Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit precedence: bulk Subject: Risks Digest 34.20 RISKS-LIST: Risks-Forum Digest Thursday 25 April 2024 Volume 34 : Issue 20 ACM FORUM ON RISKS TO THE PUBLIC IN COMPUTERS AND RELATED SYSTEMS (comp.risks) Peter G. Neumann, founder and still moderator ***** See last item for further information, disclaimers, caveats, etc. ***** This issue is archived at as The current issue can also be found at Contents: Tesla being operated in autonomous driving mode kills motorcyclist in stop and go traffic (Katie Wade) Waymo car filmed on wrong side of street for two blocks (Ricardo Cano) UK Smart motorway failures (BBC) Generative AI Arrives in the Gene Editing World of CRISPR Cade Metz) It’s the End of the Web as We Know It -- and I don't feel fine... (The Atlantic) You can now buy a flame-throwing robot dog for under $10,000 (ArsTechnica) Meta's newest AI model beats some peers. But its amped-up AI agents are confusing Facebook users (APNews) Deepfakes of Bollywood Stars Spark Worries of Meddling in India Election (Reuters) Advanced Brain Science Without Coding Expertise (Helmholtz Centers) Group Joins Fight Over Online Disinformation (NYTimes) Cisco ASA CVE-2024-20353 (ArsTechnica via Cliff Kilby) Why Is Tech Going Down More? (Liv mcMahon) Utah law Aimed at AI (Politico) How United Airlines uses AI to make flying the friendly skies a bit easier (TechCrunch) AI-powered cameras installed on LA buses to ticket illegally parked cars (LA Times) ResearchRabbit et al. (Debora Weber-Wulff) Hospital prices for the same emergency care vary up to 16X, study find (ArsTechnica) South Korean Defense Industry Under Siege by North Korean Hacker (Presale1) "Killed by a Traffic Engineer" (IslandPress via Prashanth Mundkur) This camera trades pictures for AI poetry (TechCrunch) Re: AI Made These Movies Sharper. Critics Say It Ruined Them. (EPG) Re: Wrong button clicked, wrong divorce cannot be undone (Henry Baker_ Re: UK Post Office IT scandal (Jim Geissman) Abridged info on RISKS (comp.risks) ---------------------------------------------------------------------- Date: Tue, 23 Apr 2024 02:20:37 +0000 From: Howard Campbell Subject: Tesla being operated in autonomous driving mode kills motorcyclist in stop and go traffic (Katie Wade) https://www.kiro7.com/news/local/charges-filed-against-tesla-driver-fatal-motorcycle-accident/FFXZIGDW45CWXCMZJFD4LPLUPI/ Probable cause documents filed against Tesla driver in fatal motorcycle accident SNOHOMISH COUNTY, Wash. — Probable cause documents were filed against the driver of a Tesla self-driving vehicle that hit and killed a motorcyclist in a collision the afternoon of Friday, April 19th. The collision occurred on Eastbound State Route 522 at Fales Road. The driver was reportedly heading home from lunch and had the Tesla on autopilot while looking at his phone when the Tesla “lurched forward” into the back of 28-year-old Jeffrey Nissen’s motorcycle, pinning Nissen underneath. Nissen was pronounced deceased on the scene. ------------------------------ Date: Thu, 25 Apr 2024 9:12:46 PDT From: Peter Neumann Subject: Waymo car filmed on wrong side of street for two blocks (Ricardo Cano) Ricardo Cano, *The San Francisco Chronicle*, 24 April 2024, filmed by bicyclists. Waymo said the car was avoiding cyclists and a possble body in the original lane. A unicyclist got in front of the Waymo at the end of the second block of wrong-way driving, trying to get the robocab (with one passenger) to move back into the correct lane. [PGN-ed; the responses from Waymo included the expected ``The safety of all road users is a top priority ... and we look forward to learning from this unique event.'' This was in a heavily traveled area. In October, ``a Cruise robotaxi involved in a hit-and-run accident that was caused by a human driver struck and dragged a jaywalking pedestrian 20 feet.'' ------------------------------ Date: Mon, 22 Apr 2024 13:04:13 -0700 From: "Jim" Subject: UK Smart motorway failures (BBC) The technology behind England's smart motorway network stops working on a regular basis, the BBC has discovered. https://www.bbc.com/news/uk-68848418 ------------------------------ Date: Wed, 24 Apr 2024 12:15:42 -0400 (EDT) From: ACM TechNews Subject: Generative AI Arrives in the Gene Editing World of CRISPR Cade Metz) Cade Metz, The New York Times, 23 Apr 2024, via ACM TechNews Generative AI technology developed by Berkeley, Calif.-based startup Profluent is generating blueprints for microscopic biological mechanisms with a gene editor called OpenCRISPR-1, which can edit DNA. The technology learns from sequences of amino acids and nucleic acids, in essence analyzing the behavior of CRISPR gene editors pulled from nature and learning how to generate entirely new gene editors. "These AI models learn from sequences, whether those are sequences of characters or words or computer code or amino acids," said Profluent CEO Ali Madani (pictured). Profluent said that it was "open sourcing" its OpenCRISPR-1 editor, though not the AI technology behind it. [What can possibly go wrong? Frankenmonsters? Ex-Terminator, e.g., irreversible disablement of people who still had a life to live? PGN] ------------------------------ Date: Thu, 25 Apr 2024 07:33:55 -0700 From: Steve Bacher Subject: It’s the End of the Web as We Know It (and I don't feel fine...) (The Atlantic) A great public resource is at risk of being destroyed. https://www.theatlantic.com/technology/archive/2024/04/generative-ai-search-llmo/678154/ ------------------------------ Date: Thu, 25 Apr 2024 15:41:55 -0400 From: Gabe Goldberg Subject: You can now buy a flame-throwing robot dog for under $10,000 (ArsTechnica) Thermonator, the first "flamethrower-wielding robot dog," is completely legal in 48 US states. https://arstechnica.com/gadgets/2024/04/you-can-now-buy-a-flame-throwing-robot-dog-for-under-10000/ Well, of course -- it's not excluded from 2A rights by founders. Besides, it's useful for hunting and self-protection. ------------------------------ Date: Sun, 21 Apr 2024 14:41:30 -0700 From: Lauren Weinstein Subject: Meta's newest AI model beats some peers. But its amped-up AI agents are confusing Facebook users It's already spreading lies. AI Trust & Safety is rapidly becoming the most crucial issue in tech. -L https://apnews.com/article/meta-ai-assistant-llama3-large-language-models-llm-229b386ebfbdc23f0e9245a68f7eb2d0 ------------------------------ Date: Wed, 24 Apr 2024 12:15:42 -0400 (EDT) From: ACM TechNews Subject: Deepfakes of Bollywood Stars Spark Worries of Meddling in India Election (Reuters) Aditya Kalra, Munsif Vengattil, Dhwani Pandya, et al., *Reuters*, 22 Apr 2024, via ACM TechNews Deepfake videos of A-list Bollywood actors Aamir Khan (pictured, right) and Ranveer Singh (left) criticizing India Prime Minister Narendra Modi (center) have gone viral. The videos, which call on viewers to vote for the opposition Congress party, have generated concerns about the use of AI to influence the nation's ongoing general election. Reuters found that the videos had been viewed more than 500,000 times on social media since last week. At least eight fact-checking websites determined the videos to be altered or manipulated, but it remains unclear who created them. ------------------------------ Date: Wed, 24 Apr 2024 12:15:42 -0400 (EDT) From: ACM TechNews Subject: Advanced Brain Science Without Coding Expertise (Helmholtz Centers) Helmholtz Centers, 22 Apr 2024, via ACM TechNews A deep learning tool developed by researchers at Germany's Helmholtz Munich and the LMU University Hospital Munich enables brain cell mapping without the need for coding expertise. The goal of the tool, DELiVR (Deep Learning and Virtual Reality), is to democratize 3D brain analysis. Researchers can train DELiVR for specific cell types, and it works with the open source Fijai software for image analysis. [DE-LIVERing might be not so good. You have only one liver. PGN] ------------------------------ Date: Wed, 24 Apr 2024 12:15:42 -0400 (EDT) From: ACM TechNews Subject: Group Joins Fight Over Online Disinformation (NYTimes) Steven Lee Myers and Jim Rutenberg, *The New York Times*, 22 Apr 2024, via ACM TechNews Nina Jankowicz (pictured), former head of the U.S. Department of Homeland Security's Disinformation Governance Board, has co-founded the nonprofit American Sunlight Project, with the goal of fighting against campaigns to undermine researchers who study the sources of disinformation. The group was formed during a time in which prominent researchers have been targeted with lawsuits, subpoenas, and physical threats. The inception of the project reflects how divisive the issue of identifying and combating disinformation has become as the 2024 presidential election approaches. ------------------------------ Date: Thu, 25 Apr 2024 08:27:22 -0400 From: Cliff Kilby Subject: Cisco ASA CVE-2024-20353 (ArsTechnica) Ars has provided a nice writeup on how seemingly unrelated exploits can be chained together to provide lateral movement within a target network. Of the noted exploits, the ASA CVE is new and severe. Small quibble with the article, calling MOVEIt a security appliance is generous. Calling Confluence a security appliance is absurd. The TL:DR; would probably be better noted as an edge faced application can be a foothold for lateral infiltration if not adequately isolated from the rest of the network. https://arstechnica.com/security/2024/04/cisco-firewall-0-days-under-attack-for-5-months-by-resourceful-nation-state-hackers/ ------------------------------ Date: Wed, 24 Apr 2024 12:15:42 -0400 (EDT) From: ACM TechNews Subject: Why Is Tech Going Down More? (Liv McMahon)a Liv McMahon, *BBC*, 19 Apr 2024 IT outages are occurring more frequently, according to Brennen Smith of Ookla, parent company of Downdetector, a platform that monitors online outages. Smith said, "Right now there's a push for these mega giants to incorporate very game-changing new technology into their products and services. I think with the push for innovation now, we're going to start to see tech companies move faster, [but] it comes at the risk of potentially breaking things." Outages can be caused by a variety of factors, but Sam Kirkman of the cybersecurity firm NetSPI emphasized that the modern Internet depends "on a fabric of really old technology." ------------------------------ Date: Wed, 24 Apr 2024 17:22:08 PDT From: Peter G Neumann Subject: Utah law Aimed at AI (Politico) A Utah law imposing regulations on the private sector's use of artificial intelligence will go into effect next week, marking the first time a state has implemented such legislation. https://le.utah.gov/~2024/bills/sbillenr/SB0149.pdf With state legislatures across the country debating policy solutions to protect citizens from the potential harms of AI, Utah's law could be a potential model for others to follow. More than 400 AI-related bills have been introduced across more than 40 states, as of February. The vast amount of proposals highlights how states are scrambling to enact regulations on all facets of AI, including workplace safety, algorithmic discrimination, the government's use, deepfakes and more. ``The advantage of being a first mover and doing good policy is other states can learn from Utah, and they will if the policy works,'' said Ian Klaus, founding director of the Carnegie Endowment for International Peace's California program. What's happening on May 1: The AI Policy Act, S.B. 149, amends the state's consumer protection and privacy laws by imposing transparency requirements on companies that use AI. Individuals or businesses providing a service that requires a license or certification, like medical providers, will be required to disclose when a consumer is engaging with AI at the start of the interaction. Other deployers of generative AI that don't fall into the license or certification category still must disclose the use of the technology, but only if a consumer asks. The law puts all the responsibility on companies deploying AI, and does little to regulate the technology itself. That means a company using someone else's model (think ChatGPT or Bard) will be at fault if that model violates the law. Violators could be subject to fines of up to $2,500 per offense. ------------------------------ Date: Wed, 24 Apr 2024 06:27:47 -0700 From: Steve Bacher Subject: How United Airlines uses AI to make flying the friendly skies a bit easier (TechCrunch) When you board a United Airlines plane, the gate agents, flight attendants and others involved in making sure your plane leaves on time are in a chatroom coordinating a lot of the work that you, as a passenger, will hopefully never notice. Is there still space for carry-on bags? Did the caterer bring the missing orange juice? Is there a way to seat a family together? When a flight is delayed, a message with an explanation will arrive by text and in the United app. Most of the time, that message is generated by AI. Meanwhile, in offices around the world, dispatchers are looking at this real-time data to ensure that the crew can still legally fly the plane without running afoul of FAA regulations. And only a few weeks ago, United turned on its AI customer service chatbot. [...] https://techcrunch.com/2024/04/21/how-united-airlines-uses-ai-to-make-flying-the-friendly-skies-a-bit-easier/ ------------------------------ Date: Wed, 24 Apr 2024 06:41:30 -0700 From: Steve Bacher Subject: AI-powered cameras installed on LA buses to ticket illegally parked (LA Times) Testing is planned for this summer and the program is expected to go live by the end of 2024, Metro said, after two months of community outreach to “ensure that the public is aware of the purpose, timing and impacts of this new program.” “Once cameras are installed, there will be a 60-day warning period for drivers. During the first 60 days, warning citations will only be used as informational notices and will not result in any violations,” the agency said. The program, designed by technology company Hayden AI, is meant to improve bus times, increase ridership and address mobility concerns. Metro’s Board of Directors approved an $11 million-contract with the company last year to roll out 100 camera systems. The agreement started in December and is supposed to last roughly five years. The cameras will be mounted inside Metro bus windshields to monitor for parked vehicles in bus lanes and at bus stops, in order to help enforce new parking rules after LA City Council approved a fine last year for those who illegally park in bus lanes. https://www.latimes.com/california/story/2024-04-24/ai-powered-cameras-installed-on-metro-buses-will-be-used-to-spot-illegally-parked-cars ------------------------------ Date: Mon, 22 Apr 2024 20:59:38 +0200 From: Debora Weber-Wulff Subject: ResearchRabbit et al. I am currently testing AI tools for the research process (with dismal results, but we have just begun). I was fussing the other day with ResearchRabbit, which is based on SemanticScholar. Just for fun I looked myself up. I was surprised to see as one of my top cited works a book review I published in "Software Engineering Notes", 27(3), May 2002, pp. 94-95 being cited 110 times! I checked at the ACM Digital Library (https://dl.acm.org/doi/10.1145/638574.638592) but they only had one citation there. Curious, I clicked on it: It was a paper in Japanese about sleep disorder that quoted a paper “Keiko Akabane. Effects of sunbathing on patients' sleep. Science of Nursing Practice 2002; 27(1): 94-95” The “AI” was matching the volume, year, and pages only! I checked the list of citations to the review on Semantic Scholar and determined that they were all to the *book* that I was reviewing, not my review at all. So the reception of SEN was not *that* amazing :) [Does this surprise you? Chatbots seem to generate fictitious research papers. A colleague did a chapbot bio for me, which claims I was born in 1887 where my father was born, where it matched only the last name. And three others had bios claiming they had died. I think I noted some of that once before. PGN] ------------------------------ Date: Sat, 20 Apr 2024 14:41:23 -0400 From: Monty Solomon Subject: Hospital prices for the same emergency care vary up to 16X, study finds (ArsTechnica) Hospitals' "trauma activation fees" are unregulated and extremely variable. Since 2021, federal law has required hospitals to publicly post their prices, allowing Americans to easily anticipate costs and shop around for affordable care—as they would for any other marketed service or product. But hospitals have mostly failed miserably at complying with the law. A 2023 KFF analysis on compliance found that the pricing information hospitals provided is "messy, inconsistent, and confusing, making it challenging, if not impossible, for patients or researchers to use them for their intended purpose." A February 2024 report from the nonprofit organization Patient Rights Advocate found that only 35 percent of 2,000 US hospitals surveyed were in full compliance with the 2021 rule. But even if hospitals dramatically improved their price transparency, it likely wouldn't help when patients need emergency trauma care. After an unexpected, major injury, people are sent to the closest hospital and aren't likely to be shopping around for the best price from the back of an ambulance. If they did, though, they might also need to be treated for shock. According to a study published Wednesday in JAMA Surgery, hospitals around the country charge wildly different prices for trauma care. Prices for the same care can be up to 16-fold different between hospitals, and cash prices are sometimes significantly cheaper than the negotiated prices that insurance companies pay. https://arstechnica.com/science/2024/04/hospital-prices-for-the-same-emergency-care-vary-up-to-16x-study-finds/ ------------------------------ Date: Thu, 25 Apr 2024 05:46:50 +0000 From: Presale1 - All Your Computer Security Needs In 1 Subject: South Korean Defense Industry Under Siege by North Korean Hacker South Korean Defense Industry Under Siege by North Korean Hacker https://email.cloud2.secureclick.net/c/10688?id=3D1296473.3625.1.2adda71e3f0622=0805c561c9ccabfccf ------------------------------ Date: Wed, 24 Apr 2024 05:49:25 -0400 From: Prashanth Mundkur Subject: "Killed by a Traffic Engineer" (Island Press) https://islandpress.org/books/killed-traffic-engineer Killed by a Traffic Engineer: Shattering the Delusion that Science Underlies our Transportation System Wes Marshall [excerpt from the blurb] Thoroughly researched and compellingly written, *Killed by a Traffic Engineer* shows how traffic engineering research is outdated and unexamined (at its best) and often steered by an industry and culture considering only how to get from point A to B the fastest way possible, to the detriment of safety, quality of life, equality, and planetary health. Marshall examines our need for speed and how traffic engineers disconnected it from safety, the focus on capacity and how it influences design, blaming human error, relying on faulty data, how liability drives reporting, measuring road safety outcomes, and the education (and reeducation) of traffic engineers. ------------------------------ Date: Wed, 24 Apr 2024 06:59:14 -0700 From: Steve Bacher Subject: This camera trades pictures for AI poetry (TechCrunch) This camera trades pictures for AI poetry The Poetry Camera takes the concept of photography to new heights by generating poetry based on the visuals it encounters. Have you ever stood in front of a redwood and wondered, “Wouldn’t it be great if this was poetry instead of a tree?” Neither did Joyce Kilmer . Kelin Carolyn Zhang and Ryan Mather, however, have set out to bridge the gap between AI tech and poetry with their captivating brainchild — the Poetry Camera . The open-source device combines cutting-edge technology with artistic vision, resulting in a creation that pushes the boundaries of both fields. At first glance, the Poetry Camera seems like another gadget in the ever-evolving landscape of digital devices. However, upon closer inspection, it becomes evident that this is no ordinary camera. Instead of merely capturing images, the Poetry Camera takes the concept of photography to new heights by generating thought-provoking poetry (or, well, as thought-provoking as AI poetry can get) based on the visuals it encounters. [...] https://techcrunch.com/2024/04/20/poetry-camera/ [Does it guarantee no plagiarism or copyright violations? Biases? Does it have a sense of humor or appreciate puns? Can you specify the poetic form (e.g., limerick, haiku, common-meter hymn, or iambic pentameter)? PGN] ------------------------------ Date: Mon, 22 Apr 2024 19:09:44 -0500 From: epg@pretzelnet.org Subject: Re: AI Made These Movies Sharper. Critics Say It Ruined Them. (RISKS-34.18) > Machine-learning technologies are being used in film restoration for new > home video releases. But some viewers strongly dislike the results. This isn't really new. From the beginning of the high-definition Blu-Ray era, studios applied excessive digital noise reduction techniques, turning live action into wax figures right out of the uncanny valley. Some remnants of the initial uproar remain over a decade later: https://notonbluray.com/blog/orange-and-teal/ https://www.dvdtalk.com/reviews/review/43615/ ------------------------------ Date: Mon, 22 Apr 2024 23:20:03 +0000 From: Henry Baker Subject: Re: Wrong button clicked, wrong divorce cannot be undone Re: "There really needs to be an UNDO here. PGN" Good luck with that -- check out 'Herrera v. Collins' [below]. Judicial error handling is even more problematic than error handling in computer languages and operating systems. Perhaps ***pardons*** may be required here? https://en.wikipedia.org/wiki/Herrera_v._Collins "Herrera v. Collins, 506 U.S. 390 (1993), was a case in which the Supreme Court of the United States ruled by 6 votes to 3 that a claim of ***actual innocence*** does not entitle a petitioner to federal habeas corpus relief by way of the Eighth Amendment's ban on cruel and unusual punishment." ------------------------------ Date: Mon, 22 Apr 2024 17:04:05 -0700 From: "Jim" Subject: Re: UK Post Office IT scandal (RISKS 34 03,04,16) Post Office victims from Northern Ireland to have names cleared under new law https://www.bbc.com/news/uk-northern-ireland-68872703 Summary of the scandal - https://www.bbc.com/news/business-56718036 [Thanks, Jim -- All's Well That Ends Well? Henry, There is an UNDO after all! PGN] ------------------------------ Date: Sat, 28 Oct 2023 11:11:11 -0800 From: RISKS-request@csl.sri.com Subject: Abridged info on RISKS (comp.risks) The ACM RISKS Forum is a MODERATED digest. Its Usenet manifestation is comp.risks, the feed for which is donated by panix.com as of June 2011. => SUBSCRIPTIONS: The mailman Web interface can be used directly to subscribe and unsubscribe: http://mls.csl.sri.com/mailman/listinfo/risks => SUBMISSIONS: to risks@CSL.sri.com with meaningful SUBJECT: line that includes the string `notsp'. Otherwise your message may not be read. *** This attention-string has never changed, but might if spammers use it. => SPAM challenge-responses will not be honored. Instead, use an alternative address from which you never send mail where the address becomes public! => The complete INFO file (submissions, default disclaimers, archive sites, copyright policy, etc.) has moved to the ftp.sri.com site: . *** Contributors are assumed to have read the full info file for guidelines! => OFFICIAL ARCHIVES: http://www.risks.org takes you to Lindsay Marshall's delightfully searchable html archive at newcastle: http://catless.ncl.ac.uk/Risks/VL.IS --> VoLume, ISsue. Also, ftp://ftp.sri.com/risks for the current volume/previous directories or ftp://ftp.sri.com/VL/risks-VL.IS for previous VoLume If none of those work for you, the most recent issue is always at http://www.csl.sri.com/users/risko/risks.txt, and index at /risks-34.00 ALTERNATIVE ARCHIVES: http://seclists.org/risks/ (only since mid-2001) *** NOTE: If a cited URL fails, we do not try to update them. Try browsing on the keywords in the subject line or cited article leads. Apologies for what Office365 and SafeLinks may have done to URLs. ==> Special Offer to Join ACM for readers of the ACM RISKS Forum: ------------------------------ End of RISKS-FORUM Digest 34.20 ************************