[27871] in RISKS Forum
Risks Digest 28.78
daemon@ATHENA.MIT.EDU (RISKS List Owner)
Tue Jul 14 16:48:39 2015
From: RISKS List Owner <risko@csl.sri.com>
Date: Tue, 14 Jul 2015 13:48:33 PDT
To: risks@mit.edu
RISKS-LIST: Risks-Forum Digest Tuesday 14 July 2015 Volume 28 : Issue 78
ACM FORUM ON RISKS TO THE PUBLIC IN COMPUTERS AND RELATED SYSTEMS (comp.risks)
Peter G. Neumann, moderator, chmn ACM Committee on Computers and Public Policy
***** See last item for further information, disclaimers, caveats, etc. *****
This issue is archived at <http://www.risks.org> as
<http://catless.ncl.ac.uk/Risks/28.78.html>
The current issue can be found at
<http://www.csl.sri.com/users/risko/risks.txt>
Contents: [RISKS-full vacation over.]
The Use of Encrypted, Coded, and Secret Communications is an
`Ancient Liberty' Protected by the United States Constitution (VJoLT)
The Dangers of Internet voting (Hans A. von Spakovsky)
Report on Internet voting (U.S. Vote Foundation)
U.N. body agrees to U.S. norms in cyberspace (Joseph Marks via Joly MacFie)
Scent Received, With a Tap of a Smartphone (NYTimes)
Theaters Struggle With Patrons' Phone Use During Shows (NYTimes)
Addicted to Your Phone? There's Help for That (NYTimes)
Sundar Pichai of Google Talks About Phone Intrusion (NYTimes)
How China stopped its bloggers (AFR)
Sports wearables may affect athletes' privacy, paycheques as well as
performance (Christine Wong)
Securing networks is harder than it was two years ago (BetaNews)
Bitcoin wallets vulnerable to double-spending bug (BetaNews)
Casper Bowden has died (BetaNews)
Re: NZ Harmful Digital Communications Bill (Chris Drewe)
Re: Chicago's 'cloud tax' makes Netflix ... more expensive (John Levine)
Abridged info on RISKS (comp.risks)
----------------------------------------------------------------------
Date: Sun, 12 Jul 2015 16:27:11 -0700
From: Lauren Weinstein <lauren@vortex.com>
Subject: The Use of Encrypted, Coded, and Secret Communications is an
`Ancient Liberty' Protected by the United States Constitution (VJoLT)
Virginia Journal of Law and Technology via NNSquad
http://www.vjolt.net/vol2/issue/vol2_art2.html
In this electronic and digital age, the ability of a speaker and a
selected audience to communicate in confidence about subjects chosen by
them may be critical to the survival of free speech and privacy.[1] It is
the primary purpose of this paper to demonstrate that, from the early
years of the American Republic, Americans have enjoyed a robust, free, and
frequent use of codes, ciphers, and other forms of secret
communication.[2] Secondarily, this paper will demonstrate that Americans
have long used secret modes of communication for numerous purposes,
including political dissent, preservation of personal privacy in intimate
matters, commerce, and criminal enterprises.[3]
Long. Detailed. Read as much as you can.
------------------------------
Date: Tue, 14 Jul 2015 14:12:17 PDT
From: "Peter G. Neumann" <neumann@csl.sri.com>
Subject: The Dangers of Internet voting (Hans A. von Spakovsky)
Hans A. von Spakovsky. Heritage, 14 July 2015 [Bastille Day]
http://www.heritage.org/research/reports/2015/07/the-dangers-of-internet-voting
Those who believe that it is possible given current technology to create a
secure online voting system are dangerously mistaken. According to computer
experts, Internet voting is vulnerable to cyber-attack and fraud --
vulnerabilities inherent in current hardware and software, as well as the
basic manner in which the Internet is organized -- and it is unlikely that
these vulnerabilities will be eliminated in the near future. Internet
voting, or even the delivery by e-mail of voted ballots from registered
voters, would be vulnerable to a variety of well-known cyber-attacks, any of
which could be catastrophic. Such attacks could even be launched by an enemy
agency beyond the reach of U.S. law and could cause significant voter
disenfranchisement, privacy violations, vote buying and selling, and vote
switching. The biggest danger, however, is that such attacks could be
completely undetected.
------------------------------
Date: Mon, 13 Jul 2015 7:11:59 PDT
From: "Peter G. Neumann" <neumann@csl.sri.com>
Subject: Report on Internet voting
U.S. Vote Foundation, July 2015
The Future of Voting: End to End Verifiable Internet Voting
https://www.usvotefoundation.org/e2e-viv/summary
Internet Voting Today
Internet voting was first proposed over thirty years ago. Since then, many
governments and businesses have created Internet voting technologies that
have been used to collect millions of votes in public elections.
However, computer scientists, cryptographers, and cybersecurity experts warn
that no current Internet voting system is sufficiently secure and reliable
for use in public elections.
Part of the problem is that existing systems do not allow third parties to
observe the election system and independently verify that the results are
correct. In fact, most vendors explicitly forbid such oversight.
Recommendations
The five key recommendations of this report are:
* Any public elections conducted over the Internet must be end-to-end
verifiable.
* No Internet voting system of any kind should be used for public elections
before end-to-end verifiable in-person voting systems have been widely
deployed and experience has been gained from their use.
* End-to-end verifiable systems must be designed, constructed, verified,
certified, operated, and supported according to the most rigorous
engineering requirements of mission- and safety-critical systems.
* E2E-VIV systems must be usable and accessible.
* Many challenges remain in building a usable, reliable, and secure E2E-VIV
system. They must be overcome before using Internet voting for public
elections. Research and development efforts toward overcoming those
challenges should continue.
[Based on everything we have seen in the past 31 years that I have been
involved in seeking trustworthy elections, this report seems to have
some very timely and incisive guidance. PGN]
------------------------------
Date: Jul 12, 2015 8:13 PM
From: "Joly MacFie" <joly@punkcast.com>
Subject: U.N. body agrees to U.S. norms in cyberspace (Joseph Marks)
Joseph Marks, Internet Policy, Politico, in Dave Farber's IP, 9 Jul 2015
http://www.politico.com/story/2015/07/un-body-agrees-to-us-norms-in-cyberspace-119900.html
A United Nations body has agreed for the first time that there are rules of
the road in cyberspace that all nations should respect, even during
peacetime, a senior State Department official tells POLITICO.
It's a breakthrough for U.S. diplomats, who have been pushing these norms as
an alternative to formal treaties as a way to help tame the lawless frontier
of cyberspace.
The norms agreed by the U.N.'s Group of Governmental Experts include
understandings that nations should not intentionally damage each other's
critical infrastructure with cyberattacks; should not target each other's
cyber emergency responders; and should assist other nations investigating
cyberattacks and cybercrime launched from their territories. [...]
------------------------------
Date: Sun, 12 Jul 2015 01:24:36 -0400
From: Monty Solomon <monty@roscom.com>
Subject: Scent Received, With a Tap of a Smartphone
http://www.nytimes.com/2015/07/09/technology/personaltech/scent-received-with-a-tap-of-a-smartphone.html
Developers are getting ready to introduce products that would allow
smartphone users to send and receive scents along with messages and photos.
[I remember Smell-O-Vision stunk up movie theaters in the 1960 film, Scent
of Mystery. However, certain scents dominated others, compromising
subsequent ones, and the effort was quickly discontinued. Are we really
ready for Smell-O-Phones? Just my two scents worth... PGN]
------------------------------
Date: Sat, 11 Jul 2015 23:10:37 -0400
From: Monty Solomon <monty@roscom.com>
Subject: Theaters Struggle With Patrons' Phone Use During Shows
Recorded announcements and personal pleas have only a limited effect, as
recent incidents on Broadway and elsewhere demonstrate.
http://www.nytimes.com/2015/07/11/theater/theaters-struggle-with-patrons-phone-use-during-shows.html
[But even if the phone is in Airplane Mode, the Scentillation Mode might
still be on. The smell of garlic french fries might be used to encourage
you to visit the concession booth. PGN]
------------------------------
From: Monty Solomon <monty@roscom.com>
Date: Sun, 12 Jul 2015 01:16:13 -0400
Subject: Addicted to Your Phone? There's Help for That
There's new technology to save us from technology.
http://www.nytimes.com/2015/07/12/sunday-review/addicted-to-your-phone-theres-help-for-that.htm
[What about addiction to French Fries on your Smell-O-Phone? PGN]
------------------------------
Date: Sun, 12 Jul 2015 19:50:26 -0400
From: Monty Solomon <monty@roscom.com>
Subject: Sundar Pichai of Google Talks About Phone Intrusion
http://bits.blogs.nytimes.com/2015/07/12/sundar-pichai-of-google-talks-about-phone-intrusion/
Google's senior vice president of products speaks at length about how Google
products and apps try to balance giving you information with letting you
live your life.
------------------------------
Date: Fri, 10 Jul 2015 23:31:02 -0700
From: Lauren Weinstein <lauren@vortex.com>
Subject: How China stopped its bloggers
AFR via NNSquad
http://www.afr.com/technology/social-media/how-china-stopped-its-bloggers-20150703-gi34za
Just after lunch on an autumn day, two plain-clothed police officers
approached a slender young man from opposite directions, unfazed that the
lobby was busy with foreigners and local business people. Showing good
field craft, the officer approaching from behind called out the blogger's
name. As he turned, the other slipped on the handcuffs. "They took me
away like an eagle does its prey," says the blogger with Chinese
precision. At a nearby police station, in addition to the handcuffs,
shackles were placed on his ankles. They would remain in place for 24
hours while he was interrogated. Blackmail was the blogger's stated
crime, although no documents were produced to substantiate these
allegations. "They told me just confess to something and you can go
home. If I didn't co-operate, they said, 'you will be in jail for years'."
------------------------------
Date: Tue, 14 Jul 2015 08:38:40 -0700
From: Gene Wirchenko <genew@telus.net>
Subject: Sports wearables may affect athletes' privacy, paycheques as well as
performance (Christine Wong)
Christine Wong, *IT Business*, 13 Jul 2015
Wearable technology won't just affect athletes' performances but also their
privacy, and that could change the business of sports forever, according to
experts at a Toronto sector forum.
http://www.itbusiness.ca/news/sports-wearables-may-affect-athletes-privacy-paycheques-as-well-as-performance/56801
------------------------------
Date: Sat, 11 Jul 2015 00:02:45 +0200
From: Werner U <werneru@gmail.com>
Subject: Securing networks is harder than it was two years ago (BetaNews)
Enterprises face evolving security challenges and solutions due to the
introduction of cloud infrastructures. Growing cloud adoption has been
identified as one of the key reasons why a majority of IT and security
professionals find securing their networks more difficult today than two
years ago.
<http://betanews.com/2015/07/08/securing-networks-is-harder-than-it-was-two-years-ago/>
Network security company Tufin <http://www.tufin.com/> has produced an
infographic, based on a recent research report with ESG, looking at why 56
percent of professionals believe network security is getting harder.
------------------------------
Date: Sat, 11 Jul 2015 00:02:45 +0200
From: Werner U <werneru@gmail.com>
Subject: Bitcoin wallets vulnerable to double-spending bug (BetaNews)
The cryptocurrency Bitcoin has not been without its problems. There have
been numerous hacks leading to the loss of millions of dollars, and Bitcoin
mining tool Epic Scale became embroiled in a crapware scandal with uTorrent
The latest problem to hit the digital currency is a double-spending bug.
<http://betanews.com/2014/12/11/microsoft-now-accepts-bitcoin-payments-in-windows-windows-phone-and-xbox-stores/>
<http://betanews.com/2015/01/06/bitcoin-exchange-bitstamp-suffers-5-million-hack-attack/>
<http://betanews.com/2015/03/06/reports-that-utorrent-silently-installs-bitcoin-crapware-are-crap/>.
<http://betanews.com/2015/07/05/bitcoin-wallets-vulnerable-to-double-spending-bug/>
As the name suggests, this essentially makes it possible to spend the same
Bitcoins twice, and it stems from a problem with a planned upgrade. An
issue with some Bitcoin miners means that tests that usually prevent
double-spending are not correctly performed. The problem was discovered on
4 July as many Americans were busy celebrating Independence Day.
------------------------------
Date: Sat, 11 Jul 2015 00:02:45 +0200
From: Werner U <werneru@gmail.com>
Subject: Casper Bowden has died (BetaNews)
The man who cared about your online privacy has died, Caspar Bowden, the
privacy advocate who was warning about the activities of the NSA before
Edward Snowden, has died. The co-founder of the Foundation for Information
Policy Research lost his battle with cancer, and tributes have been paid by
the world of technology.
<http://betanews.com/2015/07/10/caspar-bowden-has-died/>
<http://betanews.com/2015/06/02/usa-freedom-act-passes-limiting-nsa/>
Bowden, the former head of privacy at Microsoft, had long-warned about
potential backdoors in software and services. He campaigned passionately
for the privacy of the individual and voiced grave concerns about the NSA
and the FISA Amendment Act. He sat on the board of Tor and was one of the
most knowledgeable and well-loved figures on the privacy scene.
------------------------------
Date: Sun, 12 Jul 2015 21:30:53 +0100
From: Chris Drewe <e767pmk@yahoo.co.uk>
Subject: Re: NZ Harmful Digital Communications Bill (RISKS-28.77)
> In trying to solve some problems, legislators often have the (unintended ?)
> consequences of creating new ones.
No idea about the solution; personally I feel that the problem is
governments trying to legislate for a better world. Obviously people should
be nice to each other, but making this a legal requirement may well swap one
lot of difficulties for another. I'm not a lawyer either, but bringing
human relationships and behaviour into law looks like a mighty challenge.
As Pontius Pilate famously asked, "what is truth?".
[The truth may be a long history of some governments trying to legislate
not for an altruistic better world for everyone else, but according to
self-serving special interests. We seem to differ. PGN]
------------------------------
Date: 12 Jul 2015 22:33:59 -0000
From: "John Levine" <johnl@iecc.com>
Subject: Re: Chicago's 'cloud tax' makes Netflix ... more expensive (R-28.77)
This is an extremely disingenuous article. Chicago has had an amusements
tax for a very long time, and has levied it on cable TV subscriptions. I
believe that's instead of sales tax, and in fact it's slightly lower than
the city's sales tax.
This ruling is follows the quacks-like-a-duck rule. Netflix and Spotify
deliver the same kind of material that services like HBO (and I suppose
Muzak) do, so now they're taxed the same. In response to hand-wavy
questions about how can you tell where someone is in the cloud, these are
paid services, and the customers have billing addresses.
The only thing that's puzzling is why people still expect to get a free ride
just because something happens to have IP packets in its path.
------------------------------
Date: Mon, 17 Nov 2014 11:11:11 -0800
From: RISKS-request@csl.sri.com
Subject: Abridged info on RISKS (comp.risks)
The ACM RISKS Forum is a MODERATED digest. Its Usenet manifestation is
comp.risks, the feed for which is donated by panix.com as of June 2011.
=> SUBSCRIPTIONS: PLEASE read RISKS as a newsgroup (comp.risks or equivalent)
if possible and convenient for you. The mailman Web interface can
be used directly to subscribe and unsubscribe:
http://mls.csl.sri.com/mailman/listinfo/risks
Alternatively, to subscribe or unsubscribe via e-mail to mailman
your FROM: address, send a message to
risks-request@csl.sri.com
containing only the one-word text subscribe or unsubscribe. You may
also specify a different receiving address: subscribe address= ... .
You may short-circuit that process by sending directly to either
risks-subscribe@csl.sri.com or risks-unsubscribe@csl.sri.com
depending on which action is to be taken.
Subscription and unsubscription requests require that you reply to a
confirmation message sent to the subscribing mail address. Instructions
are included in the confirmation message. Each issue of RISKS that you
receive contains information on how to post, unsubscribe, etc.
=> The complete INFO file (submissions, default disclaimers, archive sites,
copyright policy, etc.) is online.
<http://www.CSL.sri.com/risksinfo.html>
*** Contributors are assumed to have read the full info file for guidelines.
=> .UK users may contact <Lindsay.Marshall@newcastle.ac.uk>.
=> SPAM challenge-responses will not be honored. Instead, use an alternative
address from which you NEVER send mail!
=> SUBMISSIONS: to risks@CSL.sri.com with meaningful SUBJECT: line.
*** NOTE: Including the string `notsp' at the beginning or end of the subject
*** line will be very helpful in separating real contributions from spam.
*** This attention-string may change, so watch this space now and then.
=> ARCHIVES: ftp://ftp.sri.com/risks for current volume
or ftp://ftp.sri.com/VL/risks for previous VoLume
http://www.risks.org takes you to Lindsay Marshall's searchable archive at
newcastle: http://catless.ncl.ac.uk/Risks/VL.IS.html gets you VoLume, ISsue.
Lindsay has also added to the Newcastle catless site a palmtop version
of the most recent RISKS issue and a WAP version that works for many but
not all telephones: http://catless.ncl.ac.uk/w/r
<http://the.wiretapped.net/security/info/textfiles/risks-digest/> .
==> PGN's comprehensive historical Illustrative Risks summary of one liners:
<http://www.csl.sri.com/illustrative.html> for browsing,
<http://www.csl.sri.com/illustrative.pdf> or .ps for printing
is no longer maintained up-to-date except for recent election problems.
*** NOTE: If a cited URL fails, we do not try to update them. Try
browsing on the keywords in the subject line or cited article leads.
==> Special Offer to Join ACM for readers of the ACM RISKS Forum:
<http://www.acm.org/joinacm1>
------------------------------
End of RISKS-FORUM Digest 28.78
************************
