Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit precedence: bulk Subject: Risks Digest 32.02 RISKS-LIST: Risks-Forum Digest Sunday 21 June 2020 Volume 32 : Issue 02 ACM FORUM ON RISKS TO THE PUBLIC IN COMPUTERS AND RELATED SYSTEMS (comp.risks) Peter G. Neumann, founder and still moderator ***** See last item for further information, disclaimers, caveats, etc. ***** This issue is archived at as The current issue can also be found at Contents: TikTok Teens and K-Pop Fans Say They Sank Trump Rally (The New York Times) Widespread VSAP failures in California March 2020 primary (LA County) China Reports Progress in Ultra-Secure Satellite Transmission (NYTimes) U.S. blacklists 'China's MIT' as tech war enters new phase (Nikkei Asian Review) French Court Strikes Down Most of Online Hate Speech Law (NYTimes) Who's a Bot? Who's Not? (NYTimes) Microsoft 365 Security vulnerability (Forbers) Russia to install Orwellian facial recognition ... (Moscow Times) Apparent suicide by 20-year-old Robinhood trader who saw a negative $730,000 balance prompts app to make changes (CNN) Mild virus cases may bestow far lower immunity (AFP) Contact Tracing (Lauren Weinstein) Abridged info on RISKS (comp.risks) ---------------------------------------------------------------------- Date: Sun, 21 Jun 2020 08:21:23 -0400 From: Monty Solomon Subject: TikTok Teens and K-Pop Fans Say They Sank Trump Rally (NYTimes) Taylor Lorenz, Kellen Browning and Sheera Frenkel, *The New York Times website*, 21 Jun 2020 [not yet in print] Did a successful prank inflate attendance expectations for President Trump's rally in Tulsa, Okla.? [...] TikTok users and fans of Korean pop music groups claimed to have registered potentially hundreds of thousands of tickets for Mr. Trump's campaign rally as a prank. After the Trump campaign's official account @TeamTrump posted a tweet asking supporters to register for free tickets using their phones on June 11, K-pop fan accounts began sharing the information with followers, encouraging them to register for the rally -- and then not show. The trend quickly spread on TikTok, where videos with millions of views instructed viewers to do the same, as CNN reported on Tuesday. ``Oh no, I signed up for a Trump rally, and I can't go,'' one woman joked, along with a fake cough, in a TikTok posted on June 15. https://www.nytimes.com/2020/06/21/style/tiktok-trump-rally-tulsa.html [The title Monty sent me is the one online, which says `Stans' instead of `Fans'. Could be a ligature problem? I presume it might get corrected later. I am ahead of the curve. PGN] ------------------------------ Date: Sat, 20 Jun 2020 16:23:51 PDT From: "Peter G. Neumann" Subject: Widespread VSAP failures in California March 2020 primary (LA County) [Sources: LA County Registrar's Office and a consultant's investigation. PGN] ``During the 2020 primary election, Los Angeles County launched its new Voting Solutions for All People (VSAP), a highly ambitious project that dramatically changed the experience of voting in the nation’s most populous county. Although many voters welcomed the improvements, many others experienced significant challenges, including excessive wait times at Vote Centers.'' [...] ``Overarching quality control breakdowns and vendor management issues: Inadequate vendor and timeline management resulted in a lack of quality assurance for election processes and technology deployments. Poor technology vendor management resulted in the lack of identification of critical design issues. This led to long wait times and a poor voter experience during the election.'' https://ceo.lacounty.gov/wp-content/uploads/2020/06/LAC-Voting-Assessment-Summa ry-of-Findings.pdf?utm_content=&utm_medium=email&utm_name=&utm_source=govdelive ry&utm_term= (5 Jun 2020) A commissioned evaluation report is also relevant: LAC-Voting-Assessment-Summary-of-Findings.pdf [Both of these sources add fuel to the fires continuing to burst anew relating to election integrity. The first one relates to the LA County Registrar, extensive voter disenfranchisement, compliance issues, and problems with the VSAP system -- including lack of adequate testing. The prospects for clean elections in November are continuing to be highly questionable. PGN] ------------------------------ Date: Tue, 16 Jun 2020 15:35:44 -0400 From: Gabe Goldberg Subject: China Reports Progress in Ultra-Secure Satellite Transmission (NYTimes) Researchers enlisted quantum physics to send a secret key for encrypting and decrypting messages between two stations 700 miles apart. https://www.nytimes.com/2020/06/15/science/quantum-satellites-china-spying.html ------------------------------ Date: Wed, 17 Jun 2020 19:56:44 +0900 From: Dave Farber Subject: U.S. blacklists 'China's MIT' as tech war enters new phase (Nikkei Asian Review) https://asia.nikkei.com/Business/Technology/US-blacklists-China-s-MIT-as-tech-war-enters-new-phase ------------------------------ Date: Fri, 19 Jun 2020 20:28:24 -0400 From: Gabe Goldberg Subject: French Court Strikes Down Most of Online Hate Speech Law (The New York Times) PARIS — A top French court on Thursday struck down critical provisions of a law passed by France's parliament last month to combat online hate speech, dealing a severe blow to the government's effort to police Internet content. The court’s ruling comes as authorities around the world try to regulate what can be shared on vast Internet platforms like Facebook, YouTube or Twitter, all American companies with attitudes toward free speech and government oversight that often differ from Europe's. The flagship provision in France's new law, which was supported by President Emmanuel Macron's government and sponsored by his party, created an obligation for online platforms to take down hateful content flagged by users within 24 hours. If the platforms failed to do so, they risked fines of up to 1.25 million euros, or about $1.4 million. But the Constitutional Council, a French court that reviews legislation to ensure it complies with the French constitution, noted in its ruling on Thursday that the measure put the onus for analyzing content solely on tech platforms without the involvement of a judge, within a very short time frame, and with the threat of hefty penalties. https://www.nytimes.com/2020/06/18/world/europe/france-internet-hate-speech-regulation.html ------------------------------ Date: Sun, 21 Jun 2020 08:53:28 -0400 From: Monty Solomon Subject: Who's a Bot? Who's Not? (NYTimes) It sometimes seems that automated bots are taking over social media and driving human discourse. But some (real) researchers aren't so sure. https://www.nytimes.com/2020/06/16/science/social-media-bots-kazemi.html ------------------------------ Date: Thu, 18 Jun 2020 20:18:57 -0700 From: Peter G Neumann Subject: Microsoft 365 Security vulnerability https://www.forbes.com/sites/zakdoffman/2020/06/18/genius-hackers-hijack-oxford-university-tech-for-masterpiece-attack-on-microsoft-users/ ------------------------------ Date: Fri, 19 Jun 2020 19:19:05 +0900 From: Dave Farber Subject: Russia to install Orwellian facial recognition ... (Moscow Times) https://www.themoscowtimes.com/2020/06/16/russia-to-install-orwell-facial-recognition-tech-in-every-school-vedomosti-a70585 ------------------------------ Date: Sat, 20 Jun 2020 09:50:45 -0700 From: Lauren Weinstein Subject: Apparent suicide by 20-year-old Robinhood trader who saw a negative $730,000 balance prompts app to make changes (CNN) Poorly designed UIs can have devastating consequences. (LW) https://www.cnn.com/2020/06/19/business/robinhood-suicide-alex-kearns/index.html ------------------------------ Date: Sat, 20 Jun 2020 16:57:09 -1000 From: geoff goodfellow Subject: Mild virus cases may bestow far lower immunity (AFP) People who catch COVID-19 but don't show symptoms may have significantly lower levels of immunity against the virus than those who become severely ill, new research showed Thursday. The majority of virus patients display relatively minor signs of infection, and a small proportion show no symptoms at all. Very little is known about this group, given that they are far less likely to be tested than those who go on to develop severe symptoms including respiratory problems. Researchers based in China compared two groups of individuals infected with COVID-19 in Chongqing's Wanzhou district: 37 who showed symptoms versus 37 who did not. The researchers analysed blood samples from both groups taken a few weeks after recovering and found that just 62.2 percent of the asymptomatic group had short-term antibodies, compared with 78.4 percent of symptomatic patients. After eight weeks of convalescence, antibody presence had fallen in 81.1 percent of asymptomatic patients, compared with 62.2 percent of symptomatic patients. What's more, asymptomatic patients were found to have lower levels of 18 pro- anti-inflammatory cell-signaling proteins than the symptomatic group, suggesting a weaker immune response to the novel coronavirus. Authors of the study, which was published in Nature Medicine, said their findings called into question the idea that everyone who has had coronavirus are immune to future infection. [...] https://www.afp.com/en/news/826/mild-virus-cases-may-bestow-far-lower-immunity-study-doc-1to46y1 ------------------------------ Date: Sun, 21 Jun 2020 12:40:16 -0700 From: Lauren Weinstein Subject: Contact Tracing As I predicted, contact tracing here in the U.S. is largely a failure. Most people don't trust any apps for this purpose, and refuse to give personal information to human tracers who contact them (no pun intended). This wasn't rocket science to predict. ------------------------------ Date: Mon, 1 Jun 2020 11:11:11 -0800 From: RISKS-request@csl.sri.com Subject: Abridged info on RISKS (comp.risks) The ACM RISKS Forum is a MODERATED digest. Its Usenet manifestation is comp.risks, the feed for which is donated by panix.com as of June 2011. => SUBSCRIPTIONS: The mailman Web interface can be used directly to subscribe and unsubscribe: http://mls.csl.sri.com/mailman/listinfo/risks => SUBMISSIONS: to risks@CSL.sri.com with meaningful SUBJECT: line that includes the string `notsp'. Otherwise your message may not be read. *** This attention-string has never changed, but might if spammers use it. => SPAM challenge-responses will not be honored. Instead, use an alternative address from which you never send mail where the address becomes public! => The complete INFO file (submissions, default disclaimers, archive sites, copyright policy, etc.) is online. *** Contributors are assumed to have read the full info file for guidelines! => OFFICIAL ARCHIVES: http://www.risks.org takes you to Lindsay Marshall's searchable html archive at newcastle: http://catless.ncl.ac.uk/Risks/VL.IS --> VoLume, ISsue. Also, ftp://ftp.sri.com/risks for the current volume or ftp://ftp.sri.com/VL/risks-VL.IS for previous VoLume If none of those work for you, the most recent issue is always at http://www.csl.sri.com/users/risko/risks.txt, and index at /risks-32.00 ALTERNATIVE ARCHIVES: http://seclists.org/risks/ (only since mid-2001) *** NOTE: If a cited URL fails, we do not try to update them. Try browsing on the keywords in the subject line or cited article leads. Apologies for what Office365 and SafeLinks may have done to URLs. ==> Special Offer to Join ACM for readers of the ACM RISKS Forum: ------------------------------ End of RISKS-FORUM Digest 32.02 ************************ .