Wednesday, January 23, 2019

Sighted at Teterboro, closed Newark?
Drone sighting disrupts major US airport
A pilot told air traffic control that one of the drones came within 30ft (9m) of his aircraft.
He was flying at Teterboro Airport, a nearby private facility, but officials closed Newark International as a precaution.
… Speaking about Tuesday's drone scare in New Jersey, the Federal Aviation Authority (FAA) said in a statement: "At approximately 5pm, we received two reports from incoming flights into Newark that a drone was sighted at about 3,500ft above Teterboro, New Jersey.

Analyzing 2018 Attacks to Prepare for Those in 2019
A new report from Check Point discusses major cyber incidents from 2018. From these data points, Check Point's analysts look for current trends in malware and attacks, in order to prepare for 2019's future attacks.
According to Check Point's Cyber Attack Trends Analysis 2019 report, the major attack categories and incidents from 2018 include ransomware (such as attacks against the City of Atlanta and the Ukraine Energy Ministry); data breaches (such as those affecting Exactis, and Marriott Hotels); mobile malware (such as AdultSwine and Man in the Disk); cryptocurrency attacks (such as Jenkins Miner and RubyMiner); botnet attacks (such as those from IoTroop and attacks against Democrat candidates during the 2018 primary's season); and APT attacks (such as Big Bang and SiliVaccine).
"Indeed," says the report (PDF), "never does a day go by that we do not see organizations under constant attack from the ever-growing number of malware spreading at higher rates than ever."

Another perspective on the encryption debate?
Encryption efforts in Colorado challenge crime reporters, transparency
Colorado journalists on the crime beat are increasingly in the dark. More than two-dozen law enforcement agencies statewide have encrypted all of their radio communications, not just those related to surveillance or a special or sensitive operation. That means journalists and others can’t listen in using a scanner or smartphone app to learn about routine police calls.
Law enforcement officials say that’s basically the point. Scanner technology has become more accessible through smartphone apps, and encryption has become easier and less expensive. Officials say that encrypting all radio communications is good for police safety and effectiveness, because suspects sometimes use scanners to evade or target officers, and good for the privacy of crime victims, whose personal information and location can go out over the radio.
… “You can’t get out to cover something if you don’t know it’s happening, and journalists would be at the mercy of police public information officers. Do we want the first draft of history dictated by police PIOs?”
Definitely not. A national study published in 2017 found that police PIOs zealously try to control the narratives about their departments. That’s especially concerning in Colorado, where law enforcement officials have downplayed transparency implications by saying they will release information about breaking news on social media, in press releases, and in daily reports—as if those are reasonable substitutes for independent reporting.

Police officers probably will not mention this to passengers.
Ed Hasbrouck writes:
Passengers in a car stopped by police don’t have to identify themselves, according to the 9th Circuit Court of Appeals.
That holds even in a state with a “stop and identify” law, and even if the initial stop of the car (for a traffic violation committed by the driver) was legal.
The opinion by a three-judge panel of the 9th Circuit earlier this month in US v. Landeros is one of the most significant decisions to date interpreting and applying the widely-misunderstood 2004 US Supreme Court decision in Hiibel v. Nevada.
Read more on Papers, Please!

I agree, this is interesting.
The Evolution of Darknets
This is interesting:
… Instead of using websites on the darknet, merchants are now operating invite-only channels on widely available mobile messaging systems like Telegram.
… The other major change is the use of "dead drops" instead of the postal system which has proven vulnerable to tracking and interception. Now, goods are hidden in publicly accessible places like parks and the location is given to the customer on purchase. The customer then goes to the location and picks up the goods. This means that delivery becomes asynchronous for the merchant, he can hide a lot of product in different locations for future, not yet known, purchases. For the client the time to delivery is significantly shorter than waiting for a letter or parcel shipped by traditional means - he has the product in his hands in a matter of hours instead of days. Furthermore this method does not require for the customer to give any personally identifiable information to the merchant, which in turn doesn't have to safeguard it anymore. Less data means less risk for everyone.
The use of dead drops also significantly reduces the risk of the merchant to be discovered by tracking within the postal system. He does not have to visit any easily to surveil post office or letter box, instead the whole public space becomes his hiding territory.

A most interesting analysis.
Why India’s Smartphone Revolution Is a Double-edged Sword
… “To most Indians, the smartphone is their first camera, first TV, first video device, first Walkman, and first MP3 player. It may even be their first alarm clock and calculator,” according to Ravi Agrawal, managing editor of Foreign Policy and former CNN New Delhi bureau chief. That is the dramatic change this small device is bringing to hundreds of millions of Indians, as extremely low-cost smartphones and data plans increasingly become available.
Technology in India has traditionally been only available to the rich, to English speakers, and to city dwellers, Agrawal noted.
… In addition to breaking the financial barrier, smartphones have broken the language barrier. Most of the population doesn’t speak English, and English used to be a necessity for internet use. But “smartphones have changed all of that,” observed Agrawal. Now if you speak Hindi, Bengali, or one of India’s many other tongues, multilingual software enables you to type, search, and read online.
Even illiterate individuals — of whom there are nearly 300 million in India — can learn to use the device. With the Google Assistant, they can say in their own language, for example, “‘Show me the Taj Mahal,’ and up pops a video showing them this great wonder that they’ve all heard of but never seen,” notes Agrawal. So in some ways the smartphone is a great equalizer.
… Yet with all the apparent benefits, “there is so much that can go wrong,” said Agrawal. One problem is the proliferation of “fake news,” which he noted has sparked religiously-motivated lynchings and other violence.
India has also experienced more internet shutdowns than any other nation — Syria and Iraq follow — in which the government temporarily pulls the plug in the name of halting rumors that spark unrest.
… There’s also been an explosion in pornography, Agrawal notes. “The head of one of India’s biggest wireless companies told me that 70% of his company’s bandwidth is porn, believe it or not.”

For my Disaster Recovery lecture.
Tonga facing 'absolute disaster' after internet cable blackout
Tonga's ability to communicate with the rest of the world has severely been restricted after a submarine cable broke, cutting off the Pacific island kingdom from almost all mobile phone and Internet services.
… "There's no Facebook, which is how the Tongan diaspora communicate with each other, businesses can't get orders out, airlines can't take bookings for passengers or freight."
While the authorities look into the cause and struggle to find a solution to the disruption, which began on Sunday, they have turned to a small, locally operated satellite connection as back-up.
… Officials said it could take up to two weeks to fix the problem.

Also useful in my Data Management class.
New on LLRX – 10 x 10: 100 Insightful KM Resources
Via LLRX – 10 x 10: 100 Insightful KM Resources – KM expert Stan Garfield shares ten categories of KM resources, each with ten links to useful sources of knowledge about the field. The ten resources in each category are recommended starting points for those who want to learn more about KM. Each category heading is linked to a more extensive list for greater exploration.

The future? Probably not for my 11 mile round trip to school, but I could see a Leadville to Denver hop.
Boeing’s passenger air vehicle prototype rises into the sky for its first test flight
Boeing says it has successfully completed the first test flight of a prototype for its autonomous passenger air vehicle, which could start carrying riders as early as next year.
The test was executed on Tuesday at an airport in Manassas, Va., near the headquarters of Aurora Flight Sciences, the Boeing subsidiary that’s been developing the electric-powered, vertical takeoff-and-landing aircraft, also known as an eVTOL craft.
… The craft is 30 feet long and 28 feet wide, with eight rotors for vertical lift and a tail rotor to facilitate forward flight. It’s designed to fly in full autonomous mode with a maximum range of 50 miles.
“This is what revolution looks like, and it’s because of autonomy,” said John Langford, president and CEO of Aurora Flight Sciences. “Certifiable autonomy is going to make quiet, clean and safe urban air mobility possible.”

Confusing. Surely they aren’t saying they found another chemical that does exactly what the patented chemical does. This is about a process that extracts a drug.
A.I. finds non-infringing ways to copy drugs pharma spends billions developing
Drug companies spend billions developing and protecting their trademark pharmaceuticals. Could artificial intelligence be about to shake things up? In a breakthrough development, researchers have demonstrated an A.I. which can find new methods for producing existing drugs in a way that doesn’t infringe on existing patents.
… As exciting as the work is, however, don’t expect this to be anything that brings down the world of big pharma — if that’s what you’re hoping for. Chematica, which was bought by pharma giant Merck in 2017, is more likely to be used to help these companies better protect their intellectual property.
[In our latest] paper we tackled three blockbuster drugs, very heavily guarded by patents — and yet a ‘stupid’ computer managed to find synthetic bypasses,” Grzybowski said. “Now, what if your competitors were to use such a tool? Could they bust your patents? Should you also use the tool? What if they come up with a better version? These sorts of question might point to an arms race in developing similar and competing software solutions.”

Resources for research. Marcus Zillman does great lists.
New on LLRX – Deep Web Research and Discovery Resources 2019
Via LLRXDeep Web Research and Discovery Resources 2019 – How big is the Deep Web? It is estimated to comprise 7,500 terabytes – although an exact size is not known, and the figures vary widely on this question. The magnitude, complexity and siloed nature of the Deep Web is a challenge for researchers. You cannot turn to one specific guide or one search engine to effectively access the vast range of information, data, files and communications that comprise it. The ubiquitous search engines index, manage and deliver results from the Surface web. These search results include links, data, information, reports, news, subject matter content and a large volume of advertising that is optimized to increase traffic to specific sites and support marketing and revenue focused objectives. On the other hand, the Deep Web – which is often misconstrued as a repository of dark and disreputable information [Note – it is not the Dark Web], has grown tremendously beyond that characterization to include significant content on a wide range of subject matters covering a broad swath of files and formats, databases, pay-walled content as well as communications and web traffic that is not otherwise accessible through the surface Web. This comprehensive multifaceted guide by Marcus Zillman providers you with an abundance of resources to learn about, search, apply appropriate privacy protections, and maximize your time and efforts to conduct effective and actionable research within the Deep Web.

A link for the toolkit.
Over 4,000 Free Cheat Sheets, Revision Aids and Quick References!

Tuesday, January 22, 2019

Self-inflicted wounds. Indistinguishable from a cyberwar attack?
Zimbabwe Government Shuts Down Internet, Backfires Spectacularly Affecting Economy - Toshi Times
Zimbabwe has been ravaged by widespread local unrest the past week. The catalyst? A controversial decision to increase the prices of petrol and diesel by a massive 150 percent.
Citizens of Zimbabwe have since this voiced their dissatisfaction with this decision through a series of protests and demonstrations. Social media platforms such as Twitter, Facebook, YouTube and WhatsApp have been integral in organizing these events.
… As such, it would appear that the governmental-led shutdown of the internet has led to immensely worse consequences. The national economy has effectively been disabled – however, this was not caused by the protestors, rather, it was the work of the government’s actions.
… a preexisting liquidity crisis in the country has already led citizens towards alternative means of exchange, such as cryptocurrencies or other cashless alternatives such as bank cards.
All of these payment systems have now been rendered moot, due to the government’s actions. It remains to be seen how all of this will ultimately play out – but it already seems plain that the government’s fear of economic turmoil has caused exactly that.

Further defining the response…
Massachusetts Amends Data Breach Notification Law to Require Free Credit Monitoring
The Governor of Massachusetts recently signed House Bill No. 4806 into law, which will amend certain provisions of the state’s data breach notification law. In addition to changing the information that must be included in notifications to regulators and individuals, the amendments will also require entities to provide eighteen months of free credit monitoring services following breaches involving Social Security numbers. The amendments, which will enter into force on April 11, 2019, are discussed in greater detail below.

An interesting reaction.
NYPD Spy Drones Fly into Privacy Headwinds
A squad of 14 New York Police Department drones will soon be soaring over the city’s skyline, with the ability to record people’s lives, even if that’s not their stated use. Some will be equipped with infrared cameras that have the ability to see through walls and record the privacy of bedrooms, although, again, NYPD says this isn’t the intent. Still, the technology isn’t just creepy (though it is creepy); if not monitored carefully, its deployment raises the specter of uses beyond those currently planned by the NYPD that could be illegal.
… New Yorkers are being asked to take the NYPD at its word, but many New Yorkers want a stronger guarantee. This is part of why advocates and activists are pushing for the Public Oversight of Technology Act (“POST Act”), a New York City Council bill that would require the NYPD to develop and publicize an “impact and use policy” for each piece of surveillance technology it purchases.

Is this machine as accurate as the lab? How good is “good enough?”
Coming Soon to a Police Station Near You: The DNA ‘Magic Box’
… in early 2017, the police booking station in Bensalem became the first in the country to install a Rapid DNA machine, which provides results in 90 minutes, and which police can operate themselves. Since then, a growing number of law enforcement agencies across the country — in Houston, Utah, Delaware — have begun operating similar machines and analyzing DNA on their own.
… In 2017, President Trump signed into law the Rapid DNA Act, which, starting this year, will enable approved police booking stations in several states to connect their Rapid DNA machines to Codis, the national DNA database. Genetic fingerprinting is set to become as routine as the old-fashioned kind.
… But already many legal experts and scientists are troubled by the way the technology is being used. As police agencies build out their local DNA databases, they are collecting DNA not only from people who have been charged with major crimes but also, increasingly, from people who are merely deemed suspicious, permanently linking their genetic identities to criminal databases.

A mere nibble. Wait for GDPR to bite!
Google has been fined $56.8 million by privacy regulators in France, marking the country’s first use of the tough new privacy rules enacted in Europe last year. Specifically, the company is accused of violating provisions of the General Data Protection Regulation (GDPR) by using, without proper consent, the private data of users to craft personalized ads; and by burying key privacy disclosures pages deep, amid oceans of text.
In a statement Monday, France’s privacy watchdog, CNIL, said that Google had been fined for needlessly obscuring information concerning the processing of its users’ data, which Europe’s privacy rules demand be made more easily accessible. Essential information about how user data is processed, stored, and used, it said, was “excessively disseminated across several documents.” It required, in some cases, up to five or six steps to unearth key disclosures, including details of how Google amasses personal information to help it pinpoint a user’s location.
… the French commission found Google’s process for informing users about what precisely they’re consenting to to be wholly inadequate.
… “We have found that large corporations such as Google simply ‘interpret the law differently’ and have often only superficially adapted their products,” Schrems reportedly told the station. “It is important that the authorities make it clear that simply claiming to be compliant is not enough.”

Yeah, it’s complicated.
Dutch surgeon wins landmark 'right to be forgotten' case
… The doctor’s registration on the register of healthcare professionals was initially suspended by a disciplinary panel because of her postoperative care of a patient. After an appeal, this was changed to a conditional suspension under which she was allowed to continue to practise.
But the first results after entering the doctor’s name in Google continued to be links to a website containing an unofficial blacklist, which it was claimed amounted to “digital pillory”.
… The judge said that while the information on the website with reference to the failings of the doctor in 2014 was correct, the pejorative name of the blacklist site suggested she was unfit to treat people, and that was not supported by the disciplinary panel’s findings.
The court further rejected Google’s claim that most people would have difficulty in finding the relevant information on the medical board’s Big-register, where the records are publicly held.
The surgeon’s lawyer, Willem van Lynden, from the Amsterdam firm MediaMaze, said the ruling was groundbreaking in ensuring doctors would no longer be judged by Google on their fitness to practise.

Don’t they store US user data in the US?
Russian Watchdog Launches 'Administrative Proceedings' Against Facebook, Twitter
The state regulator has repeatedly warned the companies they could be banned if they do not comply with a 2014 law requiring social networking sites to store the personal data of Russian users inside the country.
Zharov said Facebook and Twitter provided "no concrete information on localising the data of Russian users on the territory of the Russian Federation."
He added that the companies also did not provide a "timeframe" for when they plan to store the data of Russian users in Russia.
The 2014 law has caused widespread concern as it is seen as putting the information of Russian users at risk of being accessed by the country's intelligence services.

Would automating justice eliminate bias?
Machine Learning and the Rule of Law
Chen, Daniel L., Machine Learning and the Rule of Law (January 6, 2019). Computational Analysis of Law, Santa Fe Institute Press, ed. M. Livermore and D. Rockmore, Forthcoming. Available at SSRN:
“Predictive judicial analytics holds the promise of increasing the fairness of law. Much empirical work observes inconsistencies in judicial behavior. By predicting judicial decisions—with more or less accuracy depending on judicial attributes or case characteristics—machine learning offers an approach to detecting when judges most likely to allow extra legal biases to influence their decision making. In particular, low predictive accuracy may identify cases of judicial “indifference,” where case characteristics (interacting with judicial attributes) do no strongly dispose a judge in favor of one or another outcome. In such cases, biases may hold greater sway, implicating the fairness of the legal system.”

Gartner: Enterprise use of AI grew 270% over the past 4 years
Companies are adopting artificial intelligence (AI) like it’s going out of style, according to a new report by Gartner. The Stamford firm’s 2019 CIO Survey of more than 3,000 executives in 89 countries found that AI implementation grew a whopping 270 percent in the past four years, and 37 percent in the past year alone.
… “If you are a CIO and your organization doesn’t use AI, chances are high that your competitors do and this should be a concern.”

Tracing the evolution of an industry.
Are sitdown scooters the next big urban craze? Austin is about to find out
… Already home to thousands of electric scooters, many of them crowding downtown sidewalks, the Central Texas city will be the first to experience a new generation of shareable electric scooters from an Oxnard, California-based company called Ojo Electric. Unlike well-known scooter companies such as Bird and Lime, Ojo's models are bulkier and include a seat.
Referred to as a "light electric vehicle," the scooters can travel 50 miles on a single charge and have a top speed of 20 mph, in compliance with city regulations, the company said in a news release. The company says their vehicles are designed for bike lanes and streets.

What can I learn?
400 free Ivy League university courses you can take online in 2019
Quartz: “The eight Ivy League schools are among the most prestigious colleges in the world. They include Brown, Harvard, Cornell, Princeton, Dartmouth, Yale, and Columbia universities, and the University of Pennsylvania. All eight schools place in the top fifteen of the US News and World Report 2018 national university rankings. These Ivy League schools are also highly selective and extremely hard to get into. But the good news is that all these universities now offer free online courses across multiple online course platforms.
So far, they’ve created over 494 courses, of which around 396 are still active. Here’s a collection of all of them, split into courses in the following subjects: Computer Science, Business, Humanities, Social Sciences, Art & Design, Science, Health & Medicine, Data Science, Education & Teaching, Mathematics, Science, Engineering, Personal Development, and Programming…”

Monday, January 21, 2019

There does not seem to be any more detail, yet. To make this work, the ‘vouchers’ must not be identifiable as part of the group stolen. How would they track customer usage? Note: Another easily identified and easily fixed bug?
China's Pinduoduo reports theft of online discount vouchers to police
Chinese online group discounter Pinduoduo Inc said on Sunday that an online collective exploited a loophole on its platform to “steal” tens of millions of yuan worth of discount vouchers.
In a statement on its official Weibo account, Pinduoduo said it immediately rectified the bug and reported the incident to police.

Sounds more like the mafia? Are they this good? What, beside the Hong Kong bank account, points to China?
Cyber Fraud by Chinese Hackers Makes Headlines in India
… The cyber fraud scam started with a fraudulent email from Chinese hackers, spoofed to appear as if it were coming from the CEO of the company in Italy. The message was written in the tone and style of the CEO, and raised the prospect of a “secretive” and “highly confidential” acquisition that could only be pulled off if funds were wired to bank accounts in Hong Kong. After follow-up emails, there were then telephone conference calls between Italy and India, with Chinese fraudsters impersonating top executives and lawyers. They convinced the local Indian office that regulatory rules prevented a direct payment from corporate HQ in Milan; thus, the onus was on the local Indian operation to fund the acquisition. Payments were sent in three separate tranches of $5.6 million, $9.4 million, and $3.6 million. However, just before the fourth and final payment was about to be made, the real chairman of the Italian company showed up in India for a year-end visit. It’s not hard to imagine what happened next.
… But here’s where there is still a lot to explain: how did Chinese fraudsters impersonate top European officials, including one claiming to be a top Swiss lawyer? At some point, wouldn’t really bad accents or awkward phrases tip off the Indian officials that someone was being conned?
… In short, instead of a few hackers in pajamas trying to hack into computer systems from their basements, we may be seeing the rise of sophisticated global crime syndicates and hacking groups that are far more formidable adversaries for corporate IT directors.

No more “fake news” broadcasts? Of course if each of the five recipients forward the message to five friends, who each forward to five friends…
WhatsApp globally limits text forwards to 5 chats to curb rumours
Facebook Inc's WhatsApp messenger service is globally limiting message ‘forwards’ to five chats at a time, a practice it had introduced in India in July last year to crack down on spread of rumours and fake news through its platform.
… The messaging platform—which counts India, Brazil and Indonesia among its major markets—said it will continue to listen to user feedback on their experience, and “over time, look for new ways of addressing viral content”.
… The move comes at a time when governments and regulators across the world are looking at effective ways to curb the spread of fake messages through digital platforms.

(Related) Is this a reversal of the limits above?
Facebook launches petition feature, its next battlefield
Gather a mob and Facebook will now let you make political demands. Tomorrow Facebook will encounter a slew of fresh complexities with the launch of Community Actions, its News Feed petition feature. Community Actions could unite neighbors to request change from their local and national elected officials and government agencies. But it could also provide vocal interest groups a bully pulpit from which to pressure politicians and bureaucrats with their fringe agendas.
Community Actions embodies the central challenge facing Facebook. Every tool it designs for positive expression and connectivity can be subverted for polarization and misinformation.
… The question will be where Facebook’s moderators draw the line on what’s appropriate as a Community Action, and the ensuing calls of bias that line will trigger. Facebook is employing a combination of user flagging, proactive algorithmic detection, and human enforcers to manage the feature. But what the left might call harassment, the right might call free expression. If Facebook allows controversial Community Actions to persist, it could be viewed as complicit with their campaigns, but could be criticized for censorship if it takes one down. Like fake news and trending topics, the feature could become the social network’s latest can of worms.

Only after the rider gets off.
… Details are, as TechCrunch noted, “scarce,” but there’s a lot of speculation that Uber is investigating autonomous versions of the scooters and bikes of the short-term rental type that have already taken over many major cities. The Telegraph reported that Uber has begun hiring for the Micromobility Robotics team, which it wrote had the goal of developing scooters and bikes that can drive to charging stations themselves, or possibly to go and pick up riders after the prior passenger disembarks.
… like competitors Bird and Lime (the latter of which Uber owns a minority stake in) the logistics of using a small army of contractors to pick up the scooters after rides are already a major money-burner.
… As TechCrunch noted, Uber Jump recently unveiled a series of upgrades to give some of its bikes “self-diagnostic capabilities and swappable batteries,” designed to minimize downtime. Self-driving scooters are an obvious way to further streamline the business.

Might be fun to install on someone’s computer without telling them.
This incredibly simple tool gives every website you visit a 'dark mode'
… Go to and click on the web browser you use. You'll be taken to your browser's extensions store where you can download and install Dark Reader for free.
Once you install it, the vast majority of websites you visit will have a dark gray or black color where they used to be white.

I gotta share this with my PhD friends.

Sunday, January 20, 2019

Technology to help you break the law.
Google Maps wants to help you avoid that speeding ticket
… Google’s navigation app, Google Maps, is starting to roll out speed limit and speed trap features, according to
With the speed limit feature, drivers using Google Maps will be shown the post speed limit of the road they’re driving on in the lower left side of the app. Speed traps are designated with a small camera icon and shown on the visible area of the map. AndroidPolice’s source also reports that Google Maps provides an audio warning for drivers when they are approaching a speed trap.

(Related) He could have used it three years ago…
Hitman convicted thanks to fitness watch location data
An alleged hitman has learned hard lessons about the the value of GPS data on fitness watches. A Liverpool jury has found Mark Fellows guilty of the 2015 murder of mob boss Paul Massey in part thanks to location info from the accused's Garmin Forerunner. An expert inspecting the watch's info discovered that Fellows had recorded a 35-minute trip that took him to a field just outside Massey's home ahead of the murder. He appeared to be scouting the route he would take later to perform the hit, a claim supported by cell site and CCTV evidence showing Fellows driving his car past Massey's house numerous times in the week before the slaying.
Massey's murder had gone unsolved until the 2018 killing of his associate John Kinsella, where surveillance footage showed Fellows biking a similar scouting route before pulling the trigger. That led law enforcement to see if there were any connections to the Massey case. Fellows had a GPS jammer in his car when police investigated in 2018, suggesting that he knew enough to avoid location data at some point – just not while he was scouting Massey three years earlier.

I know lots of smart people. Maybe I should start an Institute? Do you think this one is there to provide Facebook with an “academic” justification?
Facebook backs Institute for Ethics in Artificial Intelligence with $7.5 million
Facebook will donate $7.5 million for the creation of The Institute for Ethics in Artificial Intelligence, a research center being made to explore topics such as transparency and accountability in medical treatment and human rights in human-AI interaction.
… Like initiatives undertaken by other AI research think tanks, the Institute for Ethics in Artificial Intelligence will work to share its research through conferences and symposiums with the wider community of AI practitioners.

The future of voice assistants like Alexa and Siri isn’t just in homes — it’s in cars
As smart speakers take off in the home, it’s important to note that cars are an even bigger market for voice assistants. Some 77 million US adults use voice assistants in their cars at least monthly, compared with 45.7 million using them on smart speakers, according to a new survey from voice tech publication

Saturday, January 19, 2019

We knew this was flawed. Will they make it worse?
Eric Goldman writes:
41 California privacy lawyers, professionals, and professors are urging the California legislature to make major changes to the California Consumer Privacy Act (CCPA), which the legislature hastily passed in 2018. The letter highlights six significant problems with the CCPA, including:
  • The CCPA affects many businesses who never had a chance to explain the law’s problems to the legislature;
  • The CCPA imposes excessive costs on small businesses;
  • The CCPA requires businesses to waste money complying with multiple privacy laws;
  • The CCPA degrades consumer privacy in several ways;
  • The CCPA’s definitions are riddled with problems; and
  • The CCPA reaches beyond California’s borders.
The text of the letter is on Eric’s site, linked below. A PDF copy of the letter is also available.

(Related) Another “privacy law gone bad.”
Student privacy and the law of unintended consequences
In 2014, the Louisiana legislature passed a law to protect student privacy. It required parents to approve nearly any collection and sharing of student data. In other words, no student information — no accomplishments or addresses, no batting averages or GPAs — was to be shared without a parent’s express permission.
… Facing the possibility of heavy fines or ending up in prison for even a well-intentioned mistake, teachers and administrators in a number of schools told us they were so afraid that they stopped collecting or sharing data for almost any reason. They stopped printing school yearbooks. They stopped announcing football players’ names at games. They stopped hanging student artwork in the hallways. Some even stopped referring students to state scholarship funds.

How much does take to get management’s attention?
The Washington Post reports:
U.S. regulators have met to discuss imposing a record-setting fine against Facebook for violating a legally binding agreement with the government to protect the privacy of its users’ personal data, according to three people familiar with the deliberations but not authorized to speak on the record.
The fine under consideration at the Federal Trade Commission, a privacy and security watchdog that began probing Facebook last year, would mark the first major punishment levied against Facebook in the United States since reports emerged in March that Cambridge Analytica, a political consultancy, accessed personal information on about 87 million Facebook users without their knowledge.
The penalty is expected to be much larger than the $22.5 million fine the agency imposed on Google in 2012.
Read more on the Union Leader.

In order to retrieve all data related to a user you have to know every place that data is stored. Automation would work, if the software looked every place data might be stored.
Privacy campaigner Schrems slaps Amazon, Apple, Netflix, others with GDPR data access complaints
European privacy campaigner Max Schrems has filed a fresh batch of strategic complaints at tech giants, including Amazon, Apple, Netflix, Spotify and YouTube.
The complaints, filed via his nonprofit privacy and digital rights organization, noyb, relate to how the services respond to data access requests, per regional data protection rules.
Article 15 of Europe’s General Data Protection Regulation (GDPR) provides for a right of access by the data subject to information held on them.
The complaints contend tech firms are structurally violating this right — having built automated systems to respond to data access requests which, after being tested by noyb, failed to provide the user with all the relevant information to which they are legally entitled.

Apple, Netflix and YouTube among Streamers Flouting EU Privacy Law, Say New Complaints
… If all the companies are found to have been violating the EU General Data Protection Regulation, by not revealing to users all the information they’re obliged to, they face fines to a total theoretical maximum of €18.8 billion ($21.4 billion.)

Another interesting interpretation.
Good question. St├ęphanie Martinier and Mathilde Pepin of Proskauer write:
The French Supreme Court sanctions a company for having produced complete employee pay slips in a litigation.
It is not news that the rules of evidence and data privacy laws may be conflicting. A recent decision of the French Supreme Court[1] illustrates this tension and highlights the need for litigators to take into account data privacy principles before producing evidence containing personal information. In this case, a company had organized mandatory staff representatives’ elections. The company had started a court action against three election candidates aiming at opposing their candidature due to certain requirements related to their job classifications not being met. Among the evidence produced by the company were the complete pay slips of the three employees. All of the trade unions that were participants in the election process were also parties to the litigation and as such, they all received copies of the evidence produced by the company.
The employees started an emergency proceeding to have the pay slips immediately removed from the court file, claiming that it was an invasion of privacy. The employees based their claim, among other things, on Article 8 of the European Convention on Human Rights. The company argued that it needed to provide the pay slips to evidence its claim.
The French Supreme Court disagreed and ruled in favor of the employees, recognizing an invasion to the employees’ privacy.
Read more on Privacy Law Blog.

How can anyone compete with Amazon? Could anyone with less money do this? Would they even try?
In India, Amazon and Walmart face off against the country’s richest man
As Amazon and Walmart-owned Flipkart scramble for ways to work around the impending new strict ecommerce policy in India, the two companies today stumbled upon a new challenge: India’s richest man.
Mukesh Ambani, who runs Reliance Industries, the country’s largest industrial house, announced today that his company will roll out a new online shopping platform for 1.2 million retailers and store owners in Gujarat, the nation’s westernmost state.

Perspective. The opposite of universal access?
Zimbabwe shuts down internet amid violent response to gas protests
Zimbabwe was under an internet blackout on Friday as authorities extended a communications ban to cover emails after days of deadly protests over price increases that pushed the cost of a gallon of gas to almost $13.

Here Come the Internet Blackouts
On the first day of the new year, the Democratic Republic of Congo cut internet connections and SMS services nationwide—for the second day in a row. The reason? To avoid the “chaos” that might result from its presidential election results. Not even a week later, on Jan. 7, Gabon’s government did the same after an attempted coup. On Tuesday, Zimbabwe cut off social media and internet access. The government restored much of the internet Wednesday but kept a WhatsApp ban in place. And it’s unlikely that these will be the last “internet blackouts” we hear about over the coming months
… In fact, we’ll likely see a rise in internet blackouts in 2019, for two reasons: countries deliberately “turning off” the internet within their borders, and hackers disrupting segments of the internet with distributed denial-of-service attacks. Above all, both will force policymakers everywhere to reckon with the fact that the internet itself is increasingly becoming centralized—and therefore increasingly vulnerable to manipulation, making everyone less safe.

… “The first thing we found,” Mitchell tells me in an interview, “is that many, many jobs, the majority of jobs are going to be affected by machine learning.” He pauses, goes on: “The next thing we found was that very few of those jobs will be completely automated. Instead, the predominant thing that you see is that most jobs will be affected because the bundle of tasks that make up that job—some of those tasks that are amenable to machine learning, semi-automation or automation.”
If this describes your job, or a task in your job, then an algorithm can probably be taught to do it.
1. Learning a function that maps well-defined inputs to well-defined outputs
2. Large (digital) data sets exist or can be created containing input-output pairs
3. The task provides clear feedback with clearly definable goals and metrics
4. No long chains of logic or reasoning that depend on diverse background knowledge or common sense
5. No need for detailed explanation of how the decision was made
6. A tolerance for error and no need for provably correct or optimal solutions
7. The phenomenon or function being learned should not change rapidly over time
8. No specialized dexterity, physical skills, or mobility required

Friday, January 18, 2019

Things go wrong. That’s why we teach people to check. Apparently, not everyone learned this in school.
Twitter bug revealed some Android users’ private tweets
Twitter accidentally revealed some users’ “protected” (aka, private) tweets, the company disclosed this afternoon. The “Protect your Tweets” setting typically allows people to use Twitter in a non-public fashion. These users get to approve who can follow them and who can view their content. For some Android users over a period of several years, that may not have been the case — their tweets were actually made public as a result of this bug.
The company says that the issue impacted Twitter for Android users who made certain account changes while the “Protect your Tweets” option was turned on.
For example, if the user had changed their account email address, the “Protect your Tweets” setting was disabled.
… What’s fairly shocking is how long this issue has been happening.
Twitter says that users may have been impacted by the problem if they made these account changes between November 3, 2014, and January 14, 2019 — the day the bug was fixed.

Not fool-proof (because we can always build a bigger fool) but worth sharing.
How to Protect Your Business from Phishing Scams
1. Spelling and grammar mistakes
2. Unwarranted sense of urgency
3. Threatening messages
4. Strange attachments

Start surveillance early! Get out the (enter political party here) message while they’re young! “Big Brother loves you!”
Toying with Privacy: Regulating the Internet of Toys
Haber, Eldar, Toying with Privacy: Regulating the Internet of Toys (December 8, 2018). Ohio State Law Journal, Forthcoming. Available at SSRN: “Recently, toys have become more interactive than ever before. The emergence of the Internet of Things (IoT) makes toys smarter and more communicative: they can now interact with children by “listening” to them and respond accordingly. While there is little doubt that these toys can be highly entertaining for children and even possess social and educational benefits, the Internet of Toys (IoToys) raises many concerns. Beyond the fact that IoToys that might be hacked or simply misused by unauthorized parties, datafication of children by toy conglomerates, various interested parties and perhaps even their parents could be highly troubling. It could profoundly threaten children’s right to privacy as it subjects and normalizes them to ubiquitous surveillance and datafication of their personal information, requests, and any other information they divulge. While American policymakers acknowledged the importance of protecting children’s privacy online back in 1998, when crafting COPPA, this regulatory framework might become obsolete in face of the new privacy risks that arise from IoToys. Do fundamental differences between websites and IoToys necessitate a different legal framework to protect children’s privacy? Should policymakers recalibrate the current legal framework to adequately protect the privacy of children who have IoToys? Finally, what are the consequences for children’s privacy of ubiquitous parental surveillance through IoToys — allegedly granted to safeguard children from online risks? And how might children’s privacy be better framed and protected in this context?
This Article focuses on the privacy concerns that IoToys raise. Part I briefly outlines the evolution of IoToys while examining their capacity to collect and retain data. Then, in reference to the legal framework chosen to protect children from online datafication twenty years ago, the next part discusses the American perception of children’s privacy, focusing on COPPA. Through this analysis, this part will show how key market players currently comply with COPPA regulation, and evaluate whether such compliance is relevant to IoToys’ dangers and challenges. Part III revisits COPPA, challenges it, and in calling for its recalibration offers some practical solutions to IoToys’ privacy threats. Thereafter Part IV normatively evaluates children’s conception of privacy and argues that IoToys’ monitoring practices could jeopardize the parent-child relationship and calls for recalibrating children’s privacy in the digital era. The final part summarizes the discussion and concludes that children’s privacy matters today perhaps more than ever before, and that the potential movement toward a ubiquitous surveillance era should not lead to its demise. [h/t Mary Whisher]
  • See also the Tech Policy Lab’s paper, Toys That Listen (2016): – “Hello Barbie, Amazon Echo, and the home robot Jibo are part of a new wave of connected toys and gadgets for the home that listen. Different than the smartphone, these devices are always on, blending into the background until needed by the adult or child user. We do not yet know all the information our new toys are collecting, storing, or disclosing. With an intended audience of designers and regulators, this project brings an interdisciplinary group of experts together to build a set of consumer protection best practices for design and user control of connected devices in the home.” View PDF »

Yes, I am not very active on social media, but my students are.
How to Monitor Your Social Media Mentions: 5 Listening Tools
Social Media Examiner: “Need help monitoring your company’s mentions on social media? Looking for tools to simplify the process? In this article, you’ll discover five social media monitoring tools to help you better engage online.”
  1. Enhance Customer Service: Agorapulse
  2. Understand Your Customers: Awario
  3. Handle a Reputation Crisis: Talkwalker Alerts
  4. Identify Brand Advocates: Mention
  5. Analyze Competitors: Brand24

I’m thinking that these two companies can manage their data more easily than the Facebooks or Googles. Then again, perhaps we’re just doing this alphabetically?
Acxiom, a huge ad data broker, comes out in favor of Apple CEO Tim Cook's quest to bring GDPR-like regulation to the United States
… "Acxiom, like Mr. Cook, also supports a national privacy law for the US, such as GDPR provides for the European Union," said the company in a statement to Business Insider. You can read the full statement below.
These comments were made in response to remarks made by Apple CEO Tim Cook in Time Magazine on Thursday. The Apple exec argued that the US needs to rein in data brokers in order to give people true privacy when it comes to their data.

Useful in many classes.
The Route of a Text Message
the scott blog irregular: “This is the third post in my full-stack dev (f-s d) series on the secret life of data. This installment is about a single text message: how it was typed, stored, sent, received, and displayed. I sprinkle in some history and context to break up the alphabet soup of protocols, but though the piece gets technical, it should all be easily understood. The first two installments of this series are Cetus, about the propagation of errors in a 17th century spreadsheet, and Down the Rabbit Hole, about the insane lengths one occasionally needs to go through to track down the source of a dataset…”

Perspective. Oh my, how will we ever get Senior Lawyers without the Darwinian competition among Junior Lawyers? (Didn’t the clerks do 90 percent of this work anyway?)
Artificial intelligence putting junior lawyers’ jobs at risk
An Australian legal technology company has used Amazon’s Alexa to build a prototype virtual lawyer that it says can create legal documents instantly like a real human, threatening the jobs of junior lawyers.
Smarter Drafter’s Alexa Skill – driven by the company’s Real Human Reasoning AI engine – asks questions a lawyer would and then drafts a legal document that considers the context, facts, jurisdiction and best practice. It takes a few minutes for the interview to take place and the legal document to appear by email.
… “We mapped the decision making process of expert lawyers in excruciating detail to create a tool that would perform at the level of a human lawyer. Lawyers already delegate legal drafting to other experts – now they can give those same instructions to software and have the job done in moments without any human errors. Here we’re testing whether we can put the same power in the hands of the document’s end user,” Long said.
Smarter Drafter is already used in more than 150 law firms across Australia but is currently only accessible to lawyers.
… “In the future, those that work with the robots are the ones that will thrive as they find efficiencies and better ways to serve their clients. For them, there’s an opportunity in spending more time with clients and demonstrating empathy, a skill that computers are a long way from having, instead of spending their time hacking away in Microsoft Word,” Long says.

Perspective. Broadcast TV gave ground to Cable. Now the Internet based services are grabbing a share.
Netflix is finally sharing (some of) its audience numbers for its TV shows and movies. Some of them are huge.
Netflix has more than 130 million customers watching its TV shows and movies. But for years, it refused to tell outsiders how many of those customers watched any particular show or movie.
Now that’s starting to change.
… Netflix estimates that it now accounts for 10 percent of TV screen time in the US. (Its math here: Netflix says it streams 100 million hours a day to TV screens in the US, and it figures those TVs — which include more than one TV per household, plus sets in bars, hotels, etc. — are on for a billion hours a day.) Netflix says it owns a smaller share of mobile screens, which makes sense, since Netflix says the vast majority of its viewing happens on TV screens.
… That Bird Box number is big, no matter how you parse it. And if you’re a Hollywood star, you may well end up concluding that it makes sense to try making a movie with Netflix, even though they are still relatively new at it: They’ll pay you whatever you would get (and perhaps even more) from a conventional Hollywood studio, and you don’t need to worry about the show disappearing into a pile of unseen documentaries and reruns. Netflix would be happy if you, and/or your agents/managers/lawyers, reach this conclusion.

Perspective. Use your smartphone to lace your sneakers? Should make an interesting hacking target.
Nike’s auto-laced future
Why does the world need a self-lacing shoe?
Haven’t you heard of Velcro?
How will you tie your shoes when the Wi-Fi is down?
That’s the gist of the instant response I got when I mentioned the new Adapt BB, a shoe from Nike with, yes, powered laces that tighten to a wearer’s foot automatically. The shoe is an evolution of the Nike HyperAdapt 1.0, which is itself a commercialization of the Air Mag — a self-lacing vanity project that realized the self-lacing shoes mocked up for Back to the Future II.
… And, honestly, I get it. It’s a hard sell to say that the solution to a laceless design is to add about half of the hardware that goes into your smartphone and the ability to talk to your shoes with your phone.
But the Adapt BB is really working on two levels, and to tease out whether there is a there there when it comes to connected shoes, you have to consider the context.
… If, however, you want to use the shoes free of the app you can. If your foot is in the shoe you can single tap to jump to desired tightness or tap and hold a button to bump them back to “wide open.” You can also make micro adjustments by tapping the buttons.
… The buttons, it should be noted, are pretty much mandatory in the NBA where phones are outlawed on the bench.

A Security Event.
SnowFROC 2019
Thu, March 14, 2019 7:00 AM – 6:00 PM MDT Tickets are $75
SnowFROC (Front Range OWASP Conference) is Denver's premier application security conference and is taking place Thursday March 14th, 2019. Our keynote speaker is Troy Hunt. Troy is an Australian web security expert known for public education and outreach on security topics.
The location of this event is The Cable Center on the University of Denver campus near I-25 and University. The Cable Center is across from a light rail station for convenience. We will have parking available at the site. [Parking at DU is normally impossible. Bob]

Really cheap travel. (Create your own Fake News!)
Picture Yourself in Front of Any Landmark With Remove.BG and Google Slides
Last weekend I published a video about and it has certainly been a hit with many readers. I've received a lot of comments and questions about it in my email, Facebook pages, and on Twitter. This morning a reader named Marni sent me a question that was typical of what I've been seeing this week.
I love the site. I can see my teachers using this for creative projects with students. My question is, do you have any suggestions regarding how to add new backgrounds to the modified pics? Is there a program I can share with teachers that allows students to, in essence, “relocate” themselves?
What I suggested to Marni and have suggested to others is to use Google Slides or PowerPoint to create a slide in which you layer the file over a background on the slide. Then export the slide as a PNG or JPEG. In the following video I demonstrate how to use, Google Slides, and Pixabay to put yourself in front of any world landmark.

Opinions vary.
Russia's top Orthodox bishop says the internet is a tool of the Antichrist

Thursday, January 17, 2019

A file collected by “the other guys.”
The 773 Million Record "Collection #1" Data Breach
Many people will land on this page after learning that their email address has appeared in a data breach I've called "Collection #1". Most of them won't have a tech background or be familiar with the concept of credential stuffing so I'm going to write this post for the masses and link out to more detailed material for those who want to go deeper.
Let's start with the raw numbers because that's the headline, then I'll drill down into where it's from and what it's composed of. Collection #1 is a set of email addresses and passwords totalling 2,692,818,238 rows. It's made up of many different individual data breaches from literally thousands of different sources. (And yes, fellow techies, that's a sizeable amount more than a 32-bit integer can hold.)
In total, there are 1,160,253,228 unique combinations of email addresses and passwords.
… Last week, multiple people reached out and directed me to a large collection of files on the popular cloud service, MEGA (the data has since been removed from the service). [MEGA was founded by Kim Dotcom. Bob]

I know articles like this seem repetitive, but I only select one or two each week to keep pounding my students with the “do it right the first time” message. Clearly many organizations do not.
FBI records, emails, Social Security numbers exposed in massive data leak, security experts say
A massive data leak has been discovered at the Oklahoma Securities Commission, in which millions of records – including files related to sensitive FBI investigations over the last seven years, emails dating back 17 years and thousands of Social Security numbers -- have been exposed.
The breach was uncovered last month by Greg Pollock, a cybersecurity researcher at UpGuard, who claims the millions of files were publicly available on an online server and didn’t require any password to access them.
… The Oklahoma agency is in charge of all financial securities business in the state and is tasked with regulation and enforcement of the business.

I guess that if half the world is below average that half is also ill-informed. (Okay. More than half.)
Most Facebook users still in the dark about its creepy ad practices, Pew finds
A study by the Pew Research Center suggests most Facebook users are still in the dark about how the company tracks and profiles them for ad-targeting purposes.
Pew found three-quarters (74%) of Facebook users did not know the social networking behemoth maintains a list of their interests and traits to target them with ads, only discovering this when researchers directed them to view their Facebook ad preferences page.
A majority (51%) of Facebook users also told Pew they were uncomfortable with Facebook compiling the information.
While more than a quarter (27%) said the ad preference listing Facebook had generated did not very or at all accurately represent them.

Something my students will probably read!
8 Sci-Fi Writers Imagine the Bold and New Future of Work
Ready Set Go…Wired – “Half of being human, give or take, is the work we do. Pick up a shift. Care for the sick. Fix the plumbing. Audition for a part. Sometimes it’s all we think about—and fret about, especially as technology comes for our jobs. Just search “future of” and autocomplete does the rest: Do you mean “future of work”? Freaking Google, surfacing our collective anxieties yet again. Economists and organizational behaviorists and McKinsey consultants crunch the numbers and tell us, with great surety, how we’ll spend our days. The careers and callings of tomorrow will inevitably be this, certainly not that, and look at all the superefficient self-guided factory robots! While the nature of work is always changing, the AI revolution has intensified the pace and magnitude of these predictions, painting a future that seems to need our labor less and less.
But charts and white papers only capture so much. Facts need feelings, and for that we turn to science fiction. Its authors are our most humane, necessary futurists, imagining not just what the future holds but how it might look, feel, even smell. In the following pages are stories from eight sci-fi specialists. Some are set in the near term; others, a bit farther out. All remind us that, no matter the inevitable upheavals, we don’t struggle alone—but with and for other people. And robots. —The Editors”