RISKS Forummailing list archives
Risks Digest 34.58
From: RISKS List Owner <risko () csl sri com>
Date: Sat, 15 Mar 2025 14:00:33 PDT
RISKS-LIST: Risks-Forum Digest Saturday 15 Mar 2025 Volume 34 : Issue 58ACM FORUM ON RISKS TO THE PUBLIC IN COMPUTERS AND RELATED SYSTEMS (comp.risks)Peter G. Neumann, founder and still moderator***** See last item for further information, disclaimers, caveats, etc. *****This issue is archived at <http://www.risks.org> as <http://catless.ncl.ac.uk/Risks/34.58>The current issue can also be found at <http://www.csl.sri.com/users/risko/risks.txt> Contents:Two Planes, in Washington and Chicago, Abort Landings to Avoid Collisions (The New York Times)Badly designed user interface causes $81 trillion to be credited to a Citigroup client account (Financial Times)Espionage Groups Target Drone Technology Makers, Researchers Say (Bloomberg)The Worst 7 Years in Boeing's History -- and the Man Who Won't Stop Fighting for Answers (WiReD)As websites disappear, link rot threatens journalism (Poynter)Musk ... blocking grants, Johns Hopkins firing 2000 workers on major medical research and other projects around the world (Lauren Weinstein)Science journal Nature promotes AI chatbots for academic peer review (Pivot to AI)To Identify Suspect in Idaho Killings, FBI Used Restricted Consumer DNA Data (The New York Times)aMark Klein, AT&T technician who helped expose NSA spying, dies at 79 (The Washington Post)As AI Evolves, Do Codes Still Need to Code? (NYTimes)AI Reshapes the Coding Workforce (Isabelle Bosquette)What Happens When AI Joins Every Meeting? *NYMag)Two Texas Lottery Wins Prompt Investigations and Stir Public Outrage (The New York Times)Trump administration cuts $10M funding from CISA nonprofit Center for Internet Security (AP News)U.S. Chips Act Office Loses Two-Fifths of Staff (Mackenzie Hawkins)NASA Cuts (NY Times)U.S. Government Cuts Key Software Division Without Warning (Ellen Jennings-Trace)DOGE ousts security testers (The Register)DOGE Quietly Deletes the 5 Biggest Spending Cuts It Celebrated Last Week (Sundry Sources)Oracle rollout fiasco (Jim Geissman)Health NZ was using a single Excel spreadsheet to track $28 billion of public money; report outlines 'significant concerns' (Jim Geissman)DOGE will use AI to assess the responses from federal workers who were told to justify their jobs via email (NBC News)eSpeech-recognition fail (BBC)Apple's Dictation System Transcribes the Word `Racist' as `Trump' (The New York Times)AI search engines give incorrect answers at an alarming 60% rate, study says (ArsTechnica)It's a risky AI double header! (Gabe Goldberg)Agentic AI Issues (Meredith Whittaker)Signal no longer cooperating with Ukraine on Russian cyberthreats, official says (The Record from Recorded Future News)Did AI really defend the KKK at the end of his column? (LA Times)Germany May Refuse F-35 Purchase over Emergency Switch, Consider Eurofighter Instead (Defense Mirror)Tesla makes step toward robotaxi services in California. What to know (LA Times)When Your Last Name Is Null, Nothing Works (WSJ)XScreenSaver: Google Store Privacy Policy (Gene Goldberg)Creators Insist Coupon Browser Extensions Are Stealing Money. Will the Courts Agree? (WSJ)Abridged info on RISKS (comp.risks)----------------------------------------------------------------------Date: Tue, 25 Feb 2025 16:52:27 -0800From: "Jim" <jgeissman () socal rr com>Subject: Two Planes, in Washington and Chicago, Abort Landings to Avoid Collisions (NY Times, 25 Feb 2025)The near misses on [25 Feb] came after a string of aviation disasters,including the midair collision between an Army helicopter and a passengerjet last month that killed 67 people.Within the span of 90 minutes on Tuesday morning, two airplanes, atWashington's Ronald Reagan National Airport and at Chicago's MidwayInternational Airport, were forced to abort landings to avoid collisions,federal aviation officials said.American Airlines Flight 2246, arriving at National Airport from Boston wasmaking its final descent around 8:20 a.m. when it suddenly canceled itslanding, climbed toward the skies and accelerated away from the airport. Thelast-minute move allowed it to avoid colliding with another plane that wasready to take off from the same runway, the Federal Aviation Administrationsaid.The airplane's pilots were told to scrap the landing by an air trafficcontroller to "ensure separation was maintained between this aircraft and apreceding departure from the same runway," the F.A.A. said in a statement.Around 8:50 a.m. Central time, the pilots of Southwest Airlines Flight 2504,traveling from Omaha, canceled the plane's landing at Chicago Midway after"a business jet entered the runway without authorization," the F.A.A. saidin a statement.Tuesday morning's near misses continued a spotlight put on concerns raisedabout the safety of the nation's airspace following last month's deadlymidair crash outside National Airport. On Jan. 29, American Airlines Flight5342 and an Army Black Hawk helicopter collided above the Potomac River,killing all 67 people aboard both aircraft.Investigators have yet to determine the cause of the Jan. 29 crash.------------------------------Date: Fri, 28 Feb 2025 18:11:43 +0200From: Diomidis Spinellis <dds () aueb gr>Subject: Badly designed user interface causes $81 trillion to be credited to a Citigroup client account (Financial Times)According to a Friday 18th article in the Financial Times [1] a transfer of$280 dollars ended up as a $81 trillion transfer. The funds never left thebank, so the incident was classified as a near miss.The root cause was an input field in a rarely-used backup form that came uppre-populated with 15 zeros. Its users would have to delete them beforeentering the correct amount. In the reported case they failed to do so.[1]https://www.ft.com/content/9921925e-5a32-48cc-a3e3-3f77042477d2 [Amos Shapir also noted this item, and asked. How much interest can $81 trillion gather during this time?https://www.cnbc.com/2025/03/01/citigroup-mistakenly-credited-a-customer-account-with-81-trillion.html PGN]------------------------------Date: Mon, 24 Feb 2025 11:24:09 -0500 (EST)From: ACM TechNews <technews-editor () acm org>Subject: Espionage Groups Target Drone Technology Makers, Researchers Say (Bloomberg)Jordan Robertson and Michael Shepard, Bloomberg, 14 Feb 2025As drones are used in warfare, the risk of cyber spies gaining accessto sensitive data is on the rise. Resecurity Inc. researchers foundespionage groups have searched the dark web for stolen files fromdrone manufacturers with the goal of using it to hijack drones and spyon customers. Drone manufacturers and anti-drone technology vendorsreported hacks across Taiwan, North America, Europe, and the MiddleEast.------------------------------Date: Wed, 12 Mar 2025 20:17:59 -0400From: Gabe Goldberg <gabe () gabegold com>Subject: The Worst 7 Years in Boeing's History -- and the Man Who Won't Stop Fighting for Answers (WiReD)Fatal crashes. A door blowout. Grounded planes. Inside the citizen-led,obsessive campaign to hold Boeing accountable and prevent the next disaster.https://www.wired.com/story/boeing-whistleblower-737-max------------------------------Date: Sat, 15 Mar 2025 08:15:16 -0700From: Steve Bacher <sebmb1 () verizon net>Subject: As websites disappear, link rot threatens journalismAs websites disappear, link rot threatens journalism. One Stanford fellow isworking on a fix -- PoynterBrandon Tauszik, a fellow at The Starling Lab, is developing a low-cost wayfor journalists to preserve their work.(Long interview in Poynter)Like those of us who came of age with the internet, freelance multimediajournalist Brandon Tauszik viewed the web as permanent -- once something wason the Internet, it was always on the Internet.But now he's realized it could be gone tomorrow.“A publication could just go out of business and take down whatever contentthey want. Your writing is not permanent. Your photography is notpermanent. Anything you're putting online is short-lived and will probablyvanish.” Tauszik said. “If I were to pass away tomorrow and my credit cardsstopped, a lot of these projects of mine would just vanish, be gone for goodand never come back.”It's a situation many journalists are finding themselves in as mediawebsites shutter (like The Messenger), archives disappear in sales ormergers, or, like some of Tauszik's freelance projects, there's no long-termplan once a site's registration expires.Tauszik discovered one of his projects, Syria Street, had disappeared due tolink rot — the gradual decay of URLs and websites as they become broken,inaccessible or deleted over time. As a journalism fellow with the TheStarling Lab for Data Integrity at Stanford, Tauszik has spent his timecreating a way for other journalists to keep their work online longer, andat a lower cost — especially when many must foot the bill themselves — whileensuring their work is preserved in more resilient systems. [...]https://www.poynter.org/tech-tools/2025/how-to-preserve-save-websites-government-personal/ [The old motto is now truthiness: If it is not on the Internet, it never exisited. This will be particularly relevant to SCIENCE. aPGN]------------------------------Date: Thu, 13 Mar 2025 17:27:51 -0700From: Lauren Weinstein <lauren () vortex com>Subject: Musk ... blocking grants, Johns Hopkins firing 2000 workers on major medical research and other projects around the world------------------------------Date: Sun, 9 Mar 2025 03:17:43 -0400From: Gabe Goldberg <gabe () gabegold com>Subject: Science journal _Nature promotes AI chatbots for academic peer review (Pivot to AI)Nature is one of the most prestigious journals in all of science. They'reworking on changing that, though -- with multiple articles promoting LLMsfor doing peer review.Academics submit work to a journal and it's sent to other academics to checkit's up to scratch. This peer review is key to producing solid work.Reviewing is part of the job, just like research.Instead of telling reviewers to take the time to understand a paper and whatit's claiming, Nature is telling them to run the paper through an LLM.https://pivot-to-ai.com/2025/03/08/science-journal-nature-promotes-using-chatbots-for-academic-peer-review [You might call this PIER REVIEW -- fishing for bAIt. PGN]------------------------------Date: Wed, 26 Feb 2025 08:02:22 -0500From: "Jan Wolitzky" <jan.wolitzky () gmail com>Subject: To Identify Suspect in Idaho Killings, FBI Used Restricted Consumer DNA Data (The New York Times)aAs investigators struggled for weeks to find who might have committed thebrutal stabbings of four University of Idaho students in the fall of 2022,they were focused on a key piece of evidence: DNA on a knife sheath that wasfound at the scene of the crime.At first they tried checking the DNA with law enforcement databases, butthat did not provide a hit. They turned next to the more expansive DNAprofiles available in some consumer databases in which users had consentedto law enforcement possibly using their information, but that also did notlead to answers.FBI investigators then went a step further, according to newly releasedtestimony, comparing the DNA profile from the knife sheath with twodatabases that law enforcement officials are not supposed to tap: GEDmatchand MyHeritage.It was a decision that appears to have violated key parameters of a JusticeDepartment policy that calls for investigators to operate only in DNAdatabases “that provide explicit notice to their service users and thepublic that law enforcement may use their service sites.”It also seems to have produced results: Days after the FBI' investigativegenetic genealogy team began working with the DNA profiles, it landed onsomeone who had not been on anyone's radar: Bryan Kohberger, a Ph.D. studentin criminology who has now been charged with the murders.The case has shown both the promise and the unregulated power of genetictechnology in an era in which millions of people willingly contribute theirDNA profiles to recreational databases, often to hunt for relatives. In thepast, law enforcement officials would need to find a direct match betweenDNA at the crime scene and that of a specific suspect. Now, investigatorscan use consumer DNA data to build family trees that can zero in on a personof interest — within certain policy limits.https://www.nytimes.com/2025/02/25/us/idaho-murders-bryan-kohberger-dna.html------------------------------Date: Fri, 14 Mar 2025 17:37:37 -0400From: Gabe Goldberg <gabe () gabegold com>Subject: Mark Klein, AT&T technician who helped expose NSA spying, dies at 79 (The Washington Post)He shared corporate documents showing how the National Security Agency wasaccessing Internet~< data through a secret room in an AT&T office building.https://www.washingtonpost.com/obituaries/2025/03/13/mark-klein-dead/------------------------------Date: Tue, 4 Mar 2025 10:02:45 PSTFrom: Peter Neumann <neumann () csl sri com>Subject: As AI Evolves, Do Codes Still Need to Code? (NYTimes)Two articles in *The New York Times* Business section, 4 Mar 2025:Kevin RooseEven though I'm not a programmer, I've been creating my own software toolswith the assistance of AI.Steve LohrAI is getting ever better at coding, but that means the work of softwareengineers will most likely be evolving, not vanishing.------------------------------Date: Fri, 7 Mar 2025 11:25:25 -0500 (EST)From: ACM TechNews <technews-editor () acm org>Subject: AI Reshapes the Coding Workforce (Isabelle Bosquette)Isabelle Bousquette, *The Wall Street Journal*, (03/04/25), via ACM TechNewsThe increased adoption of AI coding tools is changing the size and scope ofsoftware development teams, often allowing for leaner teams that completethe same amount of work or more. These tools, which automate a substantialamount of code development, are intended to supplement humancoders. Companies have found such tools can permit developers to concentrateon complex problem-solving when boilerplate coding is automated.------------------------------Date: Thu, 13 Mar 2025 10:22:02 -0700From: Steve Bacher <sebmb1 () verizon net>Subject: What Happens When AI Joins Every Meeting?Artificial intelligence is here to disrupt the standard office meeting. Andwhile the new technology may make meetings more digestible, it's also a toolfor workplace surveillance.If you have a job that involves spending a lot of time in apps like Zoom,and if you work at a company that likes to experiment on its workforce withnew software features, you've probably gotten a few notifications aboutexciting new developments in meetings. Microsoft Teams user? You might begetting pinged about searchable, AI-generated meeting recaps. Part of aGoogle workplace? Maybe you've been told you can ask a chatbot to take notesfor you. And if you're the sort of person whose calendar is loaded withoverlapping Zoom calls, there's a chance you've heard about, or used, thecompany's `AI Companion' features, which include summarized transcripts, achat interface for getting caught up, and automatic videohighlights. Perhaps you haven't run into any of these features yet, butthere's a good chance you soon will. In the last few years, LLM-based AItechnology has made it trivially easy to add transcription, summarization,and analysis tools to meetings platforms.These features exist largely because, rather suddenly, they can. Automatictranscription, in many cases powered by a specific OpenAI API, is rapidlygetting better and more affordable. It's more of a “Why not?” than a “Why?”for companies like Zoom and Microsoft, but the appeal of these features isobvious enough: Wouldn't it be nice if you didn't have to take notes duringmeetings? If you could quickly review meetings you missed? If you could goback and check what other people said, or what you said, in a meeting thatwas productive, intense, boring, or that went off the rails? That's thepitch, anyway.Use these tools for a little while, however, and they reveal themselves tobe more than just obvious little feature upgrades. AI is being used here toturn meetings into content — to automatically convert meetings into abrowsable, searchable, remixable form of media. In some cases, this can befunny and deflating. That meeting really could have been an email, and hey,look at that, here's an AI summary in email form: Delay announced, projectdiscussed, conclusions not reached, plans to meet again in a week. Inothers, the ability to search and chat with transcripts, particularly formeetings you missed, is simply and powerfully helpful. Will this sort ofstuff make workers more productive and efficient? Maybe! It may also be thecase that tools like this help to create the impression that meetings -- alarge majority of which, according to surveyed workers, hold employees backfrom what they see as their actual work -- are, themselves, the job. Allthis AI-generated media may have some utility, but it doubles as evidence ofwork. You weren't just sitting in meetings all day, you were participatingin the production of content, information, and resources for the greatergood of the firm! Slick, formalized, AI-generated representations of whatwas accomplished, or at least discussed, in meetings create the impressionof productivity, or perhaps they constitute a strange mutant form ofproductivity in and of themselves.ttps://nymag.com/intelligencer/article/ai-meeting-google-zoom-microsoft.html------------------------------Date: Wed, 12 Mar 2025 01:32:07 -0400From: Gabe Goldberg <gabe () gabegold com>Subject: Two Texas Lottery Wins Prompt Investigations and Stir Public Outrage (The New York Times)One jackpot winner spent $25 million on nearly every possible numbercombination, while another bought tickets through a third-party app.The unusual circumstances surrounding two of the largest Lottery jackpots inTexas history have touched off a furious debate about the unorthodox methodsused to snag the prizes and have led the governor and attorney general toannounce investigations.On April 22, 2023, someone won a $95 million Lotto Texas jackpot by spending$25 million to buy nearly every possible number combination in the draw. Thewinner, identified only as a business entity called Rooka TX, of ScotchPlains, N.J., ended up claiming the lump-sum payment of $57,804,000 beforetaxes. [Reminds us of the horse-race, Autotote programmer hacks winning Pick Six bets (RISKS-22.33,38,39). PGN]Then, on Feb. 17, someone won an $83.5 million Lotto Texas jackpot byordering tickets online through Jackpocket, a third-party app owned byDraftKings. Jackpocket also owned the store in Austin that printed thewinning ticket. It sold board games in front and had dozens of lotteryterminals behind a wall in the back.------------------------------Date: Thu, 13 Mar 2025 10:12:34 PDTFrom: Peter Neumann <neumann () csl sri com>Subject: Trump administration cuts $10M funding from CISA nonprofit Center for Internet Security (AP News)The Center for Internet Security (CIS) budget cuts might give you theimpression that the WH knows how to rig elections, and does not want anyinterference from the federal government.Trump administration officials cut the $10 million in funding needed by thenonprofit Center for Internet Security, a unit of the Cybersecurity andInfrastructure Security Agency that addressed election security. The futureof two information sharing and analysis centers -- the Elections ISAC andthe Multi-State ISAC -- is uncertain.State elections officials have asked CISA for more information and sent aletter to Homeland Security Secretary Kristi Noem urging continued supportfor elections security.https://apnews.com/article/election-security-cisa-trump-kristi-noem-6c437543f5d26d890704e5f2a8400502?mod=djemCybersecruityPro&tpl=cs [RISKS readers have known since our very first issue in August 1985 that sanctioned commericial election systems have been fraught with easily exploited security flaws. This is not just the chickens or dogs running the chicken coop. It is more like the insane running the asylum.]------------------------------Date: Fri, 7 Mar 2025 11:25:25 -0500 (EST)From: ACM TechNews <technews-editor () acm org>Subject: U.S. Chips Act Office Loses Two-Fifths of Staff (Mackenzie Hawkins)Mackenzie Hawkins, Bloomberg (03/03/25)The U.S. government office responsible for the implementation of the Chipsand Science Act will lose about two-fifths as part of efforts of the Trumpadministration to cut the federal workforce, according to insiders. About 20employees accepted voluntary deferred resignations, the insiders said, while40 others considered probationary will the terminated on Monday. Theprevious administration built an office of about 140 people to oversee theChips Act manufacturing spending, on top of staff responsible for R&Dfunding.------------------------------Date: Mon, 10 Mar 2025 14:06:36 -0700From: "Jim" <jgeissman () socal rr com>Subject: NASA Cuts (NY Times)NASA is eliminating its chief scientist and other roles as part of effortsby the Trump administration to pare back staff at the agency's Washingtonheadquarters.The cuts affect about 20 employees at NASA, including Katherine Calvin, thechief scientist and a climate science expert. The last day of work for Dr.Calvin and the other staff members will be April 10.------------------------------Date: Fri, 7 Mar 2025 11:25:25 -0500 (EST)From: ACM TechNews <technews-editor () acm org>Subject: U.S. Government Cuts Key Software Division Without Warning (Ellen Jennings-Trace)Ellen Jennings-Trace, TechRadar (03/03/25), via ACM TechNewsThe budget for the U.S. General Services Administration's Unit 18F has beenvirtually eliminated. The unit, which developed Login.gov and otherpublic-facing IT services, was tasked with helping government agenciesacquire and build technology, enhance user experience, and ensure servicesare accessible. Halting the unit's work has impacted about 70 softwareengineers and strategists, along with researchers, service designers, andprocurements specialists.------------------------------From: "Jim" <jgeissman () socal rr com>Date: Fri, 14 Mar 2025 08:26:43 -0700Subject: DOGE ousts security testers (The Register)A penetration tester who worked at the U.S. govt's CISA claims his100-strong team was effectively dismissed after Elon Musk's Trump-blessedDOGE unit canceled a contract -- and that more folks have also been put outof work by the cybersecurity agency."On Friday, February 28, 2025, at 1600 hours, the government contract Isupported with CISA (Dept of Homeland Security) was terminated due to DOGE,"senior penetration tester Christopher Chenoweth wrote<https://www.linkedin.com/posts/christopher-chenoweth-91a68026_on-friday-february-28-2025-at-1600-hours-activity-7304793481518940160-uTUo/> onLinkedIn."DOGE cut our entire red team and all support roles -- over 100 peopleimpacted. The following Wednesday, DOGE cut a second CISA red team alsodoing mission-critical work. As a result, I and many other experienced redteam operators are now seeking new opportunities."https://www.theregister.com/2025/03/12/cisa_staff_layoffs/------------------------------Date: Tue, 25 Feb 2025 11:14:00 -0800From: "Jim" <jgeissman () socal rr com>Subject: DOGE Quietly Deletes the 5 Biggest Spending Cuts It Celebrated Last Week (Sundry)Last week, Elon Musk's government cost-slashing initiative, dubbed theDepartment of Government Efficiency, posted an online "wall of receipts,"celebrating how much it had saved by canceling federal contracts.Now the organization, which is also known as the U.S. DOGE Service, hasdeleted all of the five biggest "savings" on that original list, after TheNew York Times<https://www.nytimes.com/2025/02/21/upshot/doge-musk-trump-errors.html> andother media outlets<https://www.wsj.com/politics/policy/elon-musk-doge-federal-savings-claims-783b9507?st=kwMKEz&reflink=article_copyURL_share> pointed out<https://www.npr.org/2025/02/19/nx-s1-5302705/doge-overstates-savings-federal-contracts> they were riddled<https://www.cbsnews.com/news/doge-wall-of-receipts-shows-errors-tallying-billions-in-savings/> with errors<https://css.washingtonpost.com/business/2025/02/22/doge-savings-found-list-qanalysis/> . [How can firing, unfiring, and trying to rehire people who don't trust you anymore be a good example of efficiency? PGN]------------------------------Date: Tue, 11 Mar 2025 07:27:17 -0700From: "Jim" <jgeissman () socal rr com>Subject: Oracle rollout fiasco (Jim Geissman)Europe's largest council kept auditors in the dark on an Oracle rollout fiascofor 10 monthsIt took a whistleblower to expose disastrous ERP go-liveBirmingham City Council did not tell its official auditors about thedisastrous Oracle implementation for ten months after the suite ofapplications went live, and appeared to obstruct access to the new systemneeded to complete their work.Since it replaced aging SAP finance software with Oracle's cloud-basedFusion for HR, payroll, ERP, and finance in April 2022, Europe's largestlocal authority found the system "effectively crippled" its ability tomanage and report on finances, auditors found. It was still not "safe andcompliant" two-and-a-half years after the replacement went live, accordingto evidence presented to the council in January.While the debacle hit local media headlines in May 2022 after schools wereleft unable to pay their bills and a series of complex manual workaroundswere required to operate the system, councillors didn't begin to discuss thefailures until April 2023.During a council audit committee meeting last week, external auditor MarkStocks, Grant Thornton Midlands public sector assurance practice lead, wasquizzed over why his team had not raised the alarm earlier. Stocks said thesituation with Birmingham City Council's Oracle implementation was"unprecedented" in his experience.[No source, but dated Tue 11 Mar 2025. PGN]------------------------------Date: Mon, 10 Mar 2025 07:44:42 -0700From: "Jim" <jgeissman () socal rr com>Subject: Health NZ was using a single Excel spreadsheet to track $28 billion of public money; report outlines 'significant concerns'$16 billion health department managed its finances with a single Excelspreadsheet. It hasn't gone wellIt's just one of 6,000 apps that New Zealand thinks might be best tamed withERPMon 10 Mar 2025 // 04:31 UTCThe body that runs New Zealand's public health system uses a single Excelspreadsheet as the primary source of data to consolidate and manage itsfinances, which aren't in great shape perhaps due to the sheet'sshortcomings.The spreadsheet-using agency is Health New Zealand (HNZ) which wasestablished in 2022 to replace 20 district health boards in the expectationit would be more cost-effective and deliver more consistent services. Theorg has a budget of $NZ28 billion ($16 billion) and advised lawmakers itwould stay within it for FY 23.24.That prediction was incorrect and HNZ blew its budget, leading to a reviewof its finances that last week delivered a damming report<https://www.tewhatuora.govt.nz/assets/Uploads/HNZ-Financial-Review-Report.pdf> [PDF] that found the org lost "control of the critical levers thatdrive financial outcomes" and had an "inability to identify and respond tothe disconnect between expenditure and revenue."The Deloitte-penned report also found an Excel spreadsheet was the "primarydata file used by HNZ to manage its financial performance" and was used for"consolidation, journals, business-critical reporting, and analysis."https://www.theregister.com/2025/03/10/nzanswers_health_excel_spreadsheet/------------------------------Date: Mon, 24 Feb 2025 13:05:17 -0800From: Steve Bacher <sebmb1 () verizon net>Subject: DOGE will use AI to assess the responses from federal workers who were told to justify their jobs via email (NBC News)Responses to the Elon Musk-directed email to government employees about whatwork they'd accomplished over the past week are expected to be fed into anartificial intelligence system to determine whether those jobs are necessaryor not, according to three sources with knowledge of the system.The information will go into an LLM (Large Language Model), an advanced AIsystem that looks at huge amounts of text data to understand, generate, andprocess human language, the sources said. The AI system will determinewhether someone's work is mission-critical or not. [...]https://www.nbcnews.com/politics/doge/federal-workers-agencies-push-back-elon-musks-email-ultimatum-rcna193439------------------------------Date: Sat, 08 Mar 2025 12:17:27 -0500 (EST)From: Mark Brader <msb () Vex Net>Subject: Speech-recognition fail (BBC)https://www.bbc.co.uk/news/articles/c0l1kpz3w32o------------------------------From: Jan Wolitzky <jan.wolitzky () gmail com>Date: Tue, 25 Feb 2025 21:15:19 -0500Subject: Apple's Dictation System Transcribes the Word `Racist' as `Trump' (The New York Times, 25 Feb)While using Apple's automatic dictation feature to send messages onTuesday, some iPhone users reported seeing a peculiar bug: the wordracist temporarily appearing as Trump, before quickly correcting itself.The message blip, which was replicated several times by *The New YorkTimes*, provoked controversy after appearing in a viral TikTok post, raisingquestions about Apple's artificial intelligence capabilities.<https://www.tiktok.com/@user9586420191789/video/7472830639327366446?refer=embed>An Apple spokeswoman blamed the issue on phonetic overlap between the twowords, and said the company was working on a fix.https://www.nytimes.com/2025/02/25/technology/iphone-dictation-trump-racist=.html [Also noted by Jim Geissman, who added: The issue appeared to begin after an update to Apple's servers, said John Burkey, the founder of Wonderrush.ai, an artificial intelligence start-up, and a former member of Apple's Siri team who is still in regular contact with the team. But he said that it was unlikely that the data that Apple has collected for its artificial intelligence offerings was causing the problem, and the word correcting itself was likely an indication that the issue was not just technical. Instead, he said, there was probably software code somewhere on Apple's systems that caused iPhones to write the word "Trump" when someone said "racist." "This smells like a serious prank," Mr. Burkey said. "The only question is: Did someone slip this into the data or slip into the code?"------------------------------Date: Thu, 13 Mar 2025 15:33:59 -0700From: Lauren Weinstein <lauren () vortex com>Subject: AI search engines give incorrect answers at an alarming 60% rate, study says (ArsTechnica)https://arstechnica.com/ai/2025/03/ai-search-engines-give-incorrect-answers-at-an-alarming-60-rate-study-says/STUDY: Columbia Journalism Review:https://www.cjr.org/tow_center/we-compared-eight-ai-search-engines-theyre-all-bad-at-citing-news.php------------------------------Date: Tue, 11 Mar 2025 21:53:20 -0400From: Gabe Goldberg <gabe () gabegold com>Subject: It's a risky AI double header!A future with AI-powered carsWhen the conversation turned to AI, Rivian's chief software officer, WassymBensaid, jumped in to outline his take: In-car voice assistants are prettylousy, but the next generation will tackle more complicated,q multipartproblems.“You can tell the car, okay, I'm having a trip to L.A., and I'd like to havetwo stops in vegan restaurants, and I want each stop to be 30 minutes each,”Bensaid said. Plotting out a trip like that yourself could take some time —but you'll soon be able to ask AI to do it for you.Here's another, more practical example: An in-car AI might be able toqwanticipate potential problems because it detects “weird patterns” fromcertain components, and can suggest you book a service appointment. Evenbetter, Bensaid says, AI can chew on your calendar, find an open day andbook the appointment for you.https://s2.washingtonpost.com/camp-rw/?trackId=596b22969bbc0f403f8bcc25&s=67d06e931c627735a7170c9eThe truth about DOGE's AI plans: The tech can't do that. Identify“mission-critical” jobs? Spot dead people on Social Security rolls?Government needs AI — but what DOGE appears to be doing doesn't add up.https://www.washingtonpost.com/technology/2025/03/03/doge-ai-government-automation/ [The DOGE's bite is definitely worse than its bark.]------------------------------Date: Thu, 13 Mar 2025 9:53:48 PDTFrom: Peter Neumann <neumann () csl sri com>Subject: Agentic AI Issues (Meredith Whittaker)Signal President Meredith Whittaker calls out agentic AI as having‘profound' security and privacy issueshttps://techcrunch.com/2025/03/07/signal-president-meredith-whittaker-calls-out-agentic-ai-as-having-profound-security-and-privacy-issues/?utm_source=flipboard&utm_content=topic/artificialintelligence------------------------------Date: Thu, 13 Mar 2025 07:06:21 -0700From: "Jim" <jgeissman () socal rr com>Subject: Signal no longer cooperating with Ukraine on Russian cyberthreats, official says (The Record from Recorded Future News)KYIV, Ukraine -- The encrypted messaging app Signal has stopped respondingto requests from Ukrainian law enforcement regarding Russian cyberthreats, aUkrainian official claimed, warning that the shift is aiding Moscow'sintelligence efforts.According to Ser˜qhii Demediuk, deputy secretary of Ukraine's NationalSecurity and Defense Council, Signal remains one of the most exploitedmessaging apps for Russian espionage operations targeting Ukrainian militarypersonnel and government officials.With its inaction, Signal is helping Russians gather information, target oursoldiers and compromise government officials, Demediuk said at the KyivInternational Cyber-Resilience Forum on Tuesday.Signal, a U.S.-based nonprofit platform known for its commitment to privacy,has not publicly commented on Demediuk's claims and did not respond to arequest for comment. Demediuk suggested that the shift in Signal's policy belinked to political instability in the U.S., adding that cooperation couldresume soon.https://therecord.media/signal-no-longer-cooperating-with-ukraine------------------------------Date: Fri, 7 Mar 2025 21:04:56 -0800From: Steve Bacher <sebmb1 () verizon net>Subject: Did AI really defend the KKK at the end of his column? (LA Times)Journalism schools teach that writers should report the news, not be thenews. But what happens when one of your articles goes viral —- not for itscontent but rather for how an AI doohickey swallowed up what you wrote andupchucked a controversial summation?https://www.latimes.com/california/story/2025-03-07/la-times-insights-ai-controversy(Spoiler: AI got it right, but readers got it wrong. The RISK here is notAI per se, but human reactions to it when they jump the gun.)------------------------------Date: Mon, 10 Mar 2025 11:25:14 -0700From: "Jim" <jgeissman () socal rr com>Subject: Germany May Refuse F-35 Purchase over Emergency Switch, Consider Eurofighter Instead (Defense Mirror)According to reports, a software back-door switch will turn the aircraft offif the client state does not follow Washington's diktat in the use of theF-35.https://www.defensemirror.com/news/39017=20 [This is like law enforcement turning an automobile off on the automated highway, although maybe even worse. PGN]------------------------------Date: Fri, 7 Mar 2025 20:27:50 -0800From: Steve Bacher <sebmb1 () verizon net>Subject: Tesla makes step toward robotaxi services in California. What toknow (LA Times)As robotaxis become a more familiar sight on the streets of Los Angeles,Tesla has taken a step that could bring it closer to building its own fleetof self-driving electric vehicles, the California Public UtilitiesCommission confirmed last week.In November, Tesla applied for a permit that would allow theelectric-vehicle manufacturing giant to deploy transportation services withcompany-owned vehicles and human drivers. The permit would beqq required forTesla to advance to autonomous cabs.Chief Executive Elon Musk has long made clear his ambitions for a robotaxiservice powered by Tesla vehicles, though his company has been criticized bythe U.S. government's highway safety agency for making statements that itsvehicles can drive themselves.To be sure, the automaker is still a long way off before it can launch aservice.And it's still playing catch-up. Although Waymo has put driverless vehicleson the road in cities including Los Angeles and San Francisco, industryexperts say Tesla is still far from offering a robotaxi service. [...]https://www.latimes.com/business/story/2025-03-06/tesla-robotaxi-explainer------------------------------Date: Tue, 25 Feb 2025 12:09:06 +0200From: Amos Shapir <amos083 () gmail com>Subject: When Your Last Name Is Null, Nothing Works (WSJ)Yet another case of not sanitizing data.https://www.wsj.com/lifestyle/null-last-name-computer-scientists-forms-f0a43b08(IIRC the part about the license plate had already been posted on Risks inthe past) [Yup! I wonder whether someone could ever choose "N/A" for a name. PGN]------------------------------Date: Sat, 22 Feb 2025 00:58:22 -0500From: Gabe Goldberg <gabe () gabegold com>Subject: XScreenSaver: Google Store Privacy PolicyXScreenSaver for Android is... a set of screen savers and livewallpapers. That's it. It draws pretty pictures on your screen. And it'sfree. That's the whole deal.But in their wisdom, Google -- the most rapacious privacy violator on theplanet -- have decreed that XScreenSaver cannot be made available on their"Play" [sic] store until I publish a "Privacy Policy".For a screen saver. A privacy policy. For a screen saver.This pantomime where Google pretends to care about your welfare would behilarious if it wasn't so sad, but here we are anyway.OK, strap in!------------------------------Date: Sat, 15 Mar 2025 10:03:28 -0400From: Monty Solomon <monty () roscom com>Subject: Creators Insist Coupon Browser Extensions Are Stealing Their Money. Will the Courts Agree? (WSJ)A number of lawsuits accuse browser extensions like PayPal Honey of swipingaffiliate marketers' commissionshttps://www.wsj.com/articles/creators-insist-coupon-browser-extensions-are-stealing-their-money-will-the-courts-agree-60079a1f------------------------------Date: Sat, 28 Oct 2023 11:11:11 -0800From: RISKS-request () csl sri comSubject: Abridged info on RISKS (comp.risks) The ACM RISKS Forum is a MODERATED digest. Its Usenet manifestation is comp.risks, the feed for which is donated by panix.com as of June 2011.=> SUBSCRIPTIONS: The mailman Web interface can be used directly to subscribe and unsubscribe:http://mls.csl.sri.com/mailman/listinfo/risks=> SUBMISSIONS: to risks () CSL sri com with meaningful SUBJECT: line that includes the string `notsp'. Otherwise your message may not be read. *** This attention-string has never changed, but might if spammers use it.=> SPAM challenge-responses will not be honored. Instead, use an alternative address from which you never send mail where the address becomes public!=> The complete INFO file (submissions, default disclaimers, archive sites, copyright policy, etc.) has moved to the ftp.sri.com site: <risksinfo.html>. *** Contributors are assumed to have read the full info file for guidelines!=> OFFICIAL ARCHIVES:http://www.risks.org takes you to Lindsay Marshall's delightfully searchable html archive at newcastle:http://catless.ncl.ac.uk/Risks/VL.IS --> VoLume, ISsue. Also,ftp://ftp.sri.com/risks for the current volume/previous directories orftp://ftp.sri.com/VL/risks-VL.IS for previous VoLume If none of those work for you, the most recent issue is always athttp://www.csl.sri.com/users/risko/risks.txt, and index at /risks-34.00 ALTERNATIVE ARCHIVES:http://seclists.org/risks/ (only since mid-2001) *** NOTE: If a cited URL fails, we do not try to update them. Try browsing on the keywords in the subject line or cited article leads. Apologies for what Office365 and SafeLinks may have done to URLs.==> Special Offer to Join ACM for readers of the ACM RISKS Forum: <http://www.acm.org/joinacm1>------------------------------End of RISKS-FORUM Digest 34.58************************
Current thread:
- Risks Digest 34.58RISKS List Owner (Mar 15)