RISKS Forum mailing list archives
From: RISKS List Owner <risko () csl sri com>
Date: Sat, 15 Mar 2025 14:00:33 PDT
RISKS-LIST: Risks-Forum Digest Saturday 15 Mar 2025 Volume 34 : Issue 58 ACM FORUM ON RISKS TO THE PUBLIC IN COMPUTERS AND RELATED SYSTEMS (comp.risks) Peter G. Neumann, founder and still moderator ***** See last item for further information, disclaimers, caveats, etc. ***** This issue is archived at <http://www.risks.org> as <http://catless.ncl.ac.uk/Risks/34.58> The current issue can also be found at <http://www.csl.sri.com/users/risko/risks.txt> Contents: Two Planes, in Washington and Chicago, Abort Landings to Avoid Collisions (The New York Times) Badly designed user interface causes $81 trillion to be credited to a Citigroup client account (Financial Times) Espionage Groups Target Drone Technology Makers, Researchers Say (Bloomberg) The Worst 7 Years in Boeing's History -- and the Man Who Won't Stop Fighting for Answers (WiReD) As websites disappear, link rot threatens journalism (Poynter) Musk ... blocking grants, Johns Hopkins firing 2000 workers on major medical research and other projects around the world (Lauren Weinstein) Science journal Nature promotes AI chatbots for academic peer review (Pivot to AI) To Identify Suspect in Idaho Killings, FBI Used Restricted Consumer DNA Data (The New York Times)a Mark Klein, AT&T technician who helped expose NSA spying, dies at 79 (The Washington Post) As AI Evolves, Do Codes Still Need to Code? (NYTimes) AI Reshapes the Coding Workforce (Isabelle Bosquette) What Happens When AI Joins Every Meeting? *NYMag) Two Texas Lottery Wins Prompt Investigations and Stir Public Outrage (The New York Times) Trump administration cuts $10M funding from CISA nonprofit Center for Internet Security (AP News) U.S. Chips Act Office Loses Two-Fifths of Staff (Mackenzie Hawkins) NASA Cuts (NY Times) U.S. Government Cuts Key Software Division Without Warning (Ellen Jennings-Trace) DOGE ousts security testers (The Register) DOGE Quietly Deletes the 5 Biggest Spending Cuts It Celebrated Last Week (Sundry Sources) Oracle rollout fiasco (Jim Geissman) Health NZ was using a single Excel spreadsheet to track $28 billion of public money; report outlines 'significant concerns' (Jim Geissman) DOGE will use AI to assess the responses from federal workers who were told to justify their jobs via email (NBC News) eSpeech-recognition fail (BBC) Apple's Dictation System Transcribes the Word `Racist' as `Trump' (The New York Times) AI search engines give incorrect answers at an alarming 60% rate, study says (ArsTechnica) It's a risky AI double header! (Gabe Goldberg) Agentic AI Issues (Meredith Whittaker) Signal no longer cooperating with Ukraine on Russian cyberthreats, official says (The Record from Recorded Future News) Did AI really defend the KKK at the end of his column? (LA Times) Germany May Refuse F-35 Purchase over Emergency Switch, Consider Eurofighter Instead (Defense Mirror) Tesla makes step toward robotaxi services in California. What to know (LA Times) When Your Last Name Is Null, Nothing Works (WSJ) XScreenSaver: Google Store Privacy Policy (Gene Goldberg) Creators Insist Coupon Browser Extensions Are Stealing Money. Will the Courts Agree? (WSJ) Abridged info on RISKS (comp.risks) ---------------------------------------------------------------------- Date: Tue, 25 Feb 2025 16:52:27 -0800 From: "Jim" <jgeissman () socal rr com> Subject: Two Planes, in Washington and Chicago, Abort Landings to Avoid Collisions (NY Times, 25 Feb 2025) The near misses on [25 Feb] came after a string of aviation disasters, including the midair collision between an Army helicopter and a passenger jet last month that killed 67 people. Within the span of 90 minutes on Tuesday morning, two airplanes, at Washington's Ronald Reagan National Airport and at Chicago's Midway International Airport, were forced to abort landings to avoid collisions, federal aviation officials said. American Airlines Flight 2246, arriving at National Airport from Boston was making its final descent around 8:20 a.m. when it suddenly canceled its landing, climbed toward the skies and accelerated away from the airport. The last-minute move allowed it to avoid colliding with another plane that was ready to take off from the same runway, the Federal Aviation Administration said. The airplane's pilots were told to scrap the landing by an air traffic controller to "ensure separation was maintained between this aircraft and a preceding departure from the same runway," the F.A.A. said in a statement. Around 8:50 a.m. Central time, the pilots of Southwest Airlines Flight 2504, traveling from Omaha, canceled the plane's landing at Chicago Midway after "a business jet entered the runway without authorization," the F.A.A. said in a statement. Tuesday morning's near misses continued a spotlight put on concerns raised about the safety of the nation's airspace following last month's deadly midair crash outside National Airport. On Jan. 29, American Airlines Flight 5342 and an Army Black Hawk helicopter collided above the Potomac River, killing all 67 people aboard both aircraft. Investigators have yet to determine the cause of the Jan. 29 crash. ------------------------------ Date: Fri, 28 Feb 2025 18:11:43 +0200 From: Diomidis Spinellis <dds () aueb gr> Subject: Badly designed user interface causes $81 trillion to be credited to a Citigroup client account (Financial Times) According to a Friday 18th article in the Financial Times [1] a transfer of $280 dollars ended up as a $81 trillion transfer. The funds never left the bank, so the incident was classified as a near miss. The root cause was an input field in a rarely-used backup form that came up pre-populated with 15 zeros. Its users would have to delete them before entering the correct amount. In the reported case they failed to do so. [1] https://www.ft.com/content/9921925e-5a32-48cc-a3e3-3f77042477d2 [Amos Shapir also noted this item, and asked. How much interest can $81 trillion gather during this time? https://www.cnbc.com/2025/03/01/citigroup-mistakenly-credited-a-customer-account-with-81-trillion.html PGN] ------------------------------ Date: Mon, 24 Feb 2025 11:24:09 -0500 (EST) From: ACM TechNews <technews-editor () acm org> Subject: Espionage Groups Target Drone Technology Makers, Researchers Say (Bloomberg) Jordan Robertson and Michael Shepard, Bloomberg, 14 Feb 2025 As drones are used in warfare, the risk of cyber spies gaining access to sensitive data is on the rise. Resecurity Inc. researchers found espionage groups have searched the dark web for stolen files from drone manufacturers with the goal of using it to hijack drones and spy on customers. Drone manufacturers and anti-drone technology vendors reported hacks across Taiwan, North America, Europe, and the Middle East. ------------------------------ Date: Wed, 12 Mar 2025 20:17:59 -0400 From: Gabe Goldberg <gabe () gabegold com> Subject: The Worst 7 Years in Boeing's History -- and the Man Who Won't Stop Fighting for Answers (WiReD) Fatal crashes. A door blowout. Grounded planes. Inside the citizen-led, obsessive campaign to hold Boeing accountable and prevent the next disaster. https://www.wired.com/story/boeing-whistleblower-737-max ------------------------------ Date: Sat, 15 Mar 2025 08:15:16 -0700 From: Steve Bacher <sebmb1 () verizon net> Subject: As websites disappear, link rot threatens journalism As websites disappear, link rot threatens journalism. One Stanford fellow is working on a fix -- Poynter Brandon Tauszik, a fellow at The Starling Lab, is developing a low-cost way for journalists to preserve their work. (Long interview in Poynter) Like those of us who came of age with the internet, freelance multimedia journalist Brandon Tauszik viewed the web as permanent -- once something was on the Internet, it was always on the Internet. But now he's realized it could be gone tomorrow. “A publication could just go out of business and take down whatever content they want. Your writing is not permanent. Your photography is not permanent. Anything you're putting online is short-lived and will probably vanish.” Tauszik said. “If I were to pass away tomorrow and my credit cards stopped, a lot of these projects of mine would just vanish, be gone for good and never come back.” It's a situation many journalists are finding themselves in as media websites shutter (like The Messenger), archives disappear in sales or mergers, or, like some of Tauszik's freelance projects, there's no long-term plan once a site's registration expires. Tauszik discovered one of his projects, Syria Street, had disappeared due to link rot — the gradual decay of URLs and websites as they become broken, inaccessible or deleted over time. As a journalism fellow with the The Starling Lab for Data Integrity at Stanford, Tauszik has spent his time creating a way for other journalists to keep their work online longer, and at a lower cost — especially when many must foot the bill themselves — while ensuring their work is preserved in more resilient systems. [...] https://www.poynter.org/tech-tools/2025/how-to-preserve-save-websites-government-personal/ [The old motto is now truthiness: If it is not on the Internet, it never exisited. This will be particularly relevant to SCIENCE. aPGN] ------------------------------ Date: Thu, 13 Mar 2025 17:27:51 -0700 From: Lauren Weinstein <lauren () vortex com> Subject: Musk ... blocking grants, Johns Hopkins firing 2000 workers on major medical research and other projects around the world ------------------------------ Date: Sun, 9 Mar 2025 03:17:43 -0400 From: Gabe Goldberg <gabe () gabegold com> Subject: Science journal _Nature promotes AI chatbots for academic peer review (Pivot to AI) Nature is one of the most prestigious journals in all of science. They're working on changing that, though -- with multiple articles promoting LLMs for doing peer review. Academics submit work to a journal and it's sent to other academics to check it's up to scratch. This peer review is key to producing solid work. Reviewing is part of the job, just like research. Instead of telling reviewers to take the time to understand a paper and what it's claiming, Nature is telling them to run the paper through an LLM. https://pivot-to-ai.com/2025/03/08/science-journal-nature-promotes-using-chatbots-for-academic-peer-review [You might call this PIER REVIEW -- fishing for bAIt. PGN] ------------------------------ Date: Wed, 26 Feb 2025 08:02:22 -0500 From: "Jan Wolitzky" <jan.wolitzky () gmail com> Subject: To Identify Suspect in Idaho Killings, FBI Used Restricted Consumer DNA Data (The New York Times)a As investigators struggled for weeks to find who might have committed the brutal stabbings of four University of Idaho students in the fall of 2022, they were focused on a key piece of evidence: DNA on a knife sheath that was found at the scene of the crime. At first they tried checking the DNA with law enforcement databases, but that did not provide a hit. They turned next to the more expansive DNA profiles available in some consumer databases in which users had consented to law enforcement possibly using their information, but that also did not lead to answers. FBI investigators then went a step further, according to newly released testimony, comparing the DNA profile from the knife sheath with two databases that law enforcement officials are not supposed to tap: GEDmatch and MyHeritage. It was a decision that appears to have violated key parameters of a Justice Department policy that calls for investigators to operate only in DNA databases “that provide explicit notice to their service users and the public that law enforcement may use their service sites.” It also seems to have produced results: Days after the FBI' investigative genetic genealogy team began working with the DNA profiles, it landed on someone who had not been on anyone's radar: Bryan Kohberger, a Ph.D. student in criminology who has now been charged with the murders. The case has shown both the promise and the unregulated power of genetic technology in an era in which millions of people willingly contribute their DNA profiles to recreational databases, often to hunt for relatives. In the past, law enforcement officials would need to find a direct match between DNA at the crime scene and that of a specific suspect. Now, investigators can use consumer DNA data to build family trees that can zero in on a person of interest — within certain policy limits. https://www.nytimes.com/2025/02/25/us/idaho-murders-bryan-kohberger-dna.html ------------------------------ Date: Fri, 14 Mar 2025 17:37:37 -0400 From: Gabe Goldberg <gabe () gabegold com> Subject: Mark Klein, AT&T technician who helped expose NSA spying, dies at 79 (The Washington Post) He shared corporate documents showing how the National Security Agency was accessing Internet~< data through a secret room in an AT&T office building. https://www.washingtonpost.com/obituaries/2025/03/13/mark-klein-dead/ ------------------------------ Date: Tue, 4 Mar 2025 10:02:45 PST From: Peter Neumann <neumann () csl sri com> Subject: As AI Evolves, Do Codes Still Need to Code? (NYTimes) Two articles in *The New York Times* Business section, 4 Mar 2025: Kevin Roose Even though I'm not a programmer, I've been creating my own software tools with the assistance of AI. Steve Lohr AI is getting ever better at coding, but that means the work of software engineers will most likely be evolving, not vanishing. ------------------------------ Date: Fri, 7 Mar 2025 11:25:25 -0500 (EST) From: ACM TechNews <technews-editor () acm org> Subject: AI Reshapes the Coding Workforce (Isabelle Bosquette) Isabelle Bousquette, *The Wall Street Journal*, (03/04/25), via ACM TechNews The increased adoption of AI coding tools is changing the size and scope of software development teams, often allowing for leaner teams that complete the same amount of work or more. These tools, which automate a substantial amount of code development, are intended to supplement human coders. Companies have found such tools can permit developers to concentrate on complex problem-solving when boilerplate coding is automated. ------------------------------ Date: Thu, 13 Mar 2025 10:22:02 -0700 From: Steve Bacher <sebmb1 () verizon net> Subject: What Happens When AI Joins Every Meeting? Artificial intelligence is here to disrupt the standard office meeting. And while the new technology may make meetings more digestible, it's also a tool for workplace surveillance. If you have a job that involves spending a lot of time in apps like Zoom, and if you work at a company that likes to experiment on its workforce with new software features, you've probably gotten a few notifications about exciting new developments in meetings. Microsoft Teams user? You might be getting pinged about searchable, AI-generated meeting recaps. Part of a Google workplace? Maybe you've been told you can ask a chatbot to take notes for you. And if you're the sort of person whose calendar is loaded with overlapping Zoom calls, there's a chance you've heard about, or used, the company's `AI Companion' features, which include summarized transcripts, a chat interface for getting caught up, and automatic video highlights. Perhaps you haven't run into any of these features yet, but there's a good chance you soon will. In the last few years, LLM-based AI technology has made it trivially easy to add transcription, summarization, and analysis tools to meetings platforms. These features exist largely because, rather suddenly, they can. Automatic transcription, in many cases powered by a specific OpenAI API, is rapidly getting better and more affordable. It's more of a “Why not?” than a “Why?” for companies like Zoom and Microsoft, but the appeal of these features is obvious enough: Wouldn't it be nice if you didn't have to take notes during meetings? If you could quickly review meetings you missed? If you could go back and check what other people said, or what you said, in a meeting that was productive, intense, boring, or that went off the rails? That's the pitch, anyway. Use these tools for a little while, however, and they reveal themselves to be more than just obvious little feature upgrades. AI is being used here to turn meetings into content — to automatically convert meetings into a browsable, searchable, remixable form of media. In some cases, this can be funny and deflating. That meeting really could have been an email, and hey, look at that, here's an AI summary in email form: Delay announced, project discussed, conclusions not reached, plans to meet again in a week. In others, the ability to search and chat with transcripts, particularly for meetings you missed, is simply and powerfully helpful. Will this sort of stuff make workers more productive and efficient? Maybe! It may also be the case that tools like this help to create the impression that meetings -- a large majority of which, according to surveyed workers, hold employees back from what they see as their actual work -- are, themselves, the job. All this AI-generated media may have some utility, but it doubles as evidence of work. You weren't just sitting in meetings all day, you were participating in the production of content, information, and resources for the greater good of the firm! Slick, formalized, AI-generated representations of what was accomplished, or at least discussed, in meetings create the impression of productivity, or perhaps they constitute a strange mutant form of productivity in and of themselves. ttps://nymag.com/intelligencer/article/ai-meeting-google-zoom-microsoft.html ------------------------------ Date: Wed, 12 Mar 2025 01:32:07 -0400 From: Gabe Goldberg <gabe () gabegold com> Subject: Two Texas Lottery Wins Prompt Investigations and Stir Public Outrage (The New York Times) One jackpot winner spent $25 million on nearly every possible number combination, while another bought tickets through a third-party app. The unusual circumstances surrounding two of the largest Lottery jackpots in Texas history have touched off a furious debate about the unorthodox methods used to snag the prizes and have led the governor and attorney general to announce investigations. On April 22, 2023, someone won a $95 million Lotto Texas jackpot by spending $25 million to buy nearly every possible number combination in the draw. The winner, identified only as a business entity called Rooka TX, of Scotch Plains, N.J., ended up claiming the lump-sum payment of $57,804,000 before taxes. [Reminds us of the horse-race, Autotote programmer hacks winning Pick Six bets (RISKS-22.33,38,39). PGN] Then, on Feb. 17, someone won an $83.5 million Lotto Texas jackpot by ordering tickets online through Jackpocket, a third-party app owned by DraftKings. Jackpocket also owned the store in Austin that printed the winning ticket. It sold board games in front and had dozens of lottery terminals behind a wall in the back. ------------------------------ Date: Thu, 13 Mar 2025 10:12:34 PDT From: Peter Neumann <neumann () csl sri com> Subject: Trump administration cuts $10M funding from CISA nonprofit Center for Internet Security (AP News) The Center for Internet Security (CIS) budget cuts might give you the impression that the WH knows how to rig elections, and does not want any interference from the federal government. Trump administration officials cut the $10 million in funding needed by the nonprofit Center for Internet Security, a unit of the Cybersecurity and Infrastructure Security Agency that addressed election security. The future of two information sharing and analysis centers -- the Elections ISAC and the Multi-State ISAC -- is uncertain. State elections officials have asked CISA for more information and sent a letter to Homeland Security Secretary Kristi Noem urging continued support for elections security. https://apnews.com/article/election-security-cisa-trump-kristi-noem-6c437543f5d26d890704e5f2a8400502?mod=djemCybersecruityPro&tpl=cs [RISKS readers have known since our very first issue in August 1985 that sanctioned commericial election systems have been fraught with easily exploited security flaws. This is not just the chickens or dogs running the chicken coop. It is more like the insane running the asylum.] ------------------------------ Date: Fri, 7 Mar 2025 11:25:25 -0500 (EST) From: ACM TechNews <technews-editor () acm org> Subject: U.S. Chips Act Office Loses Two-Fifths of Staff (Mackenzie Hawkins) Mackenzie Hawkins, Bloomberg (03/03/25) The U.S. government office responsible for the implementation of the Chips and Science Act will lose about two-fifths as part of efforts of the Trump administration to cut the federal workforce, according to insiders. About 20 employees accepted voluntary deferred resignations, the insiders said, while 40 others considered probationary will the terminated on Monday. The previous administration built an office of about 140 people to oversee the Chips Act manufacturing spending, on top of staff responsible for R&D funding.------------------------------ Date: Mon, 10 Mar 2025 14:06:36 -0700 From: "Jim" <jgeissman () socal rr com> Subject: NASA Cuts (NY Times) NASA is eliminating its chief scientist and other roles as part of efforts by the Trump administration to pare back staff at the agency's Washington headquarters. The cuts affect about 20 employees at NASA, including Katherine Calvin, the chief scientist and a climate science expert. The last day of work for Dr. Calvin and the other staff members will be April 10. ------------------------------ Date: Fri, 7 Mar 2025 11:25:25 -0500 (EST) From: ACM TechNews <technews-editor () acm org> Subject: U.S. Government Cuts Key Software Division Without Warning (Ellen Jennings-Trace) Ellen Jennings-Trace, TechRadar (03/03/25), via ACM TechNews The budget for the U.S. General Services Administration's Unit 18F has been virtually eliminated. The unit, which developed Login.gov and other public-facing IT services, was tasked with helping government agencies acquire and build technology, enhance user experience, and ensure services are accessible. Halting the unit's work has impacted about 70 software engineers and strategists, along with researchers, service designers, and procurements specialists. ------------------------------ From: "Jim" <jgeissman () socal rr com> Date: Fri, 14 Mar 2025 08:26:43 -0700 Subject: DOGE ousts security testers (The Register) A penetration tester who worked at the U.S. govt's CISA claims his 100-strong team was effectively dismissed after Elon Musk's Trump-blessed DOGE unit canceled a contract -- and that more folks have also been put out of work by the cybersecurity agency. "On Friday, February 28, 2025, at 1600 hours, the government contract I supported with CISA (Dept of Homeland Security) was terminated due to DOGE," senior penetration tester Christopher Chenoweth wrote <https://www.linkedin.com/posts/christopher-chenoweth-91a68026_on-friday-feb ruary-28-2025-at-1600-hours-activity-7304793481518940160-uTUo/> on LinkedIn. "DOGE cut our entire red team and all support roles -- over 100 people impacted. The following Wednesday, DOGE cut a second CISA red team also doing mission-critical work. As a result, I and many other experienced red team operators are now seeking new opportunities." https://www.theregister.com/2025/03/12/cisa_staff_layoffs/ ------------------------------ Date: Tue, 25 Feb 2025 11:14:00 -0800 From: "Jim" <jgeissman () socal rr com> Subject: DOGE Quietly Deletes the 5 Biggest Spending Cuts It Celebrated Last Week (Sundry) Last week, Elon Musk's government cost-slashing initiative, dubbed the Department of Government Efficiency, posted an online "wall of receipts," celebrating how much it had saved by canceling federal contracts. Now the organization, which is also known as the U.S. DOGE Service, has deleted all of the five biggest "savings" on that original list, after The New York Times <https://www.nytimes.com/2025/02/21/upshot/doge-musk-trump-errors.html> and other media outlets <https://www.wsj.com/politics/policy/elon-musk-doge-federal-savings-claims-783b9507?st=kwMKEz&reflink=article_copyURL_share> pointed out <https://www.npr.org/2025/02/19/nx-s1-5302705/doge-overstates-savings-federal-contracts> they were riddled <https://www.cbsnews.com/news/doge-wall-of-receipts-shows-errors-tallying-billions-in-savings/> with errors <https://css.washingtonpost.com/business/2025/02/22/doge-savings-found-list-qanalysis/> . [How can firing, unfiring, and trying to rehire people who don't trust you anymore be a good example of efficiency? PGN] ------------------------------ Date: Tue, 11 Mar 2025 07:27:17 -0700 From: "Jim" <jgeissman () socal rr com> Subject: Oracle rollout fiasco (Jim Geissman) Europe's largest council kept auditors in the dark on an Oracle rollout fiasco for 10 months It took a whistleblower to expose disastrous ERP go-live Birmingham City Council did not tell its official auditors about the disastrous Oracle implementation for ten months after the suite of applications went live, and appeared to obstruct access to the new system needed to complete their work. Since it replaced aging SAP finance software with Oracle's cloud-based Fusion for HR, payroll, ERP, and finance in April 2022, Europe's largest local authority found the system "effectively crippled" its ability to manage and report on finances, auditors found. It was still not "safe and compliant" two-and-a-half years after the replacement went live, according to evidence presented to the council in January. While the debacle hit local media headlines in May 2022 after schools were left unable to pay their bills and a series of complex manual workarounds were required to operate the system, councillors didn't begin to discuss the failures until April 2023. During a council audit committee meeting last week, external auditor Mark Stocks, Grant Thornton Midlands public sector assurance practice lead, was quizzed over why his team had not raised the alarm earlier. Stocks said the situation with Birmingham City Council's Oracle implementation was "unprecedented" in his experience. [No source, but dated Tue 11 Mar 2025. PGN] ------------------------------ Date: Mon, 10 Mar 2025 07:44:42 -0700 From: "Jim" <jgeissman () socal rr com> Subject: Health NZ was using a single Excel spreadsheet to track $28 billion of public money; report outlines 'significant concerns' $16 billion health department managed its finances with a single Excel spreadsheet. It hasn't gone well It's just one of 6,000 apps that New Zealand thinks might be best tamed with ERP Mon 10 Mar 2025 // 04:31 UTC The body that runs New Zealand's public health system uses a single Excel spreadsheet as the primary source of data to consolidate and manage its finances, which aren't in great shape perhaps due to the sheet's shortcomings. The spreadsheet-using agency is Health New Zealand (HNZ) which was established in 2022 to replace 20 district health boards in the expectation it would be more cost-effective and deliver more consistent services. The org has a budget of $NZ28 billion ($16 billion) and advised lawmakers it would stay within it for FY 23.24. That prediction was incorrect and HNZ blew its budget, leading to a review of its finances that last week delivered a damming report <https://www.tewhatuora.govt.nz/assets/Uploads/HNZ-Financial-Review-Report.p df> [PDF] that found the org lost "control of the critical levers that drive financial outcomes" and had an "inability to identify and respond to the disconnect between expenditure and revenue." The Deloitte-penned report also found an Excel spreadsheet was the "primary data file used by HNZ to manage its financial performance" and was used for "consolidation, journals, business-critical reporting, and analysis." https://www.theregister.com/2025/03/10/nzanswers_health_excel_spreadsheet/ ------------------------------ Date: Mon, 24 Feb 2025 13:05:17 -0800 From: Steve Bacher <sebmb1 () verizon net> Subject: DOGE will use AI to assess the responses from federal workers who were told to justify their jobs via email (NBC News) Responses to the Elon Musk-directed email to government employees about what work they'd accomplished over the past week are expected to be fed into an artificial intelligence system to determine whether those jobs are necessary or not, according to three sources with knowledge of the system. The information will go into an LLM (Large Language Model), an advanced AI system that looks at huge amounts of text data to understand, generate, and process human language, the sources said. The AI system will determine whether someone's work is mission-critical or not. [...] https://www.nbcnews.com/politics/doge/federal-workers-agencies-push-back-elon-musks-email-ultimatum-rcna193439 ------------------------------ Date: Sat, 08 Mar 2025 12:17:27 -0500 (EST) From: Mark Brader <msb () Vex Net> Subject: Speech-recognition fail (BBC) https://www.bbc.co.uk/news/articles/c0l1kpz3w32o ------------------------------ From: Jan Wolitzky <jan.wolitzky () gmail com> Date: Tue, 25 Feb 2025 21:15:19 -0500 Subject: Apple's Dictation System Transcribes the Word `Racist' as `Trump' (The New York Times, 25 Feb) While using Apple's automatic dictation feature to send messages on Tuesday, some iPhone users reported seeing a peculiar bug: the word racist temporarily appearing as Trump, before quickly correcting itself. The message blip, which was replicated several times by *The New York Times*, provoked controversy after appearing in a viral TikTok post, raising questions about Apple's artificial intelligence capabilities. <https://www.tiktok.com/@user9586420191789/video/7472830639327366446?refer=embed> An Apple spokeswoman blamed the issue on phonetic overlap between the two words, and said the company was working on a fix. https://www.nytimes.com/2025/02/25/technology/iphone-dictation-trump-racist= .html [Also noted by Jim Geissman, who added: The issue appeared to begin after an update to Apple's servers, said John Burkey, the founder of Wonderrush.ai, an artificial intelligence start-up, and a former member of Apple's Siri team who is still in regular contact with the team. But he said that it was unlikely that the data that Apple has collected for its artificial intelligence offerings was causing the problem, and the word correcting itself was likely an indication that the issue was not just technical. Instead, he said, there was probably software code somewhere on Apple's systems that caused iPhones to write the word "Trump" when someone said "racist." "This smells like a serious prank," Mr. Burkey said. "The only question is: Did someone slip this into the data or slip into the code?" ------------------------------ Date: Thu, 13 Mar 2025 15:33:59 -0700 From: Lauren Weinstein <lauren () vortex com> Subject: AI search engines give incorrect answers at an alarming 60% rate, study says (ArsTechnica) https://arstechnica.com/ai/2025/03/ai-search-engines-give-incorrect-answers-at-an-alarming-60-rate-study-says/ STUDY: Columbia Journalism Review: https://www.cjr.org/tow_center/we-compared-eight-ai-search-engines-theyre-all-bad-at-citing-news.php ------------------------------ Date: Tue, 11 Mar 2025 21:53:20 -0400 From: Gabe Goldberg <gabe () gabegold com> Subject: It's a risky AI double header! A future with AI-powered cars When the conversation turned to AI, Rivian's chief software officer, Wassym Bensaid, jumped in to outline his take: In-car voice assistants are pretty lousy, but the next generation will tackle more complicated,q multipart problems. “You can tell the car, okay, I'm having a trip to L.A., and I'd like to have two stops in vegan restaurants, and I want each stop to be 30 minutes each,” Bensaid said. Plotting out a trip like that yourself could take some time — but you'll soon be able to ask AI to do it for you. Here's another, more practical example: An in-car AI might be able toq wanticipate potential problems because it detects “weird patterns” from certain components, and can suggest you book a service appointment. Even better, Bensaid says, AI can chew on your calendar, find an open day and book the appointment for you. https://s2.washingtonpost.com/camp-rw/?trackId=596b22969bbc0f403f8bcc25&s=67d06e931c627735a7170c9e The truth about DOGE's AI plans: The tech can't do that. Identify “mission-critical” jobs? Spot dead people on Social Security rolls? Government needs AI — but what DOGE appears to be doing doesn't add up. https://www.washingtonpost.com/technology/2025/03/03/doge-ai-government-automation/ [The DOGE's bite is definitely worse than its bark.] ------------------------------ Date: Thu, 13 Mar 2025 9:53:48 PDT From: Peter Neumann <neumann () csl sri com> Subject: Agentic AI Issues (Meredith Whittaker) Signal President Meredith Whittaker calls out agentic AI as having ‘profound' security and privacy issues https://techcrunch.com/2025/03/07/signal-president-meredith-whittaker-calls-out-agentic-ai-as-having-profound-security-and-privacy-issues/?utm_source=flipboard&utm_content=topic/artificialintelligence ------------------------------ Date: Thu, 13 Mar 2025 07:06:21 -0700 From: "Jim" <jgeissman () socal rr com> Subject: Signal no longer cooperating with Ukraine on Russian cyberthreats, official says (The Record from Recorded Future News) KYIV, Ukraine -- The encrypted messaging app Signal has stopped responding to requests from Ukrainian law enforcement regarding Russian cyberthreats, a Ukrainian official claimed, warning that the shift is aiding Moscow's intelligence efforts. According to Ser˜qhii Demediuk, deputy secretary of Ukraine's National Security and Defense Council, Signal remains one of the most exploited messaging apps for Russian espionage operations targeting Ukrainian military personnel and government officials. With its inaction, Signal is helping Russians gather information, target our soldiers and compromise government officials, Demediuk said at the Kyiv International Cyber-Resilience Forum on Tuesday. Signal, a U.S.-based nonprofit platform known for its commitment to privacy, has not publicly commented on Demediuk's claims and did not respond to a request for comment. Demediuk suggested that the shift in Signal's policy be linked to political instability in the U.S., adding that cooperation could resume soon. https://therecord.media/signal-no-longer-cooperating-with-ukraine ------------------------------ Date: Fri, 7 Mar 2025 21:04:56 -0800 From: Steve Bacher <sebmb1 () verizon net> Subject: Did AI really defend the KKK at the end of his column? (LA Times) Journalism schools teach that writers should report the news, not be the news. But what happens when one of your articles goes viral —- not for its content but rather for how an AI doohickey swallowed up what you wrote and upchucked a controversial summation? https://www.latimes.com/california/story/2025-03-07/la-times-insights-ai-controversy (Spoiler: AI got it right, but readers got it wrong. The RISK here is not AI per se, but human reactions to it when they jump the gun.) ------------------------------ Date: Mon, 10 Mar 2025 11:25:14 -0700 From: "Jim" <jgeissman () socal rr com> Subject: Germany May Refuse F-35 Purchase over Emergency Switch, Consider Eurofighter Instead (Defense Mirror) According to reports, a software back-door switch will turn the aircraft off if the client state does not follow Washington's diktat in the use of the F-35. https://www.defensemirror.com/news/39017=20 [This is like law enforcement turning an automobile off on the automated highway, although maybe even worse. PGN] ------------------------------ Date: Fri, 7 Mar 2025 20:27:50 -0800 From: Steve Bacher <sebmb1 () verizon net> Subject: Tesla makes step toward robotaxi services in California. What to know (LA Times) As robotaxis become a more familiar sight on the streets of Los Angeles, Tesla has taken a step that could bring it closer to building its own fleet of self-driving electric vehicles, the California Public Utilities Commission confirmed last week. In November, Tesla applied for a permit that would allow the electric-vehicle manufacturing giant to deploy transportation services with company-owned vehicles and human drivers. The permit would beqq required for Tesla to advance to autonomous cabs. Chief Executive Elon Musk has long made clear his ambitions for a robotaxi service powered by Tesla vehicles, though his company has been criticized by the U.S. government's highway safety agency for making statements that its vehicles can drive themselves. To be sure, the automaker is still a long way off before it can launch a service. And it's still playing catch-up. Although Waymo has put driverless vehicles on the road in cities including Los Angeles and San Francisco, industry experts say Tesla is still far from offering a robotaxi service. [...] https://www.latimes.com/business/story/2025-03-06/tesla-robotaxi-explainer ------------------------------ Date: Tue, 25 Feb 2025 12:09:06 +0200 From: Amos Shapir <amos083 () gmail com> Subject: When Your Last Name Is Null, Nothing Works (WSJ) Yet another case of not sanitizing data. https://www.wsj.com/lifestyle/null-last-name-computer-scientists-forms-f0a43b08 (IIRC the part about the license plate had already been posted on Risks in the past) [Yup! I wonder whether someone could ever choose "N/A" for a name. PGN] ------------------------------ Date: Sat, 22 Feb 2025 00:58:22 -0500 From: Gabe Goldberg <gabe () gabegold com> Subject: XScreenSaver: Google Store Privacy Policy XScreenSaver for Android is... a set of screen savers and live wallpapers. That's it. It draws pretty pictures on your screen. And it's free. That's the whole deal. But in their wisdom, Google -- the most rapacious privacy violator on the planet -- have decreed that XScreenSaver cannot be made available on their "Play" [sic] store until I publish a "Privacy Policy". For a screen saver. A privacy policy. For a screen saver. This pantomime where Google pretends to care about your welfare would be hilarious if it wasn't so sad, but here we are anyway. OK, strap in! ------------------------------ Date: Sat, 15 Mar 2025 10:03:28 -0400 From: Monty Solomon <monty () roscom com> Subject: Creators Insist Coupon Browser Extensions Are Stealing Their Money. Will the Courts Agree? (WSJ) A number of lawsuits accuse browser extensions like PayPal Honey of swiping affiliate marketers' commissions https://www.wsj.com/articles/creators-insist-coupon-browser-extensions-are-stealing-their-money-will-the-courts-agree-60079a1f ------------------------------ Date: Sat, 28 Oct 2023 11:11:11 -0800 From: RISKS-request () csl sri com Subject: Abridged info on RISKS (comp.risks) The ACM RISKS Forum is a MODERATED digest. Its Usenet manifestation is comp.risks, the feed for which is donated by panix.com as of June 2011. => SUBSCRIPTIONS: The mailman Web interface can be used directly to subscribe and unsubscribe: http://mls.csl.sri.com/mailman/listinfo/risks => SUBMISSIONS: to risks () CSL sri com with meaningful SUBJECT: line that includes the string `notsp'. Otherwise your message may not be read. *** This attention-string has never changed, but might if spammers use it. => SPAM challenge-responses will not be honored. Instead, use an alternative address from which you never send mail where the address becomes public! => The complete INFO file (submissions, default disclaimers, archive sites, copyright policy, etc.) has moved to the ftp.sri.com site: <risksinfo.html>. *** Contributors are assumed to have read the full info file for guidelines! => OFFICIAL ARCHIVES: http://www.risks.org takes you to Lindsay Marshall's delightfully searchable html archive at newcastle: http://catless.ncl.ac.uk/Risks/VL.IS --> VoLume, ISsue. Also, ftp://ftp.sri.com/risks for the current volume/previous directories or ftp://ftp.sri.com/VL/risks-VL.IS for previous VoLume If none of those work for you, the most recent issue is always at http://www.csl.sri.com/users/risko/risks.txt, and index at /risks-34.00 ALTERNATIVE ARCHIVES: http://seclists.org/risks/ (only since mid-2001) *** NOTE: If a cited URL fails, we do not try to update them. Try browsing on the keywords in the subject line or cited article leads. Apologies for what Office365 and SafeLinks may have done to URLs. ==> Special Offer to Join ACM for readers of the ACM RISKS Forum: <http://www.acm.org/joinacm1> ------------------------------ End of RISKS-FORUM Digest 34.58 ************************
Current thread:
- Risks Digest 34.58 RISKS List Owner (Mar 15)
Related Articles
Stay Informed
Get the best articles every day for FREE. Cancel anytime.