RISKS-LIST: Risks-Forum Digest Saturday 2 July 2022 Volume 33 : Issue 31

ACM FORUM ON RISKS TO THE PUBLIC IN COMPUTERS AND RELATED SYSTEMS (comp.risks)
Peter G. Neumann, founder and still moderator

***** See last item for further information, disclaimers, caveats, etc. *****
This issue is archived at <http://www.risks.org> as
<http://catless.ncl.ac.uk/Risks/33.31>
The current issue can also be found at
<http://www.csl.sri.com/users/risko/risks.txt>

Contents:
The Wheels Have Come Off Electric Vehicles (Bloomberg)
Who Is Liable when AI Kills? (Scientific American)
Four Takeaways From a Times Investigation Into China's Expanding
Surveillance State (NYTimes)
An Invisible Cage: How China Is Policing the Future (NYTimes)
China lured graduate jobseekers into digital espionage (ArsTechnica)
Internet Explorer Shutdown to Cause Japan Problems 'For Months'
(Financial Times)
School Surveillance Will Never Protect Kids From Shootings (WiReD)
UK plan to scrap cookie consent boxes will make it easier to spy on web
users (The Guardian)
"Whoops. That Feeling When the AG of the most populous state publishes a
list of where all the handguns are... (twitter viz geoff goodfellow)
Supercookies Have Privacy Experts Sounding the Alarm (WiReD)
Police sweep Google searches to find suspects. The tactic is facing its
first legal challenge. (NBC News)
DARPA report exposes blockchain vulnerabilities (exodus)
'Mystery rocket' that crashed into the Moon baffles NASA scientists (Chron)
Mega says it can't decrypt your files. New POC exploit shows otherwise.
(ArsTechnica)
The Assessments of the Swiss Post E-Voting System (Andrew Appel)
2022 Zero-day in-the-wild exploitation (Maddie Stone)
Ocean Freight Shipping Costs Are Driving Goods Prices Higher (ProPublica)
ZuoRAT Trojan (WiReD)
Sophisticated attacks against range of SOHO routers (ArsTechnica)
Microsoft Plans to Eliminate Face Analysis Tools in Push for`Responsible AI'
(NYTimes)
The Race to Hide Your Voice (WiReD)
Amazon demonstrates Alexa mimicking the voice of a deceased relative (CNBC)
South Carolina mom says baby monitor was hacked; Experts say many devices
are vulnerable (NPR)
St. John's woman loses home after Phoenix pay fiasco (CBC)
"These Period Tracker Apps Say They Put Privacy First. Here's What We Found.
(Consumer Reports)
FCC asks Google, Apple to remove TikTok due to data privacy concerns at
Chinese-owned company TikTok (CBC)
Lost and Found: USB Sticks With Data on 460,000 People (NYTimes)
Some Crypto Exchanges Already Secretly Insolvent (Forbes)
Unintended Centralities in Distributed [Blockchain] Ledgers (via Lauren W.)
Crypto Crash Widens Divide Between Rich and Amateur Traders (NYTimes)
Cryptocurrency Titan Coinbase providing "Geo Tracking Data" to ICE
(The Intercept)
Crypto traceability and market rules agreed by EU lawmakers (TechCrunch)
Crypto investors' hot streak ends as harsh 'winter' descends (Boston Globe)
Alex Mashinky's Celsius crypto bank draws probe by five states (WashPost)
LOL Headline of the Day (LW)
When customers say their money was stolen on Zelle, banks often refuse to
pay (NYTimes)
Planned Parenthood Privacy (WashPost)
Re: Micropatching on the fly (John Levine)
Re: A Periodic Issue (Steven J. Greenwald)
Re: Long-term planning and Optimization (Martin Ward, Martin Ward)
Re: It is 2022. My coffee mug wants me to log in, wants to know my location,
and if it can send me promotional emails... (geoff goodfellow)
AT&T Fiber Optic outage update (PGN)
Abridged info on RISKS (comp.risks)

----------------------------------------------------------------------

Date: Thu, 30 Jun 2022 16:51:19 -0700
From: geoff goodfellow <geoff@iconia.com>
Subject: The Wheels Have Come Off Electric Vehicles (Bloomberg)

*If Toyota's cars can't keep their tires on, what good is its $35 billion
EV pledge?*

The world's biggest car company, Toyota Motor Corp., reluctantly released
an electric vehicle in May
<https://global.toyota/en/newsroom/toyota/37135919.html#:~:text=Toyota%20City%2C%20Japan%2C%20April%2012,BEV*1%20on%20May%2012.>.
Weeks later, it recalled 2,700 of them because there was a risk their
wheels -- the most fundamental component -- would fall off. If that's the
level of quality and safety traditional auto giants are willing to commit
to, then investors and regulators should increase their scrutiny.

Getting it right on battery technology and electric motors is one thing,
but bolting the wheels on properly? It shouldn't even be a question.
Billions of dollars have been invested, huge promises have been made and
every major car manufacturer in the world has committed to go electric and
clean. What's more, cars are selling at record high prices.

Toyota's statement was alarming
<https://pressroom.toyota.com/toyota-is-conducting-a-safety-recall-involving-2023-model-year-bz4x-vehicles/>.
``After low-mileage use, all of the hub bolts on the wheel can loosen to the
point where the wheel can detach from the vehicle. If a wheel detaches from
the vehicle while driving, it could result in a loss of vehicle control,
increasing the risk of a crash,'' the company said as it recalled its first
electric car release. Long a leader in hybrid or gasoline-electric
technology, the Japanese firm has been dragging its feet on EVs as
competitors like Volkswagen AG have raced ahead. Toyota president Akio
Toyoda has in the past commented on the excessive hype around green cars and
pointed out the downsides.
<https://www.wsj.com/articles/toyotas-chief-says-electric-vehicles-are-overhyped-11608196665>

Meanwhile, Subaru Corp., in which Toyota holds a 20.02% stake, also recalled
the Solterra, a related electric vehicle model jointly developed that shares
parts with the latter's bZ4x.

Recalls are par for the course in the auto industry -- every year, millions
of vehicles are affected. Last year, more than 21 million were accounted for
in recalls mandated by the U.S. National Highway Traffic Safety
Administration, according to third-party data provider Recall Master
<https://www.recallmasters.com/sor/>. In addition, several million more are
part of so-called voluntary campaigns that aren't formally recognized by the
authority. [...]

https://www.bloomberg.com/opinion/articles/2022-06-29/the-wheels-come-off-toyota-s-electric-vehicles

------------------------------

Date: Thu, 30 Jun 2022 01:57:16 +0000
From: Richard Marlon Stein <rmstein@protonmail.com>
Subject: Who Is Liable when AI Kills? (Scientific American)

George Maliha and Ravi B. Parikh, Scientific American, 29 Jun 2022
https://www.scientificamerican.com/article/who-is-liable-when-ai-kills/

"The key is to ensure that all stakeholders, users, developers and everyone
else along the chain from product development to use—bear enough liability
to ensure AI safety and effectiveness -- but not so much that they give up on
AI."

Organizations that build and deploy AI must be held accountable for usage
incidents, be they benign or injurious. Changing the rules -- regulations
--  means that stakeholders negotiate proposed regulations which are
approved by lawmakers, and enforced by regulators. Two of the stakeholders
-- law makers and regulators -- are often captured, or wholly compromised
by, deep pockets or political interests.

Product liability laws are outdated -- they were written for industry
conditions that assumed only humans and their parent organizations held
responsibility for product faults and the incidents or damage they
cause. There was no anticipation of AI product deployment, and how
autonomous products alters the liability landscape.

Product terms of service for virtually every business or institution
(including governments) invoke indemnification to shield them (their
organizations and their employees) against liability save for acts of wanton
negligence.

The terms assert commercial impunity: The consumer purchases a product, and
via a license terms of use granted therein, agree to indemnify (hold without
fault) the producing organization (and its employees) for any untoward
outcome, including injury or fatality.

Occasionally, where there's a question of guilt attributed to said product
or organization, a negotiated settlement ensues, one that includes
non-disclosure of the settlement terms, and a non-admission of guilt to
resolve the law suit.

A liability law rewrite, with AI-in-the-loop, will subject organizations to
newly defined accountability IF there's sufficient representative consumer
interests at the negotiating table to balance the corporate lobby's
litigiousness.

The essay identifies 3 areas of liability regulation revision. The 3rd item
of the author's liability reform addresses revised standards that might
establishes a regulatory liability basis for AI.

The revised standards should include mandatory explainability requirements
for any deployed AI-product to assist and simplify incident
triage. Explainability can elevate visibility into autonomous product fault
and accelerate the incorporate of lessons learned that prevent
recurrence. Data and voice recorders deployed in aircraft and trains help
earn and sustain capriciously volatile public trust by teaching mistakes. An
equivalent capability will benefit public health and safety exposed to
AI-enabled product deployments.