Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.
Dismiss

Risks Digest 32.18

65 views
Skip to first unread message

RISKS List Owner

unread,
Aug 7, 2020, 7:40:25 PM8/7/20
to ri...@csl.sri.com
RISKS-LIST: Risks-Forum Digest Friday 7 August 2020 Volume 32 : Issue 18

ACM FORUM ON RISKS TO THE PUBLIC IN COMPUTERS AND RELATED SYSTEMS (comp.risks)
Peter G. Neumann, founder and still moderator

***** See last item for further information, disclaimers, caveats, etc. *****
This issue is archived at <http://www.risks.org> as
<http://catless.ncl.ac.uk/Risks/32.18>
The current issue can also be found at
<http://www.csl.sri.com/users/risko/risks.txt>

Contents:
Omniviolence Is Coming and the World Isn't Ready (Nautilus)
Massive 20GB Intel IP Data Breach Floods the Internet, Mentions Backdoors
(Intel Responds)
Cyberattack causes Lafayette, CO city computer outage (Jim Reisert)
Gabrmin reportedly paid multimillion-dollar ransom after suffering
cyberattack (The Verge)
U.S. FAA proposes requiring key Boeing 737 MAX design changes (Reuters)
Beirut explosion (Lauren Weinstein)
NSA Warns Cellphone Location Data Could Pose National-Security Threat (WSJ)
Dickson Yeo and spying in the time of social networking (Straits Times)
Coleorado police apologize over viral video of officers handcuffing Black
girls in a mistaken stop (WashPost)
Measure twice, sculpt once. (Atlas Obscura)
Dutch Hackers Found a Simple Way to Mess With Traffic Lights (WiReD)
Inside the Courthouse Break-In Spree That Landed Two White-Hat Hackers in
Jail (WiReD)
Inaccurate Mailing Sent To Fairfax County Voters (Patch)
WHO just gave us the worst possible coronavirus prediction (BGR)
California virus-fighting efforts hampered by data delays (sfgate.com)
Do Animals Really Anticipate Earthquakes? Sensors Hint They Do
(Scientific American)
Despite an unexpected monkey wrench, now is the time to install the July
Wirndows and Office patches (Computerworld)
Adapting the user to the software (The Verge)
The case for banning law enforcement from using facial recognition
technology (TJCI)
Why a Data Breach at a Genealogy Site Has Privacy Experts Worried (NYTimes)
Computers on verge of designing their own programs (Techxplore)
AI bias detection; aka the fate of our data-driven world (ZDNet)
The Truth Is Paywalled But The Lies Are Free (Current Affairs)
A very good fake message from Facebook (Mike Alexander)
Job-related scams and frauds (CBC)
Cheap, Easy Deepfakes Are Getting Closer to the Real Thing (WiReD)
Blackbaud breach (Gabe Goldberg)
Ajit Pai calls for vigorous debate on Trump's social media crackdown
(Ars Technica)
Sensitive to claims of bias, Facebook relaxed misinformation rules for
conservative pages (NBC News)
A Bug In Instagram's Hashtag Has Been Favoring Donald Trump (BuzzfeedNews)
Big Problem: Twitter users attempting to expose @realDonaldTrump lies are
being blocked for surfacing his lies! (CNN)
>From Minecraft Tricks to Twitter Hack: A Florida Teen's Troubled Online Path
(NYTimes)
FBI Used Information From An Online Forum Hacking To Track Down One Of The
Hackers Behind The Massive Twitter Attack (TechDirt)
Pranksters Stream Porn During Zoom Hearing for Alleged 17-Year-Old Twitter
Hacker (gizmodo)
Re: Darwin's tautology? (Peter Bernard Ladkin, PGN)
Re: When tax prep is free, you may be paying with your privacy
(Douglas Lucas, Chris Drewe)
Bill English (Matthew Kruk)
Abridged info on RISKS (comp.risks)

----------------------------------------------------------------------

Date: Wed, 5 Aug 2020 12:09:02 +0800
From: Richard Stein <rms...@ieee.org>
Subject: Omniviolence Is Coming and the World Isn't Ready (Nautilus)

https://nautil.us/blog/omniviolence-is-coming-and-the-world-isnt-ready

"Technology is, in other words, enabling criminals to target anyone anywhere
and, due to democratization, increasingly at scale. Emerging bio-, nano-,
and cybertechnologies are becoming more and more accessible. The political
scientist Daniel Deudney has a word for what can result: 'omniviolence.' The
ratio of killers to killed, or 'K/K ratio,' is falling. For example,
computer scientist Stuart Russell has vividly described how a small group of
malicious agents might engage in omniviolence: 'A very, very small
quadcopter, one inch in diameter can carry a one-or two-gram shaped charge,'
he says. 'You can order them from a drone manufacturer in China. You can
program the code to say: 'Here are thousands of photographs of the kinds of
things I want to target.'' A one-gram shaped charge can punch a hole in nine
millimeters of steel, so presumably you can also punch a hole in someone's
head. You can fit about three million of those in a
semi-tractor-trailer. You can drive up I-95 with three trucks and have 10
million weapons attacking New York City. They don't have to be very
effective, only 5 or 10% of them have to find the target."

Cluster bombs are horrifying Cold War relics. The Convention on Cluster
Munitions has been signed by 108 nations (see
https://treaties.un.org/Pages/ViewDetails.aspx?src=TREATY&mtdsg_no=XXVI-6&chapter=26&lang=en).
Non-state actors are not bound by treaty. An autonomous cluster bomb would
be unconscionable to say the least.

Artificial swarm intelligence
(https://en.wikipedia.org/wiki/Swarm_intelligence) technology emerged
several years ago. ASI deployed as a weapon of mass destruction (WMD)
represents a significant force multiplier. An autonomous cluster bomb would
be unconscionable and terrifying.

Fortunately, domestic public safety services, and international
intelligence, and military are employed to proactively deter, detect, and
suppress WMD deployment.

Anthony Burgess' novel, "A Clockwork Orange," introduced 'ultra-violence' as
a label for extreme delinquency. As a headline, 'omniviolence' earns a rank
of eleven on the eyeball attracting scale.

A bad sci-fi movie template: (Enemy du jour, favorite criminal organization,
or script kiddie cutout) blackmails a city, state, or nation into paying
X. It backs the threat to pay ransom (click here to view WMD video) by
fabricating 1 million plastique-equipped micro-drones, fuels them, ships
them via containerized cargo from Elbonia to a port where the load
'accidentally' jackknifes during transit to launch the autonomous payload
toward preset destination...Amateur weather buff observes atypical Doppler
weather patterns...alerts situation room authorities who scramble to
home-on-jam intra-swarm communications...emergency broadcast signal
(electromagnetic pulse) clears threat from the sky (and, possibly, a few
civilian aircraft)...another day, another dollar in the situation
room. "Round up the usual suspects" following drone triage. Roll credits,
including
https://www.statista.com/statistics/913398/container-throughput-worldwide/
which shows ~802M cargo containers -- twenty-foot equivalent units (TEUs) --
shipped globally in 2019.

------------------------------

Date: August 7, 2020 5:53:06 JST
From: Richard Forno <rfo...@infowarrior.org>
Subject: Massive 20GB Intel IP Data Breach Floods the Internet, Mentions
Backdoors (Intel Responds)

[via Dave Farber]

https://www.tomshardware.com/news/massive-20gb-intel-data-breach-floods-the-internet-mentions-backdoors

------------------------------

Date: Tue, 4 Aug 2020 13:19:57 -0600
From: Jim Reisert AD1C <jjre...@alum.mit.edu>
Subject: Cyberattack causes Lafayette, CO city computer outage

This is the part I found particularly interesting:

"In a cost/benefit scenario of rebuilding the City's data versus paying
the ransom, the ransom option far outweighed attempting to rebuild."

Does this mean that the attackers requested too little ransom for the key to
unlock the data? Certainly at some higher level of ransom, the cost/benefit
analysis could tip the other way.

https://cityoflafayette.com/civicalerts.aspx?AID=5729

Posted on: August 4, 2020
Cyberattack causes City computer outage

In the early morning hours of July 27, a ransomware cyberattack on the
City's computer system disabled network services resulting in disruptions
to phone service, email, and online payment and reservation systems. 9-1-1
and emergency dispatch services were not affected. Staff detected the
infection and ransom notification at approximately 6:50am and disabled all
network connections to contain the malware spread. Mutual aid from
neighboring jurisdictions was brought onsite to assist, and a
cybersecurity analyst was contracted to provide forensic investigation and
recovery. Additional resources were deployed from the Boulder Office of
Emergency Management and the State Office of Information Technology.

------------------------------

Date: Tue, 4 Aug 2020 13:17:06 -0400
From: Monty Solomon <mo...@roscom.com>
Subject: Garmin reportedly paid multimillion-dollar ransom after suffering
cyberattack (The Verge)

Fitness brand Garmin paid millions of dollars in ransom after an attack took
many of its products and services offline last month, Sky News reports. The
payment was reportedly made through a ransomware negotiation company called
Arete IR, in order for Garmin to recover data held hostage as a result of
the attack.

BleepingComputer reported last week that Garmin had received a decryption
key to access data encrypted by the virus, and that the initial ransom
demand was for $10 million. [...]

https://www.theverge.com/2020/8/4/21353842/garmin-ransomware-attack-wearables-wastedlocker-evil-corp

[See also:
Garmin reportedly paid millions to resolve its recent ransomware attack
(Engadget)
https://www.engadget.com/garmin-cyber-attack-ransomware-payment-180211805.html
]

------------------------------

Date: Tue, 4 Aug 2020 07:09:21 +0800
From: Richard Stein <rms...@ieee.org>
Subject: U.S. FAA proposes requiring key Boeing 737 MAX design changes
(Reuters)
https://mobile.reuters.com/article/BigStory12/idUSKCN24Z2HK

"The agency is issuing a proposed airworthiness directive to require updated
flight-control software, revised display-processing software to generate
alerts, revising certain flight-crew operating procedures, and changing the
routing of some wiring bundles."

I believe the proposal includes revisions to automatic test equipment and
test program software applied for line replaceable unit (LRU)
maintenance. The FAA's draft proposal can be found here:
https://www.faa.gov/news/media/attachments/19_035n-R3-8-3-20.pdf. I found
this on page 24: "Note 1 to paragraph (g): Guidance for doing the
installation and installation verification of the FCC OPS software can be
found in Boeing 737-7/8/8200/9/10Aircraft Maintenance Manual (AMM), Section
22-11-33." I gather the AMM includes provisions for ATE/TPS
updates/revisions.

These proposals will require significant investment to successfully
complete. Apparently they incur less expenditure than would be required to
undertake a new air-frame design and re-certification effort. Cheaper to
keep a ~50 year old air-frame in the product catalog, and hack than start
from scratch.

"The changes are designed to prevent the erroneous activation of a key
system known as MCAS tied to both crashes, to alert pilots if two AOA
sensors are receiving conflicting data and to ensure flight crew can
recognize and respond to erroneous stabilizer movement.

"The FAA said the changes minimize 'dependence on pilot action and the
effect of any potential single failure' and added that design changes
address seven safety issues, including several involving MCAS."

------------------------------

Date: Tue, 4 Aug 2020 18:47:51 -0700
From: Lauren Weinstein <lau...@vortex.com>
Subject: Beirut explosion

REPORT: Beirut explosion caused by welding operations at unsecured
warehouse holding over 2700 tons of ammonium nitrate accumulated over
six years.

[The risks? Utter stupidity, long-term storage of volatile substance,
arc-welding, lack of security, oblivious of oblivion... PGN]

------------------------------

Date: Wed, 5 Aug 2020 01:13:00 -1000
From: geoff goodfellow <ge...@iconia.com>
Subject: NSA Warns Cellphone Location Data Could Pose National-Security
Threat (WSJ)

*Disable location-sharing on apps, agency says in new guidance for military
and intelligence personnel*

The National Security Agency issued new guidance on Tuesday for military and
intelligence-community personnel, warning about the risks of cellphone
location tracking through apps, wireless networks and Bluetooth technology.

The detailed warning from one of the nation's top intelligence agencies is
an acknowledgment that Silicon Valley's practice of collecting and selling
cellphone location information
<https://www.wsj.com/articles/house-investigating-company-selling-phone-location-data-to-government-agencies-11593026382>
for
advertising and marketing purposes poses a serious national-security risk
to many inside the government.

``Location data can be extremely valuable and must be protected. It can
reveal details about the number of users in a location, user and supply
movements, daily routines (user and organizational), and can expose
otherwise unknown associations between users and locations,'' the NSA
bulletin warned.

Among its recommendations, the NSA advises disabling location-sharing
services on mobile devices, granting apps as few permissions as possible
and turning off advertising permissions. The NSA also recommends limiting
mobile web browsing, adjusting browser options to not allow the use of
location data, and switching off settings that help track a misplaced or
stolen phone.

Apps often collect and share anonymized location data with third-party
location data brokers who in turn sell their commercial products to
government and corporate customers
<https://www.wsj.com/articles/digital-group-urges-controls-on-flow-of-cellphone-data-to-government-11592946810?mod=searchresults&page=1&pos=12>,
The Wall Street Journal has reported. The sale of the data, especially to
the government, is generally done without consumer awareness.

Other services can estimate a phone's location based on its proximity to
other Bluetooth devices or Wi-Fi networks. More invasive technologies used
by law-enforcement and intelligence services -- such as Stingray cell-tower
simulators often used by police to collect location information, as well as
Wi-Fi sniffers that can extract information about a phone based on network
information -- can collect a phone's location without user permission.

The agency's warning extended beyond phones, noting that fitness trackers,
smartwatches, Internet-connected medical devices, other smart-home devices
and modern automobiles all contain location-tracking potential. [...]
https://www.wsj.com/articles/nsa-warns-cellphone-location-data-could-pose-national-security-threat-11596563156

------------------------------

Date: Mon, 3 Aug 2020 12:41:41 +0800
From: Richard Stein <rms...@ieee.org>
Subject: Dickson Yeo and spying in the time of social networking (Straits Times)

https://www.straitstimes.com/singapore/spying-in-the-time-of-social-networking
(behind paywall).

Note:
https://www.nytimes.com/reuters/2020/07/25/world/asia/25reuters-usa-china-spy-singapore.html
details the arrest.

The Straits Times author details how Yeo was recruited by PRC Intelligence.
In turn, Yeo recruited and paid multiple U.S. persons as sources to author
reports on non-public (but sensitive) strategic, tactical and/or technical
information on the F-35 sale to Japan, South China Sea foreign policy, trade
policy, etc.

"At the behest of a Chinese intelligence operative, two years ago,
Singaporean Dickson Yeo conjured up a consultancy firm and posted a fake job
posting on professional networking site LinkedIn.

"The response floored him.

"He got over 400 resumes, most of them from U.S. military and government
employees with security clearances. He sent on those he found interesting to
a Chinese operative."

"The Financial Times, in a report last Friday
(https://www.ft.com/content/0a0e62a9-65ba-494c-a7bb-86f5f66d627f, also
behind paywall), said Yeo's case underscores 'growing fears among
intelligence agencies around the world that they are unable to parry China's
increasingly astute online espionage efforts aimed at officials with
high-level security clearances.'"

Social media, while convenient for advertising goods and gigs, also
facilitates espionage recruiting. Correlate candidate CV content against the
U.S. office of personnel management (OPM) breach (or the HR breach du jour)
to cherry-pick targets. Plan to hook them into your network via compromise
(financial problems, addiction, embarrassing personal information).

A smartphone and a file-share (Dropbox) are all that's needed to boost and
relay information. No more dead drops, no more snail mail. Employ a cutout,
a mutually trusted intermediary, to shield network handler origin if/when
cover is blown.

Spying is an age-old problem. Effective counter-intelligence can suppress
human sources, and cyber-security can limit surreptitious digital data
exfiltration.

A hypothetical "spy versus spy" social media human intelligence recruiting
entrapment effort might consist of the following:

1) Use GPT-3 to author a few thousand phony CVs and credentials for "fake
worker background" with clearances, and periodically update recruiting sites
to trap human intelligence recruiters. Might be difficult to fake the
existence of a student at XYZU having written a thesis on "Pulsed-quantum
computation adiabatic decoherence mitigation" that successfully vets against
an adversary's alumnus network correlation tool. 2) Include "I speak and
write ABC" in the adversary's native character set to elevate profile
"optional" correlation assessment points. Add a few bogus project code words
(lifted from 'Dilbert' cartoons). Include a few phony roles, dates, and
locations (a business park hosting a front company) to goose up the
candidate score: Procurement and sourcing manager for sub-decibel hypersonic
anti-submarine warfare flotation technology. Lead investigator on simulation
of quantum network micro-satellite deployment with impulse drive propulsion.
3) Author a social media page, and post a few items to various blogs of
interest with faked photos from mountain climbs, botanical gardens,
high-school proms, etc.

------------------------------

Date: Wed, 5 Aug 2020 09:03:43 -0400
From: Monty Solomon <mo...@roscom.com>
Subject: Colorado police apologize over viral video of officers handcuffing
Black girls in a mistaken stop (WashPost)

Two of the family's Black children were handcuffed by police at gunpoint,
and all four, including a six-year-old, were ordered to lay face-down on the
parking lot.

https://www.washingtonpost.com/nation/2020/08/04/aurora-pd-handcuffs-family-gunpoint/

------------------------------

Date: Wed, 5 Aug 2020 19:50:26 -0400
From: Gabe Goldberg <ga...@gabegold.com>
Subject: Measure twice, sculpt once. (Atlas Obscura)

Coade Stone Caryatids ó London, England - Atlas Obscura

A measuring mishap led to these artificial stone ladies losing their
stomachs.

https://www.atlasobscura.com/places/coade-stone-caryatids

------------------------------

Date: Fri, 7 Aug 2020 00:46:50 -0400
From: Gabe Goldberg <ga...@gabegold.com>
Subject: Dutch Hackers Found a Simple Way to Mess With Traffic Lights (WiReD)

By reverse engineering apps intended for cyclists, security researchers
found they could cause delays in at least 10 cities from anywhere in the
world.

https://www.wired.com/story/hacking-traffic-lights-netherlands/

------------------------------

Date: Thu, 6 Aug 2020 00:34:57 -0400
From: Gabe Goldberg <ga...@gabegold.com>
Subject: Inside the Courthouse Break-In Spree That Landed Two White-Hat
Hackers in Jail (WiReD)

When two men were hired to break into Iowa judicial buildings, they thought
it was just another physical security audit -- until they were charged with
burglary.

https://www.wired.com/story/inside-courthouse-break-in-spree-that-landed-two-white-hat-hackers-in-jail/

------------------------------

Date: Thu, 6 Aug 2020 14:34:00 -0400
From: Gabe Goldberg <ga...@gabegold.com>
Subject: Inaccurate Mailing Sent To Fairfax County Voters (Patch)

The Center for Voter Information sent out absentee ballot applications
with an incorrect return address.

Fairfax County, VA -- A mailing going out to Fairfax County voters from a
nonprofit organization has incorrect information, according to Fairfax
County's Office of Elections.

The mailing from the Center for Voter Information includes pre-filled
absentee ballot applications with return envelopes. The problem is, the
return address is the City of Fairfax's registrar, not Fairfax County's.

"This mailing is causing great confusion and concern among voters who have
been contacting our office," said Fairfax County General Registrar Gary
Scott in a news release. "While the mailing may appear to be from an
official government agency, the Fairfax County Office of Elections did not
send it."

A county statement says the absentee ballot application went out to voters
without their request. The mailing is also causing confusion among voters
who already requested ballots from Fairfax County.

The county is working with the City of Fairfax to ensure applications
received from the inaccurate mailing will be processed by Fairfax County.

The Center for Voter Information shared the following statement:

The Center for Voter Information recently sent vote by mail applications
to voters in Virginia, encouraging them to safely participate in
democracy. We are aware that some of the mailers may have directed the
return envelopes to the wrong election offices, particularly in the
Fairfax area of northern Virginia.

Approximately half a million applications sent to eligible voters in
Virginia included incorrect information, and we are working diligently to
address the issues. Mistakes in our programming are very rare, but we take
them seriously, and our methods overall are extraordinarily effective. In
fact, we have worked with our partner, the Voter Participation Center, to
successfully generate nearly 800,000 vote by mail applications across the
country, and helped over 5-million people register to vote in our history.

We know voters are on high alert as the November election approaches, and
we regret adding to any confusion. Please rest assured that we are working
with local election officials in Virginia to re-direct the vote by mail
applications to the proper locations, and will rectify any errors at our
own expense.

https://patch.com/virginia/annandale/s/h78j9/inaccurate-mailing-sent-to-fairfax-county-voters

Brilliant. Nice favor this organization did. It's so comforting that their
programming mistakes are rare. This is a very Blue area -- and I understand
one must first assume incompetence when something worse might be
suspected. Still...

------------------------------

Date: Mon, 3 Aug 2020 01:17:00 -1000
From: geoff goodfellow <ge...@iconia.com>
Subject: WHO just gave us the worst possible coronavirus prediction (BGR)

- The coronavirus transmission risk remains high, warned the World
Health Organization during a meeting of its emergency committee.

- WHO chief Tedros Adhanom Ghebreyesus said that the COVID-19 pandemic is a
``once-in-a-century health crisis'' with effects that will be felt for
``decades to come.''

- The health crisis already taught us that some COVID-19 patients will
take weeks or even months to recover and may sustain internal damage from
the infection that could lead to long-lasting medical conditions.

The novel coronavirus is here to stay, even once vaccines are widely
available. It's still too early to tell how long COVID-19 immunity lasts,
but infectious disease experts think the new virus will behave just like
other human coronaviruses. That means reinfection could be possible as soon
as six to twelve months after the first bout, and vaccine protection will be
limited without regular booster shots. Even if vaccines are approved this
fall or winter, it will be months until public immunization campaigns can
start
<https://bgr.com/2020/07/26/coronavirus-vaccine-availability-several-months-in-2021-fauci-interview/>
in earnest. The initial vaccine supply will not meet demand, as the entire
world might need 15 billion doses to inoculate everyone -- and some people
will always resist vaccines, while others are in remote regions that may not
be accessible. Therefore, it will be years before a large percentage of the
world's population is vaccinated against COVID-19, and that's assuming the
current candidates are effective. Other drugs are also in human trials
<https://bgr.com/2020/07/08/coronavirus-treatment-regeneron-monoclonal-antibodies-cure-regn-cov2-5852677/>
and they could provide new effective therapies to prevent COVID-19
complications or death.

With all that in mind, it seems unlikely for the novel coronavirus to
disappear anytime soon and the world will have to learn to live with it,
just like it did with other infectious diseases. The World Health
Organization (WHO) made this prediction several months ago
<https://bgr.com/2020/05/14/coronavirus-cure-covid-19-may-never-go-away-but-well-have-treatment-5829547/>,
as researchers learned more details about the new illness. But now, the WHO
just gave the world the worst possible forecast about the novel coronavirus.

WHO chief Tedros Adhanom Ghebreyesus spoke to reporters on Friday as the
organization's emergency committee evaluated the situation six months after
declaring COVID-19 an international emergency. [...]

https://bgr.com/2020/08/01/coronavirus-transmission-risk-high-effects-felt-for-decades/

------------------------------

Date: Fri, 7 Aug 2020 11:02:50 +0800
From: Richard Stein <rms...@ieee.org>
Subject: California virus-fighting efforts hampered by data delays (sfgate.com)

https://www.sfgate.com/news/article/California-virus-fighting-efforts-hampered-by-15462869.php
and
https://www.latimes.com/california/story/2020-08-05/coronavirus-test-results-collecting-hampering-pandemic-response

CalREDIE -- California Reportable Disease Information Exchange -- embodies
the core data collection platform licensed for access and disease incidence
reporting from laboratories, hospitals, public health agencies. State public
health officials and the elected governance functions are operating under a
high-latency reporting condition.

A root cause for the sluggishness has not been disclosed. Estimates claim
50% of COVID-19 case counts are missing from public reports. Probably a
huge XML payload to database insert backlog. Deficient elasticity scale-up
in the infrastructure.

Risk: Inaccurate reporting of disease statistics reduces public vigilance to
apply safeguards against infection. If the latency remained undiscovered,
public health spending priorities would be irresponsibly reduced.

------------------------------

Date: Mon, 3 Aug 2020 13:18:48 +0800
From: Richard Stein <rms...@ieee.org>
Subject: Do Animals Really Anticipate Earthquakes? Sensors Hint They Do
(Scientific American)

https://www.scientificamerican.com/article/do-animals-really-anticipate-earthquakes-sensors-hint-they-do/

Reliable earthquake precursors are challenging to identify. A few seconds
advanced warning can save lives. A few hours advance notice, enough to
evacuate a vulnerable city, would be miraculous. Instrumented animals, and
their environmentally-adapted swarm intelligence, might hold the key to
early quake detection.

"For example, 'we did a study on Galápagos marine iguanas, and we know
that they are actually listening in to mockingbirds’ warnings about the
Galápagos hawks,' he adds. 'These kinds of systems exist all over the
place. We’re just not really tuned in to them yet.'"

"Wendy Bohon, a geologist at the Incorporated Research Institutions for
Seismology in Washington, D.C., who was not involved with the new study, is
skeptical of the air ionization idea. Numerous geologists have
unsuccessfully tried to find such a precursory signal of impending
earthquakes, she notes. Bohon does allow that Wikelski and his co-authors
did some 'cool things' to explore the possibility of animals predicting
earthquakes. But she wonders whether there were instances in which the
creatures showed unusual activity and there was no earthquake or did not
react before one did occur. 'My cat could act crazy before an earthquake,'
she says. 'But my cat also acts crazy if somebody uses the can opener.' In
order to use the animals as prognosticators, it would be imperative to
establish that they exhibited unusual behavior only in reaction to upcoming
seismic events, Bohon says. 'Otherwise,' she adds, 'it becomes the ‘'Boy
Who Cried Wolf’' problem.'”

Risk: Alarm fatigue.

[Earthquake sensor-equipped birds fowl detection?]

[Bill Kautz, one of my colleagues at SRI in the 1970s, was part of a
California-based project that had sensors scattered around the state, but
also had farmers linked up to report unusuual animal behavior. The
Chinese also claimed back then that they evacuated an entire city based on
abnormal animal behavior. PGN]

------------------------------

Date: Mon, 3 Aug 2020 15:19:39 -0400
From: Gabe Goldberg <ga...@gabegold.com>
Subject: Despite an unexpected monkey wrench, now is the time to install the
July Windows and Office patches (Computerworld)

If it weren't for the schizophrenic behavior of Microsoft's preview patches,
July updating would be a slam dunk. As things stand, you'd be well advised
to go ahead and patch -- but be aware of the odd behavior.

https://www.computerworld.com/article/3569589/despite-an-unexpected-monkey-wrench-now-is-the-time-to-install-the-july-windows-and-office-patches.html

Rhetorical questions:

How are normal people supposed to cope with nonsense like this?

How has Microsoft let patches -- previously largely reliable -- deteriorate
to this egregious level of complexity and risk?

------------------------------

Date: Thu, 06 Aug 2020 23:37:47 -0400
From: s...@eskimo.com (Steve Summit)
Subject: Adapting the user to the software (The Verge)

We've probably all had our frustrations with Microsoft Excel: powerful,
ubiquitous, often pretty useful, occasionally insanely frustrating. It
would never have occurred to me to make formal redefinitions across an
entire industry just to coddle its peculiar predilections, though:

https://www.theverge.com/2020/8/6/21355674/human-genes-rename-microsoft-excel-misreading-dates

A string like "MARCH1" -- which to a geneticist used to be the accepted
abbreviation for the Membrane Associated Ring-CH-Type Finger 1 gene -- is
taken by default by Excel as a date, and while there's a way to force it to
be treated as a regular string, it's easy enough to forget to that errors
have been unacceptably prevalent. So the Membrane Associated Ring-CH-Type
Finger 1 gene is now "MARCHF1", and several dozen other genes have been
similarly reabbreviated.

------------------------------

Date: Fri, 07 Aug 2020 13:47:29 +0200
From: "Diego.Latella" <diego....@isti.cnr.it>
Subject: The case for banning law enforcement from using facial recognition
technology (TJCI)

The Justice Collaborative Institute
The Case for Banning Law Enforcement from Using Facial Recognition Technology
https://tjcinstitute.com/research/the-case-for-banning-law-enforcement-from-using-facial-recognition-technology/

"The Justice Collaborative Institute is home to a collection of the nation's
top scholars and thinkers bound together by a common mission to produce
rigorous, practical research that contributes to an America with more
dignity and freedom for all of us, starting with those who are the most
vulnerable. We translate our research into pragmatic resources for public
officials, reporters, advocates, and other scholars, including polling
memos, policy briefs, model laws and policies, and amicus briefs."

https://tjcinstitute.com/about/

------------------------------

Date: Sat, 1 Aug 2020 18:00:33 -0400
From: Monty Solomon <mo...@roscom.com>
Subject: Why a Data Breach at a Genealogy Site Has Privacy Experts Worried
(NYTimes)

Nearly two-thirds of GEDmatch's users opt out of helping law enforcement.
For a brief window this month, that didn't matter.

https://www.nytimes.com/2020/08/01/technology/gedmatch-breach-privacy.html

------------------------------

Date: Tue, 4 Aug 2020 13:08:18 +0800
From: Richard Stein <rms...@ieee.org>
Subject: Computers on verge of designing their own programs (Techxplore)

https://techxplore.com/news/2020-08-verge.html

"Gottschlich explained, 'Intel's ultimate goal for machine programming is to
democratize the creation of software. When fully realized, machine
programming will enable everyone to create software by expressing their
intention in whatever fashion that's best for them, whether that's code,
natural language or something else. That's an audacious goal, and while
there's much more work to be done, MISIM is a solid step toward it."

MISIM relies on AI to compare "correct programs" against a candidate
specification. Correctly transliterating this specification, as per formal
methods, should satisfy user expectations when the cooked code runs. I
wonder if MISIM would succeed in a transliteration of a multi-threaded
process specification per Hoare's communicating sequential processes?

Would be interesting to see if Machine Inferred Code Similarity could
eventually detect and triage race conditions, kernel or interruptible sleep
state deadlock. Significant specification and test cases are needed
(http://www.cs.uky.edu/ai/benchmark-suite/deadlock-detection.html retrieved
on 04AUG2020) to identify these conditions.

Someday, the app you buy might be authored and qualified by a bot. MISIM
portends a solution, however partial, to the Turing Halting Problem.

MISIM does not demand royalties -- a piece of the action -- from app license
and sale. No sick leave, vacation, or retirement benefits are paid as
carbon-based authors are largely out-of-the-loop: it codes for virtual
peanuts, until it decides if it can or cannot.

------------------------------

Date: Fri, 7 Aug 2020 01:11:00 -1000
From: geoff goodfellow <ge...@iconia.com>
Subject: AI bias detection; aka the fate of our data-driven world

*Rooting out implicit bias in AI is fundamental to ensuring an equitable
society. Is it even possible?*

Here's an astounding statistic: Between 2015 and 2019, global use of
artificial intelligence grew by 270%
<https://venturebeat.com/2019/01/21/gartner-enterprise-ai-implementation-grew-270-over-the-past-four-years/>.
It's estimated that 85% of Americans
<https://news.gallup.com/poll/228497/americans-already-using-artificial-intelligence-products.aspx>
*are already using* AI products daily, whether they now it or not.

It's easy to conflate *artificial* intelligence with *superior*
intelligence, as though machine learning based on massive data sets leads to
inherently better decision-making. The problem, of course, is that human
choices undergird every aspect of AI
<https://www.zdnet.com/topic/artificial-intelligence/>, from the curation of
data sets to the weighting of variables. Usually there's little or no
transparency for the end user, meaning resulting biases are next to
impossible to account for. Given that AI is now involved in everything from
jurisprudence to lending, it's massively important for the future of our
increasingly data-driven society that the issue of bias in AI be taken
seriously.

This cuts both ways -- development in the technology class itself, which
represents massive new possibilities for our species, will only suffer from
diminished trust if bias persists without transparency and accountability.
In one recent conversation
<https://www.zdnet.com/article/5-reasons-ai-isnt-being-adopted-at-your-organization-and-how-to-fix-it/>,
Booz Allen's Kathleen Featheringham
<https://www.boozallen.com/e/insight/blog/kathleen-featheringham-tells-stories-through-data.html>,
Director of AI Strategy & Training, told me that adoption of the technology
is being slowed by what she identifies as historical fears:

Because AI is still evolving from its nascency, different end users may
have wildly different understandings about its current abilities, best uses
and even how it works. This contributes to a blackbox around AI
decision-making. To gain transparency into how an AI model reaches end
results, it is necessary to build measures that document the AI's
decision-making process. In AI's early stage, transparency is crucial to
establishing trust and adoption.

While AI's promise is exciting, its adoption is slowed by historical fear
of new technologies. As a result, organizations become overwhelmed and
don't know where to start. When pressured by senior leadership, and driven
by guesswork rather than priorities, organizations rush to enterprise AI
implementation that creates more problems.

One solution that's becoming more visible in the market is validation
software. Samasource <https://www.samasource.com/>, a prominent supplier of
solutions to a quarter of the Fortune 50, is launching AI Bias Detection, a
solution that helps to detect and combat systemic bias in artificial
intelligence across a number of industries. The system, which leaves a
human in the loop, offers advanced analytics and reporting capabilities
that help AI teams spot and correct bias before it's implemented across a
variety of use-cases, from identification technology to self-driving
vehicles. [...]
https://www.zdnet.com/article/ai-bias-detection-and-the-fate-of-our-data-driven-world/

------------------------------

Date: Mon, 3 Aug 2020 08:19:33 -0700
From: Lauren Weinstein <lau...@vortex.com>
Subject: The Truth Is Paywalled But The Lies Are Free (Current Affairs)

https://www.currentaffairs.org/2020/08/the-truth-is-paywalled-but-the-lies-are-free/

------------------------------

Date: Tue, 04 Aug 2020 20:11:37 -0400
From: "Mike Alexander" <risks...@msalexander.com>
Subject: A very good fake message from Facebook

I have turned on the option on Facebook to encrypt all messages from them
using GPG. I recently got a message that came from a Facebook domain (based
on the first Received: header) and was signed with their GPG key, but was
apparently not from them. It appeared to be a notification of a private
message from a friend of mine, but she says she didn't send me a message on
Messenger, and the links that purport to open the message go to www.m.me and
try to open a Flash movie (I don't have Flash installed). I really can't
think of a good explanation for this that doesn't involve something bad
happening at Facebook.

------------------------------

Date: Fri, 7 Aug 2020 06:43:47 -0600
From: "Matthew Kruk" <mkr...@gmail.com>
Subject: Job-related scams and frauds (CBC)

Job scams are on the rise and becoming more sophisticated, said Jeff
Thomson, senior RCMP intelligence analyst at the Canadian Anti-Fraud Centre.

In 2019, the centre received more than 2,400 job-related fraud reports, he
said. The number of reports counted in 2020 is already more than 2,300 -
and that's only up to July.

With more people losing their jobs during the COVID-19 pandemic and seeking
work, as well as shifting to doing business primarily online, "it's sort of
ripe for job scams right now," Thomson said.

https://www.cbc.ca/news/canada/toronto/fake-company-job-scam-gux-it-1.5677217

------------------------------

Date: Thu, 6 Aug 2020 01:10:00 -1000
From: geoff goodfellow <ge...@iconia.com>
Subject: Cheap, Easy Deepfakes Are Getting Closer to the Real Thing (WiReD)

Using open-source software and less than $100, a researcher was able to
create plausible images and audio of actor Tom Hanks.

There are many photos of Tom Hanks, but none like the images of the leading
everyman shown at the Black Hat computer security conference Wednesday:
They were made by machine-learning algorithms, not a camera.

Philip Tully, a data scientist at security company FireEye, generated the
hoax Hankses to test how easily open-source software from artificial
intelligence labs could be adapted to misinformation campaigns. His
conclusion:

``People with not a lot of experience can take these machine-learning
models and do pretty powerful things with them.''

Seen at full resolution, FireEye's fake Hanks images have flaws like
unnatural neck folds and skin textures. But they accurately reproduce the
familiar details of the actor's face like his brow furrows and green-gray
eyes, which gaze cooly at the viewer. At the scale of a social network
thumbnail, the AI-made images could easily pass as real.

To make them, Tully needed only to gather a few hundred images of Hanks
online and spend less than $100 to tune open-source face-generation
software to his chosen subject. Armed with the tweaked software, he cranks
out Hanks. Tully also used other open-source AI software to attempt to
mimic the actor's voice from three YouTube clips, with less impressive
results.

By demonstrating just how cheaply and easily a person can generate passable
fake photos, the FireEye project
<https://www.fireeye.com/blog/threat-research/2020/08/repurposing-neural-networks-to-generate-synthetic-media-for-information-operations.html>
could
add weight to concerns that online disinformation could be magnified by AI
technology that generates passable images or speech. Those techniques and
their output are often called deepfakes, a term taken from the name of a
Reddit account that late in 2017 posted pornographic videos modified to
include the faces of Hollywood actresses.

Most deepfakes observed in the wilds of the Internet are low quality and
created for pornographic
<https://www.wired.com/story/most-deepfakes-porn-multiplying-fast/> or
entertainment purposes. So far, the best-documented malicious use of
deepfakes is harassment of women
<https://www.wired.com/story/forget-politics-deepfakes-bullies/>. Corporate
projects or media productions
<https://www.wired.com/story/covid-drives-real-businesses-deepfake-technology/>
can create slicker output, including videos, on bigger budgets. FireEye's
researchers wanted to show how someone could piggyback on sophisticated AI
research with minimal resources or AI expertise. Members of Congress from
both parties have raised concerns that deepfakes could be bent for political
interference. [...]
https://www.wired.com/story/cheap-easy-deepfakes-closer-real-thing/

------------------------------

Date: Thu, 6 Aug 2020 14:41:44 -0400
From: Gabe Goldberg <ga...@gabegold.com>
Subject: Blackbaud breach

``We deeply appreciate your generous support of the Freedom Forum and our
affiliates, the Newseum and the Freedom Forum Institute, and our mission
to foster First Amendment freedoms for all. As part of our efforts to
share important updates with our valued supporters, we are writing to
inform you about a data incident involving one of our long-time vendors,
Blackbaud, that may have affected some of your personal information.
Blackbaud is the global market leader in not-for-profit software, and
their products are commonly used to manage relationships and
communications with constituents and donors.''
https://www.blackbaud.com/
http://engage.newseum.org/site/MessageViewer?dlv_id=10606&em_id=6687.0

This is at least my fourth such notice from some organization using
Blackbaud. Of course, there's no way for people to tell who else might be a
victim of an outsourcing vendor. How many more? It's tough doing due
diligence with such invisible infrastructure.

------------------------------

Date: Mon, 3 Aug 2020 19:17:19 -0400
From: Gabe Goldberg <ga...@gabegold.com>
Subject: Ajit Pai calls for vigorous debate on Trump's social media
crackdown (Ars Technica)

"Tell the FCC to reject this," Democrat says as agency seeks public comment.

https://arstechnica.com/tech-policy/2020/08/fcc-seeks-public-comment-on-trumps-attempt-to-punish-twitter-and-facebook/

------------------------------

Date: Fri, 7 Aug 2020 15:13:20 -0700
From: Lauren Weinstein <lau...@vortex.com>
Subject: Sensitive to claims of bias, Facebook relaxed misinformation rules
for conservative pages (NBC News)

https://www.nbcnews.com/tech/tech-news/sensitive-claims-bias-facebook-relaxed-misinformation-rules-conservative-pages-n1236182

------------------------------

Date: Wed, 5 Aug 2020 19:42:02 -0400
From: Gabe Goldberg <ga...@gabegold.com>
Subject: A Bug In Instagram's Hashtag Has Been Favoring Donald Trump
(BuzzfeedNews)

``A technical error caused a number of hashtags to not show related
hashtags. We've disabled this feature while we investigate.''

https://www.buzzfeednews.com/article/ryanmac/instagram-related-hashtags-favoring-trump-over-biden

A bug they call it, a poisonous bug...

------------------------------

Date: Thu, 6 Aug 2020 09:48:12 -0700
From: Lauren Weinstein <lau...@vortex.com>
Subject: Big Problem: Twitter users attempting to expose @realDonaldTrump
lies are being blocked for surfacing his lies! (CNN)

https://www.cnn.com/2020/08/06/politics/twitter-democratic-national-committee-trump/index.html

------------------------------

Date: Sun, 2 Aug 2020 16:52:11 -0700
From: Lauren Weinstein <lau...@vortex.com>
Subject: From Minecraft Tricks to Twitter Hack: A Florida Teen's Troubled
Online Path (NYTimes)

https://www.nytimes.com/2020/08/02/technology/florida-teenager-twitter-hack.html

------------------------------

Date: Tue, 4 Aug 2020 10:36:13 -0400
From: Monty Solomon <mo...@roscom.com>
Subject: FBI Used Information From An Online Forum Hacking To Track Down
One Of The Hackers Behind The Massive Twitter Attack (TechDirt)

https://www.techdirt.com/articles/20200802/16255545023/fbi-used-information-online-forum-hacking-to-track-down-one-hackers-behind-massive-twitter-attack.shtml

------------------------------

Date: Wed, 5 Aug 2020 19:44:42 -0400
From: Gabe Goldberg <ga...@gabegold.com>
Subject: Pranksters Stream Porn During Zoom Hearing for Alleged
17-Year-Old Twitter Hacker (gizmodo)

Pranksters disrupted judicial hearings on Wednesday for the 17-year-old
Florida kid who allegedly hijacked the accounts of prominent Twitter users
last month, according to multiple
<https://twitter.com/WFLARyan/status/1291003400881147906> people
<https://twitter.com/TheMateoJones/status/1291006211983388672> on the
teleconference call. There were several intrusions during the first attempt
at the hearing, and it was finally stopped after pornography was streamed
via Pornhub. [...]

``How the judge in charge of the proceeding didn't think to enable settings
that would prevent people from taking over the screen is beyond me. My guess
is he didn't know he could,'' security expert Brian Krebs tweeted Wednesday
morning. ``This guy's reaction sums it up.''

The reaction, of course, was one of shock and bewilderment.

https://gizmodo.com/pranksters-stream-porn-during-zoom-hearing-for-alleged-1844618440

------------------------------

Date: Sun, 2 Aug 2020 10:42:00 +0200
From: Peter Bernard Ladkin <lad...@causalis.com>
Subject: Re: Darwin's tautology? (RISKS-32.12,15,16,17)

It is somewhat unkind of Amos Shapir (Risks 32.17) to suggest that a
940-year-old problem in logic is a "quagmire". 141 years ago, someone could
have said the same about the distribution of terms, which was then solved
elegantly and definitively by Herr Frege in his Begriffschrift pamphlet in
1879. (See Peter Geach, Logic Matters, Basil Blackwell 1972 for extensive
discussion of distribution, and Jean van Heijenoort, From Frege to
G=C3=B6del: A Source Book in Mathematical Logic, 1879-1931, Harvard
University Press, 1967 for an english translation of the Begriffschrift.)

Whether a RISKS reader wants to "step into" the subject of Anselm's argument
in the Proslogion depends on whether she is interested in logic. An interest
in conceptions of gods is secondary (although not for Anselm).

Martin Ward cites Goedel's formulation of an Ontological Argument for the
existence of a god. The version written down by Dana Scott appears to be
formally correct (Benzm=C3=BCller and Woltzenlogel Paleo, ECAI Proceedings
2014 http://page.mi.fu-berlin.de/cbenzmueller/papers/C40.pdf ) Paul
Oppenheimer and Ed Zalta had looked somewhat earlier at other versions and
showed some were formally provable (see, e.g., Australasian Journal of
Philosophy, 2013,
https://mally.stanford.edu/Papers/ontological-computational.pdf). John
Rushby verified a version of the Oppenheimer-Zalta proof in PVS (CAV
Proceedings, 2013 http://page.mi.fu-berlin.de/cbenzmueller/papers/C40.pdf ).

I have even done a little twiddling myself, though with traditional analysis
of premises and arguments, not with ATPs. Peter Millican (a philosopher at
Oxford) claimed to have found a fatal flaw in Anselm's argument (in Mind
113, 2004, http://millican.org/papers/2004OntArgMind.pdf ). I didn't agree
with Millican that the flaw is "fatal". I think I found some missing
premises and supplied them (preprint January 2017). I had some discussion
with Millican and my former tutor Ralph Walker, a Kant specialist, about
it. (Kant had some thoughts about Anselm's argument also.)

Shapir also defines "tautology"

> Tautology is a term in logic defined as a statement which is true
> unconditionally, determined just by its formulation, e.g., "A or not A" --
> Thus when a statement is a tautology, its truthfulness requires no proof.
> A statement cannot "become a tautology" by a proof.

He thereby contradicts Ward (RISKS-32.15), who thinks that all valid
mathematical theorems are tautologies, whereas you could surely only claim a
few of them are "determined just by [their] formulation". Fermat's Last
Theorem certainly wasn't. Its formulation is in the language of +, x and
exp, and no one I know finds it remotely plausible that there is a proof in
that language alone.

The term "tautology" is wider than what Shapir suggests. Wikipedia
https://en.wikipedia.org/wiki/Tautology indicates at least three different
meanings. Looking just at "term[s] in logic", per Shapir, one can wonder
whether a tautology is a statement (1) "true in virtue of its form"
(Shapir), or one (2) "true in every possible interpretation" (Wikipedia
https://en.wikipedia.org/wiki/Tautology_(logic) ). Those are by no means the
same: Fermat's Last Theorem is true in every possible interpretation, so
fulfills (2) but, as I just observed, not (1).

Ward, for his part (in RISKS-32.15), calls "circular" arguments out as being
"fallacious". Whatever bad things might come with being "fallacious", some
circular arguments are both valid and good. "A, therefore A" is as circular
as you can get. It is also an inference rule of Natural Deduction and an
axiom of Sequent Calculus, two of the most useful formulations of logic(s).

------------------------------

Date: Sun, 2 Aug 2020 12:48:20 PDT
From: "Peter G. Neumann" <neu...@csl.sri.com>
Subject: Re: Darwin's tautology? (Ladkin, RISKS-32.18)

My long-time colleague John Rushby in the SRI Computer Science Laboratory
has been studying what Peter Ladkin refers to in the above RISKS item,
and John has two papers. See his website:
http://www.csl.sri.com/users/rushby/biblio.html

* The Ontological Argument in PVS
Fun With Formal Methods, Invited paper presented at the CAV Workshop,
St. Petersburg, Russia, 13 July ‎2020
An 11th Century proof of the existence of God is revisited, and proven
using the SRI PVS proof system.

* Mechanized Analysis of Anselm's Modal Ontological Argument
International Journal of the Philosophy of Religion, 2020, in press.

[I'm blowing the whistle on this topic, which quickly gets outside the
realm of logic, although the subsequent still-ongoing private exchanges
are quite interesting. PGN]

------------------------------

Date: Sun, 2 Aug 2020 02:22:50 +0000
From: Douglas Lucas <d...@riseup.net>
Subject: Re: When tax prep is free, you may be paying with your privacy
(Dorsey, RISKS-32.17)

> I do not understand why people are willing to pay any money to do
> it online when doing it by hand is simple and cheap unless you have a
> lot of income or very complex deductions.

Imagine not people but ideas and actions. Then imagine a protagonist who
begun hiking the Appalachian Trail prior to COVID-19's arrival in the United
States. 2/3 through the hike, he begins hearing from other hikers of some
virus, some disease, that might be fake news or ancient ideograms. It is now
time for him to leave the Appalachian Trail, and as the climactic moment
arrives, night before tax day in the United States (14 April 2020), we are
passed through a single flux capacitor like a f(x) chain rule from Mars.

I argue to myself and but few others in person that any frozen image,
whether the paragraphs above or a painting in a gilded frame of a gilded
museum, can be analyzed by applying 4 criteria: 'holistic context'
(oxymoronic, but bear with me); changes in distance; changes in time; and
changes in emotions (e.g., love/shame battling through yap stones and
Catholic indulges and dolla dolla bills; prisoner dilemmas; and ethics vs
moral compasses)...

And lo, the capacitor fluxes a second time: from Mars, seen are immigrants,
lumpenproles, refugees, political prisoners, criminals, traffickers of
armaments of all shapes and colors, in a word, the neurodivergent.

The final flux of this capacitation is that I performed zero background
research on who 'Scott Dorsey' is, who 'klu...@panix.com' is, what his
primary second or third language is, and so on, meaning I am earnestly
attempting to abstract from my above argument, ad hominem, ad authoritatem.

Does the passing the above through the quoted focal lens of "I do not
understand why..." make the understanding better or worse, or do we simply
wait for more or less dire RISKS digest headlines to tell us that answer?

------------------------------

Date: Wed, 5 Aug 2020 22:04:36 +0100
From: Chris Drewe <e76...@yahoo.co.uk>
Subject: Re: When tax prep is free, you may be paying with your privacy.
(RISKS-32.17)

Similar in the UK (I can't speak from experience); however, legend has it
that the UK tax system is the most complicated in the world, although it's a
highly-competitive field and many other countries may claim the title.
Therefore there's plenty of potential for errors and differences of opinion,
and that's apart from the constant changes of course. As the old joke says,
if you get a gas bill for a million pounds then everybody has a good laugh,
but if you get a tax bill for a million pounds, you need a good accountant
and lawyer, and fast.

Part of the problem seems to be that UK tax policy is as much about
punishing and rewarding behaviour as raising funds for government spending,
so the basic approach is high basic tax rates with loads of exemptions,
reliefs, concessions, etc. to show how caring they are for letting you do
the right thing. And part of *this* problem is politicians coming up with
kludges and tweaks to fix this month's headline worry, forgetting that the
fixes usually stay around much longer after the original problem has been
forgotten. Some people have suggested a 'flat tax' policy, i.e. add up your
income on one side and your deductions on the other, then pay a straight tax
of, say, 20% on the difference. Wonderfully simple, but the UK policy is
the complete opposite.

One possible problem for me is tax on interest and share dividends.
Historically, if you saved money in a bank deposit account, then tax was
deducted from the interest at a standard rate, and the bank sent periodic
statements saying "your account has earned X pounds of interest, we have
deducted Y pounds of tax, and paid X-Y pounds into your account"; if you
paid higher tax then you declared this on your tax form, or if you didn't
pay tax then you could claim it back. A similar arrangement applied to
share dividends and suchlike. Hence the vast majority of people paid tax at
the right rate by default.

Nowadays, this doesn't apply -- any payments are given without deductions,
and you have to declare these if they exceed your allowance, currently 1,000
pounds for interest and 2,000 pounds (was 5,000 pounds) for dividends. So
in my case I would have to keep an eagle eye out for all of these payments
during the year and then be ready to 'fess up if the thresholds are reached.
Retired people often rely on investment income to supplement their pensions,
and commentators have pointed out that many of them many have gone through
their entire working lives without having to worry about filing tax details,
then may well unexpectedly find themselves having to grapple with taxation
bureaucracy in their advancing years.

In my case I'm donating my modest holdings of shares to charity (there's a
'Sharegift' scheme to do this on a no-cost basis, avoiding the usual hefty
trading fees on tiny shareholdings), and today's interest rates ("high
interest" means anything >0.0%) mean that I'm unlikely to earn much here.
Luckily I don't have any dependents as the UK welfare system is at least as
complex as tax, with a good deal of interaction between them, so that's one
can of worms avoided.

The UK tax authorities accept more and more information on-line only, which
may require access to expensive dedicated software and/or a steep learning
curve, so not much scope for DiY there. People with a regular income from
employment or a pension normally have this done for them by their employer
or pension provider; this is more problematic for those with irregular
sources of money. One instance mentioned in the news a few years ago
concerned those working in the broadcasting industry. As their work is
usually erratic, they often form themselves into companies and contract
themselves to programme makers or whoever, so are paid by company rules
instead of as employees, with lower tax rates. The authorities declared one
of these schemes operated by the BBC to be illegal, so not only did the
stars have to pay large unexpected tax bills, but they complained that the
BBC had demanded this arrangement as a condition of gaining work with them,
assuming that it had all been cleared beforehand.

------------------------------

Date: Wed, 5 Aug 2020 18:41:59 -0600
From: "Matthew Kruk" <mkr...@gmail.com>
Subject: Bill English

Bill English, the computer engineer who built the very first prototype
mouse, was the behind-the-scenes mastermind of the "Mother of All Demos" and
later assisted Alan Kay in building the Xerox Parc Alto computer, has died
at the age of 91.

https://www.i-programmer.info/news/82/13892.html

"The Mother of all Demos" included at URL. 1968 - wow.

------------------------------

Date: Mon, 1 Aug 2020 11:11:11 -0800
From: RISKS-...@csl.sri.com
Subject: Abridged info on RISKS (comp.risks)

The ACM RISKS Forum is a MODERATED digest. Its Usenet manifestation is
comp.risks, the feed for which is donated by panix.com as of June 2011.
=> SUBSCRIPTIONS: The mailman Web interface can be used directly to
subscribe and unsubscribe:
http://mls.csl.sri.com/mailman/listinfo/risks

=> SUBMISSIONS: to ri...@CSL.sri.com with meaningful SUBJECT: line that
includes the string `notsp'. Otherwise your message may not be read.
*** This attention-string has never changed, but might if spammers use it.
=> SPAM challenge-responses will not be honored. Instead, use an alternative
address from which you never send mail where the address becomes public!
=> The complete INFO file (submissions, default disclaimers, archive sites,
copyright policy, etc.) is online.
<http://www.CSL.sri.com/risksinfo.html>
*** Contributors are assumed to have read the full info file for guidelines!

=> OFFICIAL ARCHIVES: http://www.risks.org takes you to Lindsay Marshall's
searchable html archive at newcastle:
http://catless.ncl.ac.uk/Risks/VL.IS --> VoLume, ISsue.
Also, ftp://ftp.sri.com/risks for the current volume/previous directories
or ftp://ftp.sri.com/VL/risks-VL.IS for previous VoLume
If none of those work for you, the most recent issue is always at
http://www.csl.sri.com/users/risko/risks.txt, and index at /risks-32.00
ALTERNATIVE ARCHIVES: http://seclists.org/risks/ (only since mid-2001)
*** NOTE: If a cited URL fails, we do not try to update them. Try
browsing on the keywords in the subject line or cited article leads.
Apologies for what Office365 and SafeLinks may have done to URLs.
==> Special Offer to Join ACM for readers of the ACM RISKS Forum:
<http://www.acm.org/joinacm1>

------------------------------

End of RISKS-FORUM Digest 32.18
************************

0 new messages