approved: zorkler Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit precedence: bulk Subject: Risks Digest 34.62 RISKS-LIST: Risks-Forum Digest Sunday 11 May 2025 Volume 34 : Issue 62 ACM FORUM ON RISKS TO THE PUBLIC IN COMPUTERS AND RELATED SYSTEMS (comp.risks) Peter G. Neumann, founder and still moderator ***** See last item for further information, disclaimers, caveats, etc. ***** This issue is archived at as The current issue can also be found at Contents: The Newark Airport Crisis Started When Controllers Lost Contact With Planes (NY Mag) Newark Air Traffic Control Faces Risks (The NY Times) `Everybody's worst nightmare': Air traffic controllers say outages have become too frequent (NBC News) Iberian Electric Grid Blackout 4/28/2025 Grid Engineering Presentation (YouTube) Self-Driving Cars Have New Rules in the U.S. Here' Why That Matters (Scientific American) Cable Theft in Spain Disrupts Train Travel for Thousands (NY Times) Rejoice! Carmakers Are Embracing Physical Buttons Again (WiReD) Apple, Meta Fined for Breach of EU Law (Reuters) Draft Executive Order Outlines Plan to Integrate AI into K-12 Schools (Frances Vinall) U.S. Asks Judge to Break Up Google (David McCabe) North Koreans Use Real-time Deepfakes to Secure Remote Jobs (Cyber Security News) Italian Newspaper Gives Free Rein to AI (Crispian Balmer) FBI Says Cybercrime Costs Surpassed $16 Billion in 2024 (Raphael Satter) Ransomware site gets hacked (via Victor Miller) Airlines Are Collecting Your Data And Selling It To ICE (LeverNews) Millions of Canadians' health data available for sale to pharmaceutical industry, study shows (CBC) Everyone Is Cheating Their Way Through College (NYMag) DOGE aims to pool federal data, putting personal information at risk (WashPost) The leaning tower of arrogance (Lucian Truscott) Hegseth's Use of Passwords Raises New Security Concerns (NY Times) DOGE software engineer's computer infected by info-stealing malware (ArsTechnica) New Zealand's prime minister proposes social media ban for under-16s (The Guardian) Satya Nadella says as much as 30% of Microsoft code is written by AI (CNBC) Google Plans to Roll Out Gemini AI Chatbot to Children Under 13 (The New York Times) Hilarious Google AI Overview stupidity, as demonstrated regarding the film *Our Man Flint* (Lauren Weinstein) California Supreme Court orders state bar to revert to national exams after testing debacle (LA Times) Open-Source projects are being inundated with AI-garbage "bug" reports -- here's one example. (ArsTechnica) A Staggering Number of Gen Z Think AI Is Already Conscious (via geoff) After an Arizona man was shot, an AI video of him addresses his killer in court (NPR) AT&T ending text to e-mail gateway (via PGN) Apple, Meta Fined for Breach of EU Law (Reuters) Draft Executive Order Outlines Plan to Integrate AI into K-12 Schools (Frances Vinall) U.S. Asks Judge to Break Up Google (David McCabe) North Koreans Use Real-time Deepfakes to Secure Remote Jobs (Cyber Security News) In 2025, venture capital can't pretend everything is fine any more (Pivot to AI) Italian Newspaper Gives Free Rein to AI (Crispian Balmer) FBI Says Cybercrime Costs Surpassed $16 Billion in 2024 (Raphael Satter) Ransomware site gets hacked (via Victor Miller) Colorado postal worker pleads guilty to rigging 2024 presidential election (two items from Jim H, The Gateway Pundit) New Zealand's prime minister proposes social media ban for inder-16s (The Gurdian) A Staggering Number of Gen Z Think AI Is Already Conscious (via geoff goodfellow) After an Arizona man was shot, an AI video of him addresses his killer in court (NPR) School boards hit with ransom demands linked to PowerSchool cyberattack (Matthew Kruk) UnitedHealth's Move to End Cyberattack Loan Lifeline Upsets Medical Providers (The New York Times) Ransomware site gets hacked (via Victor Miller) Anthropic CEO Admits We Have No Idea How AI Works (Futurism) Next time you're loading nuclear weapons ... (YouTube via Lauren Weinstein)) Voice clones pose an 'existential crisis' for actors: 'It's a violation of our humanity' (LA Times) Van freed after being trapped in car park for more than two years (BBC) Abridged info on RISKS (comp.risks) ---------------------------------------------------------------------- Date: Tue, 6 May 2025 22:44:35 -0700 From: Steve Bacher Subject: The Newark Airport Crisis Started When Controllers Lost Contact With Planes (NY Mag) The reason for the delays at Newark airport are worse than you thought. Last Monday, the air-traffic controllers union stated that they lost all contact with planes flying into Newark. Since last Monday [28 May 2025], Newark Liberty Airport has been a mess, with as many as 30 percent of flights delayed and 10 percent canceled each day. The acute problem was reported by the press as a walkout among a group of air-traffic controllers who stopped working over the weekend due to chronic labor shortages faced in the industry. One air-traffic controller told MSNBC that it was “not safe to fly” into the nation’s 12th-busiest airport. A week later, the real cause for the delays —- and that controller’s alarm -— became known. [...] https://nymag.com/intelligencer/article/newark-airport-lost-contact-with-incoming-planes-last-monday.html EARLIER ITEM: The breakdown that resulted in air traffic controllers losing communications with the pilots of planes they were guiding into Newark International Airport has happened at least two other times since August 2024, a current veteran controller told NBC News. https://www.nbcnews.com/news/us-news/newark-air-traffic-control-lost-contact-pilots-least-twice-source-says-rcna205126 ------------------------------ Date: Wed, 7 May 2025 20:36:31 -0700 From: Rob Wilcox Subject: Newark Air Traffic Control Faces Risks (The NY Times) Newark airport in New Jersey is very busy. People arrive in the New York City metro at large capacity airports JFK, La Guardia and Newark. All are connected to the NYC subway and other ground transportation systems. Newark is having technical and people management problems, resulting in serious stress on the air traffic controllers and severe safety incidents. It is a life-safety risk, thankfully no loss of life to date from the system failures. "On a recent afternoon in Philadelphia, an air traffic controller began shouting that he had lost his radar feed for planes flying in and out of Newark Liberty International Airport. Some of his colleagues still had radar but their radios went dead, prompting frantic calls to their counterparts in New York urging them to keep their planes away from Newark's airspace. Then, for 30 harrowing seconds until the radios came back, there was nothing more to do but hope -- as they had no means of telling pilots how to avoid crashing their planes into one another. Shortly after that, one controller discovered a trainee, who had been directing Newark traffic under supervision just moments earlier, shaking in the hallway." (Article continues...) https://www.nytimes.com/2025/05/07/us/politics/newark-airport-delays.html?unlocked_article_code=1.Fk8.UbbZ.muh2c0UQhb_f&smid=url-share ------------------------------ Date: Thu, 8 May 2025 06:39:45 -0700 From: Steve Bacher Subject: `Everybody's worst nightmare': Air traffic controllers say outages have become too frequent (NBC News) (The latest update on the Newark story. This one contains lots of detail.) Days after an equipment malfunction left planes flying blind over Newark airport, worried pilots and air traffic controllers are imploring the FAA to fix aging infrastructure. https://www.nbcnews.com/news/us-news/air-traffic-controllers-say-outages-become-frequent-rcna205418 ------------------------------ Date: Sat, 10 May 2025 10:10:04 -0700 From: Rob Wilcox Subject: Iberian Electric Grid Blackout 4/28/2025 Grid Engineering Presentation (YouTube) The electric grid is a complex system to deliver an invisible commodity just in time between generators and each individual load, safely and reliably. My interests include the grid operator interface, control systems, markets, and the internal culture. If the generation is greater than the load, the 50 or 60Hz frequency increases, if the generation is less than the load the frequency decreases. If the frequency is too high, or low, the generators disconnect themselves to prevent mechanical damage. The control systems also manage Voltage, and the relative phase of the Voltage and current. The real time operators watch over nested layers of distributed control systems and have preplanned processes to bring the system back to stability. If generators begin to take themselves offline, that can lead to a cascading loss of more generators until the grid goes dark, or divides into dark and operating islands. Once the grid goes dark, the operators have preplanned processes to open switches to make the dark areas into islands. Then the black start generators are turned on as each island is energized, in exact balance of load and generation. Operators train on black start, generation control, failure response, and planned maintenance switching on grid simulators. It has similarities to airplane pilot training. On Monday April 28, there was a large grid blackout. The grid is instrumented with the state of every switch, loads, and generator performance, and sub-second data from synchrophasors, so the data on what happened is there to be analyzed. It is like a much, much, more detailed flight data recorder. Risks readers may enjoy this early readout on what is known so far in very technical grid terminology. It is a good look into the culture of the grid. The electricity system is a local monopoly. The result is that there is continuous cooperation to improve it, rather than competition found in other industries. https://www.youtube.com/watch?v=LNStOXAsiDo ------------------------------ Date: Sat, 03 May 2025 00:28:19 +0000 From: Richard Marlon Stein Subject: Self-Driving Cars Have New Rules in the U.S. Here' Why That Matters (Scientific American) https://www.scientificamerican.com/article/self-driving-cars-have-new-rules-in-the-u-s-heres-why-that-matters/ Diminished reporting requirements entrenches corporate accountability avoidance for minor accidents and injuries. Sunshine is the best disinfectant. ------------------------------ Date: Mon, 5 May 2025 07:33:16 -0700 From: "Jim" Subject: Cable Theft in Spain Disrupts Train Travel for Thousands (NY Times) More than 10,000 people were left stranded in Spain after cable thefts along a train route and a technical issue disrupted high-speed rail travel on Sunday and Monday, officials said. It was the latest ordeal for Spain, which is still reeling from a power outage last week, one of the worst in recent European history. The cause of the blackout remains unclear. Oscar Puente, the transport minister, called the thefts a "serious act of sabotage" in a social media post . Mr. Puente said that the Spanish national police force was investigating thefts at five locations on the line between Madrid and Seville. He said those were partly responsible for widespread travel interruptions on Sunday, which is observed as Mother's Day in Spain. It was unclear who had stolen the cables, and why, but Mr. Puente described the episode as a theft of "low-value cable" most likely meant to cause havoc. ------------------------------ Date: Sat, 10 May 2025 07:13:52 -0700 From: Steve Bacher Subject: Rejoice! Carmakers Are Embracing Physical Buttons Again (WiReD) Amazingly, reaction times using screens while driving are worse than being drunk or high—no wonder 90 percent of drivers hate using touchscreens in cars. Finally the auto industry is coming to its senses. https://www.wired.com/story/why-car-brands-are-finally-switching-back-to-buttons/ (Another rare piece of good news reducing risks.) ------------------------------ Date: Wed, 23 Apr 2025 11:29:38 -0400 (EDT) From: ACM TechNews Subject: Apple, Meta Fined for Breach of EU Law (Reuters) Foo Yun Chee and Jan Strupczewski, Reuters (04/23/25). via ACM TechNews The European Commission on Wednesday fined Apple 500 million euros (US$568 million) and fined Meta 200 million euros (US$227 million) in its first sanctions under the Digital Markets Act (DMA). The EC said Apple must remove restrictions that prevent app developers from steering users to cheaper deals outside the App Store, and that Meta's binary pay-or-consent model breached the DMA. ------------------------------ Date: Wed, 23 Apr 2025 11:29:38 -0400 (EDT) From: ACM TechNews Subject: Draft Executive Order Outlines Plan to Integrate AI into K-12 Schools (Frances Vinall) The Washington Post (04/22/25) Frances Vinall A draft circulated by the White House to several federal agencies on Monday suggests U.S. President Trump is considering an executive order that would create a policy integrating AI into K-12 schools. Under the draft executive order, federal agencies would be instructed to take steps to train students in using AI and to incorporate it into teaching-related tasks. The agencies would also be asked to partner with the private sector to develop relevant programs in schools. ------------------------------ Date: Wed, 23 Apr 2025 11:29:38 -0400 (EDT) From: ACM TechNews Subject: U.S. Asks Judge to Break Up Google (David McCabe) David McCabe, The New York Times (04/21/25) The U.S. Department of Justice on Monday said the best way to address Google's monopoly in Internet search was to force it to sell its Chrome Web browser. Judge Amit P. Mehta of the U.S. District Court for D.C. ruled in August that Google had broken antitrust laws to maintain its dominance in online search. He is now hearing arguments from the government and the company over how to best fix Google's monopoly and is expected to order "remedies" by the end of the summer. ------------------------------ Date: Wed, 23 Apr 2025 11:29:38 -0400 (EDT) From: ACM TechNews Subject: North Koreans Use Real-time Deepfakes to Secure Remote Jobs (Cyber Security News) Tushar Subhra Dutta, Cyber Security News (04/21/25) Researchers at Palo Alto Networks' Unit 42 found North Korean threat actors are shifting from the use of static fake profiles and stolen credentials to real-time deepfake technology to secure remote IT jobs at companies across the globe. The technology could enable a single threat actor to interview for the same position several times through the use of multiple synthetic personas. ------------------------------ Date: Sat, 3 May 2025 15:49:37 -0400 From: Gabe Goldberg Subject: In 2025, venture capital can't pretend everything is fine any more (Pivot to AI) Venture capital is screwed. A bubble in AI is their last hope, and they’re betting everything on Sam Altman. It’s heartwarming. https://pivot-to-ai.com/2025/05/03/in-2025-venture-capital-cant-pretend-everything-is-fine-any-more/ ------------------------------ Date: Wed, 23 Apr 2025 11:29:38 -0400 (EDT) From: ACM TechNews Subject: Italian Newspaper Gives Free Rein to AI (Crispian Balmer) Crispian Balmer, Reuters (04/18/25), via ACM TechNews Claudio Cerasa, editor of Italian newspaper Il Foglio, said a four-page daily insert written entirely by mAI and sold with the normal newspaper over a one-month span led to increased sales, prompting it to publish a separate weekly section written by AI. Cerasa said AI would not replace journalists in his newsroom and praised the AI program's sense of irony and ability to produce insightful book reviews within minutes, but added that the program lacked critical thinking and occasionally generated content with factual errors. ------------------------------ Date: Fri, 25 Apr 2025 11:56:22 -0400 (EDT) From: ACM TechNews Subject: FBI Says Cybercrime Costs Surpassed $16 Billion in 2024 (Raphael Satter) Raphael Satter, Reuters (04/23/25), via ACM TechNews The Internet Crime Complaint Center of the U.S. Federal Bureau of Investigation (FBI) said global cybercrime costs topped $16 billion in 2024, up a third from the prior year. Low-tech, tech support, and romance scams accounted for much of the losses, according to an FBI report based on almost 860,000 complaints, most from the U.S. The FBI noted that its calculations were incomplete, especially regarding ransomware. [Just a thought: Would better hardware and software that are more trustworthy help reduce the cost? Probably, but nothing is ever perfect, and even wonderful security is easily misused. PGN] ------------------------------ Date: Fri, 9 May 2025 15:20:08 -0700 From: Victor Miller Subject: Ransomware site gets hacked https://www.linkedin.com/posts/james-o-grady_one-of-the-most-notorious-and-sophisticated-activity-7326109077397225472-OukT?utm_medium=ios_app&rcm=ACoAAADHYOoBr9Q9zY2nReul35WI_rVdMGowBNY&utm_source=social_share_send&utm_campaign=copy_link ------------------------------ Date: Fri, 9 May 2025 15:15:40 -0600 From: Matthew Kruk Subject: Airlines Are Collecting Your Data And Selling It To ICE (LeverNews) https://www.levernews.com/airlines-are-collecting-your-data-and-selling-it-to-ice/ An aviation industry clearinghouse is collecting passenger information from billions of past and future flights and selling it to Trump's immigration enforcers. A massive aviation industry clearinghouse that processes data for 12-billion passenger flights per year is selling that information to the Trump administration amid the White House's new immigration crackdown, according to documents reviewed by The Lever. The data -- including full flight itineraries, passenger name records, and financial details, which are otherwise difficult or impossible to obtain for past and future flights -- is fed into a secretive government intelligence operation called the Travel Intelligence Program and provided to Immigration and Customs Enforcement (ICE) and other federal agencies, records reveal. Details of this program were outlined in procurement documents released Wednesday by ICE, which is a division of the Department of Homeland Security. ------------------------------ Date: Fri, 9 May 2025 06:32:50 -0600 From: Matthew Kruk Subject: Millions of Canadians' health data available for sale to pharmaceutical industry, study shows (CBC) https://www.cbc.ca/news/health/health-data-records-pharmaceutical-private-clinics-1.7529955 Going to the doctor can involve sharing your most personal information, including details about your health, medical history and prescriptions. It all ends up in your medical record -- but a new study by researchers at Women's College Hospital in Toronto found that in some cases, private companies are accessing parts of that data and selling it to pharmaceutical companies. ------------------------------ Date: Thu, 8 May 2025 15:38:18 -0700 From: Steve Bacher Subject: Everyone Is Cheating Their Way Through College (NY Mag) (Long read but worth it.) In only two years, ChatGPT and the surge of AI-generated cheating from college students it has created have unraveled the entire academic project. https://nymag.com/intelligencer/article/openai-chatgpt-ai-cheating-education-college-students-school.html [As we have often suggested here, individualized education is worth its weight in gold [medals? The same is true for health care and many other disciplines. PGN.] ------------------------------ Date: Wed, 7 May 2025 16:30:32 -0700 From: "Jim" Subject: DOGE aims to pool federal data, putting personal information at risk (WashPost) The goal -- a centralized system with unprecedented access to data about Social Security, taxes, medical diagnoses and other private information -- would create a multitude of vulnerabilities, experts say. The U.S. DOGE Service is racing to build a single centralized database with vast troves of personal information about millions of U.S. citizens and residents, a campaign that often violates or disregards core privacy and security protections meant to keep such information safe, government workers say. The team overseen by Elon Musk is collecting data from across the government, sometimes at the urging of low-level aides, according to multiple federal employees and a former DOGE staffer, who all spoke on the condition of anonymity for fear of reprisals. The intensifying effort to unify systems into one central hub aims to advance multiple Trump administration priorities, including finding and deporting undocumented immigrants and rooting out fraud in government payments. And it follows a March executive order to eliminate "information silos" as DOGE tries to streamline operations and cut spending. At several agencies, DOGE officials have sought to merge databases that had long been kept separate, federal workers said. For example, longtime Musk lieutenant Steve Davis told staffers at the Social Security Administration that they would soon start linking various sources of Social Security data for access and analysis, according to a person briefed on the conversations, with a goal of "joining all data across government." Davis did not respond to a request for comment. https://www.washingtonpost.com/business/2025/05/07/doge-government-data-immigration-social-security/ ------------------------------ Date: Sun, 4 May 2025 23:06:03 -0400 From: Gabe Goldberg Subject: The leaning tower of arrogance (Lucian Truscott) Well, that didn't take long. An enterprising hacker has already penetrated whatever security that supposedly protected the third-party communications app used by Mike Waltz to send text messages on Signal to the Secretary of State, the Vice President and the Director of National Intelligence during the White House cabinet meeting last week. The hack was reported earlier today by 404 Media, the new journalism website covering cybersecurity, the intelligence and surveillance business, and other topics involving the rapidly changing terrain of the tech industry. https://luciantruscott.substack.com/p/the-leaning-tower-of-arrogance ------------------------------ Date: Wed, 7 May 2025 15:36:09 -0400 From: Jan Wolitzky Subject: Hegseth's Use of Passwords Raises New Security Concerns (NY Times) Some of the passwords that Defense Secretary Pete Hegseth used to register for websites were exposed in cyberattacks on those sites and are available on the Internet, raising new questions about his use of personal devices to communicate military information. Mr. Hegseth did not appear to use those passwords for sensitive accounts, like banking. But at least one password appears to have been used multiple times for different personal email accounts maintained by Mr. Hegseth. If hackers gain access to email accounts, they can often reset other passwords. Like many Americans, Mr. Hegseth appears to have reused passwords to remember them more easily. At least one of them is, or was, a simple, lower-case alphanumeric combination of letters followed by numbers, potentially representing initials and a date. The same password was leaked in two separate breaches of personal email accounts, one in 2017 and another in 2018. https://www.nytimes.com/2025/05/07/us/politics/hegseth-phone-security.html [Longer version submitted by Jim Geissman. PGN] ------------------------------ Date: Fri, 9 May 2025 07:04:09 -0700 From: "Jim" Subject: DOGE software engineer's computer infected by info-stealing malware (ArsTechnica) Login credentials belonging to an employee at both the Cybersecurity and Infrastructure Security Agency and the Department of Government Efficiency have appeared in multiple public leaks from info-stealer malware, a strong indication that devices belonging to him have been hacked in recent years. Kyle Schutt is a 30-something-year-old software engineer who, according to Dropsite News, gained access in February 2025 to a "core financial management system" belonging to the Federal Emergency Management Agency. As an employee of DOGE, Schutt accessed FEMA's proprietary software for managing both disaster and non-disaster funding grants. Under his role at CISA, he likely is privy to sensitive information regarding the security of civilian federal government networks and critical infrastructure throughout the U.S. A steady stream of published credentials According to journalist Micah Lee , user names and passwords for logging in to various accounts belonging to Schutt have been published at least four times since 2023 in logs from stealer malware. Stealer malware typically infects devices through trojanized apps, phishing, or software exploits. Besides pilfering login credentials, stealers can also log all keystrokes and capture or record screen output. The data is then sent to the attacker and, occasionally after that, can make its way into public credential dumps. https://arstechnica.com/security/2025/05/doge-software-engineers-computer-infected-by-info-stealing-malware/ ------------------------------ Date: Mon, 5 May 2025 20:44:19 -0700 From: "Jim" Subject: New Zealand's prime minister proposes social media ban for under-16s (The Guardian) The draft bill is modeled on Australian laws and would force digital platforms to verify the age of users or face heavy fines New Zealand's prime minister has proposed banning children under 16 years old from using social media, in an effort to protect young people from harms account, or face fines of up to NZ$2m ($1.2m). While good things could come from social media, it was not always a safe place for young people and the onus was on tech companies to be socially responsible, Luxon said. "This is about protecting our children. It's about making sure social media companies are playing their role in keeping our kids safe," Luxon said. Teachers and parents had raised issues with him including cyberbullying, exposure to violent and inappropriate content, exploitation and social media addiction. "Parents are constantly telling us that they are really worried about the impact that social media is having on their children," Luxon said. "And they say they are really struggling to manage access to social media." The author of the bill, National MP Catherine Wedd, said there are no legally enforceable age verification measures for social media platforms in New Zealand and her bill would better support families to have oversight of their children's online use. The Guardian 5 May 2025 ------------------------------ Date: Wed, 30 Apr 2025 08:50:41 -0700 From: "Jim" Subject: Satya Nadella says as much as 30% of Microsoft code is written by AI (CNBC) https://www.cnbc.com/2025/04/29/satya-nadella-says-as-much-as-30percent-of-microsoft-code-is-written-by-ai.html=20 [When will AI-generated code be memory-safe? Perhaps when evidence-based AI arrives in the next century? PGN] ------------------------------ Date: Sun, 4 May 2025 02:13:20 -0400 From: Gabe Goldberg Subject: Google Plans to Roll Out Gemini AI Chatbot to Children Under 13 (The New York Times) The tech giant said it would make its Gemini chatbot available to children next week, and warned families in an email about the changes. Google plans to roll out its Gemini artificial intelligence chatbot next week for children under 13 who have parent-managed Google accounts, as tech companies vie to attract young users with AI products. “Gemini Apps will soon be available for your child,” the company said in an email this week to the parent of an 8-year-old. “That means your child will be able to use Gemini” to ask questions, get homework help and make up stories. The chatbot will be available to children whose parents use Family Link, a Google service that enables families to set up Gmail and opt into services like YouTube for their child. To sign up for a child account, parents provide the tech company with personal data like their child’s name and birth date. Gemini has specific guardrails for younger users to hinder the chatbot from producing certain unsafe content, said Karl Ryan, a Google spokesman. When a child with a Family Link account uses Gemini, he added, the company will not use that data to train its A.I. Introducing Gemini for children could accelerate the use of chatbots among a vulnerable population as schools, colleges, companies and others grapple with the effects of popular generative AI technologies. Trained on huge amounts of data, these systems can produce humanlike text and realistic-looking images and videos. Google and other AI chatbot developers are locked in a fierce competition to capture young users. President Trump recently urged schools to adopt the tools for teaching and learning. Millions of teenagers are already using chatbots as study aids, writing coaches and virtual companions. Children’s groups warn the chatbots could pose serious risks to child safety. The bots also sometimes make stuff up. https://www.nytimes.com/2025/05/02/technology/google-gemini-ai-chatbot-kids.html?smid=nytcore-ios-share&referringSource=articleShare [Maybe we need a department of education again? PGN] ------------------------------ Date: Sat, 3 May 2025 17:56:22 -0700 From: Lauren Weinstein To: nnsquad-dist@vortex.com Subject: Hilarious Google AI Overview stupidity, as demonstrated regarding the film *Our Man Flint* In the classic 1966 James Bond parody "Our Man Flint" starring James Coburn, the following exchange takes place between the debonair Flint and intelligence agency head Cramden: Cramden: Your code book. Flint: If you don't mind, sir, I'd prefer to use my own personal code. Cramden: I'd much rather you use the government code. Flint: I already know mine, sir. It's a mathematical progression, 40-26-36. It's based on ... Cramden: I can imagine what it's based on. A cab driver in France later makes the same statement, when Flint describes those three numbers as being the basis of his "lottery system". Yes, we can imagine what it's based on -- because, well, we're human beings. Now, what happens if you ask Google Search about this? What does the Google Brain AI Overview have to say about why Flint has based his code on those particular three numbers? Hilariously, Google AI makes up convoluted and 100% wrong sets of conclusions, having absolutely nothing to do with reality. It doesn't have a damned clue, so it just makes up nonsense. THIS is the fundamental flaw in the entire Big Tech generative AI scam! bonus! How many fingers and toes? [I kept this separate: Note in the answers referenced previously, how many fingers and toes Google AI thinks humans have total on their bodies? 40! Yup. Dumber than a brick. -L] ------------------------------ Date: Sun, 4 May 2025 07:07:41 -0700 From: Steve Bacher Subject: California Supreme Court orders state bar to revert to national exams after testing debacle (LA Times) The State Bar of California announced Friday that its embattled leader, who has faced growing pressure to resign over the botched February roll out of a new bar exam, will step down in July. https://www.latimes.com/california/story/2025-05-02/california-state-bar-leader-to-step-down-after-exam-fiasco (This is an update on the ongoing story of using AI to generate bar exam questions.) ------------------------------ Date: Wed, 7 May 2025 09:58:04 -0700 From: Lauren Weinstein Subject: Open-Source projects are being inundated with AI-garbage "bug" reports -- here's one example. https://arstechnica.com/gadgets/2025/05/open-source-project-curl-is-sick-of-users-submitting-ai-slop-vulnerabilities/?utm_brand=arstechnica&utm_social-type=owned&utm_source=mastodon&utm_medium=social ------------------------------ Date: Sat, 10 May 2025 12:42:45 -0700 From: geoff goodfellow Subject: A Staggering Number of Gen Z Think AI Is Already Conscious *Do they... know something we don't?* Generation Z, or the cohort of people born between 1997 and 2012, has a very weird relationship with artificial intelligence. In the latest sign of just how strange things are getting, a new study by the paper-writing service EduBirdie found, upon asking 2,000 Gen Z-ers a battery of questions about AI, that a quarter believe the technology is "already conscious." What's more, 52 percent -- or more than half of the respondents -- think AI is not yet conscious but will become so in the years to come. Plus a whopping 58 percent of the Zoomers surveyed said they think the technology will "take over" the world, and 44 percent said they believe that takeover could happen within the next 20 years. ------------------------------ Date: Sat, 10 May 2025 12:35:13 -0700 From: geoff goodfellow Subject: After an Arizona man was shot, an AI video of him addresses his killer in court (NPR) For two years, Stacey Wales kept a running list of everything she would say at the sentencing hearing for the man who killed her brother in a road rage incident in Chandler, Ariz. But when she finally sat down to write her statement, Wales was stuck. She struggled to find the right words, but one voice was clear: her brother's. "I couldn't help hear his voice in my head of what he would say," Wales told NPR. That's when the idea came to her: to use artificial intelligence to generate a video of how her late brother, Christopher Pelkey, would address the courtroom and specifically the man who fatally shot him at a red light in 2021. On Thursday, Wales stood before the court and played the video -- in what AI experts say is likely the first time the technology has been used in the U.S. to create an impact statement read by an AI rendering of the deceased victim... [...] https://www.npr.org/2025/05/07/g-s1-6464/ai-impact-statement-murder-victim [Also noted by Matthew Kruk. PGN] ------------------------------ Date: Sat, 10 May 2025 07:13:52 -0700 From: Steve Bacher Subject: Rejoice! Carmakers Are Embracing Physical Buttons Again (WiReD) Amazingly, reaction times using screens while driving are worse than being drunk or high—no wonder 90 percent of drivers hate using touchscreens in cars. Finally the auto industry is coming to its senses. https://www.wired.com/story/why-car-brands-are-finally-switching-back-to-buttons/ (Another rare piece of good news reducing risks.) ------------------------------ Date: Sat, 19 Apr 2025 17:03:38 PDT From: Peter Neumann Subject: AT&T ending text to e-mail gateway https://www.att.com/support/article/wireless/KM1061254/ What to know On June 17, 2025, our email-to-text and text-to-email service is going away. This means you wont be able to use email to send or receive texts. Also, others who have AT&T WirelessSM wont be able to use email to send you a text or use text to send you an email. ------------------------------ Date: Wed, 23 Apr 2025 11:29:38 -0400 (EDT) From: ACM TechNews Subject: Apple, Meta Fined for Breach of EU Law (Reuters) Foo Yun Chee and Jan Strupczewski, Reuters (04/23/25). via ACM TechNews The European Commission on Wednesday fined Apple 500 million euros (US$568 million) and fined Meta 200 million euros (US$227 million) in its first sanctions under the Digital Markets Act (DMA). The EC said Apple must remove restrictions that prevent app developers from steering users to cheaper deals outside the App Store, and that Meta's binary pay-or-consent model breached the DMA. ------------------------------ Date: Wed, 23 Apr 2025 11:29:38 -0400 (EDT) From: ACM TechNews Subject: Draft Executive Order Outlines Plan to Integrate AI into K-12 Schools (Frances Vinall) The Washington Post (04/22/25) Frances Vinall A draft circulated by the White House to several federal agencies on Monday suggests U.S. President Trump is considering an executive order that would create a policy integrating AI into K-12 schools. Under the draft executive order, federal agencies would be instructed to take steps to train students in using AI and to incorporate it into teaching-related tasks. The agencies would also be asked to partner with the private sector to develop relevant programs in schools. ------------------------------ Date: Wed, 23 Apr 2025 11:29:38 -0400 (EDT) From: ACM TechNews Subject: U.S. Asks Judge to Break Up Google (David McCabe) David McCabe, The New York Times (04/21/25) The U.S. Department of Justice on Monday said the best way to address Google's monopoly in Internet search was to force it to sell its Chrome Web browser. Judge Amit P. Mehta of the U.S. District Court for D.C. ruled in August that Google had broken antitrust laws to maintain its dominance in online search. He is now hearing arguments from the government and the company over how to best fix Google's monopoly and is expected to order "remedies" by the end of the summer. ------------------------------ Date: Wed, 23 Apr 2025 11:29:38 -0400 (EDT) From: ACM TechNews Subject: North Koreans Use Real-time Deepfakes to Secure Remote Jobs (Cyber Security News) Tushar Subhra Dutta, Cyber Security News (04/21/25) Researchers at Palo Alto Networks' Unit 42 found North Korean threat actors are shifting from the use of static fake profiles and stolen credentials to real-time deepfake technology to secure remote IT jobs at companies across the globe. The technology could enable a single threat actor to interview for the same position several times through the use of multiple synthetic personas. ------------------------------ Date: Wed, 23 Apr 2025 11:29:38 -0400 (EDT) From: ACM TechNews Subject: Italian Newspaper Gives Free Rein to AI (Crispian Balmer) Crispian Balmer, Reuters (04/18/25), via ACM TechNews Claudio Cerasa, editor of Italian newspaper Il Foglio, said a four-page daily insert written entirely by mAI and sold with the normal newspaper over a one-month span led to increased sales, prompting it to publish a separate weekly section written by AI. Cerasa said AI would not replace journalists in his newsroom and praised the AI program's sense of irony and ability to produce insightful book reviews within minutes, but added that the program lacked critical thinking and occasionally generated content with factual errors. ------------------------------ Date: Fri, 25 Apr 2025 11:56:22 -0400 (EDT) From: ACM TechNews Subject: FBI Says Cybercrime Costs Surpassed $16 Billion in 2024 (Raphael Satter) Raphael Satter, Reuters (04/23/25), via ACM TechNews The Internet Crime Complaint Center of the U.S. Federal Bureau of Investigation (FBI) said global cybercrime costs topped $16 billion in 2024, up a third from the prior year. Low-tech, tech support, and romance scams accounted for much of the losses, according to an FBI report based on almost 860,000 complaints, most from the U.S. The FBI noted that its calculations were incomplete, especially regarding ransomware. [Just a thought: Would better hardware and software that are more trustworthy help reduce the cost? Probably, but nothing is ever perfect, and even wonderful security is easily misused. PGN] ------------------------------ Date: Fri, 9 May 2025 15:20:08 -0700 From: Victor Miller Subject: Ransomware site gets hacked https://www.linkedin.com/posts/james-o-grady_one-of-the-most-notorious-and-sophisticated-activity-7326109077397225472-OukT?utm_medium=ios_app&rcm=ACoAAADHYOoBr9Q9zY2nReul35WI_rVdMGowBNY&utm_source=social_share_send&utm_campaign=copy_link ------------------------------ Date: 8 May 2025 From: geoff goodfellow's cell phone Subject: Colorado postal worker pleads guilty to rigging 2024 presidential election (Jim H, The Gateway Pundit) https://www.thegatewaypundit.com/2025/05/colorado-postal-worker-pleads-guilty-rigging-2024-presidential/ 59-year-old Sally Jane Maxedon and 64-year-old Vicki Lyn Stuart were arrested on 6 Nov 2024, accused of stealing Mesa County Ballots. A former U.S. Postal Service employee from Mesa County, Colorado, has admitted to stealing and fraudulently casting mail-in ballots during the 2024 presidential election. Vicki Stuart, 64, entered a guilty plea on 5 May 2025 to charges of identity theft and forgery. The charges stem from a scheme in which Stuart, along with her associate, Sally Jane Maxedon, intercepted mail-in ballots intended for voters, forged signatures, and submitted them as legitimate votes. The duo claimed their actions were intended to test the state’s signature verification system. [Geoff also sent another item in the same text:] Patty McMurray: SEVEN DETROIT RESIDENTS and a Pastor Appear Before MI House Election Integrity Committee to Reveal Shocking First-hand Testimonhy about Massive Election Stealing Scheme (video) [256 comments] ------------------------------ Date: Mon, 5 May 2025 20:44:19 -0700 From: "Jim" Subject: New Zealand's prime minister proposes social media ban for under-16s (The Guardian) The draft bill is modeled on Australian laws and would force digital platforms to verify the age of users or face heavy fines New Zealand's prime minister has proposed banning children under 16 years old from using social media, in an effort to protect young people from harms account, or face fines of up to NZ$2m ($1.2m). While good things could come from social media, it was not always a safe place for young people and the onus was on tech companies to be socially responsible, Luxon said. "This is about protecting our children. It's about making sure social media companies are playing their role in keeping our kids safe," Luxon said. Teachers and parents had raised issues with him including cyberbullying, exposure to violent and inappropriate content, exploitation and social media addiction. "Parents are constantly telling us that they are really worried about the impact that social media is having on their children," Luxon said. "And they say they are really struggling to manage access to social media." The author of the bill, National MP Catherine Wedd, said there are no legally enforceable age verification measures for social media platforms in New Zealand and her bill would better support families to have oversight of their children's online use. The Guardian 5 May 2025 ------------------------------ Date: Sat, 10 May 2025 12:42:45 -0700 From: geoff goodfellow Subject: A Staggering Number of Gen Z Think AI Is Already Conscious *Do they... know something we don't?* Generation Z, or the cohort of people born between 1997 and 2012, has a very weird relationship with artificial intelligence. p In the latest sign of just how strange things are getting, a new study by the paper-writing service EduBirdie found, upon asking 2,000 Gen Z-ers a battery of questions about AI, that a quarter believe the technology is "already conscious." What's more, 52 percent -- or more than half of the respondents -- think AI is not yet conscious but will become so in the years to come. Plus a whopping 58 percent of the Zoomers surveyed said they think the technology will "take over" the world, and 44 percent said they believe that takeover could happen within the next 20 years. ------------------------------ Date: Sat, 10 May 2025 12:35:13 -0700 From: geoff goodfellow Subject: After an Arizona man was shot, an AI video of him addresses his killer in court (NPR) https://www.npr.org/2025/05/07/g-s1-64640/ai-impact-statement-murder-victim For two years, Stacey Wales kept a running list of everything she would say at the sentencing hearing for the man who killed her brother in a road rage incident in Chandler, Ariz. But when she finally sat down to write her statement, Wales was stuck. She struggled to find the right words, but one voice was clear: her brother's. "I couldn't help hear his voice in my head of what he would say," Wales told NPR. That's when the idea came to her: to use artificial intelligence to generate a video of how her late brother, Christopher Pelkey, would address the courtroom and specifically the man who fatally shot him at a red light in 2021. On Thursday, Wales stood before the court and played the video -- in what AI experts say is likely the first time the technology has been used in the U.S. to create an impact statement read by an AI rendering of the deceased victim. [...] https://www.npr.org/2025/05/07/g-s1-64640/ai-impact-statement-murder-victim ------------------------------ Date: Wed, 7 May 2025 21:36:36 -0600 From: Matthew Kruk Subject: School boards hit with ransom demands linked to PowerSchool cyberattack Canada's largest school board and others across North America have received ransom demands connected to the massive PowerSchool cybersecurity breach that hit during the winter break -- this after the company paid hackers a ransom to delete the stolen data. Despite assurances that the data was deleted, it turns out that's not the case, the Toronto District School Board (TDSB) said Wednesday. The board said in an email to families on Wednesday it had received a ransom demand "from a threat actor" using data from the December 2024 breach. ------------------------------ Date: Mon, 5 May 2025 13:39:15 -0400 From: Jan Wolitzky Subject: UnitedHealth's Move to End Cyberattack Loan Lifeline Upsets Medical Providers (The New York Times) The company lent roughly $9 billion to practices affected by a vast cyberattack on its payment systems last year. Medical practices are now suing the health care colossus, saying it is pressuring them to repay funds. https://www.nytimes.com/2025/05/05/health/unitedhealth-cyberattack-loans-lawsuits.html ------------------------------ Date: Fri, 9 May 2025 15:20:08 -0700 From: Victor Miller Subject: Ransomware site gets hacked https://www.linkedin.com/posts/james-o-grady_one-of-the-most-notorious-and-sophisticated-activity-7326109077397225472-OukT?utm_medium=ios_app&rcm=ACoAAADHYOoBr9Q9zY2nReul35WI_rVdMGowBNY&utm_source=social_share_send&utm_campaign=copy_link ------------------------------ Date: Sat, 10 May 2025 12:45:48 -0700 From: geoff goodfellow Subject: Anthropic CEO Admits We Have No Idea How AI Works (Futurism) The CEO of one of the world's leading artificial intelligence labs just said the quiet part out loud: that nobody really knows how AI works. In an essay published to his personal website, Anthropic CEO Dario Amodei announced plans to create a robust "MRI on AI" within the next decade. The goal is not only to figure out what makes the technology tick, but also to head off any unforeseen dangers associated with what he says remains its currently enigmatic nature. "When a generative AI system does something, like summarize a financial document, we have no idea, at a specific or precise level, why it makes the choices it does -- why it chooses certain words over others, or why it occasionally makes a mistake despite usually being accurate," the Anthropic CEO admitted. On its face, it's surprising to folks outside of AI world to learn that the people building these ever-advancing technologies "do not understand how our own AI creations work," he continued -- and anyone alarmed by that ignorance is "right to be concerned." But on another level, maybe it isn't; all the image and text generators that have exploded in popularity over the last few years work under the same principle of feeding in a gigantic pile of data and letting statistical systems mine it for patterns that can be reproduced. The whole thing is driven by ingested human creative works, not from first principles of machine intelligence. "This lack of understanding," Amodei wrote, "is essentially unprecedented in the history of technology." In Amodei's telling, that ignorance about how AI works and what unforeseen risks it may pose is a driving factor behind Anthropic. In late 2020, the CEO and his sister Daniela left OpenAI amid concerns about the Sam Altman-run company's safety practices and in particular, that it was casting aside those concerns in pursuit of profit. The Amoideis and five other ex-OpenAI-ers founded Anthropic the next year to work on building safer AI -- and part of that work seems to have been focused on figuring out the technology's nuts and bolts. [...] https://futurism.com/anthropic-ceo-admits-ai-ignorance ------------------------------ Date: Fri, 9 May 2025 21:00:31 -0700 From: Lauren Weinstein Subject: Next time you're loading nuclear weapons ... (YouTube) https://www.youtube.com/watch?v=Sj4tEj5aV7c Next time you're loading nuclear weapons ... If I've told you guys once I've told you a hundred times! When you're going to load nuclear weapons onto planes, PLEASE follow the official procedures and not some idiotic hallucinatory instructions from Google Gemini AI or other generative AI systems. C'mon, this is just common sense! -L ------------------------------ Date: Sat, 10 May 2025 08:02:38 -0700 From: Steve Bacher Subject: Voice clones pose an 'existential crisis' for actors: 'It's a violation of our humanity' (LA Times) Nearly a dozen voice actors interviewed ... said voice replication technology is reducing paid job opportunities and stripping them of their agency. Many found their voices cloned without their consent, knowledge or compensation. https://www.latimes.com/entertainment-arts/story/2025-03-24/ai-voice-clones-replication-voice-actors-job-loss-siri-tiktok ------------------------------ Date: Fri, 25 Apr 2025 19:36:24 -0700 From: Steve Bacher Subject: Van freed after being trapped in car park for more than two years (BBC) It is thought up to 40 vehicles were left trapped in a car park stack since December 2022. A family business has regained its van after it was trapped in a central London car park for nearly two and a half years. Steve Davies and Mark Lucas collected the vehicle from Rathbone Square's mechanical stacking car park on Thursday afternoon. Mr Davies said he was glad to finally have the van back but HCS Furniture's "coffers are now fairly low" after spending close to £50,000 on renting, then buying, a new van. Rathbone Square's management, CBRE, declined to comment - but the BBC has seen an email that confirmed other trapped vehicles will be released over the next month. One resident in the Rathbone Square development told BBC London up to 40 vehicles were trapped in the stack -- but CBRE did not respond when asked to confirm. A stacked car park is a system in which cars are parked on top of each other using mechanical platforms and lifts to make the most of the available space. Mr Davies and Mr Lucas had been concerned the battery of their electric van would not work, but Mr Lucas said: "It fired up and it had enough juice to drive itself out of the bay - which we're very pleased about as it could've been quite awkward otherwise." Mr Davies said the van will be taken for servicing and assessment of any damage. [...] https://www.bbc.com/news/articles/c20z46p0p6jo ------------------------------ Date: Sat, 28 Oct 2023 11:11:11 -0800 From: RISKS-request@csl.sri.com Subject: Abridged info on RISKS (comp.risks) The ACM RISKS Forum is a MODERATED digest. Its Usenet manifestation is comp.risks, the feed for which is donated by panix.com as of June 2011. => SUBSCRIPTIONS: The mailman Web interface can be used directly to subscribe and unsubscribe: http://mls.csl.sri.com/mailman/listinfo/risks => SUBMISSIONS: to risks@CSL.sri.com with meaningful SUBJECT: line that includes the string `notsp'. Otherwise your message may not be read. *** This attention-string has never changed, but might if spammers use it. => SPAM challenge-responses will not be honored. Instead, use an alternative address from which you never send mail where the address becomes public! => The complete INFO file (submissions, default disclaimers, archive sites, copyright policy, etc.) has moved to the ftp.sri.com site: . *** Contributors are assumed to have read the full info file for guidelines! => OFFICIAL ARCHIVES: http://www.risks.org takes you to Lindsay Marshall's delightfully searchable html archive at newcastle: http://catless.ncl.ac.uk/Risks/VL.IS --> VoLume, ISsue. Also, ftp://ftp.sri.com/risks for the current volume/previous directories or ftp://ftp.sri.com/VL/risks-VL.IS for previous VoLume If none of those work for you, the most recent issue is always at http://www.csl.sri.com/users/risko/risks.txt, and index at /risks-34.00 ALTERNATIVE ARCHIVES: http://seclists.org/risks/ (only since mid-2001) *** NOTE: If a cited URL fails, we do not try to update them. Try browsing on the keywords in the subject line or cited article leads. Apologies for what Office365 and SafeLinks may have done to URLs. ==> Special Offer to Join ACM for readers of the ACM RISKS Forum: ------------------------------ End of RISKS-FORUM Digest 34.62 ************************