Attacker Causes Epileptic Seizure over the Internet

This isn't a first, but I think it will be the first conviction:

The GIF set off a highly unusual court battle that is expected to equip those in similar circumstances with a new tool for battling threatening trolls and cyberbullies. On Monday, the man who sent Eichenwald the moving image, John Rayne Rivello, was set to appear in a Dallas County district court. A last-minute rescheduling delayed the proceeding until Jan. 31, but Rivello is still expected to plead guilty to aggravated assault. And he may be the first of many.

The Epilepsy Foundation announced on Monday it lodged a sweeping slate of criminal complaints against a legion of copycats who targeted people with epilepsy and sent them an onslaught of strobe GIFs -- a frightening phenomenon that unfolded in a short period of time during the organization's marking of National Epilepsy Awareness Month in November.

[...]

Rivello's supporters -- among them, neo-Nazis and white nationalists, including Richard Spencer -- have also argued that the issue is about freedom of speech. But in an amicus brief to the criminal case, the First Amendment Clinic at Duke University School of Law argued Rivello's actions were not constitutionally protected.

"A brawler who tattoos a message onto his knuckles does not throw every punch with the weight of First Amendment protection behind him," the brief stated. "Conduct like this does not constitute speech, nor should it. A deliberate attempt to cause physical injury to someone does not come close to the expression which the First Amendment is designed to protect."

Another article.

EDITED TO ADD(12/19): More articles.

EDITED TO ADD (1/14): There was a similar case in Germany in 2012 -- that attacker was convicted.

Posted on December 18, 2019 at 5:34 AM • 55 Comments

Comments

Petre Peter December 18, 2019 7:38 AM

Videogames can trigger seizures even in people who were not diagnosed with epilepsy.
Videogames are software and around the 90s they started putting epilepsy warnings on the products even though arcade machines never had the warning. Should all software products include an epilepsy warning? Should the warning be only for people who suffer from epilepsy or for everyone?

QnJ1Y2UDecember 18, 2019 7:58 AM

@Petre Peter
Your questions belong in a different article; here, there is significant evidence that the attack was deliberate.

MeDecember 18, 2019 8:20 AM

@Petre Peter

Indeed, there is a significant difference between creating a GIF that happens to cause a death and taking a GIF known to cause death and intentionally sending it to those that it would harm.

It is the difference between accidentally making a stairway with improper spacing (which will cause people to trip), and taking that stairway and putting it in the path of someone that had a concussion recently (where another bump on the head could be fatal). One is an accident, the other is a targeted booby trap.

David LeppikDecember 18, 2019 9:34 AM

@Petere Peter

These warnings do exist for TV shows that contain flashing, strobing effects. For example, Season 3 of Stranger Things has such a warning. People with photosensitive epilepsy can mitigate the effects by not being too close to the screen and by watching in a bright room. A seizure is more likely when the person is tired or intoxicated.

Also, the flashing lights on emergency vehicles in the US are calibrated to not induce a seizure, even when several of them are lined up.

None of this eliminates the risk of an animated GIF or JavaScript animation which is specifically targeted at an individual known to have photosensitive epilepsy.

uh, MikeDecember 18, 2019 11:30 AM

"He would have died, he has said, if his wife hadn't walked into the study and found him."
I wonder about the journalism quality here. Epileptic seizures are not deadly.
I wonder if this person even said what was attributed to him.

nycmanDecember 18, 2019 11:38 AM

Waiting for them to go after traffic light cameras that produce multiple bright flashes. I wonder if they have caused an accident.

Petre Peter December 18, 2019 11:55 AM

I don't think there was a warning before he clicked play. Should Twitter have algos that detect this type of attack? The guy almost died and I am scared that epilepsy may be the lung disease of data miners. Even though he mentioned that he was suffering from epilepsy before the attack, stimulus overload can lead to a seizure even in patients who were not diagnosed with epilepsy. However, until software workers can unionize, we will work on voice interfaces and forget the whole thing ever happened.

JMCDecember 18, 2019 11:58 AM

I wonder if there's any evidence other than the victim's own testimony that Eichenwald really suffered a seizure. Rivello is guilty of assault either way, but Eichenwald's story didn't seem at all credible at the time.

MarkHDecember 18, 2019 12:03 PM

@uh, Mike ...

... who seems to be umm, making a false claim as though it were fact.

In an average day, about 8 Americans die from the internal effects of epileptic seizures. This does NOT include deaths from drowning, falling and hitting ones head, losing control of a vehicle etc. These are deaths consequent to the seizure itself.

I don't know -- and perhaps, noone does -- the duration of Eichenwald's seizure. If it was (or could have been, had his wife not come in) 5 minutes or more, or if he went into seizure multiple times (conceivable, if he remained in his seat with his face toward the screen), then he was (or, without intervention from his wife might have been) in status epilepticus. That condition is associated with approximately 20% mortality during the following 30 days.

FACTS MATTER

MarkHDecember 18, 2019 12:15 PM

@JMC:

Credible, to whom?

As for testimony, the victim's wife can surely testify to his seizure.

Further, he received emergency medical treatment at the time of the incident, and suffered impairments of significant duration in the aftermath. My layperson understanding is that a seizure can be medically diagnosed by examination after it's over. Probably the medical records will be sufficient to establish what happened.

Rivello is "expected to plead guilty," perhaps in part because he has been wisely advised that he would likely be convicted at trial.

AlexDecember 18, 2019 1:28 PM

@MarkH

Many people are encouraged to plead guilty rather than face a trial because of the potential consequences. Take a plea, little to no time, and especially *no felony* so it won't follow you for the rest of your life.

The legal system is messed up that way. This one af many ways that can and do distort the outcome. Pleas should only be allowed to change the punishment, but the degree of offense should be the same to discourage plea-bargaining in cases like this. If the prosecutors believe there isn't enough evidence to go for a felony they should go to trial for the lesser crime; if they think there is, they should be able to negotiate a plea without resorting to this sort of bribe/blackmail tactics.

This post takes no position on the case in the article, just explains why any time a guilty plea is entered in should take it with a grain of salt.

Electron 007December 18, 2019 2:36 PM

They're lawyers, not physicians.

They're in a court of law that exists solely for the punishment of accused criminals, not a hospital, where there might, at least in theory, be some motivation or opportunity for the learned and educated to heal rather than harm their patients, even though ancient ideals of "doing no harm" to patients are long outdated in this day and age of socialized medicine with its primary emphasis on involuntary mental health care for the safety and well-being of the subject's family and community.

When they talk about "seizures" they are using a veiled figure of speech to refer to the common practice and established precedent of arbitrary "searches and seizures" by officers of the law since the requirements of warrant and probable cause have been deemed superfluous and no longer applicable in this day and age when public safety concerns vastly outweigh any consideration of privacy that may be afforded to criminals or mentally ill suspects.

Clive RobinsonDecember 18, 2019 3:14 PM

@ ALL,

Whilst it's very probably correct to assume this was an attack with deliberate intent, @anon does bring up a valid point about evidence.

Whilst it's very clear that some flashing images can cause issues, there is a very large overlap between what is definitely known to cause them and those that are definitely known not to.

In effect as others have noted this has a large grey area which is going to become problematical.

Especially when you consider hoe many software, web and even film makers breach disibility legislation designed to protect those who might be susceptable.

It would probably be easier to blaim media and playback makers liable.

The current view in the industry is blaim the victim for the industries failings.

Whilst I find what was done reprehensible, it only happened because the makers failed to follow required legislation to protect vulnerable people.

In fact with a history of the likes of popular Email and similar media readers set by default to open attachments and images a fairly good case could be made against the major players in the market for the very least culpable negligence.

WaelDecember 18, 2019 3:43 PM

This isn't a first, but I think it will be the first conviction:

This's beyond malicious; it's pure evil. I'd like to see the convicts lobotomized.

@Clive Robinson,

there is a very large overlap between what is definitely known to cause them and those that are definitely known not to.

It's been known for quite some time how to trigger.

AntistoneDecember 18, 2019 3:55 PM

I think the obvious analogy here is allergies. It's not generally illegal to serve food containing peanuts, but if you KNOW a specific person has a peanut allergy and you deliberately hide peanuts in their food, that's pretty clearly going to be intentional poisoning and maybe attempted murder.

Animations that are dangerous only to epileptics are less familiar but don't seem materially different than peanuts for these purposes.

.

@Clive: "Whilst it's very clear that some flashing images can cause issues, there is a very large overlap between what is definitely known to cause them and those that are definitely known not to."

That issue might be relevant if you were charged with negligence or recklessness, but if the allegation is deliberate attack, then this seems kind of like pointing out that your gun jammed and therefore no bullets were fired. If you were attempting to shoot someone, the the ineffectiveness of your weapon is not a defense.

JMCDecember 18, 2019 4:05 PM

@MarkH

I hadn't seen any news reports that said he'd sought emergency medical treatment. If there are medical records, that's convincing.

Before he was attacked, Eichenwald was engaged in some fairly abusive trolling of his political opponents (both left and right) on Twitter, so when I saw reports of this back in 2016, I'd assumed his story was just more trolling. It now looks like an unfortunate "boy who cried wolf" thing. No matter how Eichenwald had been acting, it didn't justify Rivello's attack.

Security SamDecember 18, 2019 4:27 PM

I believe it is yesterday's news
That a Hertz rate of twenty-eight
Will trigger an epileptic seizure
When the subject looks straight.

RickDecember 18, 2019 5:31 PM

I don't know on this one. It was clearly set to cause damage, that much is undisputed. However, i'm not sure I want them to be able to prosecute people for a flashing image. The reason being that it's difficult in some instances to prove that was the intent. This is very much a slippery slope thing to me. I have a sister that is epileptic (thankfully not photo sensitive), and I completely understand how serious it is. I just am not sure that this should amount to much. It's one of those things where people need to have some more accountability for their own issues too. If you know that you could (as he states) "die" from some random photo on the internet, maybe that isn't the place for you. It's like people that have potentially fatal food allergies. A restaurant can certainly try to keep their food safe for you; but you need to know that it could still be an issue. In my case, if I eat something I shouldn't, I get digestive issues. I can deal with that, so the trade-off isn't a big deal. When the trade off involves death though? And you know it? Maybe you don't eat that food right?

Clive RobinsonDecember 18, 2019 6:47 PM

@ Rick,

When the trade off involves death though? And you know it? Maybe you don't eat that food right?

Or you carry an epipen, because you know that cross contamination can occur.

For instance a person who has eaten a food that contains penut oil will have it on their hands as well as their face and lips, due to the use of a napkin. For some people being touched by that person may be enough to cause a reaction... It's why some people do not fly because it was found that passangers eating complementry penuts would leave resedue on the arm rests and these would not always be cleaned befor a new passanger got to sit in the seat...

But lets take a step back in your scenario of,

A restaurant can certainly try to keep their food safe for you; but you need to know that it could still be an issue.

Your point about the restaurant trying to keep their product safe, is the point I was making about those who make image files, and the display systems, that put the dangerous images up infront of the users face. Those makers unlike the restaurant in your scenario don't make any effort at all to keep their products safe.

If they did, and there are laws that they should, then this incident could not have happened.

Thus these makers are just as guilty as a bar owner that keeps giving alcohol to a person at the bar with their car keys in front of them.

It's a "point of delivery" issue

The restaurant does not bring allergens to the customer. The bar owner stops bringing alcohol to the driver.

So why should the makers of computers be alowed to deliver life threatening images to a user? Especially when the user gets no warning in some Email and Web browser programs...

Hence my view point that the makers are culpable, especially when they are not doing something disability legislation actually requires them to do...

I'm in no way excusing what the alleged troll did, if they did it, then it was the equivalent of squirting an allergen directly into someones face. But the attack was only possible by the negligence of the makers, who have not just a duty of care but an actual legal obligation they have flouted. But worse in some cases their apps effectively "pull the trigger" as well...

Arguably the graphics software that sits atop the kernel could recognize from the image file that the files would generate harmfull flashing. Thus they could simply not display the file but issue a warning message and ask the user if they wish to proceed.

Electron 007December 18, 2019 11:32 PM

@ Security Sam, Rick

set to cause damage, that much is undisputed. However, i'm not sure I want them to be able to prosecute people for a flashing image.

It's a bit like poking pins in a voodoo doll or hanging an effigy.

The intent (mens rea) to cause harm may be there, but the proof beyond a reasonable doubt of the actus reus to cause the alleged grand mal epileptic seizures is lacking.

Computer user interfaces need to have appropriate accessiblity features for users who may be hearing or vision impaired or have limited use of hands or similar disabilities.

One such feature must, obviously, be the ability to filter out or disable annoying animated GIFs.

Either adblocker technology or the ability to simply turn them off should be a minimum accessibility requirement for the end user. Don't blame the creator of art. Blame the makers of the inaccessible and crippled user interface on the user's computer.

Own risk and all that. Caveat emptor, but don't limit my options because of others' actions.

Ergo SumDecember 19, 2019 6:47 AM

@Clive Robinson

So why should the makers of computers be alowed to deliver life threatening images to a user? Especially when the user gets no warning in some Email and Web browser programs...

It's not my favored thing to defend computer makers, but...

The default configuration of delivering images is based on the majority of the computer users, who want this feature. A small percentage of the end users with issues with certain images can change this default in email clients and for that matter with Twitter. The latter one by default does not display GIFs, the end user need to change that to display GIFs without warnings. In my brief tenure with Twitter, I never bothered changing this default and clicked on the warning, when I wanted to display the GIF.

Twitter also gives you notifications for tweets and/or replies to you. The notification do not display images, but you can read the comments in the tweets.

Most, if not all, security professionals have no issues with advising end users not to open emails/attachments from unknown sender. Not many of them pointing fingers at computer makers, even if they should, when the end users carelessly open emails/attachments and the system is exploited.

Knowing what can cause you harm, be that in the restaurant, on the computers and anywhere else, is half of the battle. Protecting you from the identified harm is the other half of the battle. Relying on others to do that for you with their best effort would be careless on your part.

By no means I am trying to excuse what the troll did. On the other hand, you have the responsibility for protecting yourself from the identified harm.

One question...

Would you be surprised to learn that this case has been a hoax, sometimes in the future? It's not like similar hoaxes had not taken place in the past...

MarkHDecember 19, 2019 8:36 AM

@Electron:

proof beyond a reasonable doubt of the actus reus to cause the alleged grand mal epileptic seizures is lacking

Ok, I'll bite. Kindly specify for us, one or more logical bases for reasonable doubt.

don't limit my options because of others' actions

It is typical that criminal laws limit the options of many non-offenders, because of others' actions. Criminal laws continue to exist in every country, in part because of a broad consensus that the cost of having them is less than the cost of not having them.

Civilization confers enormous benefits. It also imposes very substantial costs.
__________________________________

@Ergo Sum:

Would you be surprised to learn that this case has been a hoax, sometimes in the future? It's not like similar hoaxes had not taken place in the past...

Kindly cite an example of a "similar hoax"

Clive RobinsonDecember 19, 2019 11:29 AM

@ Ergo Sum,

Would you be surprised to learn that this case has been a hoax, sometimes in the future? It's not like similar hoaxes had not taken place in the past...

It rather depends on what you mean by "hoax". Lets put it this way Law Enforcment is supposed to gather evidence that would be sufficiently credible for a jury to accept.

Thus if the LEO's and prosecutors are being honest then there should be some substance to the story, unless of course vigilantes and hanging judges are back in fashion.

But you are not quite looking at things the way I would with,

Knowing what can cause you harm, be that in the restaurant, on the computers and anywhere else, is half of the battle. Protecting you from the identified harm is the other half of the battle. Relying on others to do that for you with their best effort would be careless on your part.

The first problem is you don't have to go into any particular restaurant if you don't wish to, and further there are quite a number of alternatives, so you can take precautions fairly easily. You generaly don't have that level --if any-- options with the Internet and Email.

Further Email is not often "7bit ASCII" these days, when I had email some years ago it was the rise of HTML Email with entire messages in image files that I said enough was enough and chucked personal email. The problem is the rest of the western world for some reason gets incensed when you bounce non text only Emails. More fool them if you think about it because their petty demands to send mainly worthless "pretty text" with flashing underlining and other nonsense could well be killing people...

As I've noted there is legislation that requires that disabilities are taken into account "as standard" which means the disabled person does not have to declare themselves to be disabled to the sender, the sender is legaly required to account for it.

Anything other than "7 bit ASCII" causes problems not just for people with epilepsy, but the partialy sighted and those also with associated disabilities. This is not a 1% of the population issue it effects something like 1/5th of the population...

The secondly whilst you can turn images and the like off it's a binary option "on or off". Worse back then some email agents actuall pre-loaded images and the like befor your prefrences, thus a great big fat security hole was there. As I see no reason to suffer the results of others poor security choices I stopped personal Email. But even when the security holes got some gaffering, I was still getting crap because some idiot and they abound in corporate marketing etc has decided that "corporate policy" is to have some kind of "unified stationary"...

There is no dealing with idiots like that especially when they are Government Agencies who you can not avoid (Tax agencies) not just corporates who you might have some limited avialability to avoid who just don't give a jot about their legal responsabilities, because "nobody has sued or prosecuted"...

Which thirdly brings up the point of "carelessness", how if you are practically speaking being forced by society into a dangerous position do you take any realistic measures to protect yourself?

I chose some years ago to opt-out of email, and I get treated with credulity by people who just don't think, nor want to think because "the form says"... Prior to that I had to put up with corpoate and government irates who did not want to do what the law required of them, because... Thus the second reason I gave up Email entirely as a point blank refusal at step 1 stops all kind of crap down the line with you being blaimed as "being difficult".

Email is at the end of the day, more a form of "social media" than a legal requirment such as paper, ink, envelopes and postage stamps. However some governments "to save costs" are now insisting that you use "electronic communications"...

But as people are finding out to their cost "social media is harmfull to your health".

JC DentonDecember 19, 2019 11:53 AM

Is nobody else going to mention that Eichenwald is an incredibly slimy journalist that does whatever he can to play the victim? The guy also either got caught watching incredibly weird and obscure tentacle hentai, or was showing it to his family.

This guy is such a vindictive blockhead and I don't buy that he was actually harmed for a second.

https://www.mediaite.com/online/twitter-explodes-after-kurt-eichenwald-allegedly-tweets-photo-that-shows-his-interest-in-anime-porn/

LaxadaisDecember 19, 2019 6:05 PM

"Your point about the restaurant trying to keep their product safe, is the point I was making about those who make image files, and the display systems, that put the dangerous images up infront of the users face. Those makers unlike the restaurant in your scenario don't make any effort at all to keep their products safe."

= making things up to feed a specious argument, pointless blamecasting without thought.

Turn off external content / javascript. It's an option, it's there. People disregard the option for their convenience and at their peril, which doesn't make the option disappear nor the product negligent simply because someone abused it maliciously.

In fact there's a lot of work that goes into making these more secure. The analogy is completely ridiculous, as if the makers of plastic food containers would somehow be responsible for a poisoning event because they didn't put physical locks on them to prevent tampering. How you choose to engage unknown content in your chosen browser is YOUR responsibility in the end.

The fact that the individual was targeted specifically with the epileptic image file with the words "You deserve a seizure!" is entirely obvious and not a "gray area" at all, as it is clearly malicious to even a casual observer. That they targeted someone publicly known to have the disability as opposed to broadly spamming it is another obvious point. Finally, the timing was right after the individual had made comments about Trump's criminality on television, and the attacker has quite a history online.

It's ridiculous to try to pretend this was anyone's fault except the attacker. Please figure that out anytime, blaming the highways for a highwayman's actions is insane.

Clive RobinsonDecember 19, 2019 7:15 PM

@ JC Denton,

Is nobody else going to mention that Eichenwald is an incredibly slimy journalist that does whatever he can to play the victim?

Whist I've no real knowledge about Kurt Eichenwald in general[1], I would not be in the slightest surprised what modern journalists get upto, in academia they have the expression "Publish or Perish" I suspect the same applies. But publish what?
Faux news is the rage in the MSM but it gets worse, with modern journalism tending beyond "yellow Journalism" to "Scarlet letter castigation" and darn right falshoods.

But as I pointed out to @Ergo Sum above, the police and prosecutors appear to think they have credible evidence. If that is the case or not we might never find out.

Hopefully if this turns out to be Kurt Eichenwald "over egging the pudding" or "making it up" he will get what some clearly think he should which in the UK we call a "P45" and if memory serves correctly in the US a "pink slip".

I guess we will have to wait and see...

[1] But I do know he was a pompous and arrogant almost imbicilic creature back in 2013, who had been sort out for the old "If you know what I know" sucker hook put out by various members of the IC who then play the "anonymous sources" game to use journalists as "usefull idiots" to slip near usless trivia and discreditory material into the MSM. For example tells you much,

https://gigaom.com/2013/06/18/when-journalists-attack-glenn-greenwald-takes-on-kurt-eichenwald-over-the-nsa-story/

Any one who had read this blog from about as far back as the archives go would have known that was the sort of thing the FiveEyes and friends were upto, as it had been said repeatedly here. Not only that some had shown that not only was "Collect it all" well within the laws of physics, it was well within the capabilities of what was little more than common industrial and consumer equipment that was also known as "COTS" technology. Not wishing to take anything away from Ed Snowden, his trove was not realy about revealing "capability" others had done that befor. What the trove was all about was actual proof that the capabilities were in use and in some respects against whom. Kurt Eichenwald if he had actually a brain to use constructively could have published what was publicly known, but no he chose to cosy up to the muts scraping and scrapping for the droppings from the table instead, then had his nose put out of joint.

Clive RobinsonDecember 19, 2019 7:37 PM

@ Laxadais,

blaming the highways for a highwayman's actions is insane.

Is a strawman argument.

If I was using highways as the base of an argument I would note that more accidents happen in certain types of weather which is the fault of the technology (fact) and that in many parts of the US you are effectively forced to use the roads, usually those where the technology is not the best and full of poorly implemented patches that can and have made further technology failures more probable.

At 30,000 highway related deaths a year in the US significantly higher than many other western nations per head of population, there has to be a significant failings with one or more of,

1, The highways,
2, The vehicles,
3, The drivers.

But in answer to your Highways and highwayman strawman you could not even get that right could you?

Even the acient Romans new it was the design of the highwwys that made attack more likely, that's why they made their highways as straight as possible, raised them up and cut back vegitation and trees well back from the highway edge...

That is they knew that by making the highway technology the right way footpads, robbers and even armies could not easily mount an attack.

Thus my focus much like the Romans is on reducing risk by ensuring the technology in use is fit for purpose.

Modern web browsers and Email clients flout legislation designed to ensure that people with disabilities are neither discriminated against or harmed. That is the makers of the technology are breaking the law and because they are discrimination and harm are happening to disabled people.

It's not a situation your strawman argument can excuse in any way shape or form.

So it would appear you either have not read the argument through or you are deliberately missing the point.

Might I ask if Upton Sinclairs observation applies?

ITDecember 22, 2019 1:05 PM

There is a graphic illustration in a movie plot of what this type of flashing noise may do - it is exaggerated for effect.

See - Steven King's "Maximum Overdrive" - first 45 minutes. In this case another minority is targeted. This movie is very old - just think of the advances that have been made since the actual (then current events) stories that inspired this science scene were published.

A movie that predicted (through horror) the future that self driving vehicles may sow on both the public and in the case of truck drivers -- on their very livelihood.

Do not think that this type of brain attack is not subtlety being tested across the internet in various countries and businesses.

It is very easy to target someone based on their browser use - especially those that prefer chrome.

tdsDecember 23, 2019 4:36 PM

@Wael

"This's beyond malicious; it's pure evil. I'd like to see the convicts lobotomized."

As someone who at least once saw person(s) having "grand mal" seizures, don't let person swallow their tongue, etc., at the dinner table or elsewhere, perhaps Dante might have designed a special place in hell for such creatures.

MarkHDecember 23, 2019 5:59 PM

@tds, Wael:

There's some discussion above concerning broad policy questions, whether anything composed of data/media should be criminal, etc.

From public descriptions of evidence:

1. Rivello sent the message knowing that it was capable of triggering a seizure.

2. Rivello apparently hoped that it would do so.

3. It caused significant harm.

4. There was an appreciable risk that the harm might have been much worse.

In these regards, it was comparable to throwing a heavy stone at a victim's head.

It's worth remembering that Rivello was apparently motivated by a desire to punish or silence lawful speech to which he objected.

It was an action of nauseating moral depravity. I see no reason why the reliance on electronic delivery should somehow shield the perpetrator from criminal sanction.

WaelDecember 24, 2019 7:20 AM

@tds, @MarkH,

Dante might have designed a special place in hell for such creatures.

Inferno at the highest setting.

I see no reason ...

Not do I. Intent and action to harm is sufficient to prosecute regardless of the method of delivery.

Clive RobinsonDecember 24, 2019 8:32 AM

@ Wael, tds, MarkH,

Intent and action to harm is sufficient to prosecute regardless of the method of delivery.

As unpleasant and malicious as this attack msy have been the prosecution will nodoubt go ahead and some verdict obtained.

But in reality it does not solve anything or more importantly stop others from carrying out the same attack.

Thus the method of delivery is actually the most important issue, and if it's not addressed then others will suffer, with the probability that they will take more care thus get away with it.

Look at it this way we generally do not sleep naked in the town square, not because we or other people are prudish, but because in a bed in a bedroom with doors, windows solid walls and locked doors not just makes us feal safer, it is safer.

Our current email and similar systems either offer us no protection (default) or a sustem so crippled it's not usable by a person who participates in modern society.

That is the systems are not fit for purpose when a person has one or more of a number of recognized disabilities.

As I've noted there is legislation about creating systems that do not alow disabled people to compeate equitably. Such legislation is effectively ignored by silicon valley because to this point in time there have been no real penalties.

This is a situation that is not tenable, and eventually somebody is going to be seriously harmed or die from it.

Thus the question arises,

    How many times does,this have to happen before the quite reasonable legislation gets properly enforced?

WaelDecember 24, 2019 9:05 AM

@Clive Robinson, @MarkH, @tds,

How many times does,this have to happen before the quite reasonable legislation gets properly enforced?

Right. Or: who does it need to happen to before ...

Clive RobinsonDecember 24, 2019 6:18 PM

@ Wael,

who does it need to happen to before ...

Yes... I think Barrack Obama, made that point when he pulled rrcordings of other politicians talking on the phone to people in ways they should perhaps not have.

Others have noticed a corelation between how far away from legislators something happens and how fast they react and act on thr issue.

The problem is of course whilst this givrs you an indicator of how close an action has to be to caude a reaction, it has little or no bearing on WHAT the reaction will be...

Currently it appears that legislators nolonger draft legislation, that is done by corporate lawyers and the like and they just bundle in as much as they can in a broad as possible scope... The result, many laws of the past decade or so are not "fit for purpose"...

Marja ErwinDecember 24, 2019 9:14 PM

"Also, the flashing lights on emergency vehicles in the US are calibrated to not induce a seizure, even when several of them are lined up."

I've had absence spells, hallucinations, falls, awful post-ictal migraines, and vomiting due to these, as well as a number of post-ictal migraines due to turn signals. Been hit by an suv and a car while crossing the street. Safety standards could first, be followed, and eventually, be improved so that safety signals wouldn't be such safety hazards.

tdsDecember 25, 2019 10:00 AM

@Clive Robinson, Wael, MarkH

"But in reality it [ a criminal conviction ] does not solve anything or more importantly stop others from carrying out the same attack."

Off the top of my head ("'OTTOMH'"), assuming a semi-ideal world, regarding computer strobe epileptic attacks:

1) Who would do the scanning (Govts, Corps, other)?

2) Scanning by Twitter, Email providers, etc., or while in transit, or other?

3) Unintended consequences of more 'deep' scanning, is scanning already deep enough (but most of us don't know that) and so on?

3b) Mission creep where such regulations or laws could go awry (block legitimate competition or block legitimate communication, for example) and how might that might be prevented?

Clive RobinsonDecember 25, 2019 6:20 PM

@ tds, MarkH, Wael,

1) Who would do the scanning (Govts, Corps, other)?

You have obviously not read what was written above.

The resposability legaly is with the manufacturers of the display technology, or more precisely the OS and display application companies.

The file format for flashing and similar animation is more than sufficiently apparent that the displaying of the file can be blocked and a warning message presented.

A problem is if the user "clicks through" the warning that can be stoped by having a "user configuration" setting that they have to first configure out of the safe mode. Alternatively and perhaps better the file can be shown one frame at a time and the user click through each frame at their own pace.

In most cases those generating files for marketing or other legitimate purposes will fairly quickly stop making files that fall in the grey or danger zones that cause people with disabilities harm (because they won't get displayed thus fail in their purpose).

Those who make such files for harm will discover that the file is likewise blocked, thus they will have to find other ways to cause harm if they wish to behave unlawfully towards people with disabilities. In most cases they won't try other methods for fairly obvious reasons.

As I've noted the legislation to make the designers and developers of such files and display hardware is already in place and has been for a considerable period of time.

Rather than comming up with excuses for the unlawful behaviour to continue unabated and disabled people suffer further harms including death, you might ask why after thirty years in some cases nobody has taken any steps to enforce the legislation for computer display systems?

But also ask as to why they have enforced such legislatio for nearly every other type of display technology?

You should also consider the fact that there realy is no ligitimate reason for such files and display technology to exist anyway. Society has not had the need for images that flash at those rates. As they are known to be harmfull there is no legitimately use case, thus no need has been built up for it on society.

RogerDecember 26, 2019 10:13 AM

A lot of myths about epilepsy here

The plaintiff's attorneys have been throwing out some pretty wild stuff here. I guess that's their job. But everyone else has been so excited about the unusual nature of the claims that they are just lapping it up. Some of it sounded wildly exaggerated to me -- I'm not epileptic myself, but have a friend who has been a sufferer for many years. So I did a little research:


  • Q: Do flashing lights trigger epileptic seizures? A: It is possible for this to occur, but contrary to popular myth it is extremely rare. You are actually more likely to trigger a seizure by keeping someone up late. Over 95% of epileptics have no susceptibility at all to flashing lights.

  • Q: How about flashing colors? A: No. Experiments have specifically found that it is light intensity that must vary; rapidly alternating colors at the same brightness very rarely or perhaps never has any effect. In susceptible people, a spatial pattern that varies greatly in brightness (e.g. shadows through a picket fence) can be the trigger as well as intensity flashing in time.

  • Q: Isn't there a specific frequency that causes it? A: Absolutely not. This is a myth. While a particular frequency can be a trigger for some specific individuals, among such people the key frequency varies greatly from person to person. Reported values for particular persons range over more than an order of magnitude. Further, most people have never been assessed for any specific frequency sensitivity so it is simply not known if they may have one.

  • Q: Can photosensitive epilepsy be triggered by an image on a computer screen? A: Normally, a photosensitive seizure requires nearly the entire visual field to be filled with a high intensity trigger. It is possible to trigger a seizure with small, low intensity images if there are other sensitizing factors present, such as fatigue, alcohol use, or working in dim light or darkness. (Working in excessively bright light can also be a factor if the trigger is causing pulses of shadow instead of light, e.g. shadows from a spinning fan.) Cases of photosensitive seizures caused by computers -- and there are many of them on record -- are mainly associated with playing games in darkened rooms for hours on end.

  • Q: Can an epileptic seizure cause death? A: Epilepsy is not just one disease. Rather it is several syndromes -- collections of symptoms -- associated with any of several dozen underlying disorders of the brain. Some of these conditions are indeed life threatening -- but it is not the seizures that are life-threatening. Rather, it is the underlying condition attacking the patient's brain that is the cause both of the seizures, and the increased risk of mortality. For slightly more than half of epilepsy patients, no underlying cause can be identified. This is actually sort-of good news! For these individuals, there is very little risk of mortality associated with the disease. There is some risk of falls, striking the head, or other accidents associated with a seizure, but otherwise it is just an unpleasant experience. (Very slightly unpleasant for the ~40% of seizures that are non-convulsive; extremely unpleasant for the ~60% of convulsive seizures.)

  • Q: Could a person be murdered by inducing an epileptic seizure? A: A susceptible person could certainly be murdered by inducing a seizure during a dangerous situation, such as driving. However patients with easily triggered seizures avoid such dangerous situations because they may be naturally triggered at any time. Inducing a seizure outside such a situation is not at all likely to kill anyone. A convulsive seizure can be extremely unpleasant but in itself it is not associated with an increased risk of death unless it is a symptom of an underlying serious condition. In that case, it is the underlying condition that causes death, and the seizures are a symptom; causing more seizures will not hasten death.

  • Q: Can an epileptic seizure cause paralysis years later? A: Well, I am not a doctor or an expert, but the answer appears to be "definitely not." Partial paralysis after a seizure is called Todd's paresis and is not usual but is also not particularly rare. However TP wears off quickly. Most cases resolve in under half an hour and often within a couple of minutes. The longest TP reported has been 48 hours. There appears to be no evidence that a seizure is able to produce paralysis lasting months or years. However seizures may be caused by brain tumors, and a brain tumor may separately cause paralysis as well as the seizures.

  • Q: Can status epilepticus be caused by inducing seizures? A: Yes -- and no. By definition, status epilepticus is the rapid recurrence of multiple seizures within a few minutes. (There is no "normal" frequency for seizures, but more than 1 convulsive seizure per month is a lot. Non-convulsive seizures can be much more frequent -- some children nd adolescents have several per day.) This is usually a symptom of severe brain trauma, and may indicate that the brain trauma is life-threatening. Hence rapid recurrence of seizures is treated as a medical emergency. Inducing multiple seizures would thus technically fall within the definition of status epilepticus. However it is now misleading, as it is no longer a symptom of a serious brain trauma. (There does not seem to be any evidence whether or not status epilepticus is dangerous when it is not caused by some otherwise hazardous condition such as brain trauma or drugs.)
  • MarkHDecember 26, 2019 11:44 AM

    @Roger:

    Some quibbles:

    1. Nowadays, some folks use large screens, with high luminance and contrast, as computer displays. Sitting close to such a screen in low ambient light might well produce conditions under which the screen's flashing could trigger a seizure in a susceptible person.

    2. The danger of falling is much greater than is probably supposed by most people who haven't looked into the matter. Falling is the second-ranked cause of accidental death worldwide. The head impact from even a low-height fall onto a hard surface can cause severe brain trauma. It's estimated that about 450 deaths per year in the U.S. are due to falling from a bed. A person in a convulsive seizure is obviously at a high risk of falling, and unable to make the reactions a responsive person would usually make to protect his or her cranium.

    3. Did you see any claim of paralysis? I have not. From news reports, Eichenwald experienced numbness for a couple of days, and difficulty forming speech for weeks after the attack.

    4. The definition of status epilepticus is rather more elastic than your comment suggests. According to the Epilepsy Foundation:

    Status epilepticus is when a seizure lasts longer than 5 minutes or when seizures occur close together and the person doesn't recover between seizures ... Convulsive status epilepticus requires emergency treatment by trained medical personnel in a hospital setting. It can be life-threatening.

    [I haven't seen any claim that Eichenwald's seizure was long in duration. I mentioned status epilepticus only to underscore that the claim of potential deadliness has more than one medical basis.]
    ________________________________________

    Regardless of one's assessment of these details, my previous analogy still stands: that of throwing a heavy stone at a victim's head.

    Is it sure to cause injury? Not at all ... in many real-world cases, the thrower's aim might be poor, or the victim might evade the missile.

    Is any injury guaranteed to be severe? By no means. Depending on how the stone hits, the result might be momentary pain, a little abrasion, some bruising, etc. The result might also be a severe brain injury -- perhaps with permanent effects -- but noone can say that it's the most likely result, or prove that the thrower was certain that it would be the outcome.

    Will the attack be fatal? Most of the time, not. In some minute percentage of cases, yes.

    Such an attack with a stone is typically prosecuted as aggravated assault. So is the crime with which Rivello is charged.

    Perfectly appropriate, based on the information I have seen.

    Electron 007December 26, 2019 1:50 PM

    @MarkH

    screen's flashing could trigger a seizure in a susceptible person.
    Status epilepticus is when a seizure lasts longer than 5 minutes or when seizures occur close together and the person doesn't recover between seizures ... Convulsive status epilepticus requires emergency treatment by trained medical personnel in a hospital setting. It can be life-threatening.

    Dude. Back off, dude. Just back off, dude. Away from the private property.

    1. The cops are busting in the door, throwing flash-bang grenades, and seizing property, because that's what seizure is all about when it comes to federal court.
    2. Now they've trumped up some cause or another for involuntary civil commitment.
    3. The defendant, having been served with a lawful diagnosis of epilepsy and court-ordered for anti-convulsive treatment and therapy, is no longer permitted to possess firearms.
    4. Which was the goal of the cops all along with their strange allegories and psychological transfer of the visual effects of flashing lights from the bar on top of the police car to the defendant's computer screen.

    We the people, contrary to common Democratic Party misconceptions, actually do have the right to keep and bear arms in the United States. We're making a last stand when they pull stupid tricks like this.

    TatütataDecember 27, 2019 11:02 AM

    In what respect would this case represent a "first conviction"? OK, you can dice pretty much anything to make it a "first"...

    There was a prior affair in Germany relating to an alleged remote infliction of injury by electronic means carrying "inappropriate" stimuli.

    Telemarketing calls are a plague, in Germany and a lot of other places. A common payback is to blow a whistle ("Trillerpfeife") in the handset.

    In 2012 the German media reported the criminal conviction of a 61-year old woman for bodily harm for having blown done just that. She didn't get any jail time, but now has a record, and had to pay an 800€ fine. See for example this discussion on a site belonging to an association of call-center operators. It states "whistle-attacks target the wrong people" (no sh*t Sherlock!) and mumble something about the "black sheep" in the profession.

    Back then, I was unsuccesful in finding the actual text of the court decision. It apparently wasn't appealed either. I was quite skeptical of the story, as a digital connection with G.711 8-bit µ-law (US) or A-law (ROW) PCM coding intrinsically limits the power that can be reproduced at the far end. An analog connection over a Strowger or crossbar exchange might possibly be another matter, but these were virtually extinct at the time. I would be surprised that a headset audio driver could deliver more than a few milliwatts. (Young idiots with Walkman/smartphones/MP3-players self-inflict much more harm).

    I just came across a paper in a German ENT (ear-nose-throat) medical journal, which also expresses much doubt about this case. According to the abstract/introduction, the decision was rendered by default, after the accused caved in. No medical, legal, or technical expert report was produced by the parties.

    The full paper also concludes from a purely audiometric standpoint to the impossibility of inflicting real damage at the levels involved, without even considering the nature of the PCM channel. It mentions that modern call-center equipment limit the audio level to 85dBA, but that even without such protective devices, a level of at most 118dBA can potentially be reproduced. While this level is very loud and unpleasant, it would still be under the damage threshold, and would have to be endured at most a few seconds before being cut-off in one way or another. The conditions alleged by the accuser couldn't have been provoked by the whistle. Furthermore, the medical record of the accuser was available to the writer, hearing tests from 1969 are even reproduced (!!!).

    MarkHDecember 27, 2019 12:24 PM

    @Tatütata:

    In what respect would this case represent a "first conviction"?

    Umm ... transmission of the assault via the public internet?

    Electron 007December 27, 2019 1:59 PM

    @MarkH • December 27, 2019 12:24 PM

    @Tatütata:
    In what respect would this case represent a "first conviction"?
    Umm ... transmission of the assault via the public internet?

    The end user's computer needs to have a simple way to disable gif animation and auto-play videos. It needs to be under control of the end user, and at the end user's risk.

    Cops should not be licking their chops for so much pork on the Sabbath Day.

    Cops should not be offering so much "help" on such and such an involuntary basis to former citizens who have been reduced to subjects, demoted to victims, disarmed, and deemed defenseless.

    Cops should not be fostering and cultivating so much dependency and learned helplessness among the subject populace of a nation that once could have enjoyed freedom and liberty.

    DonaldDecember 30, 2019 5:35 PM

    Given add blockers exist, and testing whether or not content is flashing is not a hard task,
    would there be an opportunity for flash blockers? One piece of software that stops any flashing on the screen.
    Flash Blockers

    Clive RobinsonDecember 30, 2019 7:39 PM

    @ Donald,

    ... would there be an opportunity for flash blockers?

    Simple answer is yes, the question is how big would the market be? I'm guessing atleast 10% of the number of users would a reasonable guess. More if it blocked a lot of adds.

    But as you note it should not be that difficult to do, which begs the question as to why it is not being done, especially as there is actually a legal requirment for such technology...

    Electron 007December 30, 2019 8:10 PM

    @ Donald, Clive Robinson

    opportunity for flash blockers?

    Simple answer is yes, the question is how big would the market be? I'm guessing atleast 10% of the number of users would a reasonable guess. More if it blocked a lot of adds.

    But as you note it should not be that difficult to do, which begs the question as to why it is not being done, especially as there is actually a legal requirment for such technology...

    addons.mozilla.org/en-US/firefox/addon/flash-blocker-strict/
    addons.mozilla.org/en-US/firefox/addon/noflash/
    chrome.google.com/webstore/detail/flash-block-plus/lhjanpmhcanjknkcfjiikkjdecjkmngn
    chrome.google.com/webstore/detail/flashcontrol/mfidmkgnfgnkihnjeklbekckimkipmoe

    news.ycombinator.com/item?id=8802986

    Flashblock is not needed on Chrome - go to settings/advanced/content settings/plugins and select "click to play". Now flash will not run automatically. But you can decide to click on something and allow it to play if you want. Works great - no plugin needed.

    blog.mozilla.org/security/2012/10/11/click-to-play-plugins-blocklist-style/

    You may have heard of click-to-play plugins (in short: don’t load plugins until they’re clicked). You may have also heard of the blocklist (essentially a list of addons and plugins that are disabled to prevent users coming to harm; this includes vulnerable and outdated versions of popular plugins). Now, appearing together for the first time in Firefox Beta, allow me to introduce click-to-play blocklisted plugins!

    The advertisers and their shills got too strong and too defensive. They have clearly outgunned us and outsmarted us on the Web by the time they are blogging about advanced anti-adblocker technology built into the browsers.

    Clive RobinsonDecember 30, 2019 9:15 PM

    @ Electron 007,

    The problem is the "Flash blockers" they are refering to as far as I can see[1], are for web browsers stop the "Adobe Flash" much depreciated multimedia software and it's MacroMedia and earlier instances (that I've not installed, removed or disabled this century likewise support for ActionScript / ECMAScript and javascript).

    What I'm thinking about is something that will stop all "flashing" in the known to be dangerous and wider frequency ranges irrespective of the native file format or language addition to an application or any application.

    There are actually laws to stop such flashing being presented to users and the display technology developers should therefore build it in to prevent all applications etc presenting such flashing.

    [1] I don't do "Google" as they insist on having javascript on these days and I realy don't do javascript etc where I can avoid doing so. Yes I might loose out on one or two good sites, but in the main I gain in all sorts of ways. Especially with sites on the other side of the world, where a four or five second page load becomes ten or more seconds with javascript on...

    LaxadaisJanuary 3, 2020 5:31 PM

    blaming the highways for a highwayman's actions is insane.

    "Is a strawman argument."

    Actually yes - and it was neatly your entire aforementioned thrust. Re-read what you posted initially. It's a strawman and a vague mongering, unrealistic blaming.

    Clive RobinsonJanuary 3, 2020 8:27 PM

    @ Laxadais,

    Actually yes

    Why has it taken you so long to admit so? What have you been doing for two weeks?

    As for your other claims, sorry no. Nothing vague about it, nor eas it mongering, the ability to perform exactly the same attack is still there in way to many display systems. As for unrealistic and blaiming, that's not the way various laws see it.

    But just a point to note, if a display system can display a file, it can also check via various methods if it is going to cause a flashing image and at what frequencies. That is a matter of fact as anyone with any knowledge in the domain can tell you.

    So it is realistically possible to do it.

    Which begs the question as to why you hold your position and offer no supporting evidence?

    Could it be you have none, or that you might even be shilling?

    If you think you have any evidence to support your position, it's upto you to present it, lest others decide in your silence what you are.

    Leave a comment

    Allowed HTML: <a href="URL"> • <em> <cite> <i> • <strong> <b> • <sub> <sup> • <ul> <ol> <li> • <blockquote> <pre>

    Sidebar photo of Bruce Schneier by Joe MacInnis.