Risks Digest 33.91

[RISKS List Owner <risko () csl sri com>]

RISKS-LIST: Risks-Forum Digest  Sunday 22 October 2023  Volume 33 : Issue 91

ACM FORUM ON RISKS TO THE PUBLIC IN COMPUTERS AND RELATED SYSTEMS (comp.risks)
Peter G. Neumann, founder and still moderator

***** See last item for further information, disclaimers, caveats, etc. *****
This issue is archived at <http://www.risks.org> as
  <http://catless.ncl.ac.uk/Risks/33.91>
The current issue can also be found at
  <http://www.csl.sri.com/users/risko/risks.txt>

  Contents:
Failed software upgrade stops Toronto-area trains (Mark Brader)
How AI reduces the world to stereotypes (RestofWorld)
Another reason ChatGPT needs to ace the LSAT (Henry Baker)
AI and the end of photographic truth (Politico)
AI training vs intellectual property rights (Peter Knoppers)
> From High Life Hackers to National Menace: The Rise and Fall of Digital
 Bandits 'ACG' (40media)
The Botched Hunt for the Gilgo Beach Killer (NYTimes)
The Race to Save Our Secrets From the Computers of the Future (NYTimes)
How to find and book mistake airfares (WashPost)
The origin of hacking attempts (Turgut Kalfaoglu)
The Great Zelle Pool Scam (via Monty Solomon)
Re: False news spreads faster than the truth (back and forth with
 Shapir, Ward, Shapir, Ward, Shapir, Ward, Shapir)
Re: Your old phone is safe for longer than you think (Bacher)
Abridged info on RISKS (comp.risks)

----------------------------------------------------------------------

Date: Fri, 20 Oct 2023 01:02:38 -0400 (EDT)
From: Mark Brader <msb () Vex Net>
Subject: Failed software upgrade stops Toronto-area trains

This happened on 3 Oct 2023, but I don't think it's come up in RISKS.

Trains to and from Toronto are operated by several companies or
organizations:

   - GO Transit (Metrolinx) for suburban/regional commuter trains
   - UP Express for trains serving the international airport
   - VIA Rail Canada for long-distance trains

But all of them depend at least partly on Canadian National Railway (CN)
for dispatching and signals.

At 12:30 pm that day, CN attempted to perform an "internal systems
upgrade", which "affected CN's ability to connect to the Internet"
with the result that trains could not be authorized to proceed and
had to stop and wait at stations.  It took until 3:45 pm to get
some trains moving, and hours after that to restore normal services.

At least the TTC's subway is completely separate and was not affected.

------------------------------

Date: Sun, 22 Oct 2023 02:07:18 -0400
From: Monty Solomon <monty () roscom com>
Subject: How AI reduces the world to stereotypes (RestofWorld)

Rest of World analyzed 3,000 AI images to see how image generators visualize
different countries and cultures.

https://restofworld.org/2023/ai-image-stereotypes/

------------------------------

Date: Sun, 22 Oct 2023 21:22:04 +0000
From: Henry Baker <hbaker1 () pipeline com>
Subject: Another reason ChatGPT needs to ace the LSAT

So-called 'Section 230', the Gardol invisible shield which protects
Microsoft/Google/X(nee Twitter)/etc., from liability, apparently won't cover
AI's which mouth off on their own, thereby putting the AI's owner at
risk. Forget about simply 'pulling the plug'; perhaps much of the danger
from AI's will be averted by lawsuits bankrupting their owners/developers.
Can AI's also face criminal penalties and be incarcerated?

https://www.lawfaremedia.org/article/section-230-wont-protect-chatgpt

Section 230 Won't Protect ChatGPT

Generative AI products won't receive the same Section 230 protections
as other tech products

Matt Perault, LawFare, 22 Feb 2023, 1:11 PM

The emergence of products fueled by generative artificial intelligence (AI)
such as ChatGPT will usher in a new era in the platform liability
wars. Previous waves of new communication technologies--from websites and
chat rooms to social media apps and video sharing services--have been
shielded from legal liability for content posted on their platforms,
enabling these digital services to rise to prominence. But with products
like ChatGPT, critics of that legal framework are likely to get what they
have long wished for: a regulatory model that makes tech platforms
responsible for online content.  [...]

------------------------------

Date: Sat, 21 Oct 2023 12:13:19 +0007
From: Peter Neumann <Neumann () CSL SRI COM>
Subject: AI and the end of photographic truth (Politico)

Gian Volpicelli, Politico, 20 Oct 2023

Call it The Tale of Two Selfies.

Shortly after two members of the Indian wrestling team were arrested in New
Delhi while protesting alleged sexual harassment by the president of the
national wrestling federation, two nearly identical photos of the duo began
circulating online.

Both showed the two women inside a police van among officers and other
members of their team. But in one they looked glum. In the other, they were
beaming gleefully -- as if the arrest had been nothing more than a charade.

For hours, the picture of the smiling wrestlers zipped across social media,
reposted by supporters of the federation president, even as journalists,
fact-checkers and the two women derided it as fake. It was only much later
that an analysis comparing their smiles with earlier photos proved the grins
were not genuine. They had been added afterward, most
likely<https://www.bbc.com/news/world-asia-india-65757400?source=email> by
free, off-the-shelf software such as FaceApp, which uses artificial
intelligence to digitally manipulate images.

Stories like this one point to a rapidly approaching future in which nothing
can be trusted to be as it seems. AI-generated images, video and audio are
already being deployed in election campaigns. These include fake pictures of
former President Donald Trump hugging and kissing the country's top Covid
adviser Anthony Fauci; a video in Poland mixing real footage of right-wing
Prime Minister Mateusz Morawiecki with AI-generated clips of his voice; and
a deepfake recording of the British Labour Party leader Keir Starmer
throwing a fit.

------------------------------

From: Peter Knoppers <buttonius () gmail com>
Date: Fri, 20 Oct 2023 14:21:33 +0200
Subject: AI training vs intellectual property rights

I sincerely dislike the way that AI tools are routinely trained by scraping
the web without permission, without proper crediting and without
compensation to the creators of the parsed documents. Hoping that, someday,
I'll be able to "get even" I've added the following copyright sting
paragraph to the end of the main page of my web site:

  The information on this site was written by Peter Knoppers and -- per the
  Berne Convention for the Protection of Literary and Artistic Works
  <https://en.wikipedia.org/wiki/Berne_Convention> -- is copyrighted by me.
  Any use related to the development, or training of AI systems without
  prior, written permission is prohibited. Personal use, indexing for
  Internet search engines, etc. is intended, permitted and encouraged. Any
  reproduction of the documents on this site should be clearly marked as
  copied from this site.

The hyperlink points to the Wikipedia page about the Berne Convention. I
encourage anyone in charge of a website to add a similar sting paragraph.
This abuse of our intellectual work without prior, explicit permission is
dishonest and must be stopped. Disclaimer: I am not a lawyer.

------------------------------

Date: Sun, 22 Oct 2023 02:05:50 -0400
From: Monty Solomon <monty () roscom com>
Subject: From High Life Hackers to National Menace: The Rise and
 Fall of Digital Bandits 'ACG' (40media)

Hackers 'ACG' popped champagne and bought sports cars. Then the group and
its associates ushered in a bold new era of crime where anything is
possible.

https://www.404media.co/high-life-hackers-national-menace-acg-the-comm-braiden-williams/

------------------------------

Date: Sun, 22 Oct 2023 11:24:45 -0400
From: Monty Solomon <monty () roscom com>
Subject: The Botched Hunt for the Gilgo Beach Killer (NYTimes)

For 13 years, police failed to scrutinize the man now accused of the
infamous murders. Why did it take so long?

https://www.nytimes.com/2023/10/19/magazine/gilgo-beach-killer-suffolk-police.html

------------------------------

Date: Sun, 22 Oct 2023 18:40:42 -0400
From: Monty Solomon <monty () roscom com>
Subject: The Race to Save Our Secrets From the Computers of the
 Future (NYTimes)

Quantum technology could compromise our encryption systems. Can America
replace them before it’s too late?

https://www.nytimes.com/2023/10/22/us/politics/quantum-computing-encryption.html

------------------------------

Date: Sun, 22 Oct 2023 14:31:14 -0400
From: Gabe Goldberg <gabe () gabegold com>
Subject: How to find and book mistake airfares (WashPost)

Christmas morning started off rather uneventfully for Paul Jebara. In 2014,
the New York-based travel writer was scanning flight fares online in the
hopes of stumbling across some bargain beckoning him to a part of the globe
he had yet to explore. Nothing out of the ordinary, given his chosen line of
work. After landing on the Etihad Airways site, however, he was about to
receive the holiday gift of a lifetime.

“I saw this number on the screen and just couldn’t believe it: $180
round-trip between New York and Abu Dhabi,” he recalls. “It was one of those
things that was just too good to be true. It had to be a mistake.” [...]

Thankfully for Jebara, Etihad Airways didn’t deploy a similar disclaimer. As
it turns out, he wasn’t the only recipient of an outsize gift on that
fateful Christmas morning. In fact, enough on-the-spot bargain hunters
seized the mistake fare to warrant a public response from the airline. “A
system filing issue caused ticket prices for a promotion in the USA to be
temporarily listed incorrectly,” said a spokesperson at the time. “The issue
has since been rectified. Etihad Airways will honor these fares.”

Jebara respects the carrier for accepting the financial repercussions of its
gaffe. “If you mess up and accidentally book the wrong day of travel as a
passenger, the airlines are all too willing to hold you accountable, so it
should cut both ways,” he adds. “If an airline didn’t honor a mistake fare,
it would definitely change my perception of them.”

Nevertheless, cancellation is increasingly becoming the standard industry
response. So, file your would-be good fortune under: “If something seems too
good to be true, it most often is.” And if you haven’t learned that by now,
that’s your mistake.

https://www.washingtonpost.com/travel/tips/how-to-find-mistake-airfares/

  [The risk? Remote debugging and can't make service call...]~<

------------------------------

Date: Fri, 20 Oct 2023 12:36:26 +0300
From: =?UTF-8?Q?turgut_kalfao=C4=9Flu?= <turgut () kalfaoglu com>
Subject: The origin of hacking attempts

I often see otherwise sensible authors writing prose such as

> "Countries such as Russian and Chinese hackers often test their attacks..."

whereas the reality is that these two countries are not where the majority
of attacks originate.

As a system administrator of a hosting firm, I'm seeing many attacks from
the USA, UK, Ukraine, Turkey and a host of African countries as well.

So, perhaps when the authors choose to generalize, they should do so with
unbiased data in their hands.

  [Also later appendage:]

I wrote a five line script to find out whose IP's were blocked recently from
our systems, resolved them into hostnames (the ones that were resolvable)
and I'm putting the list at

  https://kalfaoglu.net/hacker-hosts.txt

If a hostname is repeated, that means they tried multiple times.

------------------------------

Date: Sun, 22 Oct 2023 02:24:43 -0400
From: Monty Solomon <monty () roscom com>
Subject: The Great Zelle Pool Scam (Re: RISKS-33.47)

All I wanted was a status symbol. What I got was a $31,000 lesson in the
downside of payment apps.

https://www.businessinsider.com/zelle-fraud-scam-swimming-pool-online-payment-apps-mobile-banking-2023-10

------------------------------

Date: Fri, 20 Oct 2023 17:47:37 +0300Fr
From: Amos Shapir <amos083 () gmail com>
Subject: Re: False news spreads faster than the truth

The latter conclusion is logically correct only if A and B are completely
independent of each other.  Besides, "low or unknown" probability is not a
defined quantity which can lead to any conclusion.

------------------------------

Date: Fri, 20 Oct 2023 16:50:50 +0100
From: Martin Ward <mwardgkc () gmail com>
Subject: Re: False news spreads faster than the truth

If the conjunction (A and B) is of low probability, while B is of high
probability, then necessarily it follows that A and B are independent of
each other.

The meaning of "low or unknown probability" is given in Alvin Plantinga's
essay. For a detailed explanation, see for example, "A defense of Alvin
Plantinga's evolutionary argument against naturalism":
https://mospace.umsystem.edu/xmlui/handle/10355/4184

------------------------------

Date: Sat, 21 Oct 2023 10:29:53 +0300
From: Amos Shapir <amos083 () gmail com>
Subject: Re: False news spreads faster than the truth

I'm sorry, but this still doesn't make sense to me.   Plantinga's argument
completely mixes up the *probability of existence *of cognitive agents,
with the actuality of *being *one.

It is true that this probability is low, and indeed very few creatures on
Earth are reliable cognitive agents.  But that does not affect the
reliability or veracity of ideas expressed by someone (or something) who
*is* a reliable cognitive agent, no matter how he came into being, and what
was the probability of that happening.

------------------------------

Date: Sat, 21 Oct 2023 11:27:25 +0100
From: Martin Ward <mwardgkc () gmail com>
Subject: Re: False news spreads faster than the truth

Plantinga's argument is a *proof by contradiction*, and the distinction
between "the probability of existence of cognitive agents" with "actually
being one" is absolutely central to his argument.

His argument starts by assuming A: Naturalism and B: Evolution from which
he deduces that C: the probability that our minds are reliable is low or
inscrutable. So the conjunction (A and B) implies C. Here is a detailed
exposition of the argument:
https://www.youtube.com/watch?v=PwE_D9GUC0s

You claim (correctly) that B is a scientific theory which has been strongly
confirmed by observation and evidence. You also claim (also correctly) that
cognitive agents exist (therefore C is false).

Logically, if (A and B) implies C, C is false and B is true, then it must
be the case that A is false.

QED (by contradiction).

So Naturalism has a low probability of being correct.

------------------------------

Date: Sat, 21 Oct 2023 18:43:38 +0300
From: Amos Shapir <amos083 () gmail com>
Subject: Re: False news spreads faster than the truth

Note that I'm responding (like in our previous discussion) from the POV of
a logician -- if terms are not logically well defined, and logic is not
followed correctly, there's no point in getting into the actual theist
arguments at hand.

Anyway,  what's wrong with the latest argument, is that A and B are not
independent of each other, and more importantly, C isn't false!

If C has low probability, the most we can say about A or B is that they may
have low probability, but the relationship between their probabilities is
not defined here (there's a branch of set theory called "Fuzzy Sets" which
deals with such items).  But regardless of whether our minds are generally
reliable or not, the fact that evolution had been experimentally proven to
be true, demonstrates that the particular minds who devised it, from Darwin
onwards, in fact *were *reliable.

I haven't watched this clip through, because at 7:30 I encountered what IMHO
is Plantinga's main misconception about Naturalism.  He says that Naturalism
can be viewed as "the Theistic world picture minus God".  But Naturalism is
not a view, opinion, nor belief.  It is a working assumption -- THE working
assumption -- upon which the whole scientific method is based.  Science is a
work method, meant to find truth by way of observation and experiment; its
basic assumption is that there is no external force (conscious, intelligent
nor otherwise) which affects our experiments and observations.  We have to
assume that whatever worked in 1910 should work in 2030, or that a meter in
Iowa is the same length as a meter on the moon.  Science cannot be done
otherwise (as anyone who owns a cat can tell you).

As an assumption, there's no claim to the truthfulness of Naturalism; it
could well be that God exists, and had created Science, including
Evolution, to perform exactly as predicted by experiments; but in that
case, it's impossible to confirm or deny his existence.  Even if it could
be proven (I have no idea how) that God does exist, would the whole of
Science become false?  Will trains stop in their tracks, and planes fall
out of the sky?

The bottom line is, it doesn't matter whether Science, and therefore
Evolution, is philosophically valid.  It works!  Evolution is a theory, but
so is Electricity...  Electricity works, and so is Evolution -- it's used
i.a. in searching for oil, developing drugs, etc.  So anyone who lives in
the modern world, travels in cars and takes medicine (most likely including
Plantinga), does not have to *believe* in evolution, he *uses *it!

------------------------------

Date: Sat, 21 Oct 2023 18:55:38 +0100
From: Martin Ward <mwardgkc () gmail com>
Subject: Re: False news spreads faster than the truth

> But Naturalism is not a view, opinion, nor belief.  It is a working
> assumption -- THE working assumption -- upon which the whole scientific
> method is based.

It is certainly *not* the assumption upon which the whole scientific method
is based: none of the first scientists held this assumption!  In fact: under
Naturalism and Evolution there is a very low probability that our cognitive
faculties are reliable in determining truth, so a very low probability that
the scientific method would work.

There *are* certain assumptions, which cannot be proved scientifically,
but upon which the whole scientific enterprise is based.
These include: the laws of logic, the orderly nature of
the external world, the reliability of our cognitive faculties
in knowing the world, and the objectivity of the moral values used
in science. These assumptions are all denied by Naturalism
(for example, Plantinga's argument shows that the reliability of
our cognitive faculties is inconsistent with Naturalism and Evolution).

The practical success of the scientific method can be argued
as experimental confirmation of the assumptions upon which it
is based. Which leads to the "scientific argument for God":

First, recall how any scientific argument works:  a scientist proposed
a theory about the nature of reality and suggests an experiment
or observation, the outcome of which will either confirm or disconfirm
the theory.  To put it in probabilistic form, if T is a theory,
e is an experimental observation, and k is the set of relevant
background knowledge, then if:

  P(e|T&k) >> P(e|~T&k)

then we say that the evidence confirms the theory.

(i.e. If the epistemic probability of e given T and k is much greater
than the epistemic probability of e given not T and k then
the evidence confirms the theory)

The first scientists had a particular theory about the nature
of reality (that the world was created by a God who had certain
characteristics of trustworthiness etc.) and they deduced
that the physical world would also have certain characteristics:
that there would be discoverable regularities called "Laws of Nature"
that could be confirmed or disconfirmed by experiment.

These properties entailed that the scientific method would work.
They set out to test their theory by applying the scientific method.

The subsequent development of science has spectacularly confirmed the first
scientists' theories about the nature of reality: so if we accept the
scientific method as a valid way to confirm theories in every other area of
science, we should (on pain of contradiction) accept it here as well.

Under the negation of their theory: e.g., under an atheistic world view,
there is no reason to expect that the universe would have these properties,
and therefore no reason to expect the "scientific method" to work in any
meaningful way.

The history of science has dramatically confirmed the theistic
hypothesis and disconfirmed the atheist hypothesis.

This is the "Scientific Argument for God". As with any scientific
argument it is not an absolute proof, but it is a strong confirmation.

------------------------------

Date: Sun, 22 Oct 2023 13:28:46 +0300
From: Amos Shapir <amos083 () gmail com>
Subject: Re: False news spreads faster than the truth

Again, this is a misrepresentation of Naturalism and the principles of
science.  First of all, contrary to Plantinga's definition, Naturalism does
requires reviews and encourages criticism.  Ideally, the same experiment
should produce the same results no matter who performs it, including the
aliens from the planet Coosebane...  And again, the fact that generally, the
reliability of our cognitive faculties is not great, has no bearing on the
scientific method itself, as long as it is assumed that the scientists who
actually do it are reliable.  This is not a matter of belief either, an
essential part of the scientific method is devoted to ensuring such
reliability.

Science doesn't assume any pre-ordained order and logic in Nature, except
what has been shown experimentally to exist; so for example, Quantum theory
is proven to work by different rules than would be assumed by common logic.
not assume that God does not exist, so its inability to prove this cannot be
considered a failure.  Naturalism only assumes that even if God does exist,
He doesn't interfere with the world in unexpected ways.

Science definitely does NOT rely on any specific human ability; that's why
there are specific rules on what constitutes a fact, a proof etc., it
It is true that early scientists believed that the world works by divine
rules, and set out to prove that; but despite their beliefs, they never
Did.  They have shown that such order does exist, which had strengthened
their beliefs (and it seems also Plantinga's and yours) -- they called this
"the Laws of Nature" and believed that this implies the existence of a
Lawmaker; but calling it by a neutral term like "structure" may have
produced a different conclusion.

As far as I understand the "Scientific Argument for God"', it goes like
that:

   1. We believe in God.
   2. We believe that God had imposed Rules of Order on the world.
   3. Such rules enable employment of the scientific method.
   4. The scientific method is successful
   5. Therefore, these rules exist
   6. Hence God exists.

The trouble with this logic is in stage 6:  We assume that G->R, we have
proven R is true -- but there is no proof that R->G !  Without
contradicting any of the logic in stages 2-5, R could be true while G is
still false.

Considering that the theistic view also leads to some very unscientific
conclusions -- such as that the age of the Universe is 6000 years (or 5784
or 6500) and other stuff which would fit better in the Marvel Universe, I
find the claim that science confirms it, a bit troubling.

  [OK.  I sometimes let interesting back-and-forths go for a while.  I'm
  going to blow the referee's whistle at this point.  I am not even sure I
  got all of it or even in the right order.  However, I thought it might be
  interesting to some of you on the fringes of logic.  PGN]

------------------------------

Date: Sat, 21 Oct 2023 18:31:45 +0000 (UTC)
From: Steve Bacher <sebmb1 () verizon net>
Subject: Re: Your old phone is safe for longer than you think (WashPost)

Corrected link:

https://www.washingtonpost.com/technology/2023/10/13/security-updates-ios-android/

------------------------------

Date: Sat, 1 Jul 2023 11:11:11 -0800
From: RISKS-request () csl sri com
Subject: Abridged info on RISKS (comp.risks)

 The ACM RISKS Forum is a MODERATED digest.  Its Usenet manifestation is
 comp.risks, the feed for which is donated by panix.com as of June 2011.
=> SUBSCRIPTIONS: The mailman Web interface can be used directly to
 subscribe and unsubscribe:
   http://mls.csl.sri.com/mailman/listinfo/risks

=> SUBMISSIONS: to risks () CSL sri com with meaningful SUBJECT: line that
   includes the string `notsp'.  Otherwise your message may not be read.
 *** This attention-string has never changed, but might if spammers use it.
=> SPAM challenge-responses will not be honored.  Instead, use an alternative
 address from which you never send mail where the address becomes public!
=> The complete INFO file (submissions, default disclaimers, archive sites,
 copyright policy, etc.) has moved to the ftp.sri.com site:
   <risksinfo.html>.
 *** Contributors are assumed to have read the full info file for guidelines!

=> OFFICIAL ARCHIVES:  http://www.risks.org takes you to Lindsay Marshall's
    searchable html archive at newcastle:
  http://catless.ncl.ac.uk/Risks/VL.IS --> VoLume, ISsue.
  Also, ftp://ftp.sri.com/risks for the current volume/previous directories
     or ftp://ftp.sri.com/VL/risks-VL.IS for previous VoLume
  If none of those work for you, the most recent issue is always at
     http://www.csl.sri.com/users/risko/risks.txt, and index at /risks-33.00
  ALTERNATIVE ARCHIVES: http://seclists.org/risks/ (only since mid-2001)
 *** NOTE: If a cited URL fails, we do not try to update them.  Try
  browsing on the keywords in the subject line or cited article leads.
  Apologies for what Office365 and SafeLinks may have done to URLs.
==> Special Offer to Join ACM for readers of the ACM RISKS Forum:
    <http://www.acm.org/joinacm1>

------------------------------

End of RISKS-FORUM Digest 33.91
************************