Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit precedence: bulk Subject: Risks Digest 34.54 RISKS-LIST: Risks-Forum Digest Thursday 6 Feb 2025 Volume 34 : Issue 54 ACM FORUM ON RISKS TO THE PUBLIC IN COMPUTERS AND RELATED SYSTEMS (comp.risks) Peter G. Neumann, founder and still moderator ***** See last item for further information, disclaimers, caveats, etc. ***** This issue is archived at as The current issue can also be found at Contents: [Still backlogged] Collision over Potomac Reveals Several Lapses in Aviation Safety Net (NYTimes) Why an anti-collision system might not have prevented DCA plane crash (WashPost) CA Congressman launches investigation into L.A. County's faulty emergency alerts (LA Times) Risk Export (phys.org) The Public's Health Care vs. the Rich's Taxx Cuts (Aaron Carrell) Japan to Curb Exports of Chips, Quantum-Computing Tech" (Mayumi Negishi) Chinese-Made Patient Monitor Contains a Secret Backdoor (Michael Kan) International Police Op Takes Down Cybercrime Marketplaces (Darryl Coote) U.S. Teens Increasingly Misled by Fake Content Online (Liam Reilly) Police ignore standards after AI facial recognition matches (The Washington Post) The Robot Doctor Will See You Now (NYTimes) White House seeks public input on AI strategy AI Systems with 'Unacceptable Risk' Now Banned in EU (Kyle Wiggers) Why Is This CEO Bragging About Replacing Humans With AI? (NYTimes) Why AI could replace NFL first-down markers sooner than you might think (NBC News) DeepSeek's Chatbot Achieves 17% Accuracy in Audit (Rishi Kant) 58% of Ransomware Victims Forced to Shut Down Operations (James Coker) Asia Goes Cashless as Countries Push for Digital Payments (Kinnei Asia) AI Systems with 'Unacceptable Risk' Now Banned in EU (Kyle Wiggers) New attacks on speculative execution (Victor Miller) Cybersecurity, government experts are aghast at security failures in DOGE takeover (CyberScoop) DOGE probes CMS for Medicare, Medicaid fraud: Wall Street Journal (Rylee Wilson) White House seeks public input on AI strategy (Axios) Re: AI in medicine (Kent Borg) Re: Eutelsat resolves OneWeb leap-year software glitch (Amos Shapir) Abridged info on RISKS (comp.risks) ---------------------------------------------------------------------- Date: Sat, 1 Feb 2025 10:16:54 PST From: Peter Neumann eSubject: Collision over Potomac Reveals Several Lapses in Aviation Safety Net (NYTimes) Sydney Ember, Emily Steel, Mark Walker, Kate Kelly. and Niraj Chokshi (The New York Times*, front page, National Edition Aviation Safety Net; Copter Path and Controller Shortage Eyed Clues emerging from the moments before the deadly collision on Wednesday evening between an Army helicopter and an American Airlines passenger jet suggest that multiple layers of the country's aviation safety system apparatus failed, according to flight recordings ... But the catastrope already appeared to confirm what pilots, air-traffic controllers, and safety experts had been warning for years: Growing holes in the aviation system could lead to the kinds of crash that left 87 people dead in the Potomac River in Washington. Even before an official cause is determined, there were signs Wednesday that pilots and air-traffic controllers at Reagan National on Wednesday night were not operating under optimum conditions. The duties of handling air-traffic control for helicopters and planes for planes at Reagan [had been] *combined* *before the crash*. That left a [single] air-traffic controller handling dual roles. [Emphasis PGN's] See also a related article by Niraj Chokshi, Technology That Helps Prevent Disasters Has Its Limits, on the continuation page [19] for the main story. It addresses the Traffic Collision Avoidance System (TCAS) [which Nancy Leveson has written about extensively] and the Automated Dependent Surveillance Broadcast. [I've deferred on addressing this previously less-likely accident until I saw the above NYTimes article. It is fairly comprehensive -- and highlights the dangers of cost-cutting in life-critical systems. PLEASE remember that (1) the requirements that must be addressed are holistic and comprehensive across the total networked system and its controllers; (2) second part of the Albert Einstein quote: Everything should be as simple as possible, *but no simpler*, is frequently ignored. PGN-ed] [Lauren Weinstein noted on 6 Feb 2025 that the Military copter that collided with jet had ADS-B tracking turned *off*; night-vision goggles may have been in use. PGN] ------------------------------ Date: Fri, 31 Jan 2025 06:35:20 +0000 From: Richard Marlon Stein Subject: Why an anti-collision system might not have prevented DCA plane crash (WashPost) https://www.washingtonpost.com/business/2025/01/30/tcas-system-air-collision-dc-plane-helicopter-crash No TCAS alerts below cutoff altitude -- no knowledge of cutoff ASL. It seems this collision might be compounded by many factors: busy flight crew on approach won't exception process without warning via under-staffed control tower or automated traffic collision avionics. A case of systematic overtrust? ------------------------------ Date: Mon, 3 Feb 2025 09:40:17 -0800 From: Steve Bacher Subject: CA Congressman launches investigation into L.A. County's faulty emergency alerts (LA Times) Rep. Robert Garcia (D-Long Beach) has sent letters to L.A. County and software company Genasys requesting information on 'precise failures' that led to erroneous alerts. [...] On 9 Jan 2025, residents across the metropolitan region of 10 million people received a wireless emergency alert urging them to prepare to evacuate. A correction was issued approximately 20 minutes later, stating the alert was sent “in ERROR.” But a stream of faulty alerts continued to sound out the following day. Residents as far away as Long Beach — more than 35 miles from any active fire — reported receiving pings on their phones. County officials later said the alerts, meant to go out to a smaller group of residents in the Kenneth fire evacuation area, were caused by a software glitch. After switching to a different system, the county said in a statement that it was working with Genasys, FEMA and the FCC to investigate how alerts continued to ping out on phones across L.A. County. [...] https://www.latimes.com/california/story/2025-02-03/investigation-l-a-county-faulty-emergency-alerts ------------------------------ Date: Thu, 06 Feb 2025 07:42:16 +0000 From: Richard Marlon Stein Subject: Risk Export (phys.org) https://phys.org/news/2025-02-rocket-junk-chance-year-busy.html "When space rocket junk enters into busy air space, aviation authorities either roll the dice and allow flights to continue or act by diverting flights or closing airspace. "But why should authorities have to make these decisions in the first place? Uncontrolled rocket body re-entries are a design choice, not a necessity," said co-author Dr. Aaron Boley, associate professor in the department of physics and astronomy. "The space industry is effectively exporting its risk to airlines and passengers." "Risk Export" is a catchy phrase. Risk imports are endemic: cybersecurity failures, dengue fever, forever chemicals, AVs, etc, etc. ------------------------------ Date: Wed, 5 Feb 2025 15:37:45 PST From: Peter Neumann Subject: The Public's Health Care vs. the Rich's Taxx Cuts (Aaron Carrell) Aaron Carrell, *The New York Times* Opinion, 5 Feb 2025 Republican proposals to gut Medicaid and Obamacare would be catastrophic. This very timely piece ends with a pithy conclusion: Let's shift the conversatin away from stripping benefits and toward addressing what really drives up costs, according to years of research: high prices and bloated administration. Gutting Medicaid or making it making it impossible for middle-class Amereicans to afford Affordable Care Act exchange plans, is callous. No parent should [have to] choose between taking a child to the emergency room and paying the grocery bill. ------------------------------ Date: Mon, 3 Feb 2025 11:15:09 -0500 (EST) From: ACM TechNews Subject: Japan to Curb Exports of Chips, Quantum-Computing Tech" (Mayumi Negishi) Mayumi Negishi, *Bloomberg* (01/31/25), via ACM TechNews The Japanese government is expanding its list of export-controlled items to include advanced chips, lithographic equipment, and cryocoolers needed for the manufacture of quantum computers, according to draft revisions to that nation's foreign exchange law. Companies will need licenses to export those items to prevent their use in weapons or their development, said Economy Ministry officials. The new curbs are scheduled to go into effect at the end of May. ------------------------------ Date: Mon, 3 Feb 2025 11:15:09 -0500 (EST) From: ACM TechNews Subject: Chinese-Made Patient Monitor Contains a Secret Backdoor" (Michael Kan) Michael Kan, PC Magazine (01/31/25), via ACM TechNews The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has warned of a threat discovered in three firmware versions of a patient monitor made by China-based Contec Medical Systems. The monitor was configured to connect to an IP address for a third-party university with no connection to the manufacturer, enabling the university to remotely download and execute unverified files on the patient monitor, CISA said. The backdoor also automatically sends patient data to the IP address. ------------------------------ Date: Mon, 3 Feb 2025 11:15:09 -0500 (EST) From: ACM TechNews Subject: International Police Op Takes Down Cybercrime Marketplaces (Darryl Coote) Darryl Coote, UPI (01/31/25), via ACM TechNews An international law enforcement operation has taken down two of the largest cybercrime marketplaces. In addition to the arrest of two individuals and confiscation of servers and other devices, the operation resulted in the shutdown of 12 accounts and two domains used by the cybercrime forums known as Cracked and Nulled. ------------------------------ Date: Mon, 3 Feb 2025 11:15:09 -0500 (EST) From: ACM TechNews Subject: U.S. Teens Increasingly Misled by Fake Content Online (Liam Reilly) Liam Reilly, CNN (01/30/25) A survey of 1,000 13- to 18-year-olds by the nonprofit advocacy group Common Sense Media revealed that around 35% of respondents had been deceived by fake online content; another 41% acknowledged having seen real yet misleading content, and 22% had shared information they later learned was false. Common Sense said respondents who came across fake online content were more likely to believe AI would make it harder to verify online information. ------------------------------ Date: Mon, 27 Jan 2025 14:50:40 -0500 From: Gabe Goldberg Subject: Police ignore standards after AI facial recognition matches (The Washington Post) Confident in unproven facial recognition technology, sometimes investigators skip steps; at least eight Americans have been wrongfully arrested. https://www.washingtonpost.com/business/interactive/2025/police-artificial-intelligence-facial-recognition/ ------------------------------ Date: Mon, 3 Feb 2025 19:20:41 -0700 From: Matthew Kruk Subject: The Robot Doctor Will See You Now (NYTimes) https://www.nytimes.com/2025/02/02/opinion/ai-doctors-medicine.html The rapid rise in artificial intelligence has created intense discussions in many industries over what kind of role these tools can and should play -- and health care has been no exception. The medical community largely AI anticipated that combining the abilities of doctors and AI would be the best of both worlds, leading to more accurate diagnoses and more efficient care. That assumption might prove to be incorrect. A growing body of research suggests that AI is outperforming doctors, even when they use it as a tool. ------------------------------ Date: Thu, 6 Feb 2025 11:41:52 -0800 From: Peter Neumann Subject: White House seeks public input on AI strategy https://www.axios.com/2025/02/06/trump-white-house-ai-action-plan Request for Information on the Development of an AI Action Plan https://www.federalregister.gov/documents/2025/02/06/2025-02305/request-for-information-on-the-development-of-an-artificial-intelligence-ai-action-plan ------------------------------ Date: Mon, 3 Feb 2025 11:15:09 -0500 (EST) From: ACM TechNews Subject: AI Systems with 'Unacceptable Risk' Now Banned in EU (Kyle Wiggers) Kyle Wiggers, *TechCrunch* (02/02/25), via ACM TechNews As of Sunday, EU regulators can ban the use of AI systems they deem to pose an "unacceptable risk" or harm under the bloc's AI Act, approved by the European Parliament last March. Unacceptable activities include the use of AI for social scoring, manipulating a person's decisions deceptively, predicting people committing crimes based on their appearance, and trying to infer people's emotions, among other uses. ------------------------------ Date: Tue, 4 Feb 2025 07:08:34 -0800 From: Steve Bacher Subject: Why Is This CEO Bragging About Replacing Humans With AI? (NYTimes) Most large employers play down the likelihood that bots will take our jobs. Then there’s Klarna, a darling of tech investors. Ask typical corporate executives about their goals in adopting artificial intelligence, and they will most likely make vague pronouncements about how the technology will help employees enjoy more satisfying careers, or create as many opportunities as it eliminates. AI will “help tackle the kind of tasks most people find repetitive, which frees up employees to take on higher-value work,” Arvind Krishna, the chief executive of IBM, wrote in 2023. And then there’s Sebastian Siemiatkowski, the chief executive of Klarna, a Swedish tech firm that helps consumers defer payment on purchases and that has filed paperwork to go public in the United States with an expected valuation north of $15 billion. Over the past year, Klarna and Mr. Siemiatkowski have repeatedly talked up the amount of work they have automated using generative A.I., which serves up text, images and videos that look like they were created by people. “I am of the opinion that AI can already do all of the jobs that we, as humans, do,” he told Bloomberg News, a view that goes far beyond what most experts claim. [...] https://www.nytimes.com/2025/02/02/business/klarna-ceo-ai.html ------------------------------ Date: Thu, 30 Jan 2025 08:19:16 -0800 From: Steve Bacher Subject: Why AI could replace NFL first-down markers sooner than you might think (NBC News) AI and new technology could soon make the chain gang obsolete, with an advanced system known as “Hawk-Eye” aspiring to make the game faster and more accurate. For more than 100 years, football has been officiated using a simple chain 10 yards long. The so-called chain gang has been the sport’s judge and jury, ruling whether a ball traveled the number of yards needed for a team to get a first down — and four more chances to score. But artificial intelligence and new technology could soon make the chain gang obsolete, with an advanced system known as Hawk-Eye aspiring to https://www.nbcnews.com/sports/nfl/ai-replace-nfl-first-markers-sooner-might-think-rcna188186 [Where might this lead? Simulated players will avoid lots of salaries and and injuries. Simulated coaches will reduce the payroll even more. Referees and other officials will be totally irrelevant. Broadcasters can be completely automated. With all the ball placements, first-down lines and scoreboards created by AI, we might as well do away with human viewers who will no longer care who wins, which would eliminate the losses for compulsive gamblers. Think of all the wasted money and viewer hours that could be spared. It might also reduce hatred of certain inter-city rivalries, because the resulting games would of course have to be sanitized for friendliness and neutrality. However, all of this cannot happen, because it would deprive committed viewers of why they are watching in the first place. PGN] ------------------------------ Date: Mon, 3 Feb 2025 11:15:09 -0500 (EST) From: ACM TechNews S Subject: DeepSeek's Chatbot Achieves 17% Accuracy in Audit (Rishi Kant) Rishi Kant, *Reuters* (01/29/25), via ACM TechNews An audit by trustworthiness rating service NewsGuard found the chatbot rolled out by Chinese AI startup DeepSeek had an accuracy rate of 17% when it comes to delivering news and information. DeepSeek provided vague or useless answers 53% of the time and repeated false claims 30% of the time, with a fail rate of 83%. In comparison, its Western rivals, including OpenAI, had a 62% average fail rate. ------------------------------ Date: Mon, 3 Feb 2025 11:15:09 -0500 (EST) From: ACM TechNews Subject: 58% of Ransomware Victims Forced to Shut Down Operations (James Coker) James Coker, *Infosecurity Magazine* (01/28/25), via ACM TechNews A report from the Ponemon Institute found that 58% of organizations affected by ransomware attacks last year had to cease operations as a result, up from 45% in 2021. Forty percent of organizations experienced a substantial loss of revenue due to such an attack, up from 22%, while 35% reported brand damage, up from 21%. ------------------------------ Date: Mon, 3 Feb 2025 11:15:09 -0500 (EST) From: ACM TechNews Subject: Asia Goes Cashless as Countries Push for Digital Payments (Kinnei Asia) Fumika Sato and Takanori Okabe, Nikkei Asia (Japan) (02/02/25) via ACM TechNews QR codes and other smartphone-based technologies are rapidly replacing physical money as the method of payment in consumer transactions, driven in part by efforts from India and other countries to promote domestic digital settlement systems. In 2016, India introduced the Unified Payments Interface (UPI) mobile payment system that enabled real-time payments. More than 131 billion transactions were made via UPI in fiscal 2023. ------------------------------ Date: Mon, 3 Feb 2025 11:15:09 -0500 (EST) From: ACM TechNews Subject: AI Systems with 'Unacceptable Risk' Now Banned in EU (Kyle Wiggers) Kyle Wiggers, *TechCrunch* (02/02/25), via ACM TechNews As of Sunday, EU regulators can ban the use of AI systems they deem to pose an "unacceptable risk" or harm under the bloc's AI Act, approved by the European Parliament last March. Unacceptable activities include the use of AI for social scoring, manipulating a person's decisions deceptively, predicting people committing crimes based on their appearance, and trying to infer people's emotions, among other uses. ------------------------------ Date: Thu, 30 Jan 2025 03:41:09 +0000 From: Victor Miller Subject: New attacks on speculative execution SLAP and FLOP https://predictors.fail/ SLAP: Data Speculation Attacks via Load Address Prediction on Apple Silicon FLOP: Breaking the Apple M3 CPU via False Load Output Predictions ------------------------------ From: Victor Miller Date: Wed, 5 Feb 2025 14:00:55 +0000 Subject: Cybersecurity, government experts are aghast at security failures in DOGE takeover (CyberScoop) https://cyberscoop.com/musk-doge-opm-treasury-breach/ ------------------------------ Date: Wed, 5 Feb 2025 14:00:55 +0000: From: "Peter G, Neumann" Subject: DOGE probes CMS for Medicare, Medicaid fraud: Wall Street Journal (Rylee Wilson) Rylee Willson, *The Wall Street Journal, 5 Feb 2025 Representatives of Elon Musk’s Department of Government Efficiency have been working at the Centers for Medicare and Medicaid Services (CMS), where they have gotten access to key payment and contracting systems, according to people familiar with the matter. Members of Elon Musk's Department of Government Efficiency (DOGE) have been granted access to payment and contracting systems at CMS, Department representatives have been on-site at CMS' offices this week, examining spending data for potential fraud or waste and reviewing the agency's organization and staffing, unnamed sources told the Journal. DOGE representatives had not yet been granted access to databases that include personal health information of Medicaid and Medicare beneficiaries, the sources said. The DOGE representatives have "read only" access, meaning they cannot change any material viewed. President Donald Trump created the Department of Government Efficiency, referred to as "DOGE" by officials, in November to cut wasteful spending and reduce operational inefficiencies. President Trump appointed Elon Musk, CEO of Tesla, SpaceX and X, to lead the initiative. DOGE aims to cut federal spending by $1 trillion, with Medicaid emerging as a likely target, according to The New York Times, CMS spent more than $1.5 trillion on healthcare programs in fiscal year 2024, accounting for 22% of total federal spending, according to the agency's 2024 annual report. "Yeah, this [CMS] is where the big money fraud is happening," Mr. Musk wrote on X in response to the Journal's article. Other government agencies have pointed to wasteful spending in Medicaid and Medicare. A report from the Government Accountability Organization estimated in 2023, wasteful spending Medicare and Medicaid totaled $100 billion. DOGE representatives have also been working to cancel diversity, equity and inclusion-focused contracts at CMS, Bloomberg reported Feb. 5. In a statement, CMS said two senior staff members -- one focused on policy and one on operations -- are working with DOGE representatives and ensuring "appropriate access" to the agency's systems. "We are taking a thoughtful approach to see where there may be opportunities for more effective and efficient use of resources in line with meeting the goals of President Trump," the agency said. Mehmet Oz, MD, President Trump's pick to lead CMS, has not yet been confirmed by the Senate. Stephanie Carlton, RN, a former McKinsey consultant, is current acting administrator of the agency, according to its website. She is expected to be chosen as Dr. Oz's chief of staff, if he is confirmed, according to The Washington Post. Officials from the White House and DOGE did not comment to the Journal. Musk's DOGE granted access to U.S. Medicare and Medicaid systems (Reuters) February 5, 2025. U.S. flag and medicines are seen in this illustration taken, June 27, 2024. REUTERS/Dado Ruvic/Illustration/File Photo Purchase Licensing Rights, WASHINGTON, Feb 5 (Reuters): Representatives of Elon Musk's Department of Government Efficiency have been working at the Centers for Medicare and Medicaid Services where they were granted access to agency systems and technology, CMS said on Wednesday. CMS oversees Medicare, the health insurance program for older and disabled Americans, and Medicaid, for lower-income enrollees. Together they provide coverage for over 140 million people in the United States. "CMS has two senior Agency veterans -- one focused on policy and one focused on operations -- who are leading the collaboration with DOGE, including ensuring appropriate access to CMS systems and technology," the agency said in a statement. Musk, the world's richest man, has been tasked by U.S. President Donald Trump to identify fraud and waste in government. Musk has in a matter of days been able to exert unprecedented control over America's 2.2-million-member federal workforce and begin a dramatic reshaping of government . Advertisement * Scroll to continue Report this ad "We are taking a thoughtful approach to see where there may be opportunities for more effective and efficient use of resources in line with meeting the goals of President Trump," the CMS statement said. CMS regularly deals with improper payments that represent fraud or abuse but might also be due to a state, contractor, or provider missing an administrative step. The development was first reported on Wednesday by the Wall Street Journal, which citing people familiar with the matter, said DOGE representatives had gained access to key payment and contracting systems. 00:05Trans athletes weigh in on Trump's executive order The representatives have been on site at the agency's offices this week and are looking at the technology on which the systems run, as well as the spending that flows through them, with a focus on pinpointing what they consider fraud or waste, according to the report, . DOGE representatives are also examining the agency's organizational design and how it is staffed, the WSJ said. Referencing the WSJ report, Musk - without providing evidence -- posted "this is where the big money fraud is happening," on social media platform X, which he owns. When asked about DOGE accessing CMS payment and contracting systems, representatives for the White House did not address specifics but defended Musk and DOGE's actions overall, saying they were fulfilling Trump's commitment to make the federal government more accountable. One of the systems accessed by the DOGE representatives, the WSJ reported, is the CMS Acquisition Lifecycle Management system, which includes information about contracts. The report, citing one of the people familiar with the DOGE's work at CMS, said that Musk's allies have not been given access to databases that include identifiable personal health information of Medicare or Medicaid enrollees. The DOGE's access is "read-only," meaning that its affiliates cannot make changes to the systems, the WSJ reported. The U.S. Treasury said on Tuesday that Musk's team has been granted "read-only access" to its payment system codes but denied that this cut off any government payments, including those of Social Security or Medicare. Keep up with the latest medical breakthroughs and healthcare trends with the Reuters Health Rounds newsletter. Sign up here. Reporting by Sriparna Roy and Christy Santhosh in Bengaluru, Ahmed Aboulenein in Washington; Editing by Alan Barona, Shounak Dasgupta and Deepak Babington Elon Musk's DOGE examines systems at $1.5 trillion Medicare and Medicaid agency [Portrait of Ken Alltucker]Ken Alltucker USA TODAY 2/5/2025 Elon Musk's Department of Government Efficiency representatives are at the Centers for Medicare & Medicaid Services this week examining payment and contracting systems of federal health agency. Two senior agency veterans focused on policy and operations are working with DOGE to review the agency overseeing Medicare and Medicaid, which provide health insurance for about 1 in 4 Americans, according to a U.S. Department of Health and Human Services spokesman. "We are taking a thoughtful approach to see where there may be opportunities for more effective and efficient use of resources in line with meeting the goals of President Trump," Andrew G. Nixon, HHS' director of communications, said via email. DOGE representatives have been at the agency's offices this week examining CMS's technology systems and spending, focusing on signs of fraud or waste, the Wall Street Journal reported. DOGE is also examining the CMS's organizational design and staffing. In response to a repost of the WSJ report Wednesday on his social media site X, Musk tweeted, "Yeah, this is where the big money fraud is happening." DOGE, run by billionaire tech entrepreneur Musk, is working to scrutinize costs across the federal government, gaining access to systems at agencies such as the Treasury Department and the U.S. Agency for International Development. The DOGE review comes as at least 20,000 federal employees have accepted a buyout offer President Donald Trump made to the entire federal workforce before Thursday's deadline, a White House official said Tuesday. CMS is among the world's largest purchasers of health care with $1.5 trillion in outlays during fiscal 2024, according to the agency's annual financial report. CMS and its contractors process more than one billion Medicare claims each year, monitor health care quality through inspections at hospitals and nursing homes and provide states with matching funds for Medicaid, the federal-state health program that covers low income families. Medicare, the federal health program for adults 65 and over and the disabled, covers about 68 million people while Medicaid covers 73 million people. Trump has tapped celebrity doctor and former Congressional candidate Mehmet Oz to lead CMS. The Senate has not yet confirmed Oz. On Tuesday, the Senate Finance Committee advanced Robert F. Kennedy's nomination to lead HHS, which oversees CMS. The Senate still must approve Kennedy's nomination. Musk's team accesses Medicare, Medicaid records Axios 2/5/2025 Elon Musk's Department of Government Efficiency has gained access to the inner workings of Health and Human Services, including data systems of the agency that manages a nearly $2 trillion budget, handles Medicare and Medicaid benefits and runs the National Institutes of Health, the world's biggest biomedical research institution. Why it matters: As they march through the federal bureaucracy, Musk and his team now have a seemingly unfiltered view of the sensitive inner workings of much of U.S. health care. * DOGE is looking for examples of waste, fraud and abuse as it pursues "opportunities for more effective and efficient use of resources" at the Centers for Medicare and Medicaid Services, an agency spokesperson said. * But it's not clear how wide a net it's casting or how it's defining those words. State of play: Two senior agency staff, one focused on policy and one focused on operations, are leading collaborative efforts with DOGE and "ensuring appropriate access to CMS systems and technology," a CMS spokesperson said Wednesday. * DOGE team members have also visited the Atlanta offices of the Centers for Disease Control and Prevention and asked for sensitive information from the agencies, the Washington Post reported. * DOGE staff have been given read-only access to a database including information on contracts the agency maintains, according the Wall Street Journal, which first reported on DOGE entering CMS. * WSJ reported that DOGE is also looking at the technology used by CMS and its organizational structure. * CMS did not respond to questions on specific systems DOGE staff have access to, or how long the review is expected to last. What they're saying: "Yeah, this is where the big money fraud is happening," Musk wrote on X Wednesday, referring to DOGE going into Medicare systems. The definition of abuse or waste "is really in the eye of the beholder," Chris Meekins, managing director at Raymond James, wrote in a client note. * For example, Medicare advisers to Congress argue the government is overpaying privately administrated Medicare Advantage plans that now cover more than half of the country's seniors. But insurers and other policymakers and advisers disagree that the government is wasting money in that space. * DOGE has said it wants to save $2 trillion in government spending, which is virtually impossible to do without making cuts to health spending. But President Trump told reporters last week that his administration won't touch Social Security, Medicare or Medicaid unless it finds abuse or waste. * "The people won't be affected," Trump said. Reality check: The federal government has long-established channels for rooting out overspending and wrongdoing in health programs. They recoup billions of taxpayer dollars each year. * HHS inspectors recovered $7.13 billion for the federal government in misspent taxpayer funds during fiscal year 2024. The Justice Department brought in another $1.7 billion in settlements and judgments from health care-related litigation on false claims. * Trump fired HHS inspector general Christi Grimm last week. Yes, but: The Government Accountability Office said in an April report that the federal government can do more to stop improper payments in Medicare and Medicaid. * The two programs accounted for 43% of improper payments made throughout federal agencies in 2023, according to GAO. * Conservative health wonks are optimistic that DOGE can bring positive change to government-run health programs. * "It is a no-brainer for DOGE to focus on problems in this area and it's long overdue," Brian Blase, president of health policy think tank Paragon Health Institute, told Axios. ------------------------------ Date: Thu, 6 Feb 2025 11:41:52 -0800 From: Peter Neumann Subject: White House seeks public input on AI strategy (Axios) https://www.axios.com/2025/02/06/trump-white-house-ai-action-plan Request for Information on the Development of an Artificial Intelligence (AI) Action Plan https://www.federalregister.gov/documents/2025/02/06/2025-02305/request-for-information-on-the-development-of-an-artificial-intelligence-ai-action-plan ------------------------------ Date: Mon, 27 Jan 2025 08:12:31 -0800 From: Kent Borg Subject: Re: AI in medicine (Jim Geissman) > At one point I heard him tell his phone "load the annual physical > macro". JRG I think it is time to get a new doctor. ------------------------------ Date: Tue, 28 Jan 2025 18:47:27 +0200 From: Amos Shapir Subject: Re: Eutelsat resolves OneWeb leap-year software glitch after two-day outage (Bacher, RISKS-34.53) > The error was failing to identify 2024 as a leap year but the problem > didn't occur until now? > Not on 29 February 2024? The software was probably using a day-of-the-year number, and wasn't prepared to deal with 366. ------------------------------ Date: Sat, 28 Oct 2023 11:11:11 -0800 From: RISKS-request@csl.sri.com Subject: Abridged info on RISKS (comp.risks) The ACM RISKS Forum is a MODERATED digest. Its Usenet manifestation is comp.risks, the feed for which is donated by panix.com as of June 2011. => SUBSCRIPTIONS: The mailman Web interface can be used directly to subscribe and unsubscribe: http://mls.csl.sri.com/mailman/listinfo/risks => SUBMISSIONS: to risks@CSL.sri.com with meaningful SUBJECT: line that includes the string `notsp'. Otherwise your message may not be read. *** This attention-string has never changed, but might if spammers use it. => SPAM challenge-responses will not be honored. Instead, use an alternative address from which you never send mail where the address becomes public! => The complete INFO file (submissions, default disclaimers, archive sites, copyright policy, etc.) has moved to the ftp.sri.com site: . *** Contributors are assumed to have read the full info file for guidelines! => OFFICIAL ARCHIVES: http://www.risks.org takes you to Lindsay Marshall's delightfully searchable html archive at newcastle: http://catless.ncl.ac.uk/Risks/VL.IS --> VoLume, ISsue. Also, ftp://ftp.sri.com/risks for the current volume/previous directories or ftp://ftp.sri.com/VL/risks-VL.IS for previous VoLume If none of those work for you, the most recent issue is always at http://www.csl.sri.com/users/risko/risks.txt, and index at /risks-34.00 ALTERNATIVE ARCHIVES: http://seclists.org/risks/ (only since mid-2001) *** NOTE: If a cited URL fails, we do not try to update them. Try browsing on the keywords in the subject line or cited article leads. Apologies for what Office365 and SafeLinks may have done to URLs. ==> Special Offer to Join ACM for readers of the ACM RISKS Forum: ------------------------------ End of RISKS-FORUM Digest 34.54 ************************