RISKS-LIST: Risks-Forum Digest Wednesday 16 October 2013 Volume 27 : Issue 54 ACM FORUM ON RISKS TO THE PUBLIC IN COMPUTERS AND RELATED SYSTEMS (comp.risks) Peter G. Neumann, moderator, chmn ACM Committee on Computers and Public Policy ***** See last item for further information, disclaimers, caveats, etc. ***** This issue is archived at <http://www.risks.org> as <http://catless.ncl.ac.uk/Risks/27.54.html> The current issue can be found at <http://www.csl.sri.com/users/risko/risks.txt> Contents: Adi Shamir Prevented from Attending Crypto and Cryptology Conferences (PGN) An App That Saved 10,000 Lives (Amy O'Leary via Monty Solomon)

From the Start, Signs of Trouble at Health Portal (Pear et al. via Monty Solomon) Deloitte IT projects plagued with troubles around the country (Woolhouse and Healy via Monty Solomon) Online Application Woes Make Students Anxious and Put Colleges Behind Schedule (Lauren Weinstein) Deutsche Telekom hopes to hide German Internet traffic from spies (Lauren Weinstein) "We can't let the Internet become Balkanized" (Sascha Meinrath via NNSquad) "Risk considerations: Tracking services monitor your every move" (Steve Ragan via Gene Wirchenko) Abridged info on RISKS (comp.risks)

---------------------------------------------------------------------- Date: Wed, 16 Oct 2013 9:43:36 PDT From: "Peter G. Neumann" <neumann@csl.sri.com> Subject: Adi Shamir Prevented from Attending Crypto and Cryptology Conferences Adi Shamir applied for a J1 visa at the beginning of June 2013, two and one-half months early, so that he could attend the annual Crypto Conference in Santa Barbara in mid-August (which he has almost always attend for the past 32 years) and a subsequent NSA-affiliated History of Cryptography Conference -- at which he was to present his paper, The Cryptology of John Nash from a Modern Perspective. As the S in RSA, and one of the most important cryptographers in the world, it would seem to be a no-brainer that he should be present for both conferences. However, he was unable to attend either, because the U.S. took exactly *four* months to send him his new visa. In his apology <http://www.fas.org/sgp/news/2013/10/shamir.html> (dated 15 Oct 2013) for not being able to attend the History of Cryptography conference, Adi notes that "I am not alone, and many foreign scientists are now facing the same situation." Because of the delay, his paper was removed from the program for the History conference. Even though his visa has now arrived long after Crypto 2013, he was reinvited to give the talk at the Cryptology History conference, it is apparently no longer possible due to other commitments. This could be some sort of egregious combination of incredible arrogance, ignorance, stupidity, personal vendetta, diplomatic blunder, and misguided attitude to International scientific collaboration, or possibly just attributable to a serious miscarriage of innate bureaucracy. In any case, the injustice is really sad, because four months for the simple nth renewal of a visa seems outrageous. Indeed, public-key cryptography might not even be with us today if Adi had not been involved with Ron Rivest and Leonard Adleman so long ago. [PGN's personal opinion] ------------------------------ Date: Mon, 14 Oct 2013 10:11:16 -0400 From: Monty Solomon <monty@roscom.com> Subject: An App That Saved 10,000 Lives (Amy O'Leary) [Note: RISKS always solicits success stories, particularly those that result from foresight, long-term planning, intelligent software development and software engineering practices, and so on. Here's one. Unfortunately, the norm seems to be that we generally run items on actual cases were the risks are either exacerbated or evidently present, as more or less dominated by the rest of this issue -- because they are predominant. PGN] [Source: Amy O'Leary, *The New York Times*, 5 Oct 2013] While most start-ups feverishly track figures like the total number of users, Ron Gutman, the founder and chief executive of the health information start-up, HealthTap, is more interested in a different data point. This week, the start-up heard from its 10,000th user who said the site saved her life. "My local doctor brushed me off and told me it was anxiety without doing any tests at all," wrote one woman who turned to HealthTap after seeing her doctor. After spending two hours on HealthTap, she was told by a doctor who contributes to the site that her condition sounded like a blocked artery. She soon saw a cardiology specialist who later inserted a coronary stent. Since its founding in 2012, the site has logged nearly a billion questions and answers, from simple queries about headaches or the flu, to more complicated ones, like whether mechlorethamine is a cancer medication. Questions are then routed to a physician who is both an expert in that particular field of medicine, and who is determined by an algorithm to be likely to respond fast, Mr. Gutman said. None of that would be possible without the participation of nearly 50,000 doctors who contribute their advice free. (Every page on the site has a disclaimer saying that the site "does not provide medical advice, diagnosis or treatment.") ... http://bits.blogs.nytimes.com/2013/10/05/how-to-save-10000-lives-with-an-app... ------------------------------ Date: Sun, 13 Oct 2013 23:16:39 -0400 From: Monty Solomon <monty@roscom.com> Subject: From the Start, Signs of Trouble at Health Portal (Pear et al.) Robert Pear, Sharon LaFraniere and Ian Austen. *The New York Times*, dated 12 Oct 2013, published 13 Oct 2013 WASHINGTON - In March, Henry Chao, the chief digital architect for the Obama administration's new online insurance marketplace, told industry executives that he was deeply worried about the Web site's debut. "Let's just make sure it's not a third-world experience," he told them. Two weeks after the rollout, few would say his hopes were realized. For the past 12 days, a system costing more than $400 million and billed as a one-stop click-and-go hub for citizens seeking health insurance has thwarted the efforts of millions to simply log in. The growing national outcry has deeply embarrassed the White House, which has refused to say how many people have enrolled through the federal exchange. Even some supporters of the Affordable Care Act worry that the flaws in the system, if not quickly fixed, could threaten the fiscal health of the insurance initiative, which depends on throngs of customers to spread the risk and keep prices low. ... http://www.nytimes.com/2013/10/13/us/politics/from-the-start-signs-of-troubl... ------------------------------ Date: Mon, 14 Oct 2013 10:01:01 -0400 From: Monty Solomon <monty@roscom.com> Subject: Deloitte IT projects plagued with troubles around the country (Woolhouse and Healy) 6 Oct 2013 http://www.boston.com/business/technology/2013/10/06/deloitte-projects-plagu... Mass. IT project is latest black eye for Deloitte By Megan Woolhouse and Beth Healy | GLOBE STAFF 07 Oct 2013 http://www.bostonglobe.com/business/2013/10/06/deloitte-projects-plagued-wit... State senate committee to hold hearing on troubled Deloitte unemployment system contract October 3, 2013 http://www.boston.com/business/2013/10/03/state-senate-committee-hold-hearin... A thousand defects: DOR fired Deloitte in August October 3, 2013 http://www.boston.com/news/local/massachusetts/2013/10/04/thousand-defects-d... $54m later, state fired computer contractor By Megan Woolhouse and Beth Healy | GLOBE STAFF 04 Oct 2013 http://www.bostonglobe.com/business/2013/10/03/thousand-defects-dor-fired-de... Massachusetts, California jobless benefit claim woes both tied to Deloitte Consulting of New York 24 Sep 2013 http://www.boston.com/business/news/2013/09/24/troubled-calif-unemployment-c... Mass., Calif. benefit claim woes tied to same firm By Megan Woolhouse | GLOBE STAFF 25 Sep 2013 http://www.bostonglobe.com/business/2013/09/24/troubled-calif-unemployment-c... Flawed contract for jobless claim system cost state millions By Beth Healy and Megan Woolhouse | GLOBE STAFF 19 Sep 2013 http://www.bostonglobe.com/business/2013/09/18/flawed-contract-leads-flawed-... ------------------------------ Date: Sun, 13 Oct 2013 09:43:32 -0700 From: Lauren Weinstein <lauren@vortex.com> Subject: Online Application Woes Make Students Anxious and Put Colleges Behind Schedule With early admission deadlines looming for hundreds of thousands of students, the new version of the online Common Application shared by more than 500 colleges and universities has been plagued by numerous malfunctions, alarming students and parents and putting admissions offices weeks behind schedule "It's been a nightmare," Jason C. Locke, associate vice provost for enrollment at Cornell University. "I've been a supporter of the Common App, but in this case, they've really fallen down." http://j.mp/1bPUA3f (*The New York Times* via NNSquad) So, like, this is rocket science to do correctly at these volumes of transactions for relatively straightforward applications? Uh, no. ------------------------------ Date: Sun, 13 Oct 2013 11:43:27 -0700 From: Lauren Weinstein <lauren@vortex.com> Subject: Deutsche Telekom hopes to hide German Internet traffic from spies "One of Deutsche Telekom's competitors, Internet service provider QSC, had questioned the feasibility of its plan to shield Internet traffic, saying it was not possible to determine clearly whether data was being routed nationally or internationally, WirtschaftsWoche magazine reported." http://j.mp/1ajC10H (Reuters via NNSquad) What they really mean is foreign spies. Their own vast surveillance apparatus of course would have full access. No matter, it's basically impractical, as noted. ------------------------------ Date: Mon, 14 Oct 2013 08:28:54 -0700 From: Lauren Weinstein <lauren@vortex.com> Subject: "We can't let the Internet become Balkanized" (Sascha Meinrath) http://j.mp/1elH7hh (Slate via NNSquad) "Traditionally, that debate has featured America in the role as champion of a free and open Internet, one that guarantees the right of all people to freely express themselves. Arguing against that ideal: repressive regimes that have sought to limit connectivity and access to information. The NSA's actions have shifted that debate, alienating key Internet-freedom allies and emboldening some of the most repressive regimes on the planet. Think of it as an emerging coalition between countries that object to how the United States is going about upholding its avowed principles for a free Internet, and countries that have objected to those avowed principles all along." - - - It is my personal belief that much of the breathless foreign government hyperbole against the US relating to surveillance has little do with actual surveillance (after all, many of these countries have their own major surveillance systems, sometimes focused specifically inward to further political repression and censorship) and everything to do with pushing the abhorrent UN/ITU agenda (or similar agendas) for Internet control that would codify censorship and heavy-handed government directed dictates over Internet content and associated retribution against Internet users. China's and Russia's longstanding duplicity in these respects relating to Internet governance and censorship is particularly noteworthy. ------------------------------ Date: Mon, 14 Oct 2013 13:16:24 -0700 From: Gene Wirchenko <genew@telus.net> Subject: "Risk considerations: Tracking services monitor your every move" (Steve Ragan) Steve Ragan, CSO Online, 14 Oct 2013 Tracking services offer no real value to the business, but they exist on networks both large and small, and administrators are often unaware of their presence http://www.csoonline.com/article/741140/risk-considerations-tracking-service... ------------------------------ Date: Sun, 7 Oct 2012 20:20:16 -0900 From: RISKS-request@csl.sri.com Subject: Abridged info on RISKS (comp.risks) The ACM RISKS Forum is a MODERATED digest. Its Usenet manifestation is comp.risks, the feed for which is donated by panix.com as of June 2011. => SUBSCRIPTIONS: PLEASE read RISKS as a newsgroup (comp.risks or equivalent) if possible and convenient for you. The mailman Web interface can be used directly to subscribe and unsubscribe: http://lists.csl.sri.com/mailman/listinfo/risks Alternatively, to subscribe or unsubscribe via e-mail to mailman your FROM: address, send a message to risks-request@csl.sri.com containing only the one-word text subscribe or unsubscribe. You may also specify a different receiving address: subscribe address= ... . You may short-circuit that process by sending directly to either risks-subscribe@csl.sri.com or risks-unsubscribe@csl.sri.com depending on which action is to be taken. Subscription and unsubscription requests require that you reply to a confirmation message sent to the subscribing mail address. Instructions are included in the confirmation message. Each issue of RISKS that you receive contains information on how to post, unsubscribe, etc. => The complete INFO file (submissions, default disclaimers, archive sites, copyright policy, etc.) is online. <http://www.CSL.sri.com/risksinfo.html> *** Contributors are assumed to have read the full info file for guidelines. => .UK users may contact <Lindsay.Marshall@newcastle.ac.uk>. => SPAM challenge-responses will not be honored. Instead, use an alternative address from which you NEVER send mail! => SUBMISSIONS: to risks@CSL.sri.com with meaningful SUBJECT: line. *** NOTE: Including the string "notsp" at the beginning or end of the subject *** line will be very helpful in separating real contributions from spam. *** This attention-string may change, so watch this space now and then. => ARCHIVES: ftp://ftp.sri.com/risks for current volume or ftp://ftp.sri.com/VL/risks for previous VoLume http://www.risks.org takes you to Lindsay Marshall's searchable archive at newcastle: http://catless.ncl.ac.uk/Risks/VL.IS.html gets you VoLume, ISsue. Lindsay has also added to the Newcastle catless site a palmtop version of the most recent RISKS issue and a WAP version that works for many but not all telephones: http://catless.ncl.ac.uk/w/r <http://the.wiretapped.net/security/info/textfiles/risks-digest/> . ==> PGN's comprehensive historical Illustrative Risks summary of one liners: <http://www.csl.sri.com/illustrative.html> for browsing, <http://www.csl.sri.com/illustrative.pdf> or .ps for printing is no longer maintained up-to-date except for recent election problems. *** NOTE: If a cited URL fails, we do not try to update them. Try browsing on the keywords in the subject line or cited article leads. ==> Special Offer to Join ACM for readers of the ACM RISKS Forum: <http://www.acm.org/joinacm1> ------------------------------ End of RISKS-FORUM Digest 27.54 ************************