[33865] in RISKS Forum
Risks Digest 34.88
daemon@ATHENA.MIT.EDU (RISKS List Owner)
Fri Feb 20 19:03:33 2026
From: RISKS List Owner <risko@csl.sri.com>
Date: Fri, 20 Feb 2026 15:59:54 PST
To: risks@mit.edu
RISKS-LIST: Risks-Forum Digest Friday 20 February 2026 Volume 34 : Issue 88
ACM FORUM ON RISKS TO THE PUBLIC IN COMPUTERS AND RELATED SYSTEMS (comp.risks)
Peter G. Neumann, founder and still moderator
***** See last item for further information, disclaimers, caveats, etc. *****
This issue is archived at <http://www.risks.org> as
<http://catless.ncl.ac.uk/Risks/34.88>
The current issue can also be found at
<http://www.csl.sri.com/users/risko/risks.txt>
Contents:
What happens to a car when the company behind its software goes under?
(ArsTechnica)
Bad News -- CVE 21858 (from Bruce's CRYPTOGRAM)
University of Mississippi Medical Center Suffers Cyberattack, Closes All
Clinics, Cancels Services (Mississippi Free Press)
A Wave of Unexplained Bot Traffic Is Sweeping the Web (Wired)
Defense Dept. and Anthropic Square Off in Dispute Over AI Safety (The NYTimes)
AI 'Arms Race' Risks Human Extinction, Warns Top Computing Expert (Barron's)
I hacked ChatGPT and Google's AI -- and it only took 20 minutes (BBC))
EU Parliament blocks AI tools over cyber, privacy fears (Politico)
Why an AI Video of Tom Cruise Battling Brad Pitt Spooked Hollywood (NYTimes)
How dark web agent spotted bedroom wall clue to rescue girl from years of harm
(BBC)
Mark Zuckerberg to testify in landmark trial alleging that social media harms
children (CBC)
What TikTok's Pixel Knows About Your Cancer, Fertility, and Mental Health Crisis
(Disconnect)
Redefining Zero Knowledge (ArsTechnica)
AI must foster 'maternal instincts' or we risk extinction, warns
Geoffrey Hinton (CBC)
Southern California air board rejected pollution rules after AI-generated
flood of comments (LA Times)
AI discussion (Bill Maher)
Bezos vs. Musk: The New Billionaire Battle for the Moon (WSJ)
DoT's vibe-regulate U.S. transport with Gemini (Pivot to AI)
Seven Billion Reasons for Facebook to Abandon its Face Recognition Plans
(Electronic Frontier Foundation)
CISA 2025 Year in Review (via Monty Solomon)
DHS found to have massive lying about immigrants on its web site, claims it was a " glitch" (CNN)
Dr Hilary Cass of the Cass Report has been referred to the GMC
(Dr Webberly Responds)
Re: Look for a citation (Bob Rahe)
Abridged info on RISKS (comp.risks)
----------------------------------------------------------------------
Date: Fri, 20 Feb 2026 09:05:45 -0800
From: Steve Bacher <sebmb1@verizon.net>
Subject: What happens to a car when the company behind its software goes
under? (ArsTechnica)
Imagine turning the key or pressing the start button of your car —-
and nothing happens. Not because the battery is dead or the engine is
broken but because a server no longer answers. For a growing number of
cars, that scenario isn't hypothetical.
As vehicles become platforms for software and subscriptions, their longevity
is increasingly tied to the survival of the companies behind their code.
When those companies fail, the consequences ripple far beyond a bad app
update and into the basic question of whether a car still functions as a
car. [...]
https://arstechnica.com/cars/2026/02/what-happens-to-a-car-when-the-company-behind-
its-software-goes-under/
------------------------------
Date: Sun, 15 Feb 2026 09:37:46 +0000
From: Bruce Schneier <schneier@schneier.com>
Subject: Bad News -- CVE 21858 (from Bruce's CRYPTOGRAM)
[2026.01.15]
[https://www.schneier.com/blog/archives/2026/01/new-vulnerability-in-n8n.html]
This isn't good:
[https://www.cyera.com/research-labs/ni8mare-unauthenticated-remote-code-execution-in-n8n-cve-2026-21858]
We discovered a critical vulnerability (CVE-2026-21858 CVSS 10.0)
[https://github.com/n8n-io/n8n/security/advisories/GHSA-v4pr-fm98-w9pg] in
n8n that enables attackers to take over locally deployed instances
impacting an estimated 100,000 servers globally. No official workarounds
are available for this vulnerability. Users should upgrade to version
1.121.0 or later to remediate the vulnerability.
Three technical links and two news links:
[https://community.n8n.io/t/security-advisory-security-vulnerability-in-n8n-versions-1-65-1-120-4/247305]
[https://thehackernews.com/2026/01/n8n-supply-chain-attack-abuses.html]
[https://nvd.nist.gov/vuln/detail/CVE-2025-68668]
[https://www.cybersecuritydive.com/news/critical-vulnerability-n8n-automation-platform/809360/]
[https://www.bleepingcomputer.com/news/security/max-severity-ni8mare-flaw-impacts-nearly-60-000-n8n-instances/].
------------------------------
Date: Thu, 19 Feb 2026 12:03:24 -0800
From: Lauren Weinstein <lauren@vortex.com>
Subject: University of Mississippi Medical Center Suffers Cyberattack,
Closes All Clinics, Cancels Services (Mississippi Free Press)
Cyberattacks that shut down medical services should have a mandatory
sentence of life in prison without parole. -L
https://www.mississippifreepress.org/university-of-mississippi-suffers-cyberattack-
closes-all-clinics-cancels-services/
------------------------------
Date: Sun, 15 Feb 2026 15:49:51 -0700
From: geoff goodfellow <geoff@iconia.com>
Subject: A Wave of Unexplained Bot Traffic Is Sweeping the Web (Wired)
From small publishers to US federal agencies, websites are reporting
unusual spikes in automated traffic linked to IP addresses in Lanzhou,
China*
EXCERPT:
FOR A BRIEF moment in October, Alejandro Quintero thought he had made it big
in China <https://archive.ph/o/qvE6y/https://www.wired.com/china-issue/>.
The Bogotá-based data analyst owns and manages a website that publishes
articles about paranormal activities, like ghosts and aliens. The content is
written in “Spanglish,” he says, and was never intended for an Asian
audience. But last fall, Quintero's site suddenly began receiving a large
volume of visits from China and Singapore. The amount of traffic
<https://archive.ph/o/qvE6y/https://www.wired.com/story/weight-of-the-internet/>
coming from the two countries was so high and consistent that it now
accounts for more than half of total visits to Quintero’s site over the past
12 months. When he first noticed the traffic spike, Quintero thought he’d
found an audience on the other side of the world. “I need to travel to China
right now because I’m the bomb there,” Quintero says he recalls
thinking. But as soon as he dug into the data, he knew something was
wrong. Google Analytics, a common tool used by website owners to parse web
traffic, shows that all the Chinese visitors are from one specific city:
Lanzhou. They are unlikely to be real humans, because they stay on the page
for an average of 0 seconds and don’t scroll or click. Quintero quickly
realized his website was actually being bombarded by bots. Quintero later
found out from social media that he was far from the only website operator
who started seeing a large influx of bots from China and Singapore beginning
in September. A lifestyle magazine
<https://archive.ph/o/qvE6y/https://support.google.com/analytics/thread/378622882?hl=en&msgid=381649158>
based in India, a blog about a small island off the coast of Canada
<https://archive.ph/o/qvE6y/https://cortescurrents.ca/from-lanzhou-to-bc-bots-overwhelming-cortes-currents/>,
the owners of several personal portfolio websites, a weather forecast
platform with over 15 million pages, e-commerce shops hosted by Shopify
<https://archive.ph/o/qvE6y/https://community.shopify.com/t/massive-visits-from-chinese-bots/574916>,
and even domains run by the US government have all reported being hit by
what appear to be the same bots. And they were easy to spot because the bots
significantly skewed each website’s usual analytics patterns. In the last 90
days, 14.7 percent of visits to US government websites came from Lanzhou and
6.6 percent came from Singapore, making them the top two cities in the world
supposedly hungry for information from the American government, according to
Analytics.usa.gov.
While their IP addresses can be traced to China and Singapore, there’s
little information about who's actually behind this massive amount of
automated visits. Website owners who are being targeted have largely
concluded that the bots don't pose any immediate harm. Given that AI-related
bot activity surged
<https://archive.ph/o/qvE6y/https://www.wired.com/story/big-interview-event-matthew-prince-cloudflare/>
across the Internet last year, many believe the traffic could be connected
to companies harvesting web data for training models. Where Is Lanzhou,
Anyway? When website owners saw the sudden uptick of visits from China,
many of them started asking, where is Lanzhou? The second-tier city in
China's northwest is known for its heavy manufacturing industries and
historical legacy as a Silk Road trading hub. But it’s neither a tech hub
nor home to significant numbers of data centers. So why is so much traffic
coming from the city? Lanzhou might not be the actual source of the bots,
says Gavin King, founder of Known Agents, which analyzes automated online
traffic. King's own company website has also been targeted by bots from
China and Singapore. When he looked deeper into the specific details of the
visits, the only thing he could say for certain was that all of the traffic
was eventually being routed through Singapore. Google Analytics determined
the visits originated from Lanzhou, but King says that could just be an
educated guess instead of a precise location. But the most concrete detail
King found is that the traffic is being routed through servers belonging to
several major Chinese cloud companies. King says the bot traffic his website
received all came through the Autonomous System Number (ASN) 132203, a
unique identifier in the Internet’s routing system assigned to an Internet
service provider operated by the Chinese company Tencent. Andy, the manager
of a large weather forecasting website group, says he detected bot traffic
coming from ASNs associated with Tencent, Alibaba, and Huawei. (He asked
only to use his first to protect his privacy.) All three companies are major
cloud providers, and it’s unclear whether the bots are coming from in-house
or clients using their servers. Many people suspect that these bots are
part of an AI company's effort to collect training data from web pages. In
2025, AI bots accounted for a significant portion of overall web traffic
<https://archive.ph/o/qvE6y/https://www.wired.com/story/ai-bots-are-now-a-signifigant-source-of-web-traffic/>,
which crawl the Internet for text and other information to feed to
data-hungry large language models. [...]
<https://archive.ph/o/qvE6y/https://www.wired.com/story/these-startups-are-building-advanced-ai-models-over-the-internet-with-untapped-data/>
https://www.wired.com/story/made-in-china-niche-websites-are-seeing-a-surge-of-mysterious-traffic-from-china/
-or-
https://archive.ph/qvE6y
------------------------------
Date: Thu, 19 Feb 2026 09:52:45 -0500
From: Jan Wolitzky <jan.wolitzky@gmail.com>
Subject: Defense Dept. and Anthropic Square Off in Dispute Over AI Safety
(The NY Times)
For months, the Department of Defense and the artificial intelligence
company Anthropic have been negotiating a contract over the use of AI on
classified systems by the Pentagon.
This week, those discussions erupted in a war of words.
On Monday, a person close to Defense Secretary Pete Hegseth told Axios that
the Pentagon was close to declaring the start-up a supply-chain risk, a move
that would sever ties between the company and the U.S. military. Anthropic
was caught off guard and internally scrambled to pinpoint what had set off
the department, two people with knowledge of the company said.
At the heart of the fight is how AI will be used in future battlefields.
Anthropic told defense officials that it did not want its AI used for mass
surveillance of Americans or deployed in autonomous weapons that had no
humans in the loop, two people involved in the discussions said.
https://www.nytimes.com/2026/02/18/technology/defense-department-anthropic-ai-safety.html
------------------------------
Date: Thu, 19 Feb 2026 17:53:00 -0700
From: geoff goodfellow <geoff@iconia.com>
Subject: AI 'Arms Race' Risks Human Extinction, Warns Top Computing Expert
(Barron's)
EXCERPT:
Tech CEOs are locked in an artificial intelligence "arms race" that risks
wiping out humanity, top computer science researcher Stuart Russell told
AFP on Tuesday, calling for governments to pull the brakes.
Russell, a professor at the University of California, Berkeley, said the
heads of the world's biggest AI companies understand the dangers posed by
super-intelligent systems that could one day overpower humans.
To him, the onus to save the species rests on world leaders who can take
collective action.
"For governments to allow private entities to essentially play Russian
roulette with every human being on earth is, in my view, a total
dereliction of duty," said Russell, a prominent voice on AI safety.
Countries and companies are spending hundreds of billions of dollars on
building energy-hungry data centres to train and run generative AI tools.
The rapidly developing technology promises benefits such as drug discovery,
but could also lead to job losses, and facilitate surveillance and online
abuse among other threats.
Alongside that is the risk of "AI systems themselves taking control and
human civilisation being collateral damage in that process", Russell said
in an interview at the AI Impact Summit in New Delhi.
"Each of the CEOs of the main AI companies, I believe, wants to disarm" but
cannot do so "unilaterally" as they would be fired by investors, he said.
"Some of them have said it in public and some of the told me it privately,"
he added, noting that even Sam Altman, head of ChatGPT maker OpenAI, has
said on-record that AI could lead to human extinction.
OpenAI and rival U.S. startup Anthropic have seen public resignations of
staff who have spoken out about their ethical concerns.
Anthropic also warned last week that its latest chatbot models could be
nudged towards "knowingly supporting -- in small ways -- efforts toward
chemical weapon development and other heinous crimes".
International gatherings such as this week's AI summit provide an
opportunity for regulation, although its three previous editions have only
resulted in voluntary agreements from tech companies.
"It really helps if each of the governments understand this issue. And so
that's why I'm here," Russell said. [...]
https://www.barrons.com/news/ai-arms-race-risks-human-extinction-warns-top-computing-expert-74df6e59?st=R5jRzF
------------------------------
Date: Fri, 20 Feb 2026 08:55:36 -0800
From: Steve Bacher <sebmb1@verizon.net>
Subject: I hacked ChatGPT and Google's AI -- and it only took 20 minutes
(BBC)
Perhaps you've heard that AI chatbots make things up sometimes. That's
a problem. But there's a new issue few people know about, one that
could have serious consequences for your ability to find accurate
information and even your safety. A growing number of people have
figured out a trick to make AI tools tell you almost whatever they
want. It's so easy a child could do it.
As you read this, this ploy is manipulating what the world's leading AIs say
about topics as serious as health and personal finances. The biased
information could mean people make bad decisions on just about anything –-
voting, which plumber you should hire, medical questions, you name it.
[...]
https://www.bbc.com/future/article/20260218-i-hacked-chatgpt-and-googles-ai-and-it-only-took-20-minutes
------------------------------
Date: Tue, 17 Feb 2026 08:33:20 -0800
From: Steve Bacher <sebmb1@verizon.net>
Subject: EU Parliament blocks AI tools over cyber, privacy fears (
BRUSSELS — The European Parliament has disabled AI features on the work
devices of lawmakers and their staff over cybersecurity and data protection
concerns, according to an internal email seen by POLITICO.
The chamber emailed its members on Monday to say it had disabled "built-in
artificial intelligence features" on corporate tablets after its IT
department assessed it couldn't guarantee the security of the tools' data.
"Some of these features use cloud services to carry out tasks that could be
handled locally, sending data off the device," the Parliament's e-MEP tech
support desk said in the email. "As these features continue to evolve and
become available on more devices, the full extent of data shared with
service providers is still being assessed. Until this is fully clarified, it
is considered safer to keep such features disabled." [...]
https://www.politico.eu/article/eu-parliament-blocks-ai-features-over-cyber-privacy-fears/
------------------------------
Date: Mon, 16 Feb 2026 07:36:42 -0500
From: Jan Wolitzky <jan.wolitzky@gmail.com>
Subject: Why an AI Video of Tom Cruise Battling Brad Pitt Spooked Hollywood
(NYTimes)
A 15-second clip created by an artificial intelligence tool owned by the
Chinese technology company ByteDance appears more cinematic than anything so
far.
https://www.nytimes.com/2026/02/16/movies/tom-cruise-brad-pitt-artificial-intelligence-seedance.html
------------------------------
Date: Tue, 17 Feb 2026 07:01:39 -0700
From: Matthew Kruk <mkrukg@gmail.com>
Subject: How dark web agent spotted bedroom wall clue to rescue girl from
years of harm (BBC)
https://www.bbc.com/news/articles/cx2gn239exlo
Specialist online investigator Greg Squire had hit a dead end in his efforts
to rescue an abused girl his team had named Lucy.
Disturbing images of her were being shared on the dark web -- an encrypted
corner of the Internet only accessible using special software designed to
make owners digitally untraceable.
But even with that level of subterfuge, the abuser was conscious of
"covering their tracks", cropping or altering any identifying features, says
Squire. It was impossible to work out who, or where, Lucy was.
What he was soon to discover was that the clue to the 12-year-old's location
was hidden in plain sight.
------------------------------
Date: Wed, 18 Feb 2026 12:27:40 -0700
From: Matthew Kruk <mkrukg@gmail.com>
Subject: Mark Zuckerberg to testify in landmark trial alleging that social
media harms children (CBC)
https://www.cbc.ca/news/business/mark-zuckerberg-testify-landmark-social-me=dia-addiction-trial-9.7095144
Meta CEO and billionaire Facebook founder Mark Zuckerberg is set to be
questioned for the first time in a U.S. court on Wednesday about Instagram's
effect on the mental health of young users, as a landmark trial pover youth
social media addiction continues.
While Zuckerberg has previously testified on the subject before Congress,
the stakes are higher at the jury trial in Los Angeles. Meta may have to
pay damages if it loses the case, and the verdict could erode Big Tech's
long-standing legal defence against claims of user harm.
The lawsuit and others like it are part of a global backlash against social
media platforms over children's mental health.
------------------------------
Date: Thu, 19 Feb 2026 01:53:10 -0500
From: Monty Solomon <monty@roscom.com>
Subject: What TikTok's Pixel Knows About Your Cancer, Fertility, and Mental
Health Crisis (Disconnect)
The technical evidence behind the BBC's investigation into TikTok's expanded
web tracking.
https://disconnect.me/research/tiktok-pixel-tracking-health-data
------------------------------
Date: Thu, 19 Feb 2026 08:03:51 -0500
From: Cliff Kilby <cliffjkilby@gmail.com>
Subject: Redefining Zero Knowledge (ArsTechnica)
https://arstechnica.com/security/2026/02/password-managers-promise-that-they-cant-see-your-vaults-isnt-always-true/
Everything is horrible, secure password vaults aren't, developers are using
zero knowledge wrong...
Or not.
The basis of these attacks is "assume a compromised server". If the server
is compromised during key enrollment or exchange, it's a given that the
malicious actor can interfere with the process of key enrollment/exchange.
"When a user accepts an invitation, the client asks the server for the
account recovery policy and the public-key of the organisation. The
adversary replaces the organisation's real data, setting auto-enrollment to
true in the policy, and replacing the public key pkorg with a malicious
pkadvorg for which they know the secret key skadvorg. Since account
recovery is enabled, the client encrypts the user key ku under the
organisation public key pkadvorg, and sends the resulting account recovery
ciphertext crec to the server. The adversary decrypts crec with skadvorg and
recovers ku." Quoted from the underlying paper at:
https://eprint.iacr.org/2026/058
This is the important bit:
replacing the public key pkorg with a malicious pkadvorg for which they know
the secret key
It is no longer zero knowledge, as the adversary established the knowledge.
I got a whole lot of meh reading this and would love for someone to
elaborate on what I missed.
[It never was zero-knowledge, anyway. There's always something that's
secret. It was a specious choice of terms, just like zero-trust. PGN]
------------------------------
Date: Thu, 19 Feb 2026 06:08:52 -0700
From: Matthew Kruk <mkrukg@gmail.com>
Subject: AI must foster 'maternal instincts' or we risk extinction,
warns Geoffrey Hinton
https://www.cbc.ca/radio/ideas/geoffrey-hinton-maternal-instincts-9.7094116
Geoffrey Hinton, who many consider to be the godfather of artificial
intelligence, says if AI continues to develop without appropriate
guardrails, a worst-case scenario could lead to human extinction.
But he has a solution.
Hinton is co-winner of the 2024 Nobel Prize in physics and co-founder of
the AI Safety Foundation.
As he explains to IDEAS host Nahlah Ayed, training AI to develop maternal
instincts could be what saves the human race. Here's a part of that
conversation.
------------------------------
Date: Wed, 18 Feb 2026 06:51:27 -0800
From: Steve Bacher <sebmb1@verizon.net>
Subject: Southern California air board rejected pollution rules after
AI-generated flood of comments (LA Times)
SoCal’s pollution authority scrapped a plan to phase out gas-powered
appliances after receiving more than 20,000 emails sent by an AI-powered
platform called CiviClick.
The opposition appeared overwhelming: Tens of thousands of emails poured
into Southern California'~<s top air pollution authority as its board weighed
a June proposal to phase out gas-powered appliances. But in reality, many of
the messages that may have swayed the powerful regulatory agency to scrap
the plan were generated by a platform that is powered by artificial
intelligence.
Public records requests reviewed by The Times and corroborated by staff
members at the South Coast Air Quality Management District confirm that more
than 20,000 public comments submitted in opposition to last year’s proposal
were generated by a Washington, D.C.-based company called CiviClick, which
bills itself as "the first and best AI-powered grassroots advocacy
platform." [...]
https://www.latimes.com/environment/story/2026-02-17/ai-powered-campaign-may-have-killed-key-vote-on-air-quality
------------------------------
Date: Fri, 13 Feb 2026 21:46:52 -0700
From: Matthew Kruk <mkrukg@gmail.com>
Subject: AI discussion (Bill Maher)
Overtime with Bill Maher: Jonathan Haidt, Stephanie Ruhle, H.R. McMaster
(HBO) https://www.youtube.com/watch?v=XEVdNo7fs_A
Bill and his guests Jonathan Haidt, Stephanie Ruhle and Lt. Gen.
H.R. McMaster (Ret.) continue their conversation after the show.
Very good points regarding AI.
------------------------------
Date: Sun, 15 Feb 2026 15:44:48 -0700
From: geoff goodfellow <geoff@iconia.com>
Subject: Bezos vs. Musk: The New Billionaire Battle for the Moon (WSJ)
*Elon Musk has changed his focus from Mars to a lunar base, going head to
head with Jeff Bezos*
EXCERPT:
The contest between Elon Musk and Jeff Bezos is only going to get more
heated now that the two are directly competing for the moon.
After years of charting a path to Mars, Musk surprisingly announced this
past week that SpaceX is pivoting to the moon, where he wants to build a
self-growing city. That puts him in the same space camp as rival Bezos, who
has bet that focusing on the moon would give his rocket company, Blue
Origin, an advantage. The Amazon founder has long extolled the benefits of a
lunar base, including setting up factories there.
The direct competition promises to stoke an even hotter 21st-century space
race -- this time between this era's real superpowers: billionaires.
Generations ago, the rivalry between the U.S. and then-Soviet Union to
reach the moon was a spectacle of science that grew out of the Cold War.
The desire to win on both sides fueled the costly projects.
For years, Musk and Bezos have competed to build their own reusable rockets,
win National Aeronautics and Space Administration contracts (including ones
for the moon) and grab attention for whose ideas for the stars were more
exciting. Their favored land spots helped divide the wider space community
between the moon and Mars.
In many ways, it seemed as though Musk was winning. SpaceX has built a
dominant launch business and low-Earth-orbit satellite network. A mission to
Mars was supposed to happen this year.
A little more than a year ago, Musk was publicly advocating the case for
Mars, just ahead of President Trump's starting a second term and renewed
talk about NASA's moon priorities. ``We're going straight to Mars,'' Musk
posted on X at the time. ``The Moon is a distraction.''
But Musk's position appears to have changed as SpaceX prepares to go public
later this year and as Washington politics have shifted toward returning
astronauts to the moon by 2028. Musk needs a business case for why public
investors, who tend to look at things on a quarter-by-quarter basis, will be
excited for a company that has yet to demonstrate it can send a rocket to
the red planet. It isn't clear what the price/earnings ratio will be for
creating a real-life Terminus, which could take decades at best.
Musk has assured that Mars is still in the works but, for now, he seems
more focused on the idea of a Moonbase Alpha.
Like Bezos, Musk is now talking about building factories on the moon. It's
part of Musk's broader idea to build artificial-intelligence data centers in
outer space and the reasoning behind merging his cash-eating AI startup,
xAI, with SpaceX.
Founded in 2002, SpaceX was Musk's gambit to reignite the space industry
that lost its luster after the Cold War wound down.
He thought that developing reusable rockets would lower the cost of
launches and make space travel more affordable. Eventually, Musk wanted to
reach Mars with his often-stated goal of making humanity a multiplanetary
species.
There are only so many more windows for Musk to set up a civilization on
Mars in his lifetime. The alignment of the planets for the quickest trip
only comes around about every 26 months. [...]
https://www.wsj.com/science/space-astronomy/elon-musk-jeff-bezos-moon-race-89a511ab?st=wgGwKP
------------------------------
Date: Sat, 14 Feb 2026 13:25:15 -0500
From: Gabe Goldberg <gabe@gabegold.com>
Subject: DoT's vibe-regulate U.S. transport with Gemini (Pivot to AI)
The US Department of Transportation wants to “revolutionize the way we draft
rulemakings.” This means they’re going to write the regulations with
Google’s Gemini chatbot! [ProPublica]
This plan was dropped on DOT staff in December. President Donald Trump is
reportedly “very excited about this initiative.”
You might think making rules requires knowledge, even expertise, and
checking the facts on the ground. But the heads of the DOT don't have time
for that nonsense:
https://pivot-to-ai.com/2026/02/13/lets-vibe-regulate-us-transport-with-gemini/
------------------------------
Date: Sat, 14 Feb 2026 13:24:08 -0500
From: Gabe Goldberg <gabe@gabegold.com>
Subject: Seven Billion Reasons for Facebook to Abandon its Face Recognition
Plans (Electronic Frontier Foundation)
*The New York Times* reported that Meta is considering adding face
recognition technology to its smart glasses. According to an internal Meta
document, the company may launch the product “during a dynamic political
environment where many civil society groups that we would expect to attack
us would have their resources focused on other concerns.”
This is a bad idea that Meta should abandon. If adopted and released to the
public, it would violate the privacy rights of millions of people and cost
the company billions of dollars in legal battles.
https://www.eff.org/deeplinks/2026/02/seven-billion-reasons-facebook-abandon-its-face-recognition-plans
------------------------------
Date: Sat, 14 Feb 2026 21:50:18 -0500
From: Monty Solomon <monty@roscom.com>
Subject: CISA 2025 Year in Review
CISA 2025 Year in Review
https://www.cisa.gov/about/2025YIR
------------------------------
Date: Thu, 19 Feb 2026 13:19:22 -0800
From: Lauren Weinstein <lauren@vortex.com>
Subject: DHS found to have massive lying about immigrants on its web site,
claims it was a "glitch"
https://www.cnn.com/2026/02/19/politics/homeland-security-worst-immigrants-website
------------------------------
Date: Fri, 20 Feb 2026 19:02:53 +0000
From: Martin Ward <martin@gkc.org.uk>
Subject: notsp Dr Hilary Cass of the Cass Report has been referred to the GMC
(Dr Webberly Responds)
I have spent months carefully examining the Cass Review1, reading the
peer-reviewed critiques, studying the systematic reviews it commissioned,
and comparing the review's conclusions with its own evidence base. Today, I
have submitted a formal referral to the General Medical Council raising
concerns about the professional conduct of Dr Hilary Cass across all four
domains of Good Medical Practice 2024. I do not do this lightly. Referring
a fellow doctor to the GMC is one of the most serious steps any medical
professional can take. But yesterday's interview crystallised for me
exactly why this referral is necessary, because the pattern of conduct I
have documented is not historical. It is ongoing, and it is happening on
the biggest platforms in the country.
https://www.helenwebberley.com/p/i-have-referred-dr-hilary-cass-to
------------------------------
Date: Sat, 14 Feb 2026 18:38:09 -0500
From: Bob Rahe <bob@dtcc.edu>
Subject: Re: Look for a citation (WSJ, Risks-34.87)
A bit of 'the rest of the story':
https://www.reuters.com/world/us/gabbard-rejects-claims-she-withheld-whistleblower-complaint-congress-2026-02-08/
Not surprisingly, it seems that a lot of her critics don't actually
understand the law they are claiming she has violated.
------------------------------
Date: Sat, 28 Oct 2023 11:11:11 -0800
From: RISKS-request@csl.sri.com
Subject: Abridged info on RISKS (comp.risks)
The ACM RISKS Forum is a MODERATED digest. Its Usenet manifestation is
comp.risks, the feed for which is donated by panix.com as of June 2011.
=> SUBSCRIPTIONS: The mailman Web interface can be used directly to
subscribe and unsubscribe:
http://mls.csl.sri.com/mailman/listinfo/risks
=> SUBMISSIONS: to risks@CSL.sri.com with meaningful SUBJECT: line that
includes the string `notsp'. Otherwise your message may not be read.
*** This attention-string has never changed, but might if spammers use it.
=> SPAM challenge-responses will not be honored. Instead, use an alternative
address from which you never send mail where the address becomes public!
=> The complete INFO file (submissions, default disclaimers, archive sites,
copyright policy, etc.) has moved to the ftp.sri.com site:
<risksinfo.html>.
*** Contributors are assumed to have read the full info file for guidelines!
=> OFFICIAL ARCHIVES: http://www.risks.org takes you to Lindsay Marshall's
delightfully searchable html archive at newcastle:
http://catless.ncl.ac.uk/Risks/VL.IS --> VoLume, ISsue.
Also, ftp://ftp.sri.com/risks for the current volume/previous directories
or ftp://ftp.sri.com/VL/risks-VL.IS for previous VoLume
If none of those work for you, the most recent issue is always at
http://www.csl.sri.com/users/risko/risks.txt, and index at /risks-34.00
ALTERNATIVE ARCHIVES: http://seclists.org/risks/ (only since mid-2001)
*** NOTE: If a cited URL fails, we do not try to update them. Try
browsing on the keywords in the subject line or cited article leads.
Apologies for what Office365 and SafeLinks may have done to URLs.
==> Special Offer to Join ACM for readers of the ACM RISKS Forum:
<http://www.acm.org/joinacm1>
------------------------------
End of RISKS-FORUM Digest 34.88
************************
