RISKS-LIST: Risks-Forum Digest Wednesday 16 October 2013 Volume 27 : Issue 54
ACM FORUM ON RISKS TO THE PUBLIC IN COMPUTERS AND RELATED SYSTEMS (comp.risks)
Peter G. Neumann, moderator, chmn ACM Committee on Computers and Public Policy
***** See last item for further information, disclaimers, caveats, etc. *****
This issue is archived at http://www.risks.org as
http://catless.ncl.ac.uk/Risks/27.54.html
The current issue can be found at
http://www.csl.sri.com/users/risko/risks.txt
Contents:
Adi Shamir Prevented from Attending Crypto and Cryptology Conferences (PGN)
An App That Saved 10,000 Lives (Amy O'Leary via Monty Solomon)
From the Start, Signs of Trouble at Health Portal (Pear et al. via
Monty Solomon)
Deloitte IT projects plagued with troubles around the country
(Woolhouse and Healy via Monty Solomon)
Online Application Woes Make Students Anxious and Put Colleges Behind
Schedule (Lauren Weinstein)
Deutsche Telekom hopes to hide German Internet traffic from spies
(Lauren Weinstein)
"We can't let the Internet become Balkanized" (Sascha Meinrath via
NNSquad)
"Risk considerations: Tracking services monitor your every move"
(Steve Ragan via Gene Wirchenko)
Abridged info on RISKS (comp.risks)
----------------------------------------------------------------------
Date: Wed, 16 Oct 2013 9:43:36 PDT
From: "Peter G. Neumann"
Subject: Adi Shamir Prevented from Attending Crypto and Cryptology Conferences
Adi Shamir applied for a J1 visa at the beginning of June 2013, two and
one-half months early, so that he could attend the annual Crypto Conference
in Santa Barbara in mid-August (which he has almost always attend for the
past 32 years) and a subsequent NSA-affiliated History of Cryptography
Conference -- at which he was to present his paper, The Cryptology of John
Nash from a Modern Perspective. As the S in RSA, and one of the most
important cryptographers in the world, it would seem to be a no-brainer that
he should be present for both conferences. However, he was unable to attend
either, because the U.S. took exactly *four* months to send him his new
visa. In his apology http://www.fas.org/sgp/news/2013/10/shamir.html
(dated 15 Oct 2013) for not being able to attend the History of Cryptography
conference, Adi notes that "I am not alone, and many foreign scientists are
now facing the same situation."
Because of the delay, his paper was removed from the program for the History
conference. Even though his visa has now arrived long after Crypto 2013, he
was reinvited to give the talk at the Cryptology History conference, it is
apparently no longer possible due to other commitments.
This could be some sort of egregious combination of incredible arrogance,
ignorance, stupidity, personal vendetta, diplomatic blunder, and misguided
attitude to International scientific collaboration, or possibly just
attributable to a serious miscarriage of innate bureaucracy. In any case,
the injustice is really sad, because four months for the simple nth renewal
of a visa seems outrageous. Indeed, public-key cryptography might not even
be with us today if Adi had not been involved with Ron Rivest and Leonard
Adleman so long ago. [PGN's personal opinion]
------------------------------
Date: Mon, 14 Oct 2013 10:11:16 -0400
From: Monty Solomon
Subject: An App That Saved 10,000 Lives (Amy O'Leary)
[Note: RISKS always solicits success stories, particularly those that
result from foresight, long-term planning, intelligent software
development and software engineering practices, and so on. Here's one.
Unfortunately, the norm seems to be that we generally run items on actual
cases were the risks are either exacerbated or evidently present, as more
or less dominated by the rest of this issue -- because they are
predominant. PGN]
[Source: Amy O'Leary, *The New York Times*, 5 Oct 2013]
While most start-ups feverishly track figures like the total number of
users, Ron Gutman, the founder and chief executive of the health information
start-up, HealthTap, is more interested in a different data point.
This week, the start-up heard from its 10,000th user who said the site saved
her life.
"My local doctor brushed me off and told me it was anxiety without doing any
tests at all," wrote one woman who turned to HealthTap after seeing her
doctor. After spending two hours on HealthTap, she was told by a doctor who
contributes to the site that her condition sounded like a blocked artery.
She soon saw a cardiology specialist who later inserted a coronary stent.
Since its founding in 2012, the site has logged nearly a billion questions
and answers, from simple queries about headaches or the flu, to more
complicated ones, like whether mechlorethamine is a cancer medication.
Questions are then routed to a physician who is both an expert in that
particular field of medicine, and who is determined by an algorithm to be
likely to respond fast, Mr. Gutman said.
None of that would be possible without the participation of nearly 50,000
doctors who contribute their advice free. (Every page on the site has a
disclaimer saying that the site "does not provide medical advice, diagnosis
or treatment.") ...
http://bits.blogs.nytimes.com/2013/10/05/how-to-save-10000-lives-with-an-app...
------------------------------
Date: Sun, 13 Oct 2013 23:16:39 -0400
From: Monty Solomon
Subject: From the Start, Signs of Trouble at Health Portal (Pear et al.)
Robert Pear, Sharon LaFraniere and Ian Austen. *The New York Times*,
dated 12 Oct 2013, published 13 Oct 2013
WASHINGTON - In March, Henry Chao, the chief digital architect for the Obama
administration's new online insurance marketplace, told industry executives
that he was deeply worried about the Web site's debut. "Let's just make sure
it's not a third-world experience," he told them.
Two weeks after the rollout, few would say his hopes were realized.
For the past 12 days, a system costing more than $400 million and billed as
a one-stop click-and-go hub for citizens seeking health insurance has
thwarted the efforts of millions to simply log in. The growing national
outcry has deeply embarrassed the White House, which has refused to say how
many people have enrolled through the federal exchange.
Even some supporters of the Affordable Care Act worry that the flaws in the
system, if not quickly fixed, could threaten the fiscal health of the
insurance initiative, which depends on throngs of customers to spread the
risk and keep prices low. ...
http://www.nytimes.com/2013/10/13/us/politics/from-the-start-signs-of-troubl...
------------------------------
Date: Mon, 14 Oct 2013 10:01:01 -0400
From: Monty Solomon
Subject: Deloitte IT projects plagued with troubles around the country
(Woolhouse and Healy)
6 Oct 2013
http://www.boston.com/business/technology/2013/10/06/deloitte-projects-plagu...
Mass. IT project is latest black eye for Deloitte
By Megan Woolhouse and Beth Healy | GLOBE STAFF
07 Oct 2013
http://www.bostonglobe.com/business/2013/10/06/deloitte-projects-plagued-wit...
State senate committee to hold hearing on troubled Deloitte unemployment system contract
October 3, 2013
http://www.boston.com/business/2013/10/03/state-senate-committee-hold-hearin...
A thousand defects: DOR fired Deloitte in August
October 3, 2013
http://www.boston.com/news/local/massachusetts/2013/10/04/thousand-defects-d...
$54m later, state fired computer contractor
By Megan Woolhouse and Beth Healy | GLOBE STAFF
04 Oct 2013
http://www.bostonglobe.com/business/2013/10/03/thousand-defects-dor-fired-de...
Massachusetts, California jobless benefit claim woes both tied to Deloitte Consulting of New York
24 Sep 2013
http://www.boston.com/business/news/2013/09/24/troubled-calif-unemployment-c...
Mass., Calif. benefit claim woes tied to same firm
By Megan Woolhouse | GLOBE STAFF
25 Sep 2013
http://www.bostonglobe.com/business/2013/09/24/troubled-calif-unemployment-c...
Flawed contract for jobless claim system cost state millions
By Beth Healy and Megan Woolhouse | GLOBE STAFF
19 Sep 2013
http://www.bostonglobe.com/business/2013/09/18/flawed-contract-leads-flawed-...
------------------------------
Date: Sun, 13 Oct 2013 09:43:32 -0700
From: Lauren Weinstein
Subject: Online Application Woes Make Students Anxious and Put Colleges
Behind Schedule
With early admission deadlines looming for hundreds of thousands of
students, the new version of the online Common Application shared by more
than 500 colleges and universities has been plagued by numerous
malfunctions, alarming students and parents and putting admissions offices
weeks behind schedule "It's been a nightmare," Jason C. Locke, associate
vice provost for enrollment at Cornell University. "I've been a supporter
of the Common App, but in this case, they've really fallen down."
http://j.mp/1bPUA3f (*The New York Times* via NNSquad)
So, like, this is rocket science to do correctly at these volumes of
transactions for relatively straightforward applications? Uh, no.
------------------------------
Date: Sun, 13 Oct 2013 11:43:27 -0700
From: Lauren Weinstein
Subject: Deutsche Telekom hopes to hide German Internet traffic from spies
"One of Deutsche Telekom's competitors, Internet service provider QSC, had
questioned the feasibility of its plan to shield Internet traffic, saying
it was not possible to determine clearly whether data was being routed
nationally or internationally, WirtschaftsWoche magazine reported."
http://j.mp/1ajC10H (Reuters via NNSquad)
What they really mean is foreign spies. Their own vast surveillance
apparatus of course would have full access. No matter, it's basically
impractical, as noted.
------------------------------
Date: Mon, 14 Oct 2013 08:28:54 -0700
From: Lauren Weinstein
Subject: "We can't let the Internet become Balkanized" (Sascha Meinrath)
http://j.mp/1elH7hh (Slate via NNSquad)
"Traditionally, that debate has featured America in the role as champion
of a free and open Internet, one that guarantees the right of all people
to freely express themselves. Arguing against that ideal: repressive
regimes that have sought to limit connectivity and access to
information. The NSA's actions have shifted that debate, alienating key
Internet-freedom allies and emboldening some of the most repressive
regimes on the planet. Think of it as an emerging coalition between
countries that object to how the United States is going about upholding
its avowed principles for a free Internet, and countries that have
objected to those avowed principles all along."
- - -
It is my personal belief that much of the breathless foreign government
hyperbole against the US relating to surveillance has little do with actual
surveillance (after all, many of these countries have their own major
surveillance systems, sometimes focused specifically inward to further
political repression and censorship) and everything to do with pushing the
abhorrent UN/ITU agenda (or similar agendas) for Internet control that would
codify censorship and heavy-handed government directed dictates over
Internet content and associated retribution against Internet users. China's
and Russia's longstanding duplicity in these respects relating to Internet
governance and censorship is particularly noteworthy.
------------------------------
Date: Mon, 14 Oct 2013 13:16:24 -0700
From: Gene Wirchenko
Subject: "Risk considerations: Tracking services monitor your every move"
(Steve Ragan)
Steve Ragan, CSO Online, 14 Oct 2013
Tracking services offer no real value to the business, but they exist on
networks both large and small, and administrators are often unaware of their
presence
http://www.csoonline.com/article/741140/risk-considerations-tracking-service...
------------------------------
Date: Sun, 7 Oct 2012 20:20:16 -0900
From: RISKS-request@csl.sri.com
Subject: Abridged info on RISKS (comp.risks)
The ACM RISKS Forum is a MODERATED digest. Its Usenet manifestation is
comp.risks, the feed for which is donated by panix.com as of June 2011.
=> SUBSCRIPTIONS: PLEASE read RISKS as a newsgroup (comp.risks or equivalent)
if possible and convenient for you. The mailman Web interface can
be used directly to subscribe and unsubscribe:
http://lists.csl.sri.com/mailman/listinfo/risks
Alternatively, to subscribe or unsubscribe via e-mail to mailman
your FROM: address, send a message to
risks-request@csl.sri.com
containing only the one-word text subscribe or unsubscribe. You may
also specify a different receiving address: subscribe address= ... .
You may short-circuit that process by sending directly to either
risks-subscribe@csl.sri.com or risks-unsubscribe@csl.sri.com
depending on which action is to be taken.
Subscription and unsubscription requests require that you reply to a
confirmation message sent to the subscribing mail address. Instructions
are included in the confirmation message. Each issue of RISKS that you
receive contains information on how to post, unsubscribe, etc.
=> The complete INFO file (submissions, default disclaimers, archive sites,
copyright policy, etc.) is online.
http://www.CSL.sri.com/risksinfo.html
*** Contributors are assumed to have read the full info file for guidelines.
=> .UK users may contact .
=> SPAM challenge-responses will not be honored. Instead, use an alternative
address from which you NEVER send mail!
=> SUBMISSIONS: to risks@CSL.sri.com with meaningful SUBJECT: line.
*** NOTE: Including the string "notsp" at the beginning or end of the subject
*** line will be very helpful in separating real contributions from spam.
*** This attention-string may change, so watch this space now and then.
=> ARCHIVES: ftp://ftp.sri.com/risks for current volume
or ftp://ftp.sri.com/VL/risks for previous VoLume
http://www.risks.org takes you to Lindsay Marshall's searchable archive at
newcastle: http://catless.ncl.ac.uk/Risks/VL.IS.html gets you VoLume, ISsue.
Lindsay has also added to the Newcastle catless site a palmtop version
of the most recent RISKS issue and a WAP version that works for many but
not all telephones: http://catless.ncl.ac.uk/w/r
http://the.wiretapped.net/security/info/textfiles/risks-digest/ .
==> PGN's comprehensive historical Illustrative Risks summary of one liners:
http://www.csl.sri.com/illustrative.html for browsing,
http://www.csl.sri.com/illustrative.pdf or .ps for printing
is no longer maintained up-to-date except for recent election problems.
*** NOTE: If a cited URL fails, we do not try to update them. Try
browsing on the keywords in the subject line or cited article leads.
==> Special Offer to Join ACM for readers of the ACM RISKS Forum:
http://www.acm.org/joinacm1
------------------------------
End of RISKS-FORUM Digest 27.54
************************