RISKS-LIST: Risks-Forum Digest Thursday 17 Oct 2024 Volume 34 : Issue 47

ACM FORUM ON RISKS TO THE PUBLIC IN COMPUTERS AND RELATED SYSTEMS (comp.risks)
Peter G. Neumann, founder and still moderator

***** See last item for further information, disclaimers, caveats, etc. *****
This issue is archived at <http://www.risks.org> as
<http://catless.ncl.ac.uk/Risks/34.47>
The current issue can also be found at
<http://www.csl.sri.com/users/risko/risks.txt>

Contents: [Backlogged; still a large bunch pending]
This Is What Electoral Fraud Looks Like (Jesse Wegman)
2024 Election Protection As AI Increases the Risk of Disenfranchisement
(Lillie Coney)
Notes for my HealthSec24 paper on Healthcare Risks (PGN)
More on money drives healthcare (Robert Boyer)
Millions of Vehicles Could Be Hacked and Tracked Thanks to
a Simple Website Bug (WiReD)
Website Bug Allowed Kia Vehicles to Be Hacked, Tracked (Andy Greenberg)
Tesla driver killed in solo crash (PGN)
Tesla Cybertruck -- too big and sharp for European roads, say
campaigners (The Guardian)
Are taxis safer with no driver? These women think so (nbcnews.com)
South China Sea tensions and undersea cables (WashingtonReport)
Starlink satellites create light pollution and disrupt radio frequencies.
And its getting worse (CBC)
I-XRAY: The AI Glasses That Reveal Anyone's Personal Details Just from
Looking at Them (The Globe)
How to Opt Out of AI Online (The New Yorker)
California Governor Vetoes AI Safety Bill (Politico)
AI Crawlers Are Hammering Sites (Chris Stokel-Walker)
Kamala Harris, AI, and the Bletchley Park ghost (Douglas Lucas)
Steganographic covert channel (Dan Goodin)
Intel is a security risk for China, says influential industry group
(cnn.com)
K8S Image Builder, CVE-2024-9486 (The Register via Cliff Kilby)
WSJ reports China compromised U.S. lawful access systems
(Matt Blaze)
Calgary Public Library locations remain closed after cyberattack (CBC)
(CBC)
Parents sue son's high-school history teacher (NBC News)
Dynamic pricing unpopular (BBC)
Earth has overshot key planetary bounda, scientists warn
(Hastings Tribune)
China Is Writing World's Technology Rules (The Economist)
Mystery Drones Swarmed a U.S. Military Base for 17 Days. The
Pentagon Is Stumped. (WSJ)
Spotify criticized for letting fake albums appear on real artist pages
(ArsTechnica)
*The New York Times* tells *Perplexity* to stop using its content
(Pivot5)
Complete, free CISSP review seminar (Rob Slade)
DoJ vs. Google: Users have the most to lose (Lauren Weinstein)
Kremlin refutes Trump denial on sending Putin COVID tests (Lauren Weinstein)
NBC's former marketing chief: We Created a Monster:
Trump Was a TV Fantasy Invented for 'The Apprentice' (USNews)
Suspect arrested after reports of threats toward FEMA operations in
North Carolina (CNN)
Understanding the Limitations of Mathematical Reasoning in Large Language
Models (arxiv)
Why Restoring Power After Helene Is Complicated (Brad Plumer)
Rob's usual disaster season call for emergency management
training (Rob Slade)
Re: More than 1,000 people, including Hezbollah members, wounded in
Lebanon after pagers detonate (Rik Farrow)
Abridged info on RISKS (comp.risks)

----------------------------------------------------------------------

Date: Mon, 7 Oct 2024 11:03:08 PDT
From: Peter G Neumann <neumann@csl.sri.com>
Subject: This Is What Electoral Fraud Looks Like (Jesse Wegman)

Jesse Wegman, *The New York Times* Opinion, 7 Oct 2024

For four years, Donald Trump and his allies have been injecting dangerous
lies into the American bloodstream, claiming without any actual evidence
that the 2020 election that he lost was tainted by serious fraud.

As it turns out, there was indeed one serious fraud in the 2020 election.
On [3 Oct 2024], one perpetrator of that fraud was sentenced to nine years
in prison for her crimes. Tina Peters, the former clerk of Mesa County,
Colorado, in 2020 tampered with voting machines in an effort to prove the
election had been rigged against Trump. The data she allowed to be
downloaded made its way to a presentation given by Mike Lindell, the
pillow-hawking conspiracist.

``You abused your position, and you are a charlatan who used and is still
using your prior position in office to peddle a snake oil that's proven to
be junk time and time again,'' Judge Matthew Barrett said as he dressed down
Peters for more than 13 minutes. [...]

Now imagine that the defendant sitting in the defendant's chair is not a
local official but the former president of the United States. Judge
Barrett's words could also have been said verbatim to Donald Trump.

We can only imagine it now, because Trump has avoided any legal consequences
for his persistent lies, his stoking of the public mistrust and his
incitements to violence. This is the fault of the Supreme Court, which
immunized the president against almost all official acts in July [...].

Emboldened by that ahistoric extra-constitutional ruling, Trump remains
defiant. No one needs to be persuaded that he would do it again, because he
already is. [...]

------------------------------

Date: Sun, 13 Oct 2024 06:36:39 -0400
From: Lillie Coney <coney@lillieconey.net>
Subject: 2024 Election Protection As AI Increases the Risk of
Disenfranchisement

This article is a repost of the Epic.org Report, e-Deceptive Campaign
Practices, first published in 2008 and again in 2010. The report provides
information on risks posed to election integrity by ubiquitous social media
and mobile technologies. The report needs an update with the most important
developments being the introduction of artificial intelligence and targeting
of communities ill prepared for deceptive campaign attacks. In 2024, Russia
still poses a significant threat to tampering in US elections. But, the
U.S. is not the only democracy facing challenges. In 2020, the United
Kingdom's Brexit vote report cites Russia=E2=80=99s hacking and
disinformation campaign as factors in that important election.

Canada is another democracy that faced challenges from robocalls intended to
confuse and harass voters in the 2011 federal election through misdirection
to incorrect polling locations on Election Day during a very close election.
This was unprecedented and at the end of the day disenfranchised Canadian
voters had no recourse.

In the United States the Voting Rights Act has not been reauthorized and key
provisions protecting voting rights have been struck down by the Supreme
Court, and this law protects only the right to vote of persons in certain
jurisdictions and states with a documented history of voter
disenfranchisement.

This situation leaves many voters on their own should they fall prey to a AI
generated deceptive robocall on Election Day that erroneously reports that
their voting location has changed. AI voice impersonations made an early
debut in the 2024 election, and may have an encore performance on Election
Day.

The recommendation, for those planning to vote is to do so during early
voting, if that is an option, or make a plan to start earlier on Election
Day. Civic participation in the United States is an individual right to
exercise or not -- but each voter is free to decide for themselves, and not
have that decision taken from them.

Article written by Lillie Coney, former Associate Director of EPIC.org, and
Director the Voting Integrity Project. She is a member of the ACM USACM, and
IEEE.

Key Takeaways from the British Report on Russian Interference, by Amy
Mackinnon, a national security and intelligence reporter at Foreign Policy,
on 21 Jul 2021, last visited 8 Oct 2024, found at
https://foreignpolicy.com/2020/07/21/britain-report-russian-interference-brexit/

E-Deceptive Campaign Report 2010: Internet Technology and Democracy 2.0,
Lillie Coney, Peter Neumann and Jon Pincus, October 2010, found at
https://epi=c.org/wp-content/uploads/privacy/voting/E_Deceptive_Report_10_2010.pdf, last visited on 8 Oct 2024.

Robocalls scandal: Timeline of events, CTVNews.ca, by Staff, August 14,
2014, last visited on 8 Oct 2024, can be found at
https://www.ctvnews.ca/politics/robocalls-scandal-timeline-of-events-1.1960260

[The amount of intentionally false information in the lead-up to this
election is absolutely terrifying. Thanks, Lillie, for resurrecting this
item. PGN]

------------------------------

Date: Mon, 14 Oct 2024 9:08:47 PDT
From: Peter Neumann <neumann@csl.sri.com>
Subject: Notes for my HealthSec24 paper on Healthcare Risks

Peter G, Neumann
Computer-Related Risks in Healthcare [10-minute summary]
CCS 2024 conference HealthSec workshop.

The paper is on my website, in part derived from recent RISKS issues,
with lots of editorial additions:
https://www.csl.sri.com/users/neumann/health.pdf
HealthSec 2024, Salt Lake City, 14 Oct 2024

The 10-minute summary that I was going to present at the workshop is
on my website:
https://www.csl.sri.com/users/neumann/healthsec.txt
There were several screw-ups and logistic problems (bandwidth with multiple
workshops) that prevented my zooming in, so I wound up with two minutes
after a lovely introduction from William Yurcik, the program chair, who had
invited my paper.