RISKS-LIST: Risks-Forum Digest Friday 21 May 2020 Volume 31 : Issue 85 ACM FORUM ON RISKS TO THE PUBLIC IN COMPUTERS AND RELATED SYSTEMS (comp.risks) Peter G. Neumann, founder and still moderator
***** See last item for further information, disclaimers, caveats, etc. ***** This issue is archived at <http://www.risks.org> as <http://catless.ncl.ac.uk/Risks/31.85> The current issue can also be found at <http://www.csl.sri.com/users/risko/risks.txt> Contents: A Case for Cooperation Between Machines and Humans (John Markoff) Scammers steal > $100m in Wash. State unemployment fraud (Seattle Times) Satellites and spacecraft malfunction as Earth's magnetic field mysteriously weakens (Sky) Microsoft: Beware this massive phishing campaign using malicious Excel macros to hack PCs (ZDNet) Ransomware deploys virtual machines to hide itself from antivirus software (ZDNet) Students are failing AP tests because the College Board can't handle iPhone photos (The Verge) How Do Astronauts Escape When a Space Launch Goes Wrong? (WiReD) How a Chinese AI Giant Made Chatting -- and Surveillance -- Easy (WiReD) 90-Day Security Plan Progress Report: May 20 (Zoom Blog) How the CDC is misreporting COVID-19 testing data (The Atlantic) Re: COVID codebase [D Maziuk) Re: The ultimate Turing test (Arthur Flatau) Re: Teen Hacker and Crew of Evil Geniuses Accused of $24 Million Crypto Theft (Gabe Goldberg) Re: The FBI Just Unlocked an iPhone Without Apple's Help (Keith Medcalf) Re: AI gets the attention, but biotechnology is poised to change the world (Dan Jacobson) Abridged info on RISKS (comp.risks) ---------------------------------------------------------------------- Date: May 22, 2020 at 17:57:40 GMT+9 From: Dewayne Hendricks <dewa...@warpspeed.com> Subject: A Case for Cooperation Between Machines and Humans (John Markoff) John Markoff, *The New York Times*, 21 May 2020 A computer scientist argues that the quest for fully automated robots is misguided, perhaps even dangerous. His decades of warnings are gaining more attention. https://www.nytimes.com/2020/05/21/technology/ben-shneiderman-automation-humans.html The Tesla chief Elon Musk and other big-name Silicon Valley executives have long promised a car that can do all the driving without human assistance. But Ben Shneiderman, a University of Maryland computer scientist who has for decades warned against blindly automating tasks with computers, thinks fully automated cars and the tech industry's vision for a robotic future is misguided. Even dangerous. Robots should collaborate with humans, he believes, rather than replace them. Late last year, Dr. Shneiderman embarked on a crusade to convince the artificial intelligence world that it is heading in the wrong direction. In February, he confronted organizers of an industry conference on ``Assured Autonomy'' in Phoenix, telling them that even the title of their conference was wrong. Instead of trying to create autonomous robots, he said, designers should focus on a new mantra, designing computerized machines that are ``reliable, safe and trustworthy.'' There should be the equivalent of a flight data recorder for every robot, Dr. Shneiderman argued. It is a warning that's likely to gain more urgency when the world's economies eventually emerge from the devastation of the coronavirus pandemic and millions who have lost their jobs try to return to work. A growing number of them will find they are competing with or working side by side with machines. Dr. Shneiderman, 72, began spreading his message decades ago. A pioneer in the field human-computer interaction, he co-founded in 1982 what is now the Conference on Human Factors in Computing Systems and coined the term ``direct manipulation'' to describe the way objects are moved on a computer screen either with a mouse or, more recently, with a finger. In 1997, Dr. Shneiderman engaged in a prescient debate with Pattie Maes, a computer scientist at the Massachusetts Institute of Technology's Media Lab, over the then-fashionable idea of intelligent software agents designed to perform autonomous tasks for computer users -- anything from reordering groceries to making a restaurant reservation. ``Designers believe they are creating something lifelike and smart -- however, users feel anxious and unable to control these systems,'' he argued. Since then, Dr. Shneiderman has argued that designers run the risk not just of creating unsafe machines but of absolving humans of ethical responsibility of the actions taken by autonomous systems, ranging from cars to weapons. The conflict between human and computer control is at least as old as interactive computing itself. The distinction first appeared in two computer science laboratories that were created in 1962 near Stanford University. John McCarthy, a computer scientist who had coined the term ``artificial intelligence,'' established the Stanford Artificial Intelligence Laboratory with the goal of creating a ``thinking machine'' in a decade. And Douglas Engelbart, who invented the computer mouse, created the Augmentation Research Center at the Stanford Research Center and coined the term ``intelligence augmentation,'' or I.A. In recent years, the computer industry and academic researchers have tried to bring the two fields back together, describing the resulting discipline as ``humanistic'' or ``human-centered'' artificial intelligence. Dr. Shneiderman has challenged the engineering community to rethink the way it approaches artificial intelligence-based automation. Until now, machine autonomy has been described as a one-dimensional scale ranging from machines that are manually controlled to systems that run without human intervention. The best known of these one-dimensional models is a set of definitions related to self-driving vehicles established by the Society of Automotive Engineers. It describes six levels of vehicle autonomy ranging from Level 0, requiring complete human control, to Level 5, which is full driving automation. In contrast, Dr. Shneiderman has sketched out a two-dimensional alternative that allows for both high levels of machine automation and human control. With certain exceptions such as automobile airbags and nuclear power plant control rods, he asserts that the goal of computing designers should be systems in which computing is used to extend the abilities of human users. This approach has already been popularized by both roboticists and Pentagon officials. Gill Pratt, the head of the Toyota Research Institute, is a longtime advocate of keeping humans ``in the loop.'' His institute has been working to develop Guardian, a system that the researchers have described as ``super advanced driver assistance.'' ``There is so much that automation can do to help people that is not about replacing them,'' Dr. Pratt said. He has focused the laboratory not just on car safety but also on the challenge of developing robotic technology designed to support older drivers as well. Similarly, Robert O. Work, a deputy secretary of defense under Presidents Trump and Barack Obama, backed the idea of so-called centaur weapons systems, which would require human control, instead of A.I.-based robot killers, now called lethal autonomous weapons. The term ``centaur'' was originally popularized in the chess world, where partnerships of humans and computer programs consistently defeated unassisted software. At the Phoenix conference on autonomous systems this year, Dr. Shneiderman said Boeing's MCAS flight-control system, which was blamed after two 737 Max jets crashed, was an extreme example of high automation and low human control. ``The designers believed that their autonomous system could not fail,'' he wrote in an unpublished article that has been widely circulated. ``Therefore, its existence was not described in the user manual and the pilots were not trained in how to switch to manual override.'' Dr. Shneiderman said in an interview that he had attended the conference with the intent of persuading the organizers to change its name from a focus on autonomy to a focus on human control. ``I've come to see that names and metaphors are very important,'' he said. ------------------------------ Date: Thu, 21 May 2020 22:24:38 -0700 From: Henry Baker <hbak...@pipeline.com> Subject: Scammers steal > $100m in Wash. State unemployment fraud (Seattle Times) BTW, how's that 'Internet Voting' thingy workin' out fer ya ? Paul Roberts, Jim Brunner and Patrick Malone, *Seattle Times*, 21 May 2020 'Hundreds of millions of dollars' lost in Washington to unemployment fraud amid coronavirus joblessness surge https://www.seattletimes.com/business/economy/washington-adds-more-than-145000-weekly-jobless-claims-as-coronavirus-crisis-lingers/ Washington state officials have acknowledged the loss of "hundreds of millions of dollars" to an international fraud scheme that hammered the state's unemployment insurance system and could mean even longer delays for thousands of jobless workers still waiting for legitimate benefits. Suzi LeVine, commissioner of the state Employment Security Department (ESD), disclosed the staggering losses during a news conference Thursday afternoon. LeVine declined to specify how much money was stolen during the scam, which is believed to be orchestrated from Nigeria. But she conceded that the amount was "orders of magnitude above" the $1.6 million that the ESD reported losing to fraudsters in April. LeVine said state and law enforcement officials were working to recover as much of the money as possible, though she declined to say how much had been returned so far. She also said the ESD had taken "a number of steps" to prevent new fraudulent claims from being filed or paid but would not specify the steps, to avoid alerting criminals. "We do have definitive proof that the countermeasures we have put in place are working," LeVine said. "We have successfully prevented hundreds of millions of additional dollars from going out to these criminals and prevented thousands of fraudulent claims from being filed." Thursday's disclosure, which came after state officials had largely refused to discuss the scale of the fraud, helped explain the unusual surge in the number of new jobless claims filed last week in Washington. For the week ending May 16, the ESD received 138,733 initial claims for unemployment insurance, a 26.8% increase over the prior week and one of the biggest weekly surges since the coronavirus crisis began. That sharp increase came as the number of initial jobless claims nationwide fell 9.2%, to 2.4 million, according to data released earlier in the day by the Labor Department. Indeed, the surge in claims made Washington the state with the highest percentage of its civilian labor force filing unemployment claims -- at 30.8%, according to an analysis by the Tax Foundation, a nonpartisan Washington, D.C., think tank. Nevada, the next-highest state, reported claims from 24.5% of its civilian workforce. Thursday's disclosures also raised new questions about what, if anything, the ESD could have done to detect and prevent the fraudulent activity. Last week, the U.S. Secret Service issued an alert warning that Washington was the "primary state targeted" by a "well-organized Nigerian fraud ring exploiting the COVID-19 crisis to commit large-scale fraud against state unemployment insurance programs." The alert, which said there was "also evidence of attacks in North Carolina, Massachusetts, Rhode Island, Oklahoma, Wyoming and Florida," noted "potential losses in the hundreds of millions of dollars." Among the criminal groups implicated in the fraud is a Nigerian organization known as Scattered Canary, according to a report released this week by Agari, a California-based cybersecurity firm that has tracked the African organization's activities. The group has been running scams for more than a decade, working to steal Social Security payments, student aid and disaster relief funds, among other targets, the report said. The group likely used personal information about Washingtonians from previous consumer-data breaches to slam Washington's unemployment system with phony claims, which were paid out along with hundreds of thousands of legitimate ones. "These crime rings are indiscriminate and very quick to jump on an opportunity," said Armen Najarian, chief identity officer for Agari, in an interview. "It is clear this is not just a Washington state problem," said a statement from Gov. Jay Inslee's office Thursday. "This is a national and international criminal conspiracy. We were among the first states hit by these fraudsters but we will not be the last." ESD officials have argued that fraudsters targeted Washington because it was among the first states to begin paying new benefits available under the $2.2 trillion federal stimulus bill. The legislation not only boosted benefits available under existing state unemployment insurance systems, including an extra $600 per week; it also gave state officials less time to verify new claims for those benefits. ESD officials have acknowledged that, because of the elimination of the so-called waiting week between the time a claim is filed and the time the benefit is paid, the agency wasn't always able to get verification from employers about a claim before payment was made. Furthermore, because federal benefits were technically available beginning in March, several weeks before Washington was able to upgrade its processing system to be able to pay them, many claimants had retroactive claims for multiple weeks waiting to be paid in the ESD's system. Those retroactive payments went out all at once, which added to the volume of the fraud. At the federal level, the fraud is being investigated by the inspectors general of the Social Security Administration and the Department of Labor; the Secret Service; the FBI; and the U.S. attorney's office in Seattle, which is coordinating the effort. In a statement Thursday, U.S. Attorney Brian Moran said federal officials worked with a "diligent financial institution" to "prevent $120 million from being distributed to criminals, and were "assisting in recovering millions of additional dollars, with assistance from scores of other banks and credit unions." Thursday's disclosures come as Washington was struggling to process an unprecedented wave of legitimate jobless claims amid one of the worst economic crises in U.S. history. On Wednesday, the state's monthly employment report for April showed Washington with a seasonally adjusted unemployment rate of 15.4%, up from 5.1% in March. The national unemployment rate for April stood at 14.7%, seasonally adjusted. The massive number of new claims had already led to delays in benefits being paid to tens of thousands of workers, who have periodically overwhelmed the ESD's telephone lines and website with inquiries. On Thursday, LeVine acknowledged that, because of the fraud, some additional delays in benefit payments to legitimate claimants are likely as the ESD subjects all claims to more scrutiny. "This makes me the most angry, and the most upset -- that we need to delay payments to Washingtonians who need the benefits," LeVine said. "But we need to also build in more time for analysis. So going forward, we want to set expectations that we will add an additional one to two days to our processing time." That delay, which follows a decision last Thursday to temporarily suspend benefit payments for two days, will mean more hardship for people like Thomas Segers of Seattle. The 61-year-old independent contractor, who provided packaging services to retailers, began receiving preliminary unemployment benefits in April, pending verification that he had lost his job. Segers said he submitted the necessary paperwork by mail in time for the deadline to prove his employment status. However, he was notified this week that his submission was not processed on time, so his claim was denied. Now, he's trying to figure out how to appeal that decision, but can't reach anyone at the state for guidance. He called the ESD more than 225 times on Thursday morning alone, but never got through. "I'm sure I'm speaking for a lot of people who have questions, that it's frustrating that nobody is answering," Segers said. "They're inaccessible at the one time, in my viewpoint, they most need to be accessible." ------------------------------ Date: Fri, 22 May 2020 10:58:05 -1000 From: the keyboard of geoff goodfellow <ge...@iconia.com> Subject: Satellites and spacecraft malfunction as Earth's magnetic field mysteriously weakens (Sky) *Scientists are finding that the weakening is causing technical problems for satellites, and seems to be growing in its effects* Earth's magnetic field, which is vital to protecting life on our planet from solar radiation, is mysteriously weakening. On average the planet's magnetic field has lost almost 10% of its strength over the last two centuries, but there is a large localised region of weakness stretching from Africa to South America. Known as the South Atlantic Anomaly, the field strength in this area has rapidly shrunk over the past 50 years just as the area itself has grown and moved westward. Over the past five years a second centre of minimum intensity has developed southwest of Africa, which researchers believe indicates the anomaly could split into two separate cells. The anomaly is causing technical difficulties for satellites orbiting the Earth. [...] https://news.sky.com/story/earths-magnetic-field-which-protects-us-from-solar-radiation-is-mysteriously-weakening-11992022 ------------------------------ Date: Fri, 22 May 2020 17:30:06 -0400 From: Monty Solomon <mo...@roscom.com> Subject: Microsoft: Beware this massive phishing campaign using malicious Excel macros to hack PCs (ZDNet) https://www.zdnet.com/article/microsoft-beware-this-massive-phishing-campaign-using-malicious-excel-macros-to-hack-pcs/ ------------------------------ Date: Fri, 22 May 2020 10:59:05 -1000 From: the keyboard of geoff goodfellow <ge...@iconia.com> Subject: Ransomware deploys virtual machines to hide itself from antivirus software (ZDNet) *The operators of the RagnarLocker ransomware are running Oracle VirtualBox to hide their presence on infected computers inside a Windows XP virtual machine.* The operators of the RagnarLocker ransomware are installing the VirtualBox app and running virtual machines on computers they infect in order to run their ransomware in a "safe" environment, outside the reach of local antivirus software. This latest trick has been spotted and detailed today by UK cyber-security firm Sophos and shows the creativity and great lengths some ransomware gangs will go to avoid detection while attacking a victim. *WHAT'S RAGNARLOCKER?* Avoiding detection is crucial because RagnarLocker is not your typical ransomware gang. They're a group that carefully selects targets, avoiding home consumers, and goes after corporate networks and government organizations only. Sophos says the group has targeted victims in the past by abusing Internet-exposed RDP endpoints and has compromised MSP (managed service provider) tools to breach companies and gain access to their internal networks. On these networks, the RagnarLocker group deploys a version of their ransomware -- customized per each victim -- and then demands an astronomical decryption fee in the tune of tens and hundreds of thousands of US dollars. Because each of these carefully planned intrusions represents a chance to earn large amounts of money, the RagnarLocker group has put a primer on stealth and has recently come up with a novel trick to avoid detection by antivirus software. *THE VIRTUAL MACHINE TRICK* [...] https://www.zdnet.com/article/ransomware-deploys-virtual-machines-to-hide-itself-from-antivirus-software/ ------------------------------ Date: Thu, 21 May 2020 14:26:55 -0400 From: Gabe Goldberg <g...@gabegold.com> Subject: Students are failing AP tests because the College Board can't handle iPhone photos (The Verge) How to deal with HEIC images proves to be the hardest question of all https://www.theverge.com/2020/5/20/21262302/ap-test-fail-iphone-photos-glitch-email-college-board-jpeg-heic ...some Android devices too. ------------------------------ Date: Thu, 21 May 2020 00:05:56 -0400 From: Gabe Goldberg <g...@gabegold.com> Subject: How Do Astronauts Escape When a Space Launch Goes Wrong? (WiReD) SpaceX is preparing for the first crewed launch of its Crew Dragon capsule. Engineers have spent years planning for what happens if things go awry. https://www.wired.com/story/how-do-astronauts-escape-when-a-space-launch-goes-wrong/ ------------------------------ Date: May 21, 2020 22:48:18 JST From: Dewayne Hendricks <dewa...@warpspeed.com> Subject: How a Chinese AI Giant Made Chatting -- and Surveillance -- Easy (WiReD) [Note: This item comes from friend Desire Banse. DLH] How a Chinese AI Giant Made Chatting -- and Surveillance -- Easy Alexa can tell you the weather. Siri knows a few jokes. In China, voice-computing company iFlytek built similar smart assistants beloved by users. But its tech is also helping the government listen in. By Mara Hvistendahl May 18 2020 https://www.wired.com/story/iflytek-china-ai-giant-voice-chatting-surveillance/ In 1937, the year that George Orwell was shot in the neck while fighting fascists in Spain, Julian Chen was born in Shanghai. His parents, a music teacher and a chemist, enrolled him in a school run by Christian missionaries, and like Orwell he became fascinated by language. He studied English, Russian, and Mandarin while speaking Shanghainese at home. Later he took on French, German, and Japanese. In 1949, the year Mao Zedong came to power and Orwell published 1984, learning languages became dangerous in China. In the purges of the late 1950s, intellectuals were denounced, sent to labor camps, and even executed. Chen, who by then was a student at prestigious Peking University, was banished to a Beijing glass factory. Chen's job was to cart wagons full of coal and ash to and from the factory's furnace. He kept his mind nimble by listening to his coworkers speak. At night, in the workers' dormitory, he compiled a sort of linguistic ethnography for the Beijing dialect. He finished the book around 1960. Soon after, Communist Party apparatchiks confiscated it. His fortunes improved after Mao's death, when party leaders realized that China's economy needed intellectuals in order to develop. Chen went back to school, and in 1979, at the age of 42, his test scores earned him a spot in the first group of graduate students to go abroad in decades. He moved to the US and earned a PhD in physics at Columbia University. At the time, America offered more opportunity than China, and like many of his peers, Chen stayed after graduation, getting a job with IBM working on physical science research. IBM had developed some of the world's first speech recognition software, which allowed professionals to haltingly dictate messages without touching a keyboard, and in 1994 the company started looking for someone to adapt it to Mandarin. It wasn't Chen's area, but he eagerly volunteered. Right away, Chen realized that in China speech recognition software could offer far more than a dictation tool for office workers; he believed it stood to completely transform communication in his native tongue. As a written language in the computer age, Chinese had long posed a unique challenge: There was no obvious way to input its 50,000-plus characters on a QWERTY keyboard. By the 1980s, as the first personal computers arrived in China, programmers had come up with several workarounds. The most common method used pinyin, the system of romanized spelling for Mandarin that Chinese students learn in school. Using this approach, to write cat you would type `m-a-o', then choose from a drop-down menu that also included characters meaning `trade' and `hat', and the surname of Mao Zedong. Because Mandarin has so many homophones, typing became an inefficient exercise in word selection. To build his dictation engine, Chen broke Mandarin down into its smallest elements, called phonemes. Then he recruited 54 Chinese speakers living in New York and recorded them reading articles from People's Daily. IBM's research lab in Beijing added samples from an additional 300 speakers. In October 1996, after he had tested the system, Chen flew to China to display the resulting software, called ViaVoice, at a speech technology conference. In a packed room festooned with gaudy wallpaper, Chen read aloud from that day's newspaper. In front of him, with a brief delay, his words appeared on a large screen. After he finished, he looked around to see people staring at him, mouths agape. A researcher raised her hand and said she wanted to give it go. He handed over the microphone, and a murmur ran through the crowd. ViaVoice understood her too. ViaVoice debuted in China in 1997 with a box that read, ``The computer understands Mandarin! With your hands free, your thoughts will come alive.'' That same year, President Jiang Zemin sat for a demonstration. Soon PC makers across China -- including IBM's rivals -- were preinstalling the software on their devices. The era of freely conversing with a computer was still a long way off, and ViaVoice had its limitations, but the software eased the headache of text entry in Chinese, and it caught on among China's professional class. ``It was the only game in town,'' Chen recalls. But for some scholars who had stayed in China, it stung that a researcher working for an American company had been the one to make a first step toward conquering the Chinese language. China, they felt, needed to match what Chen had done. Among those motivated by IBM's triumph was Liu Qingfeng, a 26-year-old PhD student in a speech recognition lab at the prestigious University of Science and Technology of China, in Hefei. In 1999, while still at USTC, Liu started a voice computing company called iFlytek. The goal, it seemed, was not just to compete with IBM and other foreign firms but to create products that would recoup Chinese pride. Early on, Liu and his colleagues worked out of the USTC campus. Later they moved elsewhere in Hefei. It was a second-tier city -- USTC had been relocated there during the Cultural Revolution -- but staying in Hefei meant iFlytek was close to the university's intellectual talent.=20 When Liu explained his business concept to Kai-Fu Lee, then the head of Microsoft Research Asia, Lee warned that it would be impossible to catch up with American speech recognition giants. In the US, the industry was led by several formidable companies in addition to IBM and Microsoft, including BellSouth, Dragon, and Nuance Communications, which had recently spun off from the nonprofit research lab SRI International. These companies were locked in a slog to overcome the limitations of early-2000s computing and build a voice-computer interface that didn't exasperate users, but they were far ahead of Chinese competitors. Liu didn't listen to Lee's warnings. Even if voice-interface technology was a crowded, unglamorous niche, Liu's ambition gave it a towering moral urgency. ``Voice is the foundation of culture and the symbol of a nation,'' he later said, recounting iFlytek's origin story. ``Many people thought that they'' -- meaning foreign companies -- ``had us by the throat.'' When some members of his team suggested that the company diversify by getting into real estate, Liu was resolute: Anyone who didn't believe in voice computing could leave. Nuance was building a healthy business helping corporate clients begin to automate their call centers, replacing human switchboard operators with voice-activated phone menus (``To make a payment, say `payment' ''). iFlytek got off the ground by doing the same sort of work for the telecommunications company Huawei. iFlytek went public in 2008 and launched a major consumer product, the app iFlytek Input, in 2010. That same year, Apple's iPhone began to carry Siri, which had been developed by SRI International and acquired by Apple. But while Siri was a ``personal assistant'' -- a talking digital concierge that could answer questions -- iFlytek Input was far more focused. It allowed people to dictate text anywhere on their phones: in an email, in a web search, or on WeChat, the super app that dominates both work and play in China. Like any technology trained on interactions with human speech, Input was imprecise in the beginning. ``With the first version of that product, the user experience was not that good,'' said Jun Du, a scientist at USTC who oversaw technical development of the app. But as data from actual users' interactions with the app began to pour in, Input's accuracy at speech-to-text transcription improved dramatically. As it happened, Siri and Input were relatively early arrivals in a coming onslaught of mature voice-interface technologies. First came Microsoft's Cortana, then Amazon's Alexa, and then Google Assistant. But while iFlytek launched its first generation of virtual assistant, Yudian, in 2012, the company was soon training much of its AI firepower on a different challenge: providing real-time translation to help users understand speakers of other dialects and languages. Later versions of Input allowed people to translate their face-to-face conversations and get closed captioning of phone calls in 23 Chinese dialects and four foreign languages. When combined with China's large population, the emphasis on translation has allowed the company to collect massive amounts of data. Americans might tap Alexa or Google Assistant for specific requests, but in China people often use Input to navigate entire conversations. iFlytek Input's data privacy agreement allows it to collect and use personal information for ``national security and national defense security,'' without users' consent. ``In the West, there are user privacy problems,'' Du says. ``But in China, we sign some contract with the users, and we can use their data.'' Voice data can be leaky in China. The broker Data Tang, for example, describes specific data sets on its website, including one that includes nearly 100,000 speech samples from 3- to 5-year-old children. In 2017, MIT Technology Review named iFlytek to its list of the world's 50 smartest companies, and the Chinese government gave it a coveted spot on its hand-picked national ``AI team.'' The other companies selected that year were platform giants Baidu, Alibaba, and Tencent. Soon after, iFlytek signed a five-year cooperation agreement with MIT's Computer Science and Artificial Intelligence Laboratory (CSAIL), a leading AI lab. The company's translation technology is used by the Spanish football club RCD Espanyol, and it signed an exclusive deal to provide automated translation for the 2022 Beijing Winter Olympics. As of mid-April, iFlytek was valued on the Shenzhen Stock Exchange at $10.8 billion, and it claims to have 70 percent of the Chinese voice market, with 700 million end users. Nuance was valued at $5.3 billion during the same time. In China, the company's other major competitors in voice computing are mainly platforms like Alibaba and Baidu. Two decades after Julian Chen intuited that voice computing would revolutionize how people interact with computers in China, its impact there is indeed dramatic. Every day, WeChat users send around 6 billion voice texts, casual spoken messages that are more intimate and immediate than the typical voicemail, according to 2017 figures. Because WeChat caps the messages at one minute, people often dash them off in one long string. iFlytek makes a tablet that automatically transcribes business meetings, a digital recorder that generates instantaneous transcripts, and a voice assistant that is installed in cars across the country. ------------------------------ Date: Wed, 20 May 2020 23:48:40 -0400 From: Gabe Goldberg <g...@gabegold.com> Subject: 90-Day Security Plan Progress Report: May 20 (Zoom Blog) https://blog.zoom.us/wordpress/2020/05/20/90-day-security-plan-progress-report-may-20/ ------------------------------ Date: Thu, 21 May 2020 14:12:10 -1000 From: the keyboard of geoff goodfellow <ge...@iconia.com> Subject: How the CDC is misreporting COVID-19 testing data (The Atlantic) *The government's disease-fighting agency is conflating viral and antibody tests, compromising a few crucial metrics that governors depend on to reopen their economies. Pennsylvania, Georgia, Texas, and other states are doing the same.* The Centers for Disease Control and Prevention is conflating the results of two different types of coronavirus tests, distorting several important metrics and providing the country with an inaccurate picture of the state of the pandemic. We've learned that the CDC is making, at best, a debilitating mistake: combining test results that diagnose current coronavirus infections with test results that measure whether someone has ever had the virus. The upshot is that the government's disease-fighting agency is overstating the country's ability to test people who are sick with COVID-19. The agency confirmed to *The Atlantic* on Wednesday that it is mixing the results of viral and antibody tests, even though the two tests reveal different information and are used for different reasons. This is not merely a technical error. States have set quantitative guidelines for reopening their economies based on these flawed data points. Several states -- including Pennsylvania, the site of one of the country's largest outbreaks, as well as Texas, Georgia, and Vermont -- are blending the data in the same way. Virginia likewise mixed viral and antibody test results until last week, but it reversed course and the governor apologized for the practice after it was covered by the *Richmond Times-Dispatch* <https://www.richmond.com/special-report/coronavirus/virginia-misses-key-marks-on-virus-testing-as-leaders-eye-reopening/article_021e12c6-6d20-5030-9068-4caaeda495f7.html> and *The Atlantic* <https://www.theatlantic.com/health/archive/2020/05/covid-19-tests-combine-virginia/611620/>. Maine similarly separated its data on Wednesday; Vermont authorities claimed they didn't even know <https://twitter.com/EPetenko/status/1263138001879797762?s=3D20> they were doing this. The widespread use of the practice means that it remains difficult to know exactly how much the country's ability to test people who are actively sick with COVID-19 has improved. [...] https://www.theatlantic.com/health/archive/2020/05/cdc-and-states-are-misreporting-covid-19-test-data-pennsylvania-georgia-texas/611935/ ------------------------------ Date: Fri, 22 May 2020 10:44:12 -0500 From: dmaziuk <dmitri.maz...@gmail.com> Subject: Re: COVID codebase [RISKS-31.84] In 2005 "Neil Ferguson, a professor of mathematical biology at Imperial College London, told Guardian Unlimited that up to 200 million people could be killed" by the bird flu: https://www.theguardian.com/world/2005/sep/30/birdflu.jamessturcke 450 died: https://www.who.int/influenza/human_animal_interface/H5N1_cumulative_table_archives/en/ Four years later, "In 2009, one of Ferguson's models predicted 65,000 people could die from the Swine Flu outbreak in the UK â the final figure was below 500." https://www.businessinsider.com/neil-ferguson-transformed-uk-covid-response-oxford-challenge-imperial-model-2020-4 And apparently during the 2001 Foot and Mouth outbreak "Ferguson warned the government that 150,000 people could die. Six million animals were slaughtered as a precaution, costing the country billions in farming revenue. In the end, 200 people died." -- ibid Whether the code is a steaming Pile Of Software is immaterial, really (after 20 years dealing with "academic software" I'm pretty sure it is), when it has a proven track record of being wrong. ------------------------------ Date: Fri, 22 May 2020 11:16:55 -0500 From: Arthur Flatau <flat...@acm.org> Subject: Re: The ultimate Turing test (Henry Baker, RISKS-31.84) I am currently hiring someone who I have only talked to on the phone, she starts in a few weeks. She has previously worked at my company and with most of the people she will be working with, so she is not an unknown quantity. I know of someone else being hired here, who not only has not had an in person interview, but has not even been to the state where she will be working. The situation with working in the office is changing rapidly, but it is likely that both people will initially be solely working from home and will almost certainly work from home quite a bit, even when the offices open. I doubt that Zoom virtual backgrounds, real-time animations help much with an interview. A candidate still must answer the interview questions on whatever subject well enough to be consider good enough to hire. A Zoom animation is unlikely to be helpful for this in the vast majority of situations. Although working at home would make it a bit easier to have 2 or more full-time jobs, I doubt this would work, for at least the type of jobs I have had. I doubt Zoom makes it any significantly easier to pull off this fraud. Although the current work at home situation for most people would make it easier. ------------------------------ Date: Wed, 20 May 2020 23:54:58 -0400 From: Gabe Goldberg <g...@gabegold.com> Subject: Re: Teen Hacker and Crew of Evil Geniuses Accused of $24 Million Crypto Theft (Bloomberg) (Bloomberg) -- A 15-year-old hacker and his crew of *evil computer geniuses* stole nearly $24 million in cryptocurrency from an adviser to blockchain companies, according to a lawsuit filed in New York. Michael Terpin claims his phone was hacked and his money stolen in 2018 by a ring led by Westchester County, New York, teen Ellis Pinksy as part of a `sophisticated cybercrime spree'. Terpin, the founder and chief executive officer of blockchain advisory firm Transform Group, is suing Pinsky, now 18, for $71 million under a federal racketeering law that allows for triple damages. https://www.bloombergquint.com/technology/teen-hacker-and-evil-geniuses-accused-of-24-million-theft ...stolen from an adviser to blockchain companies. Who says there's no such thing as bad publicity? ------------------------------ Date: Wed, 20 May 2020 23:24:04 -0600 From: "Keith Medcalf" <kmedc...@dessus.com> Subject: Re: The FBI Just Unlocked an iPhone Without Apple's Help (Lifewire) Is this not as it should be? When the government gets a "search warrant" to search someones safe, do they (can they) compel the safe manufacturer to open the safe, or do they hire their own "safecracker" to open it? ------------------------------ Date: Fri, 22 May 2020 12:00:18 +0800 From: Dan Jacobson <jida...@jidanni.org> Subject: Re: AI gets the attention, but biotechnology is poised to change the world (Axios) gg> <https://link.axios.com/click/20337583.60839/aHR0cHM6... Wow, 300 byte links. Using base64 --decode reveals what they are... ------------------------------ Date: Mon, 14 Jan 2019 11:11:11 -0800 From: risks-requ...@csl.sri.com Subject: Abridged info on RISKS (comp.risks) The ACM RISKS Forum is a MODERATED digest. Its Usenet manifestation is comp.risks, the feed for which is donated by panix.com as of June 2011. => SUBSCRIPTIONS: The mailman Web interface can be used directly to subscribe and unsubscribe: http://mls.csl.sri.com/mailman/listinfo/risks => SUBMISSIONS: to risks@CSL.sri.com with meaningful SUBJECT: line that includes the string `notsp'. Otherwise your message may not be read. *** This attention-string has never changed, but might if spammers use it. => SPAM challenge-responses will not be honored. Instead, use an alternative address from which you never send mail where the address becomes public! => The complete INFO file (submissions, default disclaimers, archive sites, copyright policy, etc.) is online. <http://www.CSL.sri.com/risksinfo.html> *** Contributors are assumed to have read the full info file for guidelines! => OFFICIAL ARCHIVES: http://www.risks.org takes you to Lindsay Marshall's searchable html archive at newcastle: http://catless.ncl.ac.uk/Risks/VL.IS --> VoLume, ISsue. Also, ftp://ftp.sri.com/risks for the current volume or ftp://ftp.sri.com/VL/risks-VL.IS for previous VoLume If none of those work for you, the most recent issue is always at http://www.csl.sri.com/users/risko/risks.txt, and index at /risks-31.00 Lindsay has also added to the Newcastle catless site a palmtop version of the most recent RISKS issue and a WAP version that works for many but not all telephones: http://catless.ncl.ac.uk/w/r ALTERNATIVE ARCHIVES: http://seclists.org/risks/ (only since mid-2001) *** NOTE: If a cited URL fails, we do not try to update them. Try browsing on the keywords in the subject line or cited article leads. Apologies for what Office365 and SafeLinks may have done to URLs. ==> Special Offer to Join ACM for readers of the ACM RISKS Forum: <http://www.acm.org/joinacm1> ------------------------------ End of RISKS-FORUM Digest 31.85 ************************
