ISsue.
Also, ftp://ftp.sri.com/risks for the current volume/previous directories
or ftp://ftp.sri.com/VL/risks-VL.IS for previous VoLume
If none of those work for you, the most recent issue is always at
http://www.csl.sri.com/users/risko/risks.txt, and index at /risks-32.00
ALTERNATIVE ARCHIVES: http://seclists.org/risks/ (only since mid-2001)
*** NOTE: If a cited URL fails, we do not try to update them. Try
browsing on the keywords in the subject line or cited article leads.
Apologies for what Office365 and SafeLinks may have done to URLs.
==> Special Offer to Join ACM for readers of the ACM RISKS Forum:
<http://www.acm.org/joinacm1>
------------------------------
End of RISKS-FORUM Digest 32.87
************************
