RISKS-LIST: Risks-Forum Digest Thursday 25 April 2024 Volume 34 : Issue 20

ACM FORUM ON RISKS TO THE PUBLIC IN COMPUTERS AND RELATED SYSTEMS (comp.risks) Peter G. Neumann, founder and still moderator

***** See last item for further information, disclaimers, caveats, etc. ***** This issue is archived at <http://www.risks.org> as
<http://catless.ncl.ac.uk/Risks/34.20>
The current issue can also be found at
<http://www.csl.sri.com/users/risko/risks.txt>

Contents:
Tesla being operated in autonomous driving mode kills
motorcyclist in stop and go traffic (Katie Wade)
Waymo car filmed on wrong side of street for two blocks
(Ricardo Cano)
UK Smart motorway failures (BBC)
Generative AI Arrives in the Gene Editing World of CRISPR
Cade Metz)
It’s the End of the Web as We Know It -- and I don't feel fine...
(The Atlantic)
You can now buy a flame-throwing robot dog for under $10,000 (ArsTechnica) Meta's newest AI model beats some peers. But its amped-up AI agents are confusing Facebook users (APNews)
Deepfakes of Bollywood Stars Spark Worries of Meddling in India Election
(Reuters)
Advanced Brain Science Without Coding Expertise (Helmholtz Centers)
Group Joins Fight Over Online Disinformation (NYTimes)
Cisco ASA CVE-2024-20353 (ArsTechnica via Cliff Kilby)
Why Is Tech Going Down More? (Liv mcMahon)
Utah law Aimed at AI (Politico)
How United Airlines uses AI to make flying the friendly skies a bit easier
(TechCrunch)
AI-powered cameras installed on LA buses to ticket illegally parked cars
(LA Times)
ResearchRabbit et al. (Debora Weber-Wulff)
Hospital prices for the same emergency care vary up to 16X, study find
(ArsTechnica)
South Korean Defense Industry Under Siege by North Korean Hacker
(Presale1)
"Killed by a Traffic Engineer" (IslandPress via Prashanth Mundkur)
This camera trades pictures for AI poetry (TechCrunch)
Re: AI Made These Movies Sharper. Critics Say It Ruined Them. (EPG)
Re: Wrong button clicked, wrong divorce cannot be undone (Henry Baker_
Re: UK Post Office IT scandal (Jim Geissman)
Abridged info on RISKS (comp.risks)

----------------------------------------------------------------------

Date: Tue, 23 Apr 2024 02:20:37 +0000
From: Howard Campbell <howard@chcampbell.com>
Subject: Tesla being operated in autonomous driving mode kills
motorcyclist in stop and go traffic (Katie Wade)

https://www.kiro7.com/news/local/charges-filed-against-tesla-driver-fatal-motorcycle-accident/FFXZIGDW45CWXCMZJFD4LPLUPI/

Probable cause documents filed against Tesla driver in fatal motorcycle
accident

SNOHOMISH COUNTY, Wash. — Probable cause documents were filed against the
driver of a Tesla self-driving vehicle that hit and killed a motorcyclist
in a collision the afternoon of Friday, April 19th. The collision occurred
on Eastbound State Route 522 at Fales Road.

The driver was reportedly heading home from lunch and had the Tesla on autopilot while looking at his phone when the Tesla “lurched forward” into the back of 28-year-old Jeffrey Nissen’s motorcycle, pinning Nissen underneath.

Nissen was pronounced deceased on the scene.

------------------------------

Date: Thu, 25 Apr 2024 9:12:46 PDT
From: Peter Neumann <neumann@csl.sri.com>
Subject: Waymo car filmed on wrong side of street for two blocks
(Ricardo Cano)

Ricardo Cano, *The San Francisco Chronicle*, 24 April 2024, filmed by bicyclists. Waymo said the car was avoiding cyclists and a possble body in
the original lane. A unicyclist got in front of the Waymo at the end of the second block of wrong-way driving, trying to get the robocab (with one passenger) to move back into the correct lane. [PGN-ed; the responses from Waymo included the expected ``The safety of all road users is a top priority ... and we look forward to learning from this unique event.''

This was in a heavily traveled area. In October, ``a Cruise robotaxi
involved in a hit-and-run accident that was caused by a human driver struck
and dragged a jaywalking pedestrian 20 feet.''

------------------------------

Date: Mon, 22 Apr 2024 13:04:13 -0700
From: "Jim" <jgeissman@socal.rr.com>
Subject: UK Smart motorway failures (BBC)

The technology behind England's smart motorway network stops working on a regular basis, the BBC has discovered.

https://www.bbc.com/news/uk-68848418

------------------------------

Date: Wed, 24 Apr 2024 12:15:42 -0400 (EDT)
From: ACM TechNews <technews-editor@acm.org>
Subject: Generative AI Arrives in the Gene Editing World of CRISPR
Cade Metz)

Cade Metz, The New York Times, 23 Apr 2024, via ACM TechNews

Generative AI technology developed by Berkeley, Calif.-based startup
Profluent is generating blueprints for microscopic biological mechanisms
with a gene editor called OpenCRISPR-1, which can edit DNA. The technology learns from sequences of amino acids and nucleic acids, in essence analyzing the behavior of CRISPR gene editors pulled from nature and learning how to generate entirely new gene editors. "These AI models learn from sequences, whether those are sequences of characters or words or computer code or amino acids," said Profluent CEO Ali Madani (pictured). Profluent said that it was "open sourcing" its OpenCRISPR-1 editor, though not the AI technology behind it.

[What can possibly go wrong? Frankenmonsters? Ex-Terminator, e.g.,
irreversible disablement of people who still had a life to live? PGN]

------------------------------

Date: Thu, 25 Apr 2024 07:33:55 -0700
From: Steve Bacher <sebmb1@verizon.net>
Subject: It’s the End of the Web as We Know It (and I don't feel fine...)
(The Atlantic)

A great public resource is at risk of being destroyed.

https://www.theatlantic.com/technology/archive/2024/04/generative-ai-search-llmo/678154/

------------------------------

Date: Thu, 25 Apr 2024 15:41:55 -0400
From: Gabe Goldberg <gabe@gabegold.com>
Subject: You can now buy a flame-throwing robot dog for under
$10,000 (ArsTechnica)

Thermonator, the first "flamethrower-wielding robot dog," is completely
legal in 48 US states.

https://arstechnica.com/gadgets/2024/04/you-can-now-buy-a-flame-throwing-robot-dog-for-under-10000/

Well, of course -- it's not excluded from 2A rights by founders. Besides,
it's useful for hunting and self-protection.

------------------------------

Date: Sun, 21 Apr 2024 14:41:30 -0700
From: Lauren Weinstein <lauren@vortex.com>
Subject: Meta's newest AI model beats some peers. But its amped-up AI agents
are confusing Facebook users

It's already spreading lies. AI Trust & Safety is rapidly becoming the
most crucial issue in tech. -L

https://apnews.com/article/meta-ai-assistant-llama3-large-language-models-llm-229b386ebfbdc23f0e9245a68f7eb2d0

------------------------------

Date: Wed, 24 Apr 2024 12:15:42 -0400 (EDT)
From: ACM TechNews <technews-editor@acm.org>
Subject: Deepfakes of Bollywood Stars Spark Worries of Meddling in
India Election (Reuters)

Aditya Kalra, Munsif Vengattil, Dhwani Pandya, et al.,
*Reuters*, 22 Apr 2024, via ACM TechNews

Deepfake videos of A-list Bollywood actors Aamir Khan (pictured, right) and Ranveer Singh (left) criticizing India Prime Minister Narendra Modi (center) have gone viral. The videos, which call on viewers to vote for the
opposition Congress party, have generated concerns about the use of AI to influence the nation's ongoing general election. Reuters found that the
videos had been viewed more than 500,000 times on social media since last
week. At least eight fact-checking websites determined the videos to be
altered or manipulated, but it remains unclear who created them.

------------------------------

Date: Wed, 24 Apr 2024 12:15:42 -0400 (EDT)
From: ACM TechNews <technews-editor@acm.org>
Subject: Advanced Brain Science Without Coding Expertise
(Helmholtz Centers)

Helmholtz Centers, 22 Apr 2024, via ACM TechNews

A deep learning tool developed by researchers at Germany's Helmholtz Munich
and the LMU University Hospital Munich enables brain cell mapping without
the need for coding expertise. The goal of the tool, DELiVR (Deep Learning
and Virtual Reality), is to democratize 3D brain analysis. Researchers can train DELiVR for specific cell types, and it works with the open source
Fijai software for image analysis.

[DE-LIVERing might be not so good. You have only one liver. PGN]

------------------------------

Date: Wed, 24 Apr 2024 12:15:42 -0400 (EDT)
From: ACM TechNews <technews-editor@acm.org>
Subject: Group Joins Fight Over Online Disinformation (NYTimes)

Steven Lee Myers and Jim Rutenberg, *The New York Times*, 22 Apr 2024, via
ACM TechNews

Nina Jankowicz (pictured), former head of the U.S. Department of
Homeland Security's Disinformation Governance Board, has co-founded
the nonprofit American Sunlight Project, with the goal of fighting
against campaigns to undermine researchers who study the sources of disinformation. The group was formed during a time in which prominent researchers have been targeted with lawsuits, subpoenas, and physical
threats. The inception of the project reflects how divisive the issue
of identifying and combating disinformation has become as the 2024
presidential election approaches.

------------------------------

Date: Thu, 25 Apr 2024 08:27:22 -0400
From: Cliff Kilby <cliffjkilby@gmail.com>
Subject: Cisco ASA CVE-2024-20353 (ArsTechnica)

Ars has provided a nice writeup on how seemingly unrelated exploits can be chained together to provide lateral movement within a target network.
Of the noted exploits, the ASA CVE is new and severe.

Small quibble with the article, calling MOVEIt a security appliance is generous. Calling Confluence a security appliance is absurd. The TL:DR;
would probably be better noted as an edge faced application can be a
foothold for lateral infiltration if not adequately isolated from the rest
of the network.

https://arstechnica.com/security/2024/04/cisco-firewall-0-days-under-attack-for-5-months-by-resourceful-nation-state-hackers/

------------------------------

Date: Wed, 24 Apr 2024 12:15:42 -0400 (EDT)
From: ACM TechNews <technews-editor@acm.org>
Subject: Why Is Tech Going Down More? (Liv McMahon)a

Liv McMahon, *BBC*, 19 Apr 2024

IT outages are occurring more frequently, according to Brennen Smith
of Ookla, parent company of Downdetector, a platform that monitors
online outages. Smith said, "Right now there's a push for these mega
giants to incorporate very game-changing new technology into their
products and services. I think with the push for innovation now, we're
going to start to see tech companies move faster, [but] it comes at
the risk of potentially breaking things." Outages can be caused by a
variety of factors, but Sam Kirkman of the cybersecurity firm NetSPI
emphasized that the modern Internet depends "on a fabric of really old technology."

------------------------------

Date: Wed, 24 Apr 2024 17:22:08 PDT
From: Peter G Neumann <neumann@csl.sri.com>
Subject: Utah law Aimed at AI (Politico)

A Utah law imposing regulations on the private sector's use of artificial intelligence will go into effect next week, marking the first time a state
has implemented such legislation.

https://le.utah.gov/~2024/bills/sbillenr/SB0149.pdf

With state legislatures across the country debating policy solutions to
protect citizens from the potential harms of AI, Utah's law could be a potential model for others to follow. More than 400 AI-related bills have
been introduced across more than 40 states, as of February. The vast amount
of proposals highlights how states are scrambling to enact regulations on
all facets of AI, including workplace safety, algorithmic discrimination,
the government's use, deepfakes and more.

``The advantage of being a first mover and doing good policy is other states can learn from Utah, and they will if the policy works,'' said Ian Klaus, founding director of the Carnegie Endowment for International Peace's California program.

What's happening on May 1: The AI Policy Act, S.B. 149, amends the
state's consumer protection and privacy laws by imposing transparency requirements on companies that use AI. Individuals or businesses providing a service that requires a license or certification, like medical providers,
will be required to disclose when a consumer is engaging with AI at the
start of the interaction. Other deployers of generative AI that don't fall
into the license or certification category still must disclose the use of
the technology, but only if a consumer asks.

The law puts all the responsibility on companies deploying AI, and does
little to regulate the technology itself. That means a company using someone else's model (think ChatGPT or Bard) will be at fault if that model violates the law. Violators could be subject to fines of up to $2,500 per offense.

------------------------------

Date: Wed, 24 Apr 2024 06:27:47 -0700
From: Steve Bacher <sebmb1@verizon.net>
Subject: How United Airlines uses AI to make flying the friendly skies a bit
easier (TechCrunch)

When you board a United Airlines plane, the gate agents, flight attendants
and others involved in making sure your plane leaves on time are in a
chatroom coordinating a lot of the work that you, as a passenger, will hopefully never notice. Is there still space for carry-on bags? Did the
caterer bring the missing orange juice? Is there a way to seat a family together?

When a flight is delayed, a message with an explanation will arrive by text
and in the United app. Most of the time, that message is generated by AI. Meanwhile, in offices around the world, dispatchers are looking at this real-time data to ensure that the crew can still legally fly the plane
without running afoul of FAA regulations. And only a few weeks ago, United turned on its AI customer service chatbot. [...]

https://techcrunch.com/2024/04/21/how-united-airlines-uses-ai-to-make-flying-the-friendly-skies-a-bit-easier/

------------------------------

Date: Wed, 24 Apr 2024 06:41:30 -0700
From: Steve Bacher <sebmb1@verizon.net>
Subject: AI-powered cameras installed on LA buses to ticket illegally parked
(LA Times)

Testing is planned for this summer and the program is expected to go live by the end of 2024, Metro said, after two months of community outreach to “ensure that the public is aware of the purpose, timing and impacts of this new program.”

“Once cameras are installed, there will be a 60-day warning period for drivers. During the first 60 days, warning citations will only be used as informational notices and will not result in any violations,” the agency said.

The program, designed by technology company Hayden AI, is meant to improve
bus times, increase ridership and address mobility concerns. Metro’s Board of Directors approved an $11 million-contract with the company last year to roll out 100 camera systems. The agreement started in December and is
supposed to last roughly five years.

The cameras will be mounted inside Metro bus windshields to monitor for
parked vehicles in bus lanes and at bus stops, in order to help enforce new parking rules after LA City Council approved a fine last year for those who illegally park in bus lanes.

https://www.latimes.com/california/story/2024-04-24/ai-powered-cameras-installed-on-metro-buses-will-be-used-to-spot-illegally-parked-cars

------------------------------

Date: Mon, 22 Apr 2024 20:59:38 +0200
From: Debora Weber-Wulff <weberwu@HTW-Berlin.de>
Subject: ResearchRabbit et al.

I am currently testing AI tools for the research process (with
dismal results, but we have just begun). I was fussing the other day
with ResearchRabbit, which is based on SemanticScholar. Just for fun
I looked myself up.

I was surprised to see as one of my top cited works a book review I
published in "Software Engineering Notes", 27(3), May 2002, pp. 94-95
being cited 110 times! I checked at the ACM Digital Library (https://dl.acm.org/doi/10.1145/638574.638592)
but they only had one citation there. Curious, I clicked on it:
It was a paper in Japanese about sleep disorder that quoted a paper
“Keiko Akabane. Effects of sunbathing on patients' sleep. Science of
Nursing Practice 2002; 27(1): 94-95” The “AI” was matching the volume, year, and pages only!

I checked the list of citations to the review on Semantic Scholar and determined that they were all to the *book* that I was reviewing, not my
review at all. So the reception of SEN was not *that* amazing :)

[Does this surprise you? Chatbots seem to generate fictitious research
papers. A colleague did a chapbot bio for me, which claims I was born in
1887 where my father was born, where it matched only the last name. And
three others had bios claiming they had died. I think I noted some of
that once before. PGN]

------------------------------

Date: Sat, 20 Apr 2024 14:41:23 -0400
From: Monty Solomon <monty@roscom.com>
Subject: Hospital prices for the same emergency care vary up to 16X,
study finds (ArsTechnica)

Hospitals' "trauma activation fees" are unregulated and extremely variable.

Since 2021, federal law has required hospitals to publicly post their
prices, allowing Americans to easily anticipate costs and shop around for affordable care—as they would for any other marketed service or product. But hospitals have mostly failed miserably at complying with the law.

A 2023 KFF analysis on compliance found that the pricing information
hospitals provided is "messy, inconsistent, and confusing, making it challenging, if not impossible, for patients or researchers to use them for their intended purpose." A February 2024 report from the nonprofit
organization Patient Rights Advocate found that only 35 percent of 2,000 US hospitals surveyed were in full compliance with the 2021 rule.

But even if hospitals dramatically improved their price transparency, it likely wouldn't help when patients need emergency trauma care. After an unexpected, major injury, people are sent to the closest hospital and aren't likely to be shopping around for
the best price from the back of an ambulance. If they did, though, they might also need to be treated for shock.

According to a study published Wednesday in JAMA Surgery, hospitals around
the country charge wildly different prices for trauma care. Prices for the
same care can be up to 16-fold different between hospitals, and cash prices
are sometimes significantly cheaper than the negotiated prices that
insurance companies pay.

https://arstechnica.com/science/2024/04/hospital-prices-for-the-same-emergency-care-vary-up-to-16x-study-finds/

------------------------------

Date: Thu, 25 Apr 2024 05:46:50 +0000
From: Presale1 - All Your Computer Security Needs In 1 <info@presale1.com> Subject: South Korean Defense Industry Under Siege by North
Korean Hacker

South Korean Defense Industry Under Siege by North Korean Hacker

https://email.cloud2.secureclick.net/c/10688?id=3D1296473.3625.1.2adda71e3f0622=0805c561c9ccabfccf

------------------------------

Date: Wed, 24 Apr 2024 05:49:25 -0400
From: Prashanth Mundkur <prashanth.mundkur@gmail.com>
Subject: "Killed by a Traffic Engineer" (Island Press)

https://islandpress.org/books/killed-traffic-engineer

Killed by a Traffic Engineer:
Shattering the Delusion that Science Underlies our Transportation System
Wes Marshall

[excerpt from the blurb]

Thoroughly researched and compellingly written, *Killed by a Traffic
Engineer* shows how traffic engineering research is outdated and unexamined
(at its best) and often steered by an industry and culture considering only
how to get from point A to B the fastest way possible, to the detriment of safety, quality of life, equality, and planetary health. Marshall examines
our need for speed and how traffic engineers disconnected it from safety,
the focus on capacity and how it influences design, blaming human error, relying on faulty data, how liability drives reporting, measuring road
safety outcomes, and the education (and reeducation) of traffic engineers.

------------------------------

Date: Wed, 24 Apr 2024 06:59:14 -0700
From: Steve Bacher <sebmb1@verizon.net>
Subject: This camera trades pictures for AI poetry (TechCrunch)

This camera trades pictures for AI poetry <about:blank?compose#>

The Poetry Camera takes the concept of photography to new heights by
generating poetry based on the visuals it encounters.

Have you ever stood in front of a redwood and wondered, “Wouldn’t it be great if this was poetry instead of a tree?” Neither did Joyce Kilmer <https://www.poetryfoundation.org/poetrymagazine/poems/12744/trees>. Kelin Carolyn Zhang and Ryan Mather, however, have set out to bridge the gap
between AI tech and poetry with their captivating brainchild — the Poetry Camera <https://poetry.camera/>. The open-source device combines
cutting-edge technology with artistic vision, resulting in a creation that pushes the boundaries of both fields.

At first glance, the Poetry Camera seems like another gadget in the ever-evolving landscape of digital devices. However, upon closer inspection,
it becomes evident that this is no ordinary camera. Instead of merely
capturing images, the Poetry Camera takes the concept of photography to new heights by generating thought-provoking poetry (or, well, as
thought-provoking as AI poetry can get) based on the visuals it encounters. [...]

https://techcrunch.com/2024/04/20/poetry-camera/

[Does it guarantee no plagiarism or copyright violations? Biases? Does
it have a sense of humor or appreciate puns? Can you specify the poetic
form (e.g., limerick, haiku, common-meter hymn, or iambic pentameter)?
PGN]

------------------------------

Date: Mon, 22 Apr 2024 19:09:44 -0500
From: epg@pretzelnet.org
Subject: Re: AI Made These Movies Sharper. Critics Say It Ruined Them.
(RISKS-34.18)

Machine-learning technologies are being used in film restoration for new
home video releases. But some viewers strongly dislike the results.

This isn't really new. From the beginning of the high-definition Blu-Ray
era, studios applied excessive digital noise reduction techniques, turning
live action into wax figures right out of the uncanny valley. Some remnants
of the initial uproar remain over a decade later:

https://notonbluray.com/blog/orange-and-teal/ https://www.dvdtalk.com/reviews/review/43615/

------------------------------

Date: Mon, 22 Apr 2024 23:20:03 +0000
From: Henry Baker <hbaker1@pipeline.com>
Subject: Re: Wrong button clicked, wrong divorce cannot be undone

Re: "There really needs to be an UNDO here. PGN"

Good luck with that -- check out 'Herrera v. Collins' [below]. Judicial
error handling is even more problematic than error handling in computer languages and operating systems.

Perhaps ***pardons*** may be required here?

https://en.wikipedia.org/wiki/Herrera_v._Collins

"Herrera v. Collins, 506 U.S. 390 (1993), was a case in which the Supreme
Court of the United States ruled by 6 votes to 3 that a claim of ***actual
innocence*** does not entitle a petitioner to federal habeas corpus relief
by way of the Eighth Amendment's ban on cruel and unusual punishment."

------------------------------

Date: Mon, 22 Apr 2024 17:04:05 -0700
From: "Jim" <jgeissman@socal.rr.com>
Subject: Re: UK Post Office IT scandal (RISKS 34 03,04,16)

Post Office victims from Northern Ireland to have names cleared under new
law
https://www.bbc.com/news/uk-northern-ireland-68872703
Summary of the scandal - https://www.bbc.com/news/business-56718036

[Thanks, Jim -- All's Well That Ends Well?
Henry, There is an UNDO after all! PGN]

------------------------------

Date: Sat, 28 Oct 2023 11:11:11 -0800
From: RISKS-request@csl.sri.com
Subject: Abridged info on RISKS (comp.risks)

The ACM RISKS Forum is a MODERATED digest. Its Usenet manifestation is
comp.risks, the feed for which is donated by panix.com as of June 2011.

SUBSCRIPTIONS: The mailman Web interface can be used directly to

subscribe and unsubscribe:
http://mls.csl.sri.com/mailman/listinfo/risks

SUBMISSIONS: to risks@CSL.sri.com with meaningful SUBJECT: line that

includes the string `notsp'. Otherwise your message may not be read.
*** This attention-string has never changed, but might if spammers use it.

SPAM challenge-responses will not be honored. Instead, use an alternative

address from which you never send mail where the address becomes public!

The complete INFO file (submissions, default disclaimers, archive sites,

copyright policy, etc.) has moved to the ftp.sri.com site:
<risksinfo.html>.
*** Contributors are assumed to have read the full info file for guidelines!

OFFICIAL ARCHIVES: http://www.risks.org takes you to Lindsay Marshall's

delightfully searchable html archive at newcastle:
http://catless.ncl.ac.uk/Risks/VL.IS --> VoLume, ISsue.
Also, ftp://ftp.sri.com/risks for the current volume/previous directories
or ftp://ftp.sri.com/VL/risks-VL.IS for previous VoLume
If none of those work for you, the most recent issue is always at
http://www.csl.sri.com/users/risko/risks.txt, and index at /risks-34.00
ALTERNATIVE ARCHIVES: http://seclists.org/risks/ (only since mid-2001)
*** NOTE: If a cited URL fails, we do not try to update them. Try
browsing on the keywords in the subject line or cited article leads.
Apologies for what Office365 and SafeLinks may have done to URLs.

Special Offer to Join ACM for readers of the ACM RISKS Forum:

<http://www.acm.org/joinacm1>

------------------------------

End of RISKS-FORUM Digest 34.20
************************

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)