RISKS-LIST: Risks-Forum Digest Tuesday 25 Jun 2024 Volume 34 : Issue 33 ACM FORUM ON RISKS TO THE PUBLIC IN COMPUTERS AND RELATED SYSTEMS (comp.risks) Peter G. Neumann, founder and still moderator
***** See last item for further information, disclaimers, caveats, etc. ***** This issue is archived at <http://www.risks.org> as <http://catless.ncl.ac.uk/Risks/34.33> The current issue can also be found at <http://www.csl.sri.com/users/risko/risks.txt> Contents: Titan Disaster Forces Global Rethinking of Deep Sea Exploration (William J. Broad) Dead Tesla Traps Toddler In Hot Car, Raises Concerns About Electric Doors (CarScoops) Nuclear power Senate Vote (BackgroundBriefing) Musk calls for elimination of electronic voting machines, full hand count of all ballots (Politico) Dash to Ditch Paper Money in Sweden Created a Playground for Criminals (Bloomberg) A Catastrophic Hospital Hack Ends in a Leak of 300M Patient Records (WiReD) Antivirus Shuffle over Kaspersky (TechMonitor) Passwords Weakened by Advancements in Computing Processing (Sead Fadilpasic) Hacker Accesses Internal Tile Tool That Provides Location Data to Cops (494 Media) Ozone Hole Mk. II (NCBI) California plans to enlist AI to translate healthcare information (LA Times) In AI we trust, part II: Wherein AI adjudicates every Supreme Court case (adamunikowsky) Incoming *WashPost* editor tied to self-described thief who claimed role in his reporting (Monty Solomon) Amazon-Powered AI Cameras Used to Detect Emotions of Unwitting UK Train Passengers (WiReD) Bacon ice cream and nugget overload sees misfiring McDonald's AI withdrawn (BBC) More productive AI => Self-Poisoned Training = GIGO (Henry Baker) Mass.'s "911 system" crashes... (danny burstein) Mass. 911 system back online after outage (Monty Solomon) AWS MFA/2FA Changes (Cliff kilby) Hacker selling AMD data breach dated June 2024. Europol involved (Presale1) Even Doctors Like Me Are Falling Into This Medical Bill Trap (NYTimes) How Crypto Money Is Poised to Influence the Election (NYTimes) NYC Congestion Pricing paused; but its LPR tracking not paused Passwords Weakened by Advancements in Computing Processing Firefox and Cancer? (The Register) Re: How a New Jersey man was wrongly arrested through facial Re: Re: Generative AI and the law (LW, RISKS-34.32) Re: Generative AI and the law (Levine, RISKS-34.33) Abridged info on RISKS (comp.risks) ---------------------------------------------------------------------- Date: Mon, 24 Jun 2024 11:15:34 -0400 (EDT) From: ACM TechNews <technews-edi...@acm.org> Subject: Titan Disaster Forces Global Rethinking of Deep Sea Exploration (William J. Broad) William J. Broadl, *The New York Times*. 18 Jun 2024 A pair of robotic vehicles will be sent to the resting place of the Titanic to recover artifacts, about a year after the June 18, 2023, implosion of the Titan submersible that killed five people, The July expedition is being organized by RMS Titanic. While proponents of human-piloted submersibles are pushing for regulation, the RMS Titanic expedition shows that some are rethinking deep sea exploration, with a shift toward robots as a safer alternative. ------------------------------ Date: Fri, 21 Jun 2024 10:38:09 -0700 From: geoff goodfellow <ge...@iconia.com> Subject: Dead Tesla Traps Toddler In Hot Car, Raises Concerns About Electric Doors (CarScoops) Adults can use manual door releases from inside dead electric vehicles but younger ones can't. - A Tesla in Arizona died and in the process trapped a toddler in the hot car. - Firefighters had to break the window of the vehicle to get the child out as quickly as possible. - The incident highlights the danger to those who own vehicles with electronic door releases. Automotive technology continues to advance across the entire industry. Electronic door releases are one part of that wave and, in some cases, can increase safety. At the same time, they pose a significant danger to young ones when the battery of the car in question dies. One Tesla owner in Arizona just found that out while narrowly avoiding catastrophe. Renee Sanchez was about to take her 20-month-old granddaughter to the Phoenix Zoo. After safely strapping her into her car seat, Sanchez went to get into her Tesla but then realized the EV was dead. Her granddaughter was now trapped inside of the car with no way to easily get out. Tesla, and most other automakers with electronic door releases, have manual releases that owners can use from inside the cabin. At the same time, several owners don't know about the manual releases that come on vehicles with electronic door latches. At times, they even panic before learning that all they had to do to get out was to pull a manual lever inches from their own hand. In addition, those manual releases don't help if the only person in the car is a toddler or infant as was the case for Sanchez. Understanding the severity of the situation, she called 911. When the fire department arrived, they told her that they couldn't get into the car. As reported by AZ Family, she gave them the go-ahead to break in at all costs. Sure enough, they had to smash a window to retrieve the child as quickly as possible. Notably, Tesla does have a procedure to get into the car but it requires several steps and a battery charger. [...] https://www.carscoops.com/2024/06/dead-tesla-traps-toddler-in-hot-car-raises-concerns-about-electric-doors/ ------------------------------ Date: Wed, 19 Jun 2024 15:29:53 -0700 From: "Jim" <jgeiss...@socal.rr.com> Subject: Nuclear power Senate Vote (BackgroundBriefing) https://www.backgroundbriefing.org/ June 19th The Senate Votes 88 to 2 to Boost Nuclear Power Based on "New" Reactor Technology That is Old and Less Safe Then finally we examine the 88 to 2 vote in the Senate for a bill to boost nuclear power based on the false promises of a new technology that is both old and less safe than the current aging power reactors which have been plagued with near-disasters and massive cost overruns. Joining us is <https://www.ucsusa.org/about/people/edwin-lyman> Edwin Lyman, Director of Nuclear Power Safety at the Union of Concerned Scientists and an internationally recognized expert on nuclear proliferation and nuclear terrorism as well as nuclear power safety and security. He is a member of the Institute of Nuclear Materials Management and has testified numerous times before Congress and the Nuclear Regulatory Commission. He co-authored the critically acclaimed book, Fukushima: The Story of a Nuclear Disaster <https://www.google.com/search?q=Fukushima%3A+The+Story+of+a+Nuclear+Disaste r> ------------------------------ Date: Tue, 18 Jun 2024 10:18:23 -0700 From: Barbara Simons <barbara.b.sim...@gmail.com> Subject: Musk calls for elimination of electronic voting machines, Su full hand count of all ballots (Politico) <https://www.politico.com/newsletters/weekly-cybersecurity/2024/06/17/rage-against-the-voting-machine-00163612#:~:text=%E2%80%94%20Tech%20mogul%20Elon%20Musk%20ignited,to%20hand%20counting%20paper%20ballots.>: *Rage against the voting machine* JOSEPH GEDEON 06/17/2024 10:00 AM EDT With help from Maggie Miller and John Sakellariadis VOTING WARS — Elon Musk set the Xverse ablaze this weekend with a viral post calling to “eliminate electronic voting machines” due to hacking risks, racking up over 75,000 reposts. It came after independent presidential hopeful Robert F. Kennedy Jr. seized on voting irregularities in Puerto Rico’s recent primary to demand a return to hand-marked paper ballots nationwide. The pro-hand-count movement has been gaining steam, with at least eight states introducing legislation in 2023 to ditch voting machines altogether. But election security experts are pushing back hard. “Flip the claim that there’s ‘no evidence of widespread fraud.’ We have evidence of sound elections,” said Pamela Smith, president of the nonpartisan Verified Voting, which promotes the responsible use of technology in elections. Understand the problem: Smith argues that while tiny jurisdictions can feasibly hand count ballots, moving to full manual counts in larger locales would be a logistical nightmare -— delaying results for weeks or months and costing counties millions to hire enough workers. Not to mention studies showing machines tend to tally votes more accurately than humans do. * “There is no evidence whatsoever that ‘irregularities’ have ever been significant enough to change the results of an election,” Seattle’s former CISO Mike Hamilton tells Morning Cyber. * All hands on deck: Yet the hand count crowd clearly remains vocally skeptical of voting tech, however small the hacking risk. So what’s an election official to do? The answer: Robust audits. Verified Voting and other election watchdogs recommend pairing machine counts with rigorous post-election audits that hand tally a portion of ballots to verify results, correct any errors and assure the public of the system’s integrity. “Banks audit themselves regularly, and with elections you should audit every one,” Smith said. “That’s a best practice for ensuring there were no unnoticed errors or tampering.” ------------------------------ Date: Mon, 24 Jun 2024 11:15:34 -0400 (EDT) From: ACM TechNews <technews-edi...@acm.org> Subject: Dash to Ditch Paper Money in Sweden Created a Playground for Criminals (Bloomberg) Niclas Rolander, Jonas Ekblom, and Love Liman, Bloomberg, 21 Jun 2024 With Sweden further along than nearly any other European nation in eliminating paper money, it is being viewed as a test case in the fight against digital crime. Swedish authorities are finding it difficult to crack down on digital crime given how ingrained the BankID digital identification system is in the national economy. Controlled by a consortium of private lenders, BankID works like an online signature and is used for electronic payments, filing tax returns, setting up businesses, and more. ------------------------------ Date: Mon, 24 Jun 2024 13:10:26 -0400 From: Gabe Goldberg <g...@gabegold.com> Subject: A Catastrophic Hospital Hack Ends in a Leak of 300M Patient Records (WiReD) Plus: Alleged Apple source code leaks online, cybercrime group Scattered Spider’s alleged kingpin gets arrested, and more. https://www.wired.com/story/hospital-hack-300-million-patient-records-leaked/ ------------------------------ Date: Thu, 20 Jun 2024 22:01:27 -0400 From: Cliff Kilby <cliffjki...@gmail.com> Subject: Antivirus Shuffle over Kaspersky (TechMonitor) If you're part of a U.S. org whose antivirus (AV) is provided by Kaspersky, per a new rule from the Commerce Department, you have until Sept 29th to replace it. https://www.wired.com/story/us-bans-kaspersky-software/ The number of alternatives is staggering. I try not to favor a product, but hate demanding a change with no realistic alternatives provided. For Windows shops, Defender may be included in your E3 pricing. If you're midbudget and can't do a software outlay in time, ClamAV is oss and maintained by Talos/Cisco. It's fairly easy to install on Linux, and has compatibility across Windows and Mac. While evaluating AV alternatives, be sure to include E/XDR (endpoint/extended detection and response) products. For UK orgs, the UK NCSC (national cybersecurity centre) issued a similar warning in 2020, but has not yet restricted import to the best of my knowledge. https://techmonitor.ai/technology/cybersecurity/ncsc-warning-russian-tech-ukraine I would not be suprised if other NATO member states take similar stances after Russia's recent diplomatic changes. https://www.newsweek.com/kremlin-peskov-united-states-enemy-scott-ritter-1908616 Your company should be reevaluating all your vendors on a regular basis. This should only be a timetable change. ------------------------------ Date: Mon, 24 Jun 2024 11:15:34 -0400 (EDT) From: ACM TechNews <technews-edi...@acm.org> Subject: Passwords Weakened by Advancements in Computing Processing (Sead Fadilpasic) Sead Fadilpasic, *TechRadar*, 19 Jun 2024 A new report on password strength noted the advancements in computer rocessing power made cracking passwords significantly easier. Kaspersky researchers said it took them less than one hour to crack 59% of 193 million passwords in a database obtained from the dark web. Eight-character passwords composed of same-case English letters and digits or 36 combinable characters were cracked within 17 seconds. The researchers used a Nvidia RTX 4090 GPU and different algorithms for their experiment. ------------------------------ Date: Wed, 12 Jun 2024 15:46:54 +0000 From: Victor Miller <victorsmil...@gmail.com> Subject: Hacker Accesses Internal Tile Tool That Provides Location Data to Cops (494 Media) https://www.404media.co/hacker-accesses-internal-tile-tool-that-provides-location-data-to-cops/ ------------------------------ Date: Wed, 19 Jun 2024 14:36:37 -0400 From: Cliff Kilby <cliffjki...@gmail.com> Subject: Ozone Hole Mk. II (NCBI) Forget Kessler Syndrome, those mega constellations will not get a chance to start a cascade. We'll keep them in a LEO (low earth orbit) and if anything goes wrong, they'll eventually deorbit. Sounds great right? Remind you of the Northeastern approach to waste management? "We'll just dump it in the ocean!" Ah the sweet smell of a Birmingham tide. It seems that incinerating metals in a high draft furnace might be a bad idea. Wait, we already knew that. https://www.ncbi.nlm.nih.gov/pmc/articles/PMC8354618/ ------------------------------ Date: Tue, 18 Jun 2024 06:52:47 -0700 From: Steve Bacher <seb...@verizon.net> Subject: California plans to enlist AI to translate healthcare information (LA Times) State officials want to use artificial intelligence to translate public healthcare and social services documents and websites. But some experts worry AI may introduce errors. https://www.latimes.com/science/story/2024-06-17/california-ai-healthcare-translation PS. Can it be worse than Google Translate or whatever it is that they're currently using? In my home town of Banning CA, I've seen signs written in Spanish that translate the city name as "Prohibición." ------------------------------ Date: Mon, 17 Jun 2024 10:04:00 -0400 From: Monty Solomon <mo...@roscom.com> Subject: In AI we trust, part II: Wherein AI adjudicates every Supreme Court case (adamunikowsky) In my previous post, I opined that AI was already able to adjudicate complex cases. Some commenters were skeptical. For example, one commenter suggested that AI might be “deciding” cases by randomly choosing a brief and summarizing its contents. Taking this criticism to heart, I decided to do a little more empirical testing of AI’s legal ability. Specifically, I downloaded the briefs in every Supreme Court merits case that has been decided so far this Term, inputted them into Claude 3 Opus (the best version of Claude), and then asked a few follow-up questions. (Although I used Claude for this exercise, one would likely get similar results with GPT-4.) httpa=s://adamunikowsky.substack.com/p/in-ai-we-trust-part-ii ------------------------------ Date: Sun, 16 Jun 2024 20:48:04 -0400 From: Monty Solomon <mo...@roscom.com> Subject: Incoming *WashPost* editor tied to self-described thief who claimed role in his reporting Unpublished book drafts and other documents raise questions about Robert Winnett's journalistic record just months before he is to assume a top newsroom role. https://www.washingtonpost.com/investigations/2024/06/16/washington-post-editor-robert-winnett/ ------------------------------ Date: Tue, 18 Jun 2024 02:20:28 -0400 From: Gabe Goldberg <g...@gabegold.com> Subject: Amazon-Powered AI Cameras Used to Detect Emotions of Unwitting UK Train Passengers (WiReD) While the documents detail some elements of the trials, privacy experts say they are concerned about the overall lack of transparency and debate about the use of AI in public spaces. In one document designed to assess data protection issues with the systems, Hurfurt from Big Brother Watch says there appears to be a “dismissive attitude” toward people who may have privacy concerns. One question asks: “Are some people likely to object or find it intrusive?” A staff member writes: “Typically, no, but there is no accounting for some people.” https://www.wired.com/story/amazon-ai-cameras-emotions-uk-train-passengers ------------------------------ Date: Tue, 18 Jun 2024 13:00:05 -0600 From: Matthew Kruk <mkr...@gmail.com> Subject: Bacon ice cream and nugget overload sees misfiring McDonald's AI withdrawn (BBC) https://www.bbc.com/news/articles/c722gne7qngo McDonald's is removing artificial intelligence (AI) powered ordering technology from its drive-through restaurants in the U.S., after customers shared its comical mishaps online. A trial of the system, which was developed by IBM and uses voice recognition software to process orders, was announced in 2019. It has not proved entirely reliable, however, resulting in viral videos of bizarre misinterpreted orders ranging from bacon-topped ice cream to hundreds of dollars' worth of chicken nuggets. ------------------------------ Date: Wed, 19 Jun 2024 00:07:23 +0000 From: Henry Baker <hbak...@pipeline.com> Subject: More productive AI => Self-Poisoned Training = GIGO So, we're all exhausted from the current AI hype and its productivity promises: AI will turn "D" student essays into "professional quality" writing; AI will make every dropout who can spell "P-Y-T-H-O-N" into a star programmer; AI will convert every paralegal into a "legal eagle" member of the bar. But AI requires extensive *training data*, which is ***currently*** produced by human experts, and the vast majority of these training data are scraped from the cloaca of the Internet. However, thanks to the vastly increased productivity from these AI, how long before these Internet data scrapings are more-than-likely produced by another AI? One year, two years, three years? What happens when the hallucinations of one AI becomes training data for another hallucinating AI, which becomes training data for yet another AI? Telephone tag to the Nth degree? Data poisoning tag to the Nth degree? Mark Twain would be proud, as history does indeed rhyme. There's a wonderfully-named 1971 EPA paper entitled "Everyone Can't Live Upstream: A Contemporary History of the Water Quality Problems on the Missouri River" [Water you thinking? I don't see any rhymes. [You otter try again with that line. PGN] https://nepis.epa.gov/Exe/ZyNET.exe/9100W1OB.TXT?ZyActionD=ZyDocument&Client=EPA... [10-line &-encoded URL PGN-truncated] In short, the Missouri River consists of a series of drinking water intakes followed by sewage discharges followed by drinking water intakes followed by sewage discharges ... My discharge becomes your "fresh" water intake. No sophisticated "pump handle" reasoning is required to understand the ensuing scatological results. We're about to amplify Sturgeon's Law into "99.9999999% of everything is crap". https://www.crowdstrike.com/cybersecurity-101/cyberattacks/data-poisoning/ Data poisoning is a type of cyberattack in which an adversary intentionally compromises a training dataset used by an AI or machine learning (ML) model to influence or manipulate the operation of that model. ------------------------------ Date: Tue, 18 Jun 2024 18:40:04 +0000 () From: danny burstein <dan...@panix.com> Subject: Mass.'s "911 system" crashes.. [Boston PD web page] 9-11 Statewide System is Currently Down / Gen- Information / By Media Relations 9-11 is currently down statewide. Boston Police will be patrolling with their blue lights activated for high visibility. Please approach an officer if you need assistance: https://police.boston.gov/2024/06/18/9-11-statewide-system-is-currently-down/ https://x.com/bostonpolice/status/1803123343224123425 [Two and a half decades post 9/11. At the very least you'd think they'd have a standardized, State-wide (or even just Boston-wide) 10 digit number for the centralized dispatch alternative.] ------------------------------ Date: Tue, 18 Jun 2024 20:00:24 -0400 From: Monty Solomon <mo...@roscom.com> Subject: Mass. 911 system back online after outage Massachusetts experienced a statewide loss of 911 services Tuesday afternoon for a few hours. A cause was not immediately apparent. https://www.boston.com/news/local-news/2024/06/18/911-system-down-throughout-mass/ https://www.bostonglobe.com/2024/06/18/metro/mass-911-outage/ For Fire Alarms, Boston Still Relies on the Telegraph?! https://www.boston.com/news/local-news/2014/10/07/for-fire-alarms-boston-still-relies-on-the-telegraph/ ------------------------------ Date: Mon, 17 Jun 2024 10:11:02 -0400 From: Cliff Kilby <cliffjki...@gmail.com> Subject: AWS MFA/2FA Changes For once, some good news. AWS is mandating MFA for "highly privileged accounts", which seems to include Organization "root" user. https://www.theregister.com/2024/06/17/aws_mfa_roll_out/ Change is difficult, but AWS has acknowledged two key complaints that always seemed to bubble up with MFA adoption. "What if the root user leaves with or loses their MFA?" "Customer service is slow." I believe the turnaround on a root unlock being slow is a boon to security. Once someone attempts to wrest control of a root account from your company, this complaint just vanishes. As to the other, per the source, AWS is allowing up to 8 MFA devices to be registered. Have your admin register two FIDO2 devices, and shove them in your onsite vault. If the admin leaves or loses, no AWS service ticket required. https://aws.amazon.com/blogs/security/security-by-design-aws-to-enhance-mfa-requirements-in-2024/ You have two weeks before AWS begins enforcing the required changes. That's too long. Go turn on root MFA yesterday, or at least today. You should also be requiring all users to use MFA. AWS IAM Identity makes this easy, even for programmatic access (like Terraform). https://aws.amazon.com/blogs/security/managing-temporary-elevated-access-to-your-aws-environment/ The highlevel workflow after initial configuration is: User issues change command. Boto polls for a token, providing a webportal referral. User logs in via webportal, with MFA. Boto gets a timeboxed token response. User proceeds. You can manage the lifetime of the tokens, but as it is trivial to renew the token, anything more than an hour creates a huge window for credential ex-fil. It's a start. ------------------------------ Date: Tue, 18 Jun 2024 05:36:25 +0000 From: Presale1 Subject: Hacker selling AMD data breach dated June 2024. Europol involved. https://email.cloud2.secureclick.net/c/10688?id=1608079.4030.1.7813fcd6724dc96f08999c7f6e1ff93b 18 Jun MAJOR BREACH: IntelBroker is allegedly selling the AMD data breach dated June 2024. Compromised data: https://email.cloud2.secureclick.net/c/10688?id=1608079.4031.1.d5f45fcbf12c4c7e12bb9ba7d0baedbd ------------------------------ Date: Mon, 17 Jun 2024 16:35:35 -0400 From: Monty Solomon <mo...@roscom.com> Subject: Even Doctors Like Me Are Falling Into This Medical Bill Trap (NYTimes) Hospital outpatient departments, or HOPDs, are encouraging a surprise scourge on medical costs. It’s patients who bear the burden. https://www.nytimes.com/2024/06/17/opinion/medical-bill-trap.html ------------------------------ Date: Mon, 17 Jun 2024 16:28:57 -0400 From: Monty Solomon <mo...@roscom.com> Subject: How Crypto Money Is Poised to Influence the Election (NYTimes) The industry’s political awakening — and enormous pool of cash — is already affecting high-profile races across the country. https://www.nytimes.com/2024/06/17/technology/-crypto-influence-election.html ------------------------------ Date: Wed, 19 Jun 2024 09:54:25 +0000 From: Henry Baker <hbak...@pipeline.com> Subject: NYC Congestion Pricing paused; but its LPR tracking not paused Bait and switch? Evan Simko-Bednarski, New York Daily News https://www.msn.com/en-us/autos/news/ar-BB1ooLwv Gov. Hochul may have pressed "pause" on congestion pricing -- but the system's new cameras are still recording on Manhattan streets New York drivers are already paying a 'privacy tax' for a congestion reduction plan, but without the benefit of any reduction in congestion. Apparently, we're all Uyghurs now... ------------------------------ Date: Tue, 25 Jun 2024 09:28:13 -0700 From: "Peter G. Neumann" <neum...@csl.sri.com> Subject: Firefox and cancer? (The Register) *The Register* via "Silence Dogoog". Firefox is trying to push me out because I have cancer," CPO says in bombshell lawsuit Steve Teixeira, said to be CEO-in-waiting, now sues Firefox maker for discrimination, retaliation https://www.theregister.com/2024/06/24/mozilla_product_chief_sues_over/?td=rt-3a [Now FF is picking on a sick person. And planning to integrate "AI" into the browser and to sell browsing history & location to advertisers.] ------------------------------ Date: Tue, 18 Jun 2024 12:52:39 +0300 From: Amos Shapir <amos...@gmail.com> Subject: Re: How a New Jersey man was wrongly arrested through facial recognition tech now in use in Ontario (RISKS-34.31) The problem, as always, has less to do with the technology and more with people loyally trusting whatever "the computer says". A counter-example has surfaced recently in a new documentary about Stormy Daniels, where she recounts being stopped at the Canadian border because a query to an FBI system showed many false indictments linked to her name. Luckily for her, the Canadian officers did not believe this. [The documentary mentions in passing that false information was planted in the FBI's system; it isn't clear if the system had been hacked, or possibly that it was an inside job. I haven't seen such an incident mentioned on RISKS, or anywhere else). ------------------------------ Date: 16 Jun 2024 20:45:58 -0400 From: "John Levine" <jo...@iecc.com> Subject: Re: Subject: Re: Generative AI and the law (LW, RISKS-34.32) >A federal law should be passed making AI firms fully responsible for >any and all content disseminated from their generative AI systems. >Period. No exceptions. -L What does "fully responsible" mean? The LLM vendors all insist they don't distribute third party content (see the lawsuits vs NY Times, Daily News, book authors, etc.) so there's no Section 230 immunity. How would that be different from the situation now? They warrant that all statements are true? Something else? ------------------------------ Date: Sun, 16 Jun 2024 17:53:59 -0700 From: Lauren Weinstein <lau...@vortex.com> Subject: Re: Generative AI and the law (Levine, RISKS-34.33) There are of course efforts to extend 230 immunity to these LLMs, though they're likely to fail, given that 230 itself is under such apressure (in fact, a relevant Supreme Court case decision is likely to be announced within the next couple of weeks). As for taking responsibility, a good starting point would be if the LLM firms were held responsible (financially at least, perhaps more) for any physical harm done to someone as a result of a straightforword incorrect generative answer to a straightfoward (not "manipulated") medical question, or related. L ------------------------------ Date: Sat, 28 Oct 2023 11:11:11 -0800 From: risks-requ...@csl.sri.com Subject: Abridged info on RISKS (comp.risks) The ACM RISKS Forum is a MODERATED digest. Its Usenet manifestation is comp.risks, the feed for which is donated by panix.com as of June 2011. => SUBSCRIPTIONS: The mailman Web interface can be used directly to subscribe and unsubscribe: http://mls.csl.sri.com/mailman/listinfo/risks => SUBMISSIONS: to risks@CSL.sri.com with meaningful SUBJECT: line that includes the string `notsp'. Otherwise your message may not be read. *** This attention-string has never changed, but might if spammers use it. => SPAM challenge-responses will not be honored. Instead, use an alternative address from which you never send mail where the address becomes public! => The complete INFO file (submissions, default disclaimers, archive sites, copyright policy, etc.) has moved to the ftp.sri.com site: <risksinfo.html>. *** Contributors are assumed to have read the full info file for guidelines! => OFFICIAL ARCHIVES: http://www.risks.org takes you to Lindsay Marshall's delightfully searchable html archive at newcastle: http://catless.ncl.ac.uk/Risks/VL.IS --> VoLume, ISsue. Also, ftp://ftp.sri.com/risks for the current volume/previous directories or ftp://ftp.sri.com/VL/risks-VL.IS for previous VoLume If none of those work for you, the most recent issue is always at http://www.csl.sri.com/users/risko/risks.txt, and index at /risks-34.00 ALTERNATIVE ARCHIVES: http://seclists.org/risks/ (only since mid-2001) *** NOTE: If a cited URL fails, we do not try to update them. Try browsing on the keywords in the subject line or cited article leads. Apologies for what Office365 and SafeLinks may have done to URLs. ==> Special Offer to Join ACM for readers of the ACM RISKS Forum: <http://www.acm.org/joinacm1> ------------------------------ End of RISKS-FORUM Digest 34.33 ************************