[33150] in RISKS Forum
Risks Digest 33.78
daemon@ATHENA.MIT.EDU (RISKS List Owner)
Tue Aug 15 21:01:04 2023
From: RISKS List Owner <risko@csl.sri.com>
Date: Tue, 15 Aug 2023 18:00:35 PDT
To: risks@mit.edu
RISKS-LIST: Risks-Forum Digest Tuesday 15 August 2023 Volume 33 : Issue 78
ACM FORUM ON RISKS TO THE PUBLIC IN COMPUTERS AND RELATED SYSTEMS (comp.risks)
Peter G. Neumann, founder and still moderator
***** See last item for further information, disclaimers, caveats, etc. *****
This issue is archived at <http://www.risks.org> as
<http://catless.ncl.ac.uk/Risks/33.78>
The current issue can also be found at
<http://www.csl.sri.com/users/risko/risks.txt>
Contents:
Metrorail Safety Commission Says Automatic Train
Operation Not Ready For Primetime (DCist)
Freight Railroads Seek Changes to Federal Safety
Program Before Joining It (NYTimes)
Activist Group Is Protesting Driverless Cars by Disabling Them With Traffic
Cones (Vice)
Hackers Can Talk Computers into Misbehaving with AI (Robert McMillan)
San Francisco's North Beach streets clogged as long line of Cruise
robotaxis come to a standstill (LA Times)
Cellphone Radiation Is Harmful, but Few Want to Believe It
(Neuroscience News)
Hackers Rig Casino Card Shuffling Machines for Full Control
-- Cheating (WiReD)
Pepco Violation Could Cost Solar Owners Thousands (DCist)
Dangers of Trusting Encryption Supply Chains (Bob Gezelter)
Microsoft finds vulnerabilities it says could be used to shut down power
plants (Ars Technica)
Has Microsoft cut security corners once too often?
(Computerworld)
Who Paid for a Mysterious Spy Tool? The FBI, an FBI Inquiry Found. (NYTimes)
A Clever Honeypot Tricked Hackers Into Revealing Their Secrets (WiReD)
Medicare replaces 47,000 patients' ID numbers, because of MOVEit data
breach (CMS)
Spreadsheet blunder reveals sensitive law enforcement information
(Belfast Telegraph)
The future is certain; it is only the past that is unpredictable
(Henry Baker)
Social Media Influencers Are Holding Restaurants Hostage (NYTimes)
AI Causes Real Harm. Let's Focus on That over the
End-of-Humanity Hype (Scientific American)
Canadian AI pioneer brings plea to U.S. Congress: Pass a law now (CBC)
Chatbots: Why does White House want hackers to trick AI? (BBC)
Hospital bosses love AI. Doctors and nurses are worried (WashPost)
The AI firms are pushing too hard, and the result could be ...
(Lauren Weinstein)
A Zoom Call, Fake Names and an AI Presentation Gone Awry (NYTimes)
AI Drift: Study Reveals ChatGPT's Struggles with Basic Math -- as accuracy
declines (Cryptopolitan)
Don't use our content to train AI systems
(*The New York Times*)
Cigna Uses AI To Improperly Deny CA Claims, Lawsuit Contends (Patch)
Zoom's Updated Terms of Service Permit Training AI
on User Content Without Opt-Out (StackDiary)
Google and Universal Music Discuss Making an AI Tool to Replicate
Artists' Voices (Gizmodo via Lauren Weinstein)
Hello? It’s ‘Telemarketers,’ Here to Tell You About an Amazing Scam
(NYTimes)
Re: Why AI detectors think the U.S. Constitution was written by AI
Steve Bacher)
Re: 'Redacted Redactions' Strike Again (Steve Bacher)
Re: Possible Typo Leads to Actual Scam (Steve Bacher,
John Levine, Dick Mills, Jay Libove Alzina)
Elon Musk's Unmatched Power in the Stars (Matthew Kruk)
Elon wants my cryptos (Gavin Scott)
Abridged info on RISKS (comp.risks)
----------------------------------------------------------------------
Date: Fri, 11 Aug 2023 02:40:31 -0400
From: Gabe Goldberg <gabe@gabegold.com>
Subject: Metrorail Safety Commission Says Automatic TrainOperation
Not Ready For Primetime (DCist)
Metro isn’t as close to returning its trains to automatic operation as it
hoped.
The Washington Metrorail Safety Commission, the third-party oversight body
for Metro, said it observed things that could ``result in a catastrophe if
not addressed.'' For example, the report says some trains were given speed
commands above the intended speed limit and some sped through stations at
full speed without stopping.
https://dcist.com/story/23/08/09/metrorail-safety-commission-says-automatic-train-operation-not-ready
------------------------------
Date: Fri, 11 Aug 2023 19:00:01 -0400
From: Gabe Goldberg <gabe@gabegold.com>
Subject: Freight Railroads Seek Changes to Federal Safety
Program Before Joining It (NYTimes)
After the derailment in East Palestine, Ohio, the nation’s major freight
railroads agreed to join a federal program for workers to report safety
issues. But first, they want it to be overhauled. [...]
Jim Mathews, the president and chief executive of the Rail Passengers
Association and another member of the working group, said that for the
confidential reporting program to be effective, the freight railroads have
to be willing to embrace a nonpunitive approach.
“The position that the freight railroads have taken is both unfortunate and
unwise,” Mr. Mathews said. “If they truly want a safer system, then
punishment and discipline cannot be the only tool in your toolbox.”
https://www.nytimes.com/2023/08/11/us/politics/ohio-train-railroad-safety.html
------------------------------
Date: Tue, 15 Aug 2023 12:56:59 -0400
From: Gabe Goldberg <gabe@gabegold.com>
Subject: Activist Group Is Protesting Driverless Cars by Disabling Them With
Traffic Cones (Vice)
https://www.vice.com/en/article/bvjv48/week-of-cone-activist-group-is-protesting-driverless-cars-by-disabling-them-with-traffic-cones
Derided as a “prank” by other outlets, the Week of Cone is part of a storied
American tradition of urban residents opposing the expansion of cars in the
city. [...]
In a statement to the San Francisco Examiner, Waymo called the conings
“vandalism” and vowed to call the police. Motherboard asked Waymo to clarify
how the placing of a cone on the hood of a car classifies as vandalism
which, under California legal code, requires defacing, damaging, or
destroying property. Motherboard did not hear back by publication time.
Like War of the Worlds Martians done in by bacteria -- high-tech vanquished
by rock-bottom tech.
[I scream cones? It rocks! PGN]
------------------------------
Date: Mon, 14 Aug 2023 12:06:22 -0400 (EDT)
From: ACM TechNews <technews-editor@acm.org>
Subject: Hackers Can Talk Computers into Misbehaving with AI
(Robert McMillan)
Robert McMillan, *The Wall Street Journal* 10 Aug 2023
Security researcher Johann Rehberger persuaded OpenAI's ChatGPT
chatbot to conduct bad actions using plain-English prompts, which he
said malefactors could adopt for nefarious purposes. Rehberger asked
the chatbot to summarize a webpage where he had written "NEW IMPORTANT
INSTRUCTIONS;" he said he was gradually tricking ChatGPT into reading,
summarizing, and posting his email online. Rehberger's
prompt-injection attack uses a beta-test feature that allows ChatGPT
to access applications like Slack and Gmail. Princeton University's
Arvind Narayanan said such exploits work because generative artificial
intelligence (AI) systems do not always split system instructions from
the data they process. He is concerned that hackers could use
generative AI like language models to access personal data or
infiltrate computer systems as the technology finds its way into
products.
------------------------------
Date: Mon, 14 Aug 2023 07:32:15 -0700
From: Steve Bacher <sebmb1@verizon.net>
Subject: San Francisco's North Beach streets clogged as long line of Cruise
robotaxis come to a standstill
San Francisco's North Beach streets clogged as long line of Cruise robotaxis
come to a standstill <#>
Just one day after state officials approved massive robotaxi expansion in
San Francisco, a long line of the driverless cars come to a standstill and
clog traffic in North Beach neighborhood.
https://www.latimes.com/california/story/2023-08-12/cruise-robotaxis-come-to-a-standstill
One day after California green-lighted a massive expansion of driverless
robotaxis in San Francisco, the implications became clear.
At about 11 p.m. Friday, as many as 10 Cruise driverless taxis blocked two
narrow streets in the center of the city’s lively North Beach bar and
restaurant district. All traffic came to a standstill on Vallejo Street and
around two corners on Grant. Human-driven cars sat stuck behind and in
between the robotaxis, which might as well have been boulders: no one knew
how to move them.
The cars sat motionless with parking lights flashing for 15 minutes, then
woke up and moved on, witnesses said. [...]
The situation is loaded with irony, as the California Public Utilities
Commission on Thursday voted 3 to 1 amid great public controversy to allow a
massive robotaxi expansion. The vote allows General Motors-owned Cruise and
Waymo, owned by Google’s Alphabet, to charge fares for driverless service
and grow the fleet as large as they’d like. Cruise has said it plans
eventually to deploy thousands of robotaxis in San Francisco. [...]
------------------------------
Date: Tue, 18 Jul 2023 20:42:25 -0700
From: Paul Saffo <paul@saffo.com>
Subject: Cellphone Radiation Is Harmful, but Few Want to Believe It
(Neuroscience News)
https://neurosciencenews.com/cellphone-radiation-brain-cancer-18889/
------------------------------
Date: Fri, 11 Aug 2023 03:38:21 -0400
From: Gabe Goldberg <gabe@gabegold.com>
Subject: Hackers Rig Casino Card Shuffling Machines for Full Control
-- Cheating (WiReD)
Three months later, Hustler Live Casino published a postmortem of its
investigation into the incident, finding “no credible evidence” of foul
play. It also noted that if there were cheating, it was most likely some
sort of secret communication between the player and a staff member in the
production booth who could see the players' hands in real time. But when
Joseph Tartaro, a researcher and consultant with security firm IOActive,
read that report, he zeroed in on one claim in particular—a statement ruling
out any possibility that the automated card-shuffling machine used at the
table, a device known as the Deckmate, could have been hacked. “The Deckmate
shuffling machine is secure and cannot be compromised,” the report read.
To Tartaro, regardless of what happened in the Hustler Live hand, that
assertion of the shuffler's perfect security was an irresistible invitation
to prove otherwise. “At that point, it's a challenge, Tartaro says. “Let's
look at one of these things and see how realistic it really is to cheat.”
Today, at the Black Hat security conference in Las Vegas, Tartaro and two
IOActive colleagues, Enrique Nissim and Ethan Shackelford, will present the
results of their ensuing months-long investigation into the Deckmate, the
most widely used automated shuffling machine in casinos today. They
ultimately found that if someone can plug a small device into a USB port on
the most modern version of the Deckmate—known as the Deckmate 2, which they
say often sits under a table next to players’ knees, with its USB port
exposed—that hacking device could alter the shuffler’s code to fully hijack
the machine and invisibly tamper with its shuffling. They found that the
Deckmate 2 also has an internal camera designed to ensure that every card is
present in the deck, and that they could gain access to that camera to learn
the entire order of the deck in real time, sending the results from their
small hacking device via Bluetooth to a nearby phone, potentially held by a
partner who then could then send coded signals to the cheating player.
https://www.wired.com/story/card-shuffler-hack
------------------------------
Date: Fri, 11 Aug 2023 02:48:39 -0400
From: Gabe Goldberg <gabe@gabegold.com>
Subject: Pepco Violation Could Cost Solar Owners Thousands (DCist)
After regulators ruled that Pepco violated D.C. law in its implementation of
community solar in the city, the utility company is telling solar owners
they will need to manually track solar generation, entering thousands of
lines of data each month, and potentially costing thousands of dollars.
[...]
The commission ordered Pepco to remove its meters, and to reimburse
ratepayers for the money the company spent installing them. This ruling came
in response to a formal complaint by the D.C. Office of the Attorney General
and the Office of the People’s Counsel. The complaint alleged a “pattern of
systemic violations” in Pepco’s handling of community solar in the
District. In the complaint, solar owners said Pepco’s meters sometimes
showed zero electricity generated in a month, while the CREF owners’ meters
recorded continued generation.
Community solar owners already have their own meters, but for a variety of
reasons Pepco says those meters cannot be automatically integrated into the
company’s network. One concern, PepcoPays, is the possibility that hackers
could find their way into unsecured CREF meter software.
So, as Pepco begins removing its meters, the utility company wants solar
owners to manually compile generation data in 15-minute intervals using
spreadsheets, and email the data to Pepco. It might sound simple enough, but
it would be a massive and menial job, requiring roughly 2,880 data entries
per month per solar facility.
Lawrence says she looked into hiring someone to do this, and was quoted a
cost of $5,000 for six months. According to Pepco, this interim spreadsheet
situation would last for between 16 and 20 months, while the company works
on a permanent automated solution. In other words, it would be until late
2024, at the earliest, totaling some 46,000 manual data entries per solar
facility.
https://dcist.com/story/23/08/09/dc-pepco-violation-community-solare
------------------------------
Date: Fri, 28 Jul 2023 07:51:14 -0400
From: Bob Gezelter <gezelter@rlgsc.com>
Subject: Dangers of Trusting Encryption Supply Chains
Recently, ArsTechnica published "The U.S. Navy, NATO, and NASA are using a
shady Chinese company's encryption chips". The article questioned
whether hardware components used for encryption/decryption actually protect
against unauthorized information disclosure.
Unauthorized disclosure represents a small fraction of the potential hazards
posed by unverified cryptographic implementations. Deliberate covert
functionality within a hardware encryption/decryption implementation poses
far more serious potential for large scale mischief, including weakened
encryption keys; distorted encryption keys; and mass denial of information
episodes. "Black box" testing is unlikely to uncover deliberately inserted
covert functionality.
An extended discussion of these hazards is far too lengthy for RISKS. I
examined some of the possibilities in "Trusting Encryption Supply Chains" the
July 25, 2023 entry in my Ruminations blog.
The blog entry is at:
http://www.rlgsc.com/blog/ruminations/trusting-encryption-supply-chains.html
The ArsTechnica article is at:
https://arstechnica.com/information-technology/2023/06/the-us-navy-nato-and-nasa-are-using-a-shady-chinese-companys-encryption-chips/
------------------------------
Date: Fri, 11 Aug 2023 18:47:54 -0400
From: Monty Solomon <monty@roscom.com>
Subject: Microsoft finds vulnerabilities it says could be used to
shut down power plants (Ars Technica)
https://arstechnica.com/security/2023/08/microsoft-finds-vulnerabilities-it-says-could-be-used-to-shut-down-power-plants/
------------------------------
Date: Mon, 7 Aug 2023 15:13:31 -0400
From: Gabe Goldberg <gabe@gabegold.com>
Subject: Has Microsoft cut security corners once too often?
(Computerworld)
As details about the recent China attack against U.S. government agencies
come to light, two details stand out: Microsoft failed to store security
keys properly -— and the keys were used by attackers even though they'd
already expired.
https://www.computerworld.com/article/3704132/has-microsoft-cut-security-corners-once-too-often.html
------------------------------
From: Jan Wolitzky <jan.wolitzky@gmail.com>
Date: Mon, 31 Jul 2023 10:15:03 -0400
Subject: Who Paid for a Mysterious Spy Tool? The FBI, an FBI Inquiry Found.
(NYTimes)
When *The New Yorker* reported in April 2023 that a contractor had purchased
and deployed a spying tool made by NSO, the contentious Israeli hacking
firm, for use by the U.S. government, White House officials said they were
unaware of the contract and put the FBI in charge of figuring out who might
have been using the technology.
After an investigation, the FBI uncovered at least part of the answer: It
was the FBI.
The deal for the surveillance tool between the contractor, Riva Networks,
and NSO was completed in November 2021. Only days before, the Biden
administration had put NSO on a Commerce Department blacklist, which
effectively banned U.S. firms from doing business with the company. For
years, NSO's spyware had been abused by governments around the world.
This particular tool, known as Landmark, allowed government officials to
track people in Mexico without their knowledge or consent.
https://www.nytimes.com/2023/07/31/us/politics/nso-spy-tool-landmark-fbi.html
------------------------------
Date: Fri, 11 Aug 2023 02:57:36 -0400
From: Gabe Goldberg <gabe@gabegold.com>
Subject: A Clever Honeypot Tricked Hackers Into Revealing Their Secrets
(WiReD)
Security researchers set up a remote machine and recorded every move
cybercriminals made -— including their login details. [...]
Some attackers were sophisticated, while others appeared inept. And some
just behaved oddly -— one person who logged into the machine changed the
desktop background and logged out, and another wrote “lol” before covering
their tracks and leaving, the researchers behind the study say. [...]
Bergeron and Bilodeau have grouped the attackers into five broad categories
based on character types from the role-playing game Dungeons and
Dragons. Most common were the rangers: once these attackers were inside the
trap RDP session, they would immediately start exploring the system,
removing Windows antivirus tools, delving into folders, looking at the
network it was on and other elements of the machine. Rangers wouldn’t take
any action, Bergeron says. “It's basic recon,” she says, suggesting they may
be evaluating the system for others to enter it. [...]
Despite this, watching the attackers reveals the way they behave, including
some more peculiar actions. Bergeron, who has a PhD in criminology, says the
attackers were sometimes “very slow” at doing their work. Often she was
“getting impatient” while watching them, she says. “I’m like: ‘Come on,
you're not good at that’ or 'Go faster’ or ‘Go deeper,’ or ‘You can do
better.’”
https://www.wired.com/story/hacker-honeypot-go-secure
------------------------------
Date: Fri, 4 Aug 2023 10:12:45 -0700
From: Paul Burke <box1320@gmail.com>
Subject: Medicare replaces 47,000 patients' ID numbers, because of MOVEit
data breach (CMS)
We're used to seeing new credit-card numbers after a data breach. Getting a
new health-insurance number is similar, after the MOVEit breach.
https://www.cms.gov/outreach-and-education/outreach/ffsprovpartprog/provider-partnership-email-archive/1401044333/2023-08-03-mlnc#_Toc141941698
They estimate 612,000 people's records were breached, but expect to change
only 47,000 id numbers. Doctors are told how to get the new number if a
patient arrives with an old superceded number.
https://www.cms.gov/medicare/new-medicare-card/providers/providers-and-office-managers
------------------------------
Date: Tue, 8 Aug 2023 23:04:27 +0200
From: Nick Brown <nicholasjlbrown@gmail.com>
Subject: Spreadsheet blunder reveals sensitive law enforcement
information (Belfast Telegraph)
The Belfast Telegraph reports that a spreadsheet, which was meant to contain
only summary statistical information, but in fact contained detailed
personally identifiable information about more than 10,000 police officers
and support staff in another tab, was put online for an unspecified amount
of time on 8 Aug 2023.
This information would be sensitive in any jurisdiction, but the problem is
particularly severe in Northern Ireland where, despite 25 years of peace,
terrorist groups still occasionally target law enforcement personnel.
https://www.belfasttelegraph.co.uk/news/northern-ireland/catastrophic-psni-blunder-identifies-every-serving-police-officer-and-civilian-staff-with-345000-pieces-of-data-prompting-security-nightmare/a1823676448.html
[Nick is in Palma de Mallorca. Also noted by Patrick O'Beirne. PGN]
------------------------------
Date: Thu, 27 Jul 2023 13:36:40 +0000
From: Henry Baker <hbaker1@pipeline.com>
Subject: The future is certain; it is only the past that is unpredictable
It's an old ironic Soviet joke:
The future is certain; it is only the past that is unpredictable"
This old Soviet joke points out to the authoritarian regime's habit of
editing and airbrushing history books and controlling the narration over
history as the key to political legitimacy.
https://sharedhistory.eu/11-archive/41-the-future-is-certain-it-is-only-the-past-that-is-unpredictable-anna-doma-ska
Supposedly, the Internet fixed all that:
https://www.theneweconomy.com/technology/the-internet-never-forgets-but-people-do
------------------------------
Date: Mon, 24 Jul 2023 17:27:28 -0400
From: Gabe Goldberg <gabe@gabegold.com>
Subject: Social Media Influencers Are Holding Restaurants Hostage (NYTimes)
Tell me if you’ve heard this one: A social media influencer walks into a bar
….
No, wait. This isn’t a joke. This is a 21st-century shakedown.
Here is how it works: An influencer walks into a restaurant to collect an
evening’s worth of free food and drink, having promised to create social
media content extolling the restaurant’s virtues. The influencer then orders
far more than the agreed amount and walks away from the check for the
balance or fails to tip or fails to post or all of the above. And the owners
are left feeling conned.
https://www.nytimes.com/2023/07/24/opinion/social-media-influencer-restaurants.html
------------------------------
Date: Sun, 13 Aug 2023 14:16:25 +0900
From: Dave Farber <farber@keio.jp>
Subject: AI Causes Real Harm. Let's Focus on That over the
End-of-Humanity Hype (Scientific American)
https://www.scientificamerican.com/article/we-need-to-focus-on-ais-real-harms-not-imaginary-existential-risks/
------------------------------
Date: Wed, 26 Jul 2023 06:38:11 -0600
From: Matthew Kruk <mkrukg@gmail.com>
Subject: Canadian AI pioneer brings plea to U.S. Congress: Pass
a law now (CBC)
https://www.cbc.ca/news/world/ai-laws-canada-us-yoshua-bengio-1.6917793
A giant in the field of artificial intelligence has issued a warning to
American lawmakers: Regulate this technology, and do it quickly.
That appeal came at a hearing in Washington on Tuesday from Yoshua Bengio, a
professor at the University of Montreal and founder of Mila, the Quebec AI
institute.
"I firmly believe that urgent efforts, preferably in the coming months, are
required," said Bengio, one of three witnesses.
------------------------------
Date: Sat, 5 Aug 2023 22:22:31 -0600
From: Matthew Kruk <mkrukg@gmail.com>
Subject: Chatbots: Why does White House want hackers to trick AI? (BBC)
https://www.bbc.com/news/technology-66404069
What happens when thousands of hackers gather in one city with the sole aim
of trying to trick and find flaws in artificial intelligence (AI) models?
That is what the White House wants to know.
------------------------------
Date: Fri, 11 Aug 2023 20:18:26 -0400
From: Gabe Goldberg <gabe@gabegold.com>
Subject: Hospital bosses love AI. Doctors and nurses are worried
(WashPost)o
Hospital bosses love AI. Doctors and nurses are worried. Mount Sinai and
other elite hospitals are pouring millions of dollars into chatbots and AI
tools, as doctors and nurses worry the technology will upend their jobs.
Mount Sinai has become a laboratory for AI, trying to shape the future of
medicine. But some healthcare workers fear the technology comes at a cost.
[...]
NEW YORK — Every day Bojana Milekic, a critical care doctor at Mount Sinai
Hospital, scrolls through a computer screen of patient names, looking at the
red numbers beside them — a score generated by artificial intelligence — to
assess who might die.
On a morning in May, the tool flagged a 74-year-old lung patient with a
score of .81 — far past the .65 score when doctors start to worry. He didn’t
seem to be in pain, but he gripped his daughter’s hand as Milekic began to
work. She circled his bed, soon spotting the issue: A kinked chest tube was
retaining fluid from his lungs, causing his blood oxygen levels to plummet.
After repositioning the tube, his breathing stabilized — a “simple
intervention,” Milekic says, that might not have happened without the aid of
the computer program. [...]
Robbie Freeman, Mount Sinai’s vice president of digital experience, said the
hardest parts of getting AI into hospitals are the doctors and nurses
themselves. “You may have come to work for 20 years and done it one way,” he
said, “and now we’re coming in and asking you to do it another way.”
“People may feel like it’s flavor of the month,” he added. “They may not
fully be … bought into the idea of adopting some sort of new practice or
tool.”
https://www.washingtonpost.com/technology/2023/08/10/ai-chatbots-hospital-technology/
------------------------------
Date: Wed, 9 Aug 2023 09:14:21 -0700
From: Lauren Weinstein <lauren@vortex.com>
Subject: The AI firms are pushing too hard, and the result could be ...
If the Generative AI firms keep pushing the way they have been, they could
end up in a world where they can use Internet and other content ONLY on an
opt-in basis -- that is, when specific and explicit permission is given at
sites for such use. The firms are pushing way too hard and the
regulatory/political blowback could be enormous. -L
------------------------------
Date: Tue, 8 Aug 2023 14:07:48 -0400
From: Gabe Goldberg <gabe@gabegold.com>
Subject: A Zoom Call, Fake Names and an AI Presentation
Gone Awry (The New York Times)
AI start-ups are competing fiercely with one another as a race to get ahead
in the technology intensifies.
Arthur AI, an artificial intelligence company in New York, received a
message in April last year from a start-up called OneOneThree. Yan Fung,
OneOneThree’s head of technology, said he was interested in buying Arthur
AI’s technology and wanted a demonstration.
A week later, Arthur AI held a Zoom meeting with Mr. Fung to show him its
software, according to emails and a video recording viewed by The New York
Times. When Mr. Fung's colleague joined the call, the Arthur AI team
realized something was off.
Mr. Fung said Karina Patel, OneOneThree’s “main engineer,” would dial in.
But the name that flashed up in the Zoom call was Aparna Dhinakaran. An
Arthur AI employee recognized the name as belonging to a founder of Arize
AI, a rival start-up. “That’s so strange —- I don’t know how they could have
possibly gotten the link,” the Arthur AI employee said.
https://www.nytimes.com/2023/08/07/technology/ai-start-ups-competition.html
[ai-eye-eye, Where is the Arthurmometer when we need it? PGN]
------------------------------
Date: Wed, 9 Aug 2023 08:34:22 -0700
From: Lauren Weinstein <lauren@vortex.com>
Subject: AI Drift: Study Reveals ChatGPT's Struggles with Basic Math -- as
accuracy declines (Cryptopolitan)
https://www.cryptopolitan.com/study-reveals-chatgpts-struggles/
------------------------------
Date: Thu, 10 Aug 2023 08:15:08 -0700
From: Lauren Weinstein <lauren@vortex.com>
Subject: Don't use our content to train AI systems
(*The New York Times*)
They've updated their Terms of Service to prohibit AI use of their
content. -L
https://searchengineland.com/new-york-times-content-train-ai-systems-430556
[In a related post, Lauren adds:
Generative AI training should be opt-in.
If use of website data for generative AI training isn't made as close to
universally opt-in as possible, it will over time suck the life out of the
Web that we've known. -L]
------------------------------
Date: Sun, 30 Jul 2023 06:50:34 -0700
From: Steve Bacher <sebmb1@verizon.net>
Subject: Cigna Uses AI To Improperly Deny CA Claims, Lawsuit Contends
(Patch)
The class-action suit says Cigna Corp. and Cigna Health and Life Insurance
Co.rejected more than 300,000 payment claims in just two months.
https://patch.com/california/across-ca/major-ca-insurer-uses-ai-improperly-deny-claims-lawsuit-contends
------------------------------
Date: Sun, 6 Aug 2023 17:41:37 -0400
From: Gabe Goldberg <gabe@gabegold.com>
Subject: Zoom's Updated Terms of Service Permit Training AI
on User Content Without Opt-Out (StackDiary)
Well, well, well... It looks like Brave isn't the only company out there
that is willing to bet all its chips on reusing other people's content for
AI training.
Zoom Video Communications, Inc. recently updated its Terms of Service to
encompass what some critics are calling a significant invasion of user
privacy.
Additionally, under section 10.4 of the updated terms, Zoom has secured a
"perpetual, worldwide, non-exclusive, royalty-free, sublicensable, and
transferable license" to redistribute, publish, access, use, store,
transmit, review, disclose, preserve, extract, modify, reproduce, share,
use, display, copy, distribute, translate, transcribe, create derivative
works, and process Customer Content.
Zoom justifies these actions as necessary for providing services to
customers, supporting the services, and improving its services, software, or
other products. However, the implications of such terms are far-reaching,
particularly as they appear to permit Zoom to use customer data for any
purpose relating to the uses or acts described in section 10.3.
https://stackdiary.com/zoom-terms-now-allow-training-ai-on-user-content-with-no-opt-out/
------------------------------
Date: Thu, 10 Aug 2023 08:18:57 -0700
From: Lauren Weinstein <lauren@vortex.com>
Subject: Google and Universal Music Discuss Making an AI Tool to Replicate
Artists' Voices (Gizmodo)
Oh yeah, that will end well. -L
https://gizmodo.com/google-universal-music-ai-to-replicate-artists-voices-1850722515
------------------------------
From: Monty Solomon <monty@roscom.com>
Date: Tue, 15 Aug 2023 00:06:18 -0400
Subject: Hello? It’s ‘Telemarketers,’ Here to Tell You About an Amazing Scam
(NYTimes)
In a rowdy new HBO docu-series, two former telemarketers with a camcorder
take on an industry they say was ripping people off in the name of charity.
https://www.nytimes.com/2023/08/10/arts/television/telemarketers-hbo-documentary.html
------------------------------
Date: Sat, 12 Aug 2023 09:12:05 -0700
From: Steve Bacher <sebmb1@verizon.net>
Subject: Re: Why AI detectors think the U.S. Constitution was written by AI
(RISKS-33.77)
Feeding the text of the US Constitution or Genesis into an AI detector and
getting the response back "this was probably written by AI" isn't
qualitatively different from feeding the same text into a plagiarism
detector and receiving the response "This text was plagiarized." For if it
had been submitted by an actual student, that surely would be correct.
There is a distinction to be made between evaluating a writer's claim to
authorship (relevant to what college professors need to do) and evaluating
the value of the text itself.
------------------------------
Date: Sat, 12 Aug 2023 09:27:26 -0700
From: Steve Bacher <sebmb1@verizon.net>
Subject: Re: 'Redacted Redactions' Strike Again (Baker, RISKS-33.77)
This reminds me of the attempts made to redact sensitive information by
blacking out sections of text, essentially by making the background black so
it was black-on-black text, which of course was trivially easy to
counteract.
------------------------------
Date: Sat, 12 Aug 2023 09:23:13 -0700
From: Steve Bacher <sebmb1@verizon.net>
Subject: Re: Possible Typo Leads to Actual Scam (Smith, RISKS-33.77)
"I was puzzled that someone thought it worthwhile to capitalize on this tiny
mistake, as who even *reads* the printed tag inside an oven, no less *calls*
the printed phone number?"
Well, you did, didn't you?
------------------------------
Date: 12 Aug 2023 14:23:22 -0400
From: "John Levine" <johnl@iecc.com>
Subject: Re: Possible Typo Leads to Actual Scam (Smith, RISKS-33.77)
A friend with long experience in the phone business tells me that a whole
lot of them go to dubious companies selling phone porn, on the off chance
that someone dialing a wrong number might be interested.
The basic cost for a toll free number is very low, like a dollar a month, so
there's basically no opportunity cost to this scam. I expect the people
answering the phone have a whole catalog of scripts depending on what number
you called.
------------------------------
Date: Sat, 12 Aug 2023 15:01:36 -0400
From: Dick Mills <dickandlibbymills@gmail.com>
Subject: Re: Possible Typo Leads to Actual Scam
I was curious about the "800-374-4432, not -4472" scam, so I did a search
on the "bad" number.
https://duckduckgo.com/?q=800-374-4472
At the bottom of the search results, it said "Searches related to
800-374-4472" and then gave 8 links to actual Frigidaire sites. But all 8
sites give the 4432 number, and don't mention 4472.
I don't claim to understand how or why those two numbers are linked but
apparently the search engine thinks that they are linked.
There must be more to the story.
[Maybe the Robo-Wabbit thought it was a Westinghouse. PGN]
------------------------------
Date: Sun, 13 Aug 2023 19:23:29 +0000
From: Jay Libove Alzina <libove@felines.org>
Subject: Re: "Possible Typo Leads to Actual Scam"
(Smith, RISKS-33.77)
In re: Bob's mention in RISKS Digest Volume 33 Issue 77, I mentioned this in
an old Internet farts like me group on Facebook, and the eminent Jon Maddog
Hall wisely commented the following: "It seems to me that this should be
reported to a consumer fraud division of the government and not just the
appliance company. It would be easy enough to track down the people who are
paying for that telephone number." Good point. Even if the miscreants are
geographically beyond reach, it should be pretty straightforward for
authorities to get this phone number pulled, so that no other consumer
potentially gets scammed by the manufacturer's mind-bogglingly stupid
mistake.
------------------------------
Date: Sat, 29 Jul 2023 22:22:08 -0600
From: Matthew Kruk <mkrukg@gmail.com>
Subject: Elon Musk's Unmatched Power in the Stars
(NYTimes)
https://www.nytimes.com/interactive/2023/07/28/business/starlink.html
The tech billionaire has become the dominant power in satellite Internet
technology. The ways he is wielding that influence are raising global
alarms.
------------------------------
Date: Thu, 27 Jul 2023 16:59:20 -0500
From: "Gavin Scott" <gbs@me.com>
Subject: Elon wants my cryptos!
YouTube just recommended a live SpaceX Falcon Heavy launch stream to me, so
I opened it up to run in the background here.
The fact that it was dark in Florita at 5pm probably should have tipped me
off (I did look at the channel name in the small recommendation tile but all
I saw there was "SpaceX" as expected).
It goes along quite believably (it's just an exact rebroadcast of the
aborted launch attempt from yesterday) and then about three minutes before
liftoff, Elon comes out on stage and (in a mostly obvious, but not ENTIRELY
so, AI Elon Voice Clone) announces Total Crypto Integration into Twitter and
in celebration of this announcement he's going to give away a whole bunch of
crypto (Bitcoin/ETH/DOGE) to promote it. Of course then it just turns into a
classic "double your money" con (and a bonus "why don't you just use our
site to duplicate your wallet" scam for the terminally gullible).
It's honestly fairly impressive though in its planning/timing and attention
to detail, and I fear that at least a few of the 1,300+ people watching are
about to become poorer as a result.
I think the (several) risks here ought to be, as it were, obvious.
------------------------------
Date: Sat, 1 Jul 2023 11:11:11 -0800
From: RISKS-request@csl.sri.com
Subject: Abridged info on RISKS (comp.risks)
The ACM RISKS Forum is a MODERATED digest. Its Usenet manifestation is
comp.risks, the feed for which is donated by panix.com as of June 2011.
=> SUBSCRIPTIONS: The mailman Web interface can be used directly to
subscribe and unsubscribe:
http://mls.csl.sri.com/mailman/listinfo/risks
=> SUBMISSIONS: to risks@CSL.sri.com with meaningful SUBJECT: line that
includes the string `notsp'. Otherwise your message may not be read.
*** This attention-string has never changed, but might if spammers use it.
=> SPAM challenge-responses will not be honored. Instead, use an alternative
address from which you never send mail where the address becomes public!
=> The complete INFO file (submissions, default disclaimers, archive sites,
copyright policy, etc.) has moved to the ftp.sri.com site:
<risksinfo.html>.
*** Contributors are assumed to have read the full info file for guidelines!
=> OFFICIAL ARCHIVES: http://www.risks.org takes you to Lindsay Marshall's
searchable html archive at newcastle:
http://catless.ncl.ac.uk/Risks/VL.IS --> VoLume, ISsue.
Also, ftp://ftp.sri.com/risks for the current volume/previous directories
or ftp://ftp.sri.com/VL/risks-VL.IS for previous VoLume
If none of those work for you, the most recent issue is always at
http://www.csl.sri.com/users/risko/risks.txt, and index at /risks-33.00
ALTERNATIVE ARCHIVES: http://seclists.org/risks/ (only since mid-2001)
*** NOTE: If a cited URL fails, we do not try to update them. Try
browsing on the keywords in the subject line or cited article leads.
Apologies for what Office365 and SafeLinks may have done to URLs.
==> Special Offer to Join ACM for readers of the ACM RISKS Forum:
<http://www.acm.org/joinacm1>
------------------------------
End of RISKS-FORUM Digest 33.78
************************