RISKS-LIST: Risks-Forum Digest Friday 29 September 2023 Volume 33 : Issue 87

ACM FORUM ON RISKS TO THE PUBLIC IN COMPUTERS AND RELATED SYSTEMS (comp.risks)
Peter G. Neumann, founder and still moderator

***** See last item for further information, disclaimers, caveats, etc. *****
This issue is archived at <http://www.risks.org> as
<http://catless.ncl.ac.uk/Risks/33.87>
The current issue can also be found at
<http://www.csl.sri.com/users/risko/risks.txt>

Contents:
Cal. Gov. vetoes autonomous trucking bill (TechCrunch)
Search for phone signal caused oil spill, say Japanese investigators
(The Register)
The UK passes massive online safety bill (The Verge)
Egyptian presidential hopeful targeted by Predator spyware (WashPost)
Web3 Firm Mixin Network Hacked, $200 Million Stolen in Centralised
Exploit: All Details (MIT Technology News)
Cryptocurrency's First Year After the FTX Blowup: `It’s Been Miserable’
(Bloomberg)
The FTX trial is bigger than Sam Bankman-Fried (The Verge)
The risks of machine learning psychotherapy with voice interfaces (Gizmodo)
Artificial intelligence poses 'risk ofextinction,' tech execs and experts
warn (CBC)
AI adapters and opponents debate the future of work (CBC)
AI will soon be able to cover public meetings. But should it?
(Nieman Lab)
GPUs from all major suppliers are vulnerable to new pixel-stealing attack
(Ars Technica)
Nigerian Hacktivists Are Taking on Big Oil (Lucas Laursen)
MGM and Caesars casino hacks point to an alliance of teens and ransomware
gangs (WashPost)
GPUs from all major suppliers are vulnerable to new pixel-stealing attack
(Ars Technica)
A food delivery robot's footage led to a criminal conviction in LA
(Engadget)
Apple warns Russian journalists of Pegasus iPhone infections
(Monty Solomon)
Is there really an information security jobs crisis? (Ben Rothke)
Metaverse: What happened to Mark Zuckerberg's next big thing? (BBC)
New York Bans Facial Recognition in Schools (AP)
Re: Misinformation research is buckling under GOP
legal attacks (Amos Shapir)
Re: Google accused of directing motorist to drive off collapsed
bridge (David Landgren)
Abridged info on RISKS (comp.risks)

----------------------------------------------------------------------

Date: Wed, 27 Sep 2023 16:51:39 +0000
From: Henry Baker <hbaker1@pipeline.com>
Subject: Cal. Gov. vetoes autonomous trucking bill (TechCrunch)

Governor Gavin Newsom just vetoed a bill banning fully driverless AV trucks.

https://techcrunch.com/2023/09/24/california-governor-vetoes-bill-to-ban-driverless-av-trucks/

California governor vetoes bill to ban driverless AV trucks
Rebecca Bellan@rebeccabellan, 24 Sep 2023

"California Gov. Gavin Newsom vetoed a bill Friday that would have
required a human safety operator to be present any time a self-driving
truck operated on public roads in the state."

https://legiscan.com/CA/text/AB316/id/2789644

I'm very concerned that the risks associated with driverless trucks have not
been fully vetted, e.g.,Timothy McVeigh.

For those of you who weren't born yet, Timothy McVeigh blew up the Alfred
P. Murrah Federal Building in Oklahoma City in 1995, killing 168 people,
using a rental truck full of an improvised fertilizer bomb.

https://en.wikipedia.org/wiki/Timothy_McVeigh

It's not clear whether forcing AV's to also have human drivers
('featherbedders'?) would have stopped a McVeigh-type attack, but it would
have thrown up an additional barrier.

California (and most other states) have severe penalties for driving while
'impaired' -- e.g., under the influence of alcohol or marijuana. Truck
drivers have substantial additional requirements in training, licensing and
records keeping -- e.g., number of continuous hours on the roads, etc.

How do you even test an AI driver for `impairment'? Do you use a
`hackalyzer'? Does the AI have to get out of the vehicle and walk a
straight line? Is AI impairment even decidable?

How does a patrol car even `pull over' an AV?

At least for the moment, AI's have no 4th and 5th amendment rights, so there
are no civil rights to violate when asking ``Ihre Papiere, bitte?'', but
apparently there are no mechanisms to actually check the credentials of AI
truck drivers before they enter the Yerba Buena Tunnel or the Holland
Tunnel?

Many tunnels don't want RV's with propane tanks, but zombie AV's are OK?

Starlink now offers high-speed Internet for vehicles, including trucks. Yet
Elon Musk was roundly criticized for prohibiting Ukraine's use of Starlink
for AV weapons. Perhaps Elon's worries about weaponized AV's shouldn't be
dismissed out of hand?

https://tuckstruck.net/truck-and-kit/geekery/starlink-mobile-roaming/

https://apnews.com/article/spacex-ukraine-starlink-russia-air-force-fde93d9a69d7dbd1326022ecfdbc53c2

Elon Musk's refusal to have Starlink support Ukraine attack in Crimea raises
questions for Pentagon

Tara Copp, Updated 3:42 PM PDT, 11 Sep 2023

https://www.reuters.com/technology/musk-experts-urge-pause-training-ai-systems-that-can-outperform-gpt-4-2023-03-29/

I hate to sound like a Luddite, but I don't think that these breathless AV
aficionados have completely thought all of these risks through.

------------------------------

Date: Fri, 29 Sep 2023 15:57:49 -0600
From: Jim Reisert AD1C <jjreisert@alum.mit.edu>
Subject: Search for phone signal caused oil spill, say Japanese
investigators (The Register)

Laura Dobberstein, *The Register*, 29 Sep 2023

Japan’s Transport Safety Board on Thursday judged that a cargo ship that
spilled 1,000 tons of fuel oil into a pristine marine environment off the
coast of Mauritius in 2020 was traveling off course in search of a cell
phone signal.

https://www.theregister.com/2023/09/29/signal_search_caused_oil_spill/

------------------------------

Date: Wed, 20 Sep 2023 02:29:35 -0400
From: Monty Solomon <monty@roscom.com>
Subject: The UK passes massive online safety bill (The Verge)

https://www.theverge.com/2023/9/19/23880919/uk-passes-massive-online-safety-bill

------------------------------

Date: Wed, 27 Sep 2023 13:32:17 -0400
From: Monty Solomon <monty@roscom.com>
Subject N:ew Green Line extension already so defective that trains are
forced to move at walking pace (The Boston Globe)

https://www.bostonglobe.com/2023/09/26/metro/mbta-green-line-extension-new-slow-zones/

[Walking is appropriate for Green Parties. PGN]

------------------------------

Date: Fri, 29 Sep 2023 19:31:40 -0400
From: Gabe Goldberg <gabe@gabegold.com>
Subject: Egyptian presidential hopeful targeted by Predator spyware
(*The Washington Post*)

Rare ‘zero-day’ exploit used in failed hacking attempt that researchers say
was probably conducted by the Egyptian government

https://www.washingtonpost.com/investigations/2023/09/23/predator-egypt-hack-spyware-iphone/

------------------------------

Date: Mon, 25 Sep 2023 09:18:37 -0700
From: Victor Miller <victorsmiller@gmail.com>
Subject: Web3 Firm Mixin Network Hacked, $200 Million Stolen in Centralised
Exploit: All Details (MIT Technology News)

https://www.gadgets360.com/cryptocurrency/news/web3-firm-mixin-network-hacked-usd-200-million-stolen-centralised-exploit-4422486

[Monty Solomon noted this:
Hackers steal $200M from crypto company Mixin
https://techcrunch.com/2023/09/25/hackers-steal-200-million-from-crypto-company-mixin/

------------------------------

Date: Fri, 29 Sep 2023 19:02:34 -0400
From: Monty Solomon <monty@roscom.com>
Subject: Cryptocurrency's First Year After the FTX Blowup:
`It’s Been Miserable’ (Bloomberg)

As Sam Bankman-Fried heads to trial, many digital-asset players remain in
survival mode.

https://www.bloomberg.com/news/features/2023-09-29/sam-bankman-fried-trial-crypto-s-first-year-after-ftx-blowup-miserable

------------------------------

Date: Thu, 28 Sep 2023 20:46:27 -0400
From: Monty Solomon <monty@roscom.com>
Subject: The FTX trial is bigger than Sam Bankman-Fried
(The Verge)

https://www.theverge.com/2023/9/28/23893269/ftx-sam-bankman-fried-trial-evidence-crypto

------------------------------

Date: Thu, 28 Sep 2023 13:29:50 -0700
From: Rob Wilcox <robwilcoxjr@gmail.com>
Subject: The risks of machine learning psychotherapy with voice
interfaces (Gizmodo)

OpenAI Employee Discovers Eliza Effect, Gets Emotional

ChatGPT's new text-to-voice feature has one OpenAI's head of safety
systems feeling *heard & warm*, while other experiments with AI therapy have
been a disaster.

Designing a program in such a way that it can truly convince someone that
another human is on the other side of the screen has been a goal of AI
developers since the concept took its first steps toward reality. Research
company OpenAI recently announced that its flagship product ChatGPT would be
getting eyes, ears, and a voice in its quest to appear more human. Now, an
AI safety engineer at OpenAI says she got “quite emotional” after using the
chatbot’s voice mode to have an impromptu therapy session.""