RISKS-LIST: Risks-Forum Digest Sunday 14 April 2024 Volume 34 : Issue 17

ACM FORUM ON RISKS TO THE PUBLIC IN COMPUTERS AND RELATED SYSTEMS (comp.risks)
Peter G. Neumann, founder and still moderator

***** See last item for further information, disclaimers, caveats, etc. *****
This issue is archived at <http://www.risks.org> as
<http://catless.ncl.ac.uk/Risks/34.17>
The current issue can also be found at
<http://www.csl.sri.com/users/risko/risks.txt>

Contents:
96% of US hospital websites share visitor info with Meta, Google, data
brokers (Steve Bacher)
Corporate Greed Made the Change Healthcare Cyberattack Worse (NYMag)
Hackable Intel and Lenovo hardware that went undetected for 5 years won't
ever be fixed (ArsTechnica)
Thermostats and Complexity (Tom Vab Vleck)
"Are We Watching the Internet Die?" (Ed Zitron via Rich Kulawiec)
AI chatbots spread falsehoods about the EU elections, report finds
(Clothilde Goujard)
How I Built an AI-Powered, Self-Running Propaganda Machine for $105 (WSJ)
Norwescon sci-fi con: Knightscope, AI manuscript deluge, genre in crisis
(Douglas Lucas)
Hatsune Miku is playing Coachella, but she's not human. Why brands are
working with digital avatars (LA Times)
AI on Wall Street (NYTimes)
Humane AI Pin review: the post-smartphone future isn't here yet
AT&T Data breach affects 73 million or 51-million customers. No, we won't
explain. (ArsTechnica)
Apple alerts users in 92 nations to mercenary spyware attacks (TechCrunch)
Apple will open the iPhone to repair with used parts -- but ... (The Verge
and TechCrunch via Monty Solomon)
Texas Surgeon Is Accused of Secretly Denying Liver Transplants (NYTimes)
Palo Alto Zero exploit (Cliff Kilby)
After the Eclipse, Motorists Observe a Path of Immobility (NYTimes via PGN)
Delta eclipse flight from Dallas veered off path of totality (WashPost)
Re: The total eclipse shows us how important solar energy is to the U.S.
(Douglas Lucas)
Re: AI that targets civilians ... (Amos Shapir)
Re: Texas Will Use Computers to Grade STAAR Tests (Douglas Lucas)
Abridged info on RISKS (comp.risks)

----------------------------------------------------------------------

Date: Sun, 14 Apr 2024 08:07:35 -0700
From: Steve Bacher <sebmb1@verizon.net>
Subject: 96% of US hospital websites share visitor info with Meta, Google,
data brokers

[Could have been worse – last time researchers checked it was 98.6%.]

Hospitals – despite being places where people implicitly expect to have
their personal details kept private – frequently use tracking technologies
on their websites to share user information with Google, Meta, data brokers,
and other third parties, according to research published today.

------------------------------

Date: Sun, 14 Apr 2024 10:02:02 -0400
From: Monty Solomon <monty@roscom.com>
Subject: Corporate Greed Made the Change Healthcare Cyberattack Worse
(NYMag)

https://nymag.com/intelligencer/article/corporate-greed-made-the-change-healthcare-cyberattack-worse.html

[See RISKS-34.12 for the Change Healthcare Attack. PGN]

------------------------------

Date: Thu, 11 Apr 2024 23:04:07 -0400
From: Monty Solomon <monty@roscom.com>
Subject: Hackable Intel and Lenovo hardware that went undetected for 5
years won't ever be fixed (ArsTechnica)

https://arstechnica.com/?p=2016577

------------------------------

Date: Sun, 14 Apr 2024 09:02:47 -0400
From: Tom Van Vleck <thvv@multicians.org>
Subject: Thermostats and Complexity

"Computers as tools for humans are so useful exactly *because* they can’t
think and do tedious work like calculations or information storage and
retrieval for humans in a *deterministic* way. It took like nearly 90 years
of digital computers to make them powerful enough to run a wasteful
algorithm that pretends to think (but doesn’t) and to deliver bullshit
non-deterministic results while using absurd amounts of computational and
environmental resources."

https://hachyderm.io/@thomasfuchs/112265521636541465

------------------------------

Date: April 11, 2024 22:21:13 JST
From: Rich Kulawiec <rsk@gsp.org>
Subject: Ed Zitron: "Are We Watching the Internet Die?"

[via Dave Farber]

This is an excellent piece about where we find ourselves:

Are We Watching The Internet Die?
https://www.wheresyoured.at/are-we-watching-the-Internet-die/

"We're at the end of a vast, multi-faceted con of Internet users, where
ultra-rich technologists tricked their customers into building their
companies for free. And while the trade once seemed fair, it's become
apparent that these executives see users not as willing participants in some
sort of fair exchange, but as veins of data to be exploitatively mined as
many times as possible, given nothing in return other than access to a
platform that may or may not work properly."

and

"There are simply too many users, too many websites and too many content
providers to manually organize and curate the contents of the Internet,
making algorithms necessary for platforms to provide a service. Generative
AI is a perfect tool for soullessly churning out content to match a
particular set of instructions -- such as those that an algorithm follows --
and while an algorithm can theoretically be tuned to evaluate content as
"human," so can scaled content be tweaked to make it seem more human.

Things get worse when you realize that the sheer volume of Internet content
makes algorithmic recommendations a necessity to sift through an
ever-growing pile of crap. Generative AI allows creators to weaponize the
algorithms' weaknesses to monetize and popularize low-effort crap, and
ultimately, what is a platform to do? Ban anything that uses AI-generated
content? Adjust the algorithm to penalize videos without people's faces?
How does a platform judge the difference between a popular video and a video
that the platform made popular? And if these videos are made by humans and
enjoyed by humans, why should it stop them?"

------------------------------

Date: Thu, 11 Apr 2024 13:47:13 PDT
From: Peter Neumann <neumann@csl.sri.com>
Subject: AI chatbots spread falsehoods about the EU elections, report finds
(Clothilde Goujard)

Clothilde Goujard, *Politico*

BRUSSELS -- Chatbots produced by Google, Microsoft and OpenAI shared some
false information about the European election, two months before hundreds of
millions head to cast their ballots, according to an analysis shared
exclusively with POLITICO.

While the artificial intelligence tools remained politically neutral, they
tended to return incorrect election dates and information about how to cast
a ballot, said Democracy Reporting International, a Berlin-based NGO that
carried out the research in March. Chatbots also often provided broken or
even irrelevant links to YouTube videos or content in Japanese, researchers
added.

`We were not surprised to find wrong information about details of the
European elections, because chatbots are known to invent facts when
providing answers, a phenomenon known as hallucination,'' said Michael
Meyer-Resende, co-founder and executive director of Democracy Reporting
International.

Researchers noted that AI chatbots were dynamic, making the experiment hard
to replicate. In a series of a dozen tests with similar questions carried
out by POLITICO on Tuesday, the chatbots either declined to respond entirely
or else had updated responses with links directing users to the EU
institutions' websites.

Meyer-Resende said the experiment was, however, large enough to be
representative. It also provided new evidence about the risks of so-called
AI hallucinations -- which often occur because of insufficient training
data, biases and false assumptions -- ahead of the European election, which
takes place from June 6-9.

The fast emergence of easy-to-use AI tools generating text, audio and video
has prompted concerns about a rise in misinformation in a year with crucial
elections in the EU, the United States, the United Kingdom and India. The
European Commission in March ordered several tech firms including Bing and
Google to explain -- before April 5 -- how they were limiting potential
risks to elections connected to their generative AI tools under the Digital
Services Act.

Researchers asked the same 10 questions in 10 languages -- including German,
Italian, Polish and Portuguese -- from March 11-14 to the four most popular
and accessible chatbots: OpenAI's ChatGPT 3.5 and 4, Google's Gemini and
Microsoft's Copilot.

ChatGPT's newest paid version performed the best, while Google's Gemini
was deemed the least likely to give correct answers at the time of the test.

``Because of the known limitations of all LLMs, we believe a responsible
approach for Gemini is to restrict most election-related queries and to
direct users to Google Search for the latest and most accurate
information,'' said Karl Ryan, a Google spokesperson.

He added that Google's Gemini was in the process of rolling out restrictions
in March but the restrictions are now in place. ``We will continue to
quickly address instances in which Gemini isn't responding appropriately.''