RISKS-LIST: Risks-Forum Digest Tuesday 25 Jun 2024 Volume 34 : Issue 33

ACM FORUM ON RISKS TO THE PUBLIC IN COMPUTERS AND RELATED SYSTEMS (comp.risks) Peter G. Neumann, founder and still moderator

***** See last item for further information, disclaimers, caveats, etc. ***** This issue is archived at <http://www.risks.org> as
<http://catless.ncl.ac.uk/Risks/34.33>
The current issue can also be found at
<http://www.csl.sri.com/users/risko/risks.txt>

Contents:
Titan Disaster Forces Global Rethinking of Deep Sea Exploration
(William J. Broad)
Dead Tesla Traps Toddler In Hot Car, Raises Concerns About Electric Doors
(CarScoops)
Nuclear power Senate Vote (BackgroundBriefing)
Musk calls for elimination of electronic voting machines, full hand count of
all ballots (Politico)
Dash to Ditch Paper Money in Sweden Created a Playground for Criminals
(Bloomberg)
A Catastrophic Hospital Hack Ends in a Leak of 300M Patient Records (WiReD) Antivirus Shuffle over Kaspersky (TechMonitor)
Passwords Weakened by Advancements in Computing Processing
(Sead Fadilpasic)
Hacker Accesses Internal Tile Tool That Provides Location Data to Cops
(494 Media)
Ozone Hole Mk. II (NCBI)
California plans to enlist AI to translate healthcare information (LA Times)
In AI we trust, part II: Wherein AI adjudicates every Supreme Court case
(adamunikowsky)
Incoming *WashPost* editor tied to self-described thief who claimed role in
his reporting (Monty Solomon)
Amazon-Powered AI Cameras Used to Detect Emotions of Unwitting UK Train
Passengers (WiReD)
Bacon ice cream and nugget overload sees misfiring McDonald's AI withdrawn
(BBC)
More productive AI => Self-Poisoned Training = GIGO (Henry Baker)
Mass.'s "911 system" crashes... (danny burstein)
Mass. 911 system back online after outage (Monty Solomon)
AWS MFA/2FA Changes (Cliff kilby)
Hacker selling AMD data breach dated June 2024. Europol involved (Presale1) Even Doctors Like Me Are Falling Into This Medical Bill Trap (NYTimes)
How Crypto Money Is Poised to Influence the Election (NYTimes)
NYC Congestion Pricing paused; but its LPR tracking not paused
Passwords Weakened by Advancements in Computing Processing
Firefox and Cancer? (The Register)
Re: How a New Jersey man was wrongly arrested through facial
Re: Re: Generative AI and the law (LW, RISKS-34.32)
Re: Generative AI and the law (Levine, RISKS-34.33)
Abridged info on RISKS (comp.risks)

----------------------------------------------------------------------

Date: Mon, 24 Jun 2024 11:15:34 -0400 (EDT)
From: ACM TechNews <technews-editor@acm.org>
Subject: Titan Disaster Forces Global Rethinking of Deep Sea Exploration
(William J. Broad)

William J. Broadl, *The New York Times*. 18 Jun 2024

A pair of robotic vehicles will be sent to the resting place of the Titanic
to recover artifacts, about a year after the June 18, 2023, implosion of the Titan submersible that killed five people, The July expedition is being organized by RMS Titanic. While proponents of human-piloted submersibles are pushing for regulation, the RMS Titanic expedition shows that some are rethinking deep sea exploration, with a shift toward robots as a safer alternative.

------------------------------

Date: Fri, 21 Jun 2024 10:38:09 -0700
From: geoff goodfellow <geoff@iconia.com>
Subject: Dead Tesla Traps Toddler In Hot Car, Raises Concerns About Electric
Doors (CarScoops)

Adults can use manual door releases from inside dead electric vehicles but younger ones can't.

- A Tesla in Arizona died and in the process trapped a toddler in the
hot car.
- Firefighters had to break the window of the vehicle to get the child
out as quickly as possible.
- The incident highlights the danger to those who own vehicles with
electronic door releases.

Automotive technology continues to advance across the entire industry. Electronic door releases are one part of that wave and, in some cases, can increase safety. At the same time, they pose a significant danger to young
ones when the battery of the car in question dies. One Tesla owner in
Arizona just found that out while narrowly avoiding catastrophe.

Renee Sanchez was about to take her 20-month-old granddaughter to the
Phoenix Zoo. After safely strapping her into her car seat, Sanchez went to
get into her Tesla but then realized the EV was dead. Her granddaughter was
now trapped inside of the car with no way to easily get out.

Tesla, and most other automakers with electronic door releases, have manual releases that owners can use from inside the cabin. At the same time,
several owners don't know about the manual releases that come on vehicles
with electronic door latches.

At times, they even panic before learning that all they had to do to get out was to pull a manual lever inches from their own hand. In addition, those manual releases don't help if the only person in the car is a toddler or
infant as was the case for Sanchez.

Understanding the severity of the situation, she called 911. When the fire department arrived, they told her that they couldn't get into the car. As reported by AZ Family, she gave them the go-ahead to break in at all costs. Sure enough, they had to smash a window to retrieve the child as quickly as possible. Notably, Tesla does have a procedure to get into the car but it requires several steps and a battery charger. [...]

https://www.carscoops.com/2024/06/dead-tesla-traps-toddler-in-hot-car-raises-concerns-about-electric-doors/

------------------------------

Date: Wed, 19 Jun 2024 15:29:53 -0700
From: "Jim" <jgeissman@socal.rr.com>
Subject: Nuclear power Senate Vote (BackgroundBriefing)

https://www.backgroundbriefing.org/ June 19th

The Senate Votes 88 to 2 to Boost Nuclear Power Based on "New" Reactor Technology That is Old and Less Safe

Then finally we examine the 88 to 2 vote in the Senate for a bill to boost nuclear power based on the false promises of a new technology that is both
old and less safe than the current aging power reactors which have been
plagued with near-disasters and massive cost overruns. Joining us is <https://www.ucsusa.org/about/people/edwin-lyman> Edwin Lyman, Director of Nuclear Power Safety at the Union of Concerned Scientists and an internationally recognized expert on nuclear proliferation and nuclear terrorism as well as nuclear power safety and security. He is a member of
the Institute of Nuclear Materials Management and has testified numerous
times before Congress and the Nuclear Regulatory Commission. He co-authored
the critically acclaimed book,

Fukushima: The Story of a Nuclear Disaster <https://www.google.com/search?q=Fukushima%3A+The+Story+of+a+Nuclear+Disaste


------------------------------

Date: Tue, 18 Jun 2024 10:18:23 -0700
From: Barbara Simons <barbara.b.simons@gmail.com>
Subject: Musk calls for elimination of electronic voting machines,
Su full hand count of all ballots (Politico)

<https://www.politico.com/newsletters/weekly-cybersecurity/2024/06/17/rage-against-the-voting-machine-00163612#:~:text=%E2%80%94%20Tech%20mogul%20Elon%20Musk%20ignited,to%20hand%20counting%20paper%20ballots.>:

*Rage against the voting machine*
JOSEPH GEDEON  06/17/2024 10:00 AM EDT
With help from Maggie Miller and John Sakellariadis

VOTING WARS — Elon Musk set the Xverse ablaze this weekend with a
viral post calling to “eliminate electronic voting machines” due to
hacking risks, racking up over 75,000 reposts. It came after
independent presidential hopeful Robert F. Kennedy Jr. seized on
voting irregularities in Puerto Rico’s recent primary to demand a
return to hand-marked paper ballots nationwide.

The pro-hand-count movement has been gaining steam, with at least
eight states introducing legislation in 2023 to ditch voting machines altogether. But election security experts are pushing back hard.

“Flip the claim that there’s ‘no evidence of widespread fraud.’ We
have evidence of sound elections,” said Pamela Smith, president of the nonpartisan Verified Voting, which promotes the responsible use of
technology in elections.

Understand the problem: Smith argues that while tiny jurisdictions can
feasibly hand count ballots, moving to full manual counts in larger
locales would be a logistical nightmare -— delaying results for weeks
or months and costing counties millions to hire enough workers. Not to
mention studies showing machines tend to tally votes more accurately
than humans do.

* “There is no evidence whatsoever that ‘irregularities’ have ever
been significant enough to change the results of an election,”
Seattle’s former CISO Mike Hamilton tells Morning Cyber.

* All hands on deck: Yet the hand count crowd clearly remains vocally
skeptical of voting tech, however small the hacking risk. So what’s
an election official to do?

The answer: Robust audits.

Verified Voting and other election watchdogs recommend pairing machine
counts with rigorous post-election audits that hand tally a portion of
ballots to verify results, correct any errors and assure the public of the system’s integrity.

“Banks audit themselves regularly, and with elections you should audit every one,” Smith said. “That’s a best practice for ensuring there were no unnoticed errors or tampering.”

------------------------------

Date: Mon, 24 Jun 2024 11:15:34 -0400 (EDT)
From: ACM TechNews <technews-editor@acm.org>
Subject: Dash to Ditch Paper Money in Sweden Created a Playground for
Criminals (Bloomberg)

Niclas Rolander, Jonas Ekblom, and Love Liman, Bloomberg, 21 Jun 2024

With Sweden further along than nearly any other European nation in
eliminating paper money, it is being viewed as a test case in the fight
against digital crime. Swedish authorities are finding it difficult to crack down on digital crime given how ingrained the BankID digital identification system is in the national economy. Controlled by a consortium of private lenders, BankID works like an online signature and is used for electronic payments, filing tax returns, setting up businesses, and more.

------------------------------

Date: Mon, 24 Jun 2024 13:10:26 -0400
From: Gabe Goldberg <gabe@gabegold.com>
Subject: A Catastrophic Hospital Hack Ends in a Leak of 300M Patient Records
(WiReD)

Plus: Alleged Apple source code leaks online, cybercrime group Scattered Spider’s alleged kingpin gets arrested, and more.

https://www.wired.com/story/hospital-hack-300-million-patient-records-leaked/

------------------------------

Date: Thu, 20 Jun 2024 22:01:27 -0400
From: Cliff Kilby <cliffjkilby@gmail.com>
Subject: Antivirus Shuffle over Kaspersky (TechMonitor)

If you're part of a U.S. org whose antivirus (AV) is provided by Kaspersky,
per a new rule from the Commerce Department, you have until Sept 29th to replace it. https://www.wired.com/story/us-bans-kaspersky-software/ The
number of alternatives is staggering. I try not to favor a product, but hate demanding a change with no realistic alternatives provided. For Windows
shops, Defender may be included in your E3 pricing. If you're midbudget and can't do a software outlay in time, ClamAV is oss and maintained by Talos/Cisco. It's fairly easy to install on Linux, and has compatibility
across Windows and Mac.

While evaluating AV alternatives, be sure to include E/XDR
(endpoint/extended detection and response) products.

For UK orgs, the UK NCSC (national cybersecurity centre) issued a similar warning in 2020, but has not yet restricted import to the best of my
knowledge.

https://techmonitor.ai/technology/cybersecurity/ncsc-warning-russian-tech-ukraine

I would not be suprised if other NATO member states take similar stances
after Russia's recent diplomatic changes.

https://www.newsweek.com/kremlin-peskov-united-states-enemy-scott-ritter-1908616

Your company should be reevaluating all your vendors on a regular basis.

This should only be a timetable change.

------------------------------

Date: Mon, 24 Jun 2024 11:15:34 -0400 (EDT)
From: ACM TechNews <technews-editor@acm.org>
Subject: Passwords Weakened by Advancements in Computing Processing
(Sead Fadilpasic)

Sead Fadilpasic, *TechRadar*, 19 Jun 2024

A new report on password strength noted the advancements in computer
rocessing power made cracking passwords significantly easier. Kaspersky researchers said it took them less than one hour to crack 59% of 193 million passwords in a database obtained from the dark web. Eight-character
passwords composed of same-case English letters and digits or 36 combinable characters were cracked within 17 seconds. The researchers used a Nvidia RTX 4090 GPU and different algorithms for their experiment.

------------------------------

Date: Wed, 12 Jun 2024 15:46:54 +0000
From: Victor Miller <victorsmiller@gmail.com>
Subject: Hacker Accesses Internal Tile Tool That Provides Location Data to Cops
(494 Media)

https://www.404media.co/hacker-accesses-internal-tile-tool-that-provides-location-data-to-cops/

------------------------------

Date: Wed, 19 Jun 2024 14:36:37 -0400
From: Cliff Kilby <cliffjkilby@gmail.com>
Subject: Ozone Hole Mk. II (NCBI)

Forget Kessler Syndrome, those mega constellations will not get a chance to start a cascade. We'll keep them in a LEO (low earth orbit) and if anything goes wrong, they'll eventually deorbit.
Sounds great right?

Remind you of the Northeastern approach to waste management? "We'll just
dump it in the ocean!" Ah the sweet smell of a Birmingham tide.

It seems that incinerating metals in a high draft furnace might be a bad
idea.

Wait, we already knew that. https://www.ncbi.nlm.nih.gov/pmc/articles/PMC8354618/

------------------------------

Date: Tue, 18 Jun 2024 06:52:47 -0700
From: Steve Bacher <sebmb1@verizon.net>
Subject: California plans to enlist AI to translate healthcare information
(LA Times)

State officials want to use artificial intelligence to translate public healthcare and social services documents and websites. But some experts
worry AI may introduce errors.

https://www.latimes.com/science/story/2024-06-17/california-ai-healthcare-translation

PS. Can it be worse than Google Translate or whatever it is that they're currently using?  In my home town of Banning CA, I've seen signs written in Spanish that translate the city name as "Prohibición."

------------------------------

Date: Mon, 17 Jun 2024 10:04:00 -0400
From: Monty Solomon <monty@roscom.com>
Subject: In AI we trust, part II: Wherein AI adjudicates every Supreme Court
case (adamunikowsky)

In my previous post, I opined that AI was already able to adjudicate
complex cases. Some commenters were skeptical. For example, one
commenter suggested that AI might be “deciding” cases by randomly
choosing a brief and summarizing its contents.

Taking this criticism to heart, I decided to do a little more empirical
testing of AI’s legal ability. Specifically, I downloaded the briefs in
every Supreme Court merits case that has been decided so far this Term, inputted them into Claude 3 Opus (the best version of Claude), and then
asked a few follow-up questions. (Although I used Claude for this exercise,
one would likely get similar results with GPT-4.)

httpa=s://adamunikowsky.substack.com/p/in-ai-we-trust-part-ii

------------------------------

Date: Sun, 16 Jun 2024 20:48:04 -0400
From: Monty Solomon <monty@roscom.com>
Subject: Incoming *WashPost* editor tied to self-described thief who
claimed role in his reporting

Unpublished book drafts and other documents raise questions about
Robert Winnett's journalistic record just months before he is to
assume a top newsroom role.

https://www.washingtonpost.com/investigations/2024/06/16/washington-post-editor-robert-winnett/

------------------------------

Date: Tue, 18 Jun 2024 02:20:28 -0400
From: Gabe Goldberg <gabe@gabegold.com>
Subject: Amazon-Powered AI Cameras Used to Detect Emotions of Unwitting UK
Train Passengers (WiReD)

While the documents detail some elements of the trials, privacy experts say they are concerned about the overall lack of transparency and debate about
the use of AI in public spaces. In one document designed to assess data protection issues with the systems, Hurfurt from Big Brother Watch says
there appears to be a “dismissive attitude” toward people who may have privacy concerns. One question asks: “Are some people likely to object or find it intrusive?” A staff member writes: “Typically, no, but there is no accounting for some people.”

https://www.wired.com/story/amazon-ai-cameras-emotions-uk-train-passengers

------------------------------

Date: Tue, 18 Jun 2024 13:00:05 -0600
From: Matthew Kruk <mkrukg@gmail.com>
Subject: Bacon ice cream and nugget overload sees misfiring McDonald's AI
withdrawn (BBC)

https://www.bbc.com/news/articles/c722gne7qngo

McDonald's is removing artificial intelligence (AI) powered ordering
technology from its drive-through restaurants in the U.S., after
customers shared its comical mishaps online.

A trial of the system, which was developed by IBM and uses voice
recognition software to process orders, was announced in 2019.

It has not proved entirely reliable, however, resulting in viral videos of bizarre misinterpreted orders ranging from bacon-topped ice cream to
hundreds of dollars' worth of chicken nuggets.

------------------------------

Date: Wed, 19 Jun 2024 00:07:23 +0000
From: Henry Baker <hbaker1@pipeline.com>
Subject: More productive AI => Self-Poisoned Training = GIGO

So, we're all exhausted from the current AI hype and its productivity promises:

AI will turn "D" student essays into "professional quality" writing;
AI will make every dropout who can spell "P-Y-T-H-O-N" into a star programmer; AI will convert every paralegal into a "legal eagle" member of the bar.

But AI requires extensive *training data*, which is ***currently***
produced by human experts, and the vast majority of these training
data are scraped from the cloaca of the Internet.

However, thanks to the vastly increased productivity from these AI,
how long before these Internet data scrapings are more-than-likely
produced by another AI? One year, two years, three years?

What happens when the hallucinations of one AI becomes training data
for another hallucinating AI, which becomes training data for yet
another AI? Telephone tag to the Nth degree? Data poisoning tag to
the Nth degree?

Mark Twain would be proud, as history does indeed rhyme. There's a wonderfully-named 1971 EPA paper entitled

"Everyone Can't Live Upstream: A Contemporary History of the Water
Quality Problems on the Missouri River"

[Water you thinking? I don't see any rhymes.
[You otter try again with that line. PGN]

https://nepis.epa.gov/Exe/ZyNET.exe/9100W1OB.TXT?ZyActionD=ZyDocument&amp;Client=EPA... [10-line &-encoded URL PGN-truncated]

In short, the Missouri River consists of a series of drinking water intakes followed by sewage discharges followed by drinking water intakes followed
by sewage discharges ... My discharge becomes your "fresh" water intake.

No sophisticated "pump handle" reasoning is required to understand the
ensuing scatological results.

We're about to amplify Sturgeon's Law into "99.9999999% of everything is crap".

https://www.crowdstrike.com/cybersecurity-101/cyberattacks/data-poisoning/

Data poisoning is a type of cyberattack in which an adversary
intentionally compromises a training dataset used by an AI or machine
learning (ML) model to influence or manipulate the operation of that
model.

------------------------------

Date: Tue, 18 Jun 2024 18:40:04 +0000 ()
From: danny burstein <dannyb@panix.com>
Subject: Mass.'s "911 system" crashes..

[Boston PD web page]

9-11 Statewide System is Currently Down
/ Gen- Information / By Media Relations

9-11 is currently down statewide.

Boston Police will be patrolling with their blue lights activated for
high visibility. Please approach an officer if you need assistance:

https://police.boston.gov/2024/06/18/9-11-statewide-system-is-currently-down/ https://x.com/bostonpolice/status/1803123343224123425

[Two and a half decades post 9/11. At the very least you'd think
they'd have a standardized, State-wide (or even just Boston-wide) 10
digit number for the centralized dispatch alternative.]

------------------------------

Date: Tue, 18 Jun 2024 20:00:24 -0400
From: Monty Solomon <monty@roscom.com>
Subject: Mass. 911 system back online after outage

Massachusetts experienced a statewide loss of 911 services Tuesday
afternoon for a few hours. A cause was not immediately apparent.

https://www.boston.com/news/local-news/2024/06/18/911-system-down-throughout-mass/
https://www.bostonglobe.com/2024/06/18/metro/mass-911-outage/

For Fire Alarms, Boston Still Relies on the Telegraph?! https://www.boston.com/news/local-news/2014/10/07/for-fire-alarms-boston-still-relies-on-the-telegraph/

------------------------------

Date: Mon, 17 Jun 2024 10:11:02 -0400
From: Cliff Kilby <cliffjkilby@gmail.com>
Subject: AWS MFA/2FA Changes

For once, some good news. AWS is mandating MFA for "highly privileged accounts", which seems to include Organization "root" user. https://www.theregister.com/2024/06/17/aws_mfa_roll_out/
Change is difficult, but AWS has acknowledged two key complaints that
always seemed to bubble up with MFA adoption.

"What if the root user leaves with or loses their MFA?"
"Customer service is slow."

I believe the turnaround on a root unlock being slow is a boon to security. Once someone attempts to wrest control of a root account from your company, this complaint just vanishes.
As to the other, per the source, AWS is allowing up to 8 MFA devices to be registered. Have your admin register two FIDO2 devices, and shove them in
your onsite vault. If the admin leaves or loses, no AWS service ticket required.

https://aws.amazon.com/blogs/security/security-by-design-aws-to-enhance-mfa-requirements-in-2024/

You have two weeks before AWS begins enforcing the required changes. That's
too long. Go turn on root MFA yesterday, or at least today.

You should also be requiring all users to use MFA. AWS IAM Identity makes
this easy, even for programmatic access (like Terraform). https://aws.amazon.com/blogs/security/managing-temporary-elevated-access-to-your-aws-environment/
The highlevel workflow after initial configuration is:
User issues change command.
Boto polls for a token, providing a webportal referral.
User logs in via webportal, with MFA.
Boto gets a timeboxed token response.
User proceeds.

You can manage the lifetime of the tokens, but as it is trivial to renew
the token, anything more than an hour creates a huge window for credential ex-fil.

It's a start.

------------------------------

Date: Tue, 18 Jun 2024 05:36:25 +0000
From: Presale1
Subject: Hacker selling AMD data breach dated June 2024. Europol involved.

https://email.cloud2.secureclick.net/c/10688?id=1608079.4030.1.7813fcd6724dc96f08999c7f6e1ff93b
18 Jun

MAJOR BREACH: IntelBroker is allegedly selling the AMD data breach
dated June 2024. Compromised data: https://email.cloud2.secureclick.net/c/10688?id=1608079.4031.1.d5f45fcbf12c4c7e12bb9ba7d0baedbd

------------------------------

Date: Mon, 17 Jun 2024 16:35:35 -0400
From: Monty Solomon <monty@roscom.com>
Subject: Even Doctors Like Me Are Falling Into This Medical Bill Trap (NYTimes)

Hospital outpatient departments, or HOPDs, are encouraging a surprise scourge on medical costs. It’s patients who bear the burden.

https://www.nytimes.com/2024/06/17/opinion/medical-bill-trap.html

------------------------------

Date: Mon, 17 Jun 2024 16:28:57 -0400
From: Monty Solomon <monty@roscom.com>
Subject: How Crypto Money Is Poised to Influence the Election (NYTimes)

The industry’s political awakening — and enormous pool of cash — is already affecting high-profile races across the country.

https://www.nytimes.com/2024/06/17/technology/-crypto-influence-election.html

------------------------------

Date: Wed, 19 Jun 2024 09:54:25 +0000
From: Henry Baker <hbaker1@pipeline.com>
Subject: NYC Congestion Pricing paused; but its LPR tracking not paused

Bait and switch?

Evan Simko-Bednarski, New York Daily News https://www.msn.com/en-us/autos/news/ar-BB1ooLwv

Gov. Hochul may have pressed "pause" on congestion pricing -- but the
system's new cameras are still recording on Manhattan streets
New York drivers are already paying a 'privacy tax' for a congestion
reduction plan, but without the benefit of any reduction in congestion. Apparently, we're all Uyghurs now...

------------------------------

Date: Tue, 25 Jun 2024 09:28:13 -0700
From: "Peter G. Neumann" <neumann@csl.sri.com>
Subject: Firefox and cancer? (The Register)

*The Register* via "Silence Dogoog".

Firefox is trying to push me out because I have cancer," CPO says in
bombshell lawsuit Steve Teixeira, said to be CEO-in-waiting, now sues
Firefox maker for discrimination, retaliation

https://www.theregister.com/2024/06/24/mozilla_product_chief_sues_over/?td=rt-3a

[Now FF is picking on a sick person.
And planning to integrate "AI" into the browser
and to sell browsing history & location to advertisers.]

------------------------------

Date: Tue, 18 Jun 2024 12:52:39 +0300
From: Amos Shapir <amos083@gmail.com>
Subject: Re: How a New Jersey man was wrongly arrested through facial
recognition tech now in use in Ontario (RISKS-34.31)

The problem, as always, has less to do with the technology and more
with people loyally trusting whatever "the computer says".

A counter-example has surfaced recently in a new documentary about
Stormy Daniels, where she recounts being stopped at the Canadian
border because a query to an FBI system showed many false indictments
linked to her name. Luckily for her, the Canadian officers did not
believe this.

[The documentary mentions in passing that false information was
planted in the FBI's system; it isn't clear if the system had been
hacked, or possibly that it was an inside job. I haven't seen such
an incident mentioned on RISKS, or anywhere else).

------------------------------


Date: 16 Jun 2024 20:45:58 -0400
From: "John Levine" <johnl@iecc.com>
Subject: Re: Subject: Re: Generative AI and the law (LW, RISKS-34.32)

A federal law should be passed making AI firms fully responsible for
any and all content disseminated from their generative AI systems.
Period. No exceptions. -L

What does "fully responsible" mean? The LLM vendors all insist they
don't distribute third party content (see the lawsuits vs NY Times,
Daily News, book authors, etc.) so there's no Section 230 immunity.
How would that be different from the situation now?

They warrant that all statements are true? Something else?

------------------------------

Date: Sun, 16 Jun 2024 17:53:59 -0700
From: Lauren Weinstein <lauren@vortex.com>
Subject: Re: Generative AI and the law (Levine, RISKS-34.33)

There are of course efforts to extend 230 immunity to these LLMs,
though they're likely to fail, given that 230 itself is under such
apressure (in fact, a relevant Supreme Court case decision is likely to
be announced within the next couple of weeks).

As for taking responsibility, a good starting point would be if the
LLM firms were held responsible (financially at least, perhaps more)
for any physical harm done to someone as a result of a straightforword incorrect generative answer to a straightfoward (not "manipulated")
medical question, or related. L

------------------------------

Date: Sat, 28 Oct 2023 11:11:11 -0800
From: RISKS-request@csl.sri.com
Subject: Abridged info on RISKS (comp.risks)

The ACM RISKS Forum is a MODERATED digest. Its Usenet manifestation is
comp.risks, the feed for which is donated by panix.com as of June 2011.

SUBSCRIPTIONS: The mailman Web interface can be used directly to

subscribe and unsubscribe:
http://mls.csl.sri.com/mailman/listinfo/risks

SUBMISSIONS: to risks@CSL.sri.com with meaningful SUBJECT: line that

includes the string `notsp'. Otherwise your message may not be read.
*** This attention-string has never changed, but might if spammers use it.

SPAM challenge-responses will not be honored. Instead, use an alternative

address from which you never send mail where the address becomes public!

The complete INFO file (submissions, default disclaimers, archive sites,

copyright policy, etc.) has moved to the ftp.sri.com site:
<risksinfo.html>.
*** Contributors are assumed to have read the full info file for guidelines!

OFFICIAL ARCHIVES: http://www.risks.org takes you to Lindsay Marshall's

delightfully searchable html archive at newcastle:
http://catless.ncl.ac.uk/Risks/VL.IS --> VoLume, ISsue.
Also, ftp://ftp.sri.com/risks for the current volume/previous directories
or ftp://ftp.sri.com/VL/risks-VL.IS for previous VoLume
If none of those work for you, the most recent issue is always at
http://www.csl.sri.com/users/risko/risks.txt, and index at /risks-34.00
ALTERNATIVE ARCHIVES: http://seclists.org/risks/ (only since mid-2001)
*** NOTE: If a cited URL fails, we do not try to update them. Try
browsing on the keywords in the subject line or cited article leads.
Apologies for what Office365 and SafeLinks may have done to URLs.

Special Offer to Join ACM for readers of the ACM RISKS Forum:

<http://www.acm.org/joinacm1>

------------------------------

End of RISKS-FORUM Digest 34.33
************************

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)