precedence: bulk Subject: Risks Digest 28.78 RISKS-LIST: Risks-Forum Digest Tuesday 14 July 2015 Volume 28 : Issue 78 ACM FORUM ON RISKS TO THE PUBLIC IN COMPUTERS AND RELATED SYSTEMS (comp.risks) Peter G. Neumann, moderator, chmn ACM Committee on Computers and Public Policy ***** See last item for further information, disclaimers, caveats, etc. ***** This issue is archived at as The current issue can be found at Contents: [RISKS-full vacation over.] The Use of Encrypted, Coded, and Secret Communications is an `Ancient Liberty' Protected by the United States Constitution (VJoLT) The Dangers of Internet voting (Hans A. von Spakovsky) Report on Internet voting (U.S. Vote Foundation) U.N. body agrees to U.S. norms in cyberspace (Joseph Marks via Joly MacFie) Scent Received, With a Tap of a Smartphone (NYTimes) Theaters Struggle With Patrons' Phone Use During Shows (NYTimes) Addicted to Your Phone? There's Help for That (NYTimes) Sundar Pichai of Google Talks About Phone Intrusion (NYTimes) How China stopped its bloggers (AFR) Sports wearables may affect athletes' privacy, paycheques as well as performance (Christine Wong) Securing networks is harder than it was two years ago (BetaNews) Bitcoin wallets vulnerable to double-spending bug (BetaNews) Casper Bowden has died (BetaNews) Re: NZ Harmful Digital Communications Bill (Chris Drewe) Re: Chicago's 'cloud tax' makes Netflix ... more expensive (John Levine) Abridged info on RISKS (comp.risks) ---------------------------------------------------------------------- Date: Sun, 12 Jul 2015 16:27:11 -0700 From: Lauren Weinstein Subject: The Use of Encrypted, Coded, and Secret Communications is an `Ancient Liberty' Protected by the United States Constitution (VJoLT) Virginia Journal of Law and Technology via NNSquad http://www.vjolt.net/vol2/issue/vol2_art2.html In this electronic and digital age, the ability of a speaker and a selected audience to communicate in confidence about subjects chosen by them may be critical to the survival of free speech and privacy.[1] It is the primary purpose of this paper to demonstrate that, from the early years of the American Republic, Americans have enjoyed a robust, free, and frequent use of codes, ciphers, and other forms of secret communication.[2] Secondarily, this paper will demonstrate that Americans have long used secret modes of communication for numerous purposes, including political dissent, preservation of personal privacy in intimate matters, commerce, and criminal enterprises.[3] Long. Detailed. Read as much as you can. ------------------------------ Date: Tue, 14 Jul 2015 14:12:17 PDT From: "Peter G. Neumann" Subject: The Dangers of Internet voting (Hans A. von Spakovsky) Hans A. von Spakovsky. Heritage, 14 July 2015 [Bastille Day] http://www.heritage.org/research/reports/2015/07/the-dangers-of-internet-voting Those who believe that it is possible given current technology to create a secure online voting system are dangerously mistaken. According to computer experts, Internet voting is vulnerable to cyber-attack and fraud -- vulnerabilities inherent in current hardware and software, as well as the basic manner in which the Internet is organized -- and it is unlikely that these vulnerabilities will be eliminated in the near future. Internet voting, or even the delivery by e-mail of voted ballots from registered voters, would be vulnerable to a variety of well-known cyber-attacks, any of which could be catastrophic. Such attacks could even be launched by an enemy agency beyond the reach of U.S. law and could cause significant voter disenfranchisement, privacy violations, vote buying and selling, and vote switching. The biggest danger, however, is that such attacks could be completely undetected. ------------------------------ Date: Mon, 13 Jul 2015 7:11:59 PDT From: "Peter G. Neumann" Subject: Report on Internet voting U.S. Vote Foundation, July 2015 The Future of Voting: End to End Verifiable Internet Voting https://www.usvotefoundation.org/e2e-viv/summary Internet Voting Today Internet voting was first proposed over thirty years ago. Since then, many governments and businesses have created Internet voting technologies that have been used to collect millions of votes in public elections. However, computer scientists, cryptographers, and cybersecurity experts warn that no current Internet voting system is sufficiently secure and reliable for use in public elections. Part of the problem is that existing systems do not allow third parties to observe the election system and independently verify that the results are correct. In fact, most vendors explicitly forbid such oversight. Recommendations The five key recommendations of this report are: * Any public elections conducted over the Internet must be end-to-end verifiable. * No Internet voting system of any kind should be used for public elections before end-to-end verifiable in-person voting systems have been widely deployed and experience has been gained from their use. * End-to-end verifiable systems must be designed, constructed, verified, certified, operated, and supported according to the most rigorous engineering requirements of mission- and safety-critical systems. * E2E-VIV systems must be usable and accessible. * Many challenges remain in building a usable, reliable, and secure E2E-VIV system. They must be overcome before using Internet voting for public elections. Research and development efforts toward overcoming those challenges should continue. [Based on everything we have seen in the past 31 years that I have been involved in seeking trustworthy elections, this report seems to have some very timely and incisive guidance. PGN] ------------------------------ Date: Jul 12, 2015 8:13 PM From: "Joly MacFie" Subject: U.N. body agrees to U.S. norms in cyberspace (Joseph Marks) Joseph Marks, Internet Policy, Politico, in Dave Farber's IP, 9 Jul 2015 http://www.politico.com/story/2015/07/un-body-agrees-to-us-norms-in-cyberspace-119900.html A United Nations body has agreed for the first time that there are rules of the road in cyberspace that all nations should respect, even during peacetime, a senior State Department official tells POLITICO. It's a breakthrough for U.S. diplomats, who have been pushing these norms as an alternative to formal treaties as a way to help tame the lawless frontier of cyberspace. The norms agreed by the U.N.'s Group of Governmental Experts include understandings that nations should not intentionally damage each other's critical infrastructure with cyberattacks; should not target each other's cyber emergency responders; and should assist other nations investigating cyberattacks and cybercrime launched from their territories. [...] ------------------------------ Date: Sun, 12 Jul 2015 01:24:36 -0400 From: Monty Solomon Subject: Scent Received, With a Tap of a Smartphone http://www.nytimes.com/2015/07/09/technology/personaltech/scent-received-with-a-tap-of-a-smartphone.html Developers are getting ready to introduce products that would allow smartphone users to send and receive scents along with messages and photos. [I remember Smell-O-Vision stunk up movie theaters in the 1960 film, Scent of Mystery. However, certain scents dominated others, compromising subsequent ones, and the effort was quickly discontinued. Are we really ready for Smell-O-Phones? Just my two scents worth... PGN] ------------------------------ Date: Sat, 11 Jul 2015 23:10:37 -0400 From: Monty Solomon Subject: Theaters Struggle With Patrons' Phone Use During Shows Recorded announcements and personal pleas have only a limited effect, as recent incidents on Broadway and elsewhere demonstrate. http://www.nytimes.com/2015/07/11/theater/theaters-struggle-with-patrons-phone-use-during-shows.html [But even if the phone is in Airplane Mode, the Scentillation Mode might still be on. The smell of garlic french fries might be used to encourage you to visit the concession booth. PGN] ------------------------------ From: Monty Solomon Date: Sun, 12 Jul 2015 01:16:13 -0400 Subject: Addicted to Your Phone? There's Help for That There's new technology to save us from technology. http://www.nytimes.com/2015/07/12/sunday-review/addicted-to-your-phone-theres-help-for-that.htm [What about addiction to French Fries on your Smell-O-Phone? PGN] ------------------------------ Date: Sun, 12 Jul 2015 19:50:26 -0400 From: Monty Solomon Subject: Sundar Pichai of Google Talks About Phone Intrusion http://bits.blogs.nytimes.com/2015/07/12/sundar-pichai-of-google-talks-about-phone-intrusion/ Google's senior vice president of products speaks at length about how Google products and apps try to balance giving you information with letting you live your life. ------------------------------ Date: Fri, 10 Jul 2015 23:31:02 -0700 From: Lauren Weinstein Subject: How China stopped its bloggers AFR via NNSquad http://www.afr.com/technology/social-media/how-china-stopped-its-bloggers-20150703-gi34za Just after lunch on an autumn day, two plain-clothed police officers approached a slender young man from opposite directions, unfazed that the lobby was busy with foreigners and local business people. Showing good field craft, the officer approaching from behind called out the blogger's name. As he turned, the other slipped on the handcuffs. "They took me away like an eagle does its prey," says the blogger with Chinese precision. At a nearby police station, in addition to the handcuffs, shackles were placed on his ankles. They would remain in place for 24 hours while he was interrogated. Blackmail was the blogger's stated crime, although no documents were produced to substantiate these allegations. "They told me just confess to something and you can go home. If I didn't co-operate, they said, 'you will be in jail for years'." ------------------------------ Date: Tue, 14 Jul 2015 08:38:40 -0700 From: Gene Wirchenko Subject: Sports wearables may affect athletes' privacy, paycheques as well as performance (Christine Wong) Christine Wong, *IT Business*, 13 Jul 2015 Wearable technology won't just affect athletes' performances but also their privacy, and that could change the business of sports forever, according to experts at a Toronto sector forum. http://www.itbusiness.ca/news/sports-wearables-may-affect-athletes-privacy-paycheques-as-well-as-performance/56801 ------------------------------ Date: Sat, 11 Jul 2015 00:02:45 +0200 From: Werner U Subject: Securing networks is harder than it was two years ago (BetaNews) Enterprises face evolving security challenges and solutions due to the introduction of cloud infrastructures. Growing cloud adoption has been identified as one of the key reasons why a majority of IT and security professionals find securing their networks more difficult today than two years ago. Network security company Tufin has produced an infographic, based on a recent research report with ESG, looking at why 56 percent of professionals believe network security is getting harder. ------------------------------ Date: Sat, 11 Jul 2015 00:02:45 +0200 From: Werner U Subject: Bitcoin wallets vulnerable to double-spending bug (BetaNews) The cryptocurrency Bitcoin has not been without its problems. There have been numerous hacks leading to the loss of millions of dollars, and Bitcoin mining tool Epic Scale became embroiled in a crapware scandal with uTorrent The latest problem to hit the digital currency is a double-spending bug. . As the name suggests, this essentially makes it possible to spend the same Bitcoins twice, and it stems from a problem with a planned upgrade. An issue with some Bitcoin miners means that tests that usually prevent double-spending are not correctly performed. The problem was discovered on 4 July as many Americans were busy celebrating Independence Day. ------------------------------ Date: Sat, 11 Jul 2015 00:02:45 +0200 From: Werner U Subject: Casper Bowden has died (BetaNews) The man who cared about your online privacy has died, Caspar Bowden, the privacy advocate who was warning about the activities of the NSA before Edward Snowden, has died. The co-founder of the Foundation for Information Policy Research lost his battle with cancer, and tributes have been paid by the world of technology. Bowden, the former head of privacy at Microsoft, had long-warned about potential backdoors in software and services. He campaigned passionately for the privacy of the individual and voiced grave concerns about the NSA and the FISA Amendment Act. He sat on the board of Tor and was one of the most knowledgeable and well-loved figures on the privacy scene. ------------------------------ Date: Sun, 12 Jul 2015 21:30:53 +0100 From: Chris Drewe Subject: Re: NZ Harmful Digital Communications Bill (RISKS-28.77) > In trying to solve some problems, legislators often have the (unintended ?) > consequences of creating new ones. No idea about the solution; personally I feel that the problem is governments trying to legislate for a better world. Obviously people should be nice to each other, but making this a legal requirement may well swap one lot of difficulties for another. I'm not a lawyer either, but bringing human relationships and behaviour into law looks like a mighty challenge. As Pontius Pilate famously asked, "what is truth?". [The truth may be a long history of some governments trying to legislate not for an altruistic better world for everyone else, but according to self-serving special interests. We seem to differ. PGN] ------------------------------ Date: 12 Jul 2015 22:33:59 -0000 From: "John Levine" Subject: Re: Chicago's 'cloud tax' makes Netflix ... more expensive (R-28.77) This is an extremely disingenuous article. Chicago has had an amusements tax for a very long time, and has levied it on cable TV subscriptions. I believe that's instead of sales tax, and in fact it's slightly lower than the city's sales tax. This ruling is follows the quacks-like-a-duck rule. Netflix and Spotify deliver the same kind of material that services like HBO (and I suppose Muzak) do, so now they're taxed the same. In response to hand-wavy questions about how can you tell where someone is in the cloud, these are paid services, and the customers have billing addresses. The only thing that's puzzling is why people still expect to get a free ride just because something happens to have IP packets in its path. ------------------------------ Date: Mon, 17 Nov 2014 11:11:11 -0800 From: RISKS-request@csl.sri.com Subject: Abridged info on RISKS (comp.risks) The ACM RISKS Forum is a MODERATED digest. Its Usenet manifestation is comp.risks, the feed for which is donated by panix.com as of June 2011. => SUBSCRIPTIONS: PLEASE read RISKS as a newsgroup (comp.risks or equivalent) if possible and convenient for you. The mailman Web interface can be used directly to subscribe and unsubscribe: http://mls.csl.sri.com/mailman/listinfo/risks Alternatively, to subscribe or unsubscribe via e-mail to mailman your FROM: address, send a message to risks-request@csl.sri.com containing only the one-word text subscribe or unsubscribe. You may also specify a different receiving address: subscribe address= ... . You may short-circuit that process by sending directly to either risks-subscribe@csl.sri.com or risks-unsubscribe@csl.sri.com depending on which action is to be taken. Subscription and unsubscription requests require that you reply to a confirmation message sent to the subscribing mail address. Instructions are included in the confirmation message. Each issue of RISKS that you receive contains information on how to post, unsubscribe, etc. => The complete INFO file (submissions, default disclaimers, archive sites, copyright policy, etc.) is online. *** Contributors are assumed to have read the full info file for guidelines. => .UK users may contact . => SPAM challenge-responses will not be honored. Instead, use an alternative address from which you NEVER send mail! => SUBMISSIONS: to risks@CSL.sri.com with meaningful SUBJECT: line. *** NOTE: Including the string `notsp' at the beginning or end of the subject *** line will be very helpful in separating real contributions from spam. *** This attention-string may change, so watch this space now and then. => ARCHIVES: ftp://ftp.sri.com/risks for current volume or ftp://ftp.sri.com/VL/risks for previous VoLume http://www.risks.org takes you to Lindsay Marshall's searchable archive at newcastle: http://catless.ncl.ac.uk/Risks/VL.IS.html gets you VoLume, ISsue. Lindsay has also added to the Newcastle catless site a palmtop version of the most recent RISKS issue and a WAP version that works for many but not all telephones: http://catless.ncl.ac.uk/w/r . ==> PGN's comprehensive historical Illustrative Risks summary of one liners: for browsing, or .ps for printing is no longer maintained up-to-date except for recent election problems. *** NOTE: If a cited URL fails, we do not try to update them. Try browsing on the keywords in the subject line or cited article leads. ==> Special Offer to Join ACM for readers of the ACM RISKS Forum: ------------------------------ End of RISKS-FORUM Digest 28.78 ************************ .