Wednesday, November 21, 2018

Here’s a parallel question: How many of these schools teach computer security?
Martin George reports:
The number of data breaches reported by schools increased by almost a quarter in just two years, new research shows.
Schools in the UK reported 703 data breaches to the Information Commissioner’s Office (ICO) in 2016-17, compared with 571 in 2014-15.
A freedom of information request by accountancy network UHY Hacker Young showed that 674 were reported in 2015-16.
Read more on tes.
It is hard to attempt to draw comparisons to the situation in the U.S. due to the absence of any one centralized agency in the U.S. that requires notifications to it (such as the Information Commissioner’s Office). By looking within states that have mandatory reporting to the state, we may be able to determine if reports are increasing over years, but getting actual numbers that are likely to be reliable seems to be a bit unlikely still.

(Related) Probably no better in the US.
From the Office of the New York State Comptroller, this follow-up report on the New York State Education Department shows ongoing concerns that have not been addressed at all or only addressed partially:
Issued: November 13, 2018 Link to full audit report 2018-F-17

For my students. Before you spend $28
Rebecca Jeshke of EFF writes:
Do you need some stimulating reading material for this long holiday weekend? Here’s a great option: the latest issue of Timothy McSweeney’s Quarterly Concern, The End of Trust. This is a collection of essays and interviews about technology, privacy, and surveillance, featuring many EFF authors—including EFF Executive Director Cindy Cohn, Special Advisor Cory Doctorow, and board member Bruce Schneier.
The End of Trust is on sale online and in bookstores now, but it’s also free to download under a Creative Commons BY-NC-ND license. In addition to essays from EFFers, contributors include anthropologist Gabriella Coleman examining anonymity, Edward Snowden tackling blockchain, and EFF Pioneer Award winner Malkia Cyril zeroing in on the historical surveillance of black bodies.
EFF has read and reviewed every piece of The End of Trust, and it’s a smart, thought-provoking, and entertaining issue. We are proud to be part of this project, and hope you enjoy it.

Have they really got the fact straight on this one? What happens when the rest of the world retaliates?
U.S. Mulls Curbs on Artificial Intelligence Exports
The administration of US President Donald Trump is exploring curbing exports of sensitive technologies including artificial intelligence for national security reasons, according to a proposal this week.
The proposal to control sales of certain technologies "essential to the national security of the United States" comes amid growing trade friction with Beijing -- and fears that China may overtake the US in some areas such as artificial intelligence.
The Commerce Department said in the proposed rules, published Monday, that it would consider curbs on various AI technologies such as neural networks and deep learning, computer vision, natural language processing and audio and video manipulation.
But banning AI exports could be counterproductive to US goals, said Daniel Castro, vice president of the Information Technology and Innovation Foundation, a Washington think tank.
"If the US government bans the export of AI technology, other countries will likely enact reciprocal policies," Castro said.
"It will mean US companies are locked out of certain markets, allowing firms in other countries to compete unchallenged."

Another case of “not being on the same page?”
The FCC’s plan to fight spam texts could give phone companies more power over messaging
… In its announcement, the agency said it plans to formally classify text messaging as an information service, a legal distinction it said will be key to battling spam text messages. The classification, the agency said, will allow phone carriers to continue to use blocking technology to stop spam messages from reaching phones.
But some consumer advocates have pushed for the FCC to instead classify messaging as a telecommunications service. Without that classification, groups like Public Knowledge have argued, phone companies will be able to discriminate against messages, deciding when and how to deliver texts in ways they say could harm consumers and free speech.

For my Architecture students. Read carefully.
Optimized Prime: How AI And Anticipation Power Amazon's 1-Hour Deliveries
By the time someone clicks "buy" on Amazon, Jenny Freshwater's team has probably expected it.
Freshwater is a software director in Amazon's Supply Chain Optimization Technologies group. Her team forecasts demand for everything sold by Amazon worldwide.
… In 2013, Amazon got a patent for so-called "anticipatory shipping." The idea was to get your order as close as possible to your address before you actually click buy.
… AI has learned that not all new products mean the same type of forecast.
Take tax software. Everyone wants the latest version. But the release of a new DSLR camera? That actually triggers huge demand for the older versions, which are cheaper.
AI has also determined that online shoppers often abandon their online grocery cart entirely, if bananas are sold out — and that bananas are most in demand on Mondays.

For my students who think start-ups can’t compete with Amazon.
SoftBank doubles down on Korean online retailer Coupang with $2 billion investment
SoftBank’s Vision Fund is investing an additional $2 billion in South Korea’s top e-commerce firm Coupang, the retailer said on Tuesday, as the loss-making startup seeks to cement its market dominance.
The latest investment follows the $1 billion that SoftBank invested in Coupang in 2015 and values the eight-year-old startup at around $9 billion, a source close to Coupang said.
Coupang has since grown rapidly to become the biggest player in South Korea’s e-commerce market. It clocked 2.7 trillion won ($2.4 billion) in revenue last year, with its online sales almost as much as the next three largest e-commerce sites in the country combined, according to research firm Statista.

Another self-driving option I had not considered. Probably more restful, possibly cheaper, definitely slower.
This self-driving hotel room could revolutionize travel
Question: What do you get if you cross a hotel room with a self-driving vehicle? Answer: The Autonomous Travel Suite (ATS).
A hotel room on wheels, the ATS is the brainchild of Toronto-based Steve Lee of Aprilli Design Studio and could revolutionize the way we travel.
… While car designers have focused on developing advanced versions of conventional vehicles, "as an architect, I see self-driving vehicles as more being more like a mobile room," says Lee.

Tuesday, November 20, 2018

Is the escalation from theft to industrial espionage to military espionage and no higher? Apparently, this is not a path to cyberwar, so feel free to hack all you like? With minimal downside, anything hackers can steal is virtually pure profit.
Surge in China Theft of Australia Company Secrets: Report
China has sharply escalated cyberattacks on Australian companies this year in a "constant, significant effort" to steal intellectual property, according to a report published Tuesday.
The investigation by Fairfax Media and commercial broadcaster Channel Nine comes just days after US Vice President Mike Pence accused Beijing at the APEC summit of widespread "intellectual property theft".
The report said China's Ministry of State Security was responsible for "Operation Cloud Hopper", a wave of attacks it said were detected by Canberra and its partners in the "Five Eyes" intelligence alliance -- the US, Britain, Canada and New Zealand.
An unnamed senior Australian government official told Fairfax the activity was "a constant, significant effort to steal our intellectual property", while other officials expressed frustration that firms and universities were not tightening their security.

I have students from India, Africa, all over the middle east and even Canada, but no one from the EU, as far as I know.
Luke Irwin reports:
…. A major concern is the GDPR’s requirement that organisations report certain types of data breach to their supervisory authority within 72 hours of becoming aware of the incident. It’s one of the toughest rules to meet, but this blog provides you with all the details you need.
Read more on IT Governance Blog.

“Those who cannot remember the past are condemned to repeat it.” George Santayana
Ivanka Trump used personal account for government business, posing security risk to White House
During the 2016 presidential election, US President Donald Trump aggressively went after Hilary Clinton for using her personal email account and server for official conversations during her time as US Secretary of State. Two years later, it is now Ivanka Trump’s turn to take the heat. Or not.
White House ethics officials confirmed she used a private email account to send official government-related emails last year, writes the Washington Post. Ivanka Trump exchanged hundreds of official emails with assistants, Cabinet officials and White House aides through a domain shared with her husband, Jared Kushner. The domain was created in December 2016, before she moved Washington. Because the domain was created through a Microsoft system, the emails are stored by the tech company.
Her actions could be in violation of the Presidential Records Act, which specifies that White House Communication must be secured and all data kept in a secure archive to prevent hacking and mishandling of data. Although her emails were mostly about personal travel dates and logistical data, some may still be in violation of federal records legislation, as they discussed official business and government policies.

Worth watching?
Operation Infektion: Russian Disinformation: From The Cold War To Kanye
Opinion Video Series | Operation Infektion By Adam B. Ellick and Adam Westbrook The New York Times, November 12, 2018
WATCH: This is a three-part film series. Scroll down at this link and click to play any episode
“Russia’s meddling in the United States’ elections is not a hoax. It’s the culmination of Moscow’s decades-long campaign to tear the West apart. “Operation InfeKtion” reveals the ways in which one of the Soviets’ central tactics — the promulgation of lies about America — continues today, from Pizzagate to George Soros conspiracies. Meet the KGB spies who conceived this virus and the American truth squads who tried — and are still trying — to fight it. Countries from Pakistan to Brazil are now debating reality, and in Vladimir Putin’s greatest triumph, Americans are using Russia’s playbook against one another without the faintest clue…”

(Related) He may not have time to do anything else!
Now eight parliaments are demanding Zuckerberg answers for Facebook scandals
Facebook’s founder is facing pressure to accept an invite from eight international parliaments, with lawmakers wanting to question him about negative impacts his social network is having on democratic processes globally.
Last week Facebook declined an invitation from five of these parliaments.
The elected representatives of Facebook users want Mark Zuckerberg to answer questions in the wake of a string of data misuse and security scandals attached to his platform. The international parliaments have joined forces — forming a grand committee — to amp up the pressure on Facebook.

Amid talk of Google as a monopoly, does this suggest they might have the power to revise the law? Could news sites expect a 51% or greater reduction in user visits?
Google News may shut over EU plans to charge tax for links
The Guardian – Search engine is lobbying hard to stop proposed tax, aimed at compensating news publishers – “Google’s top news executive has refused to rule out shutting down Google News in EU countries, as the search engine faces a battle with Brussels over plans to charge a “link tax” for using news stories. Richard Gingras, the search engine’s vice-president of news, said while “it’s not desirable to shut down services” the company was deeply concerned about the current proposals, which are designed to compensate struggling news publishers if snippets of their articles appear in search results. He told the Guardian that the future of Google News could depend on whether the EU was willing to alter the phrasing of the legislation. “We can’t make a decision until we see the final language,” he said. He pointed out the last time a government attempted to charge Google for links, in 2014 in Spain, the company responded by shutting down Google News in the country. Spain passed a law requiring aggregation sites to pay for news links, in a bid to prop up struggling print news outlets. Google responded by closing the service for Spanish consumers, which he said prompted a fall in traffic to Spanish news websites…”

(Related) The Spanish experience has been ignored.
New study shows Spain’s “Google tax” has been a disaster for publishers
… In the short-term, the study found, the law will cost publishers €10 million, or about $10.9 million, which would fall disproportionately on smaller publishers. Consumers would experience a smaller variety of content, and the law "impedes the ability of innovation to enter the market."
The study concludes that there's no "theoretical or empirical justification" for the fee. The full study (PDF) is available for download; it's in Spanish with an English-language executive summary.
… Whatever loss of traffic occurs due to readers who may read a news aggregator and then choose not to read an entire story, is more than made up for by the "market expansion" effect, the study found. In other words, given access to a news aggregator like Google, people read much more news.
The NERA analysis found a 6 percent overall drop in traffic from the Spanish Google News closure and a 14 percent drop for smaller publications.

Looks like you need computer geeks to succeed.
Throughout the global economy, big companies are getting bigger. They’re more productive, more profitable, more innovative, and they pay better. The people lucky enough to work at these companies are doing relatively well. Those who work for the competition aren’t.
Research by one of us (James) links this trend to software. Even outside of the tech sector, the employment of more software developers is associated with a greater increase in industry concentration, and this relationship appears to be causal. Similarly, researchers at the OECD have found that markups — a measure of companies’ profits and market power — have increased more in digitally-intensive industries. And academic research has found that rising industry concentration correlates with the patent-intensity of an industry, suggesting “that the industries becoming more concentrated are those with faster technological progress.” For example, productivity has grown dramatically in the retail sector since 1990; inflation-adjusted sales per employee have grown by roughly 50%. Economic analysis finds that most of this productivity growth is accounted for by a few companies such as Walmart who used information technology to become much more productive. Greater productivity meant lower prices and faster growth, leading to increased industry dominance. Walmart went from a 3% share of the general merchandise retail market in 1982 to over 50% today.

Perspective. Is Microsoft positioning itself to replace phone companies?
Skype calling now available on Alexa
Microsoft is bringing its Skype calling service to Amazon’s Alexa-enabled devices this week. Amazon’s Echo range will be able to access Skype’s basic calling, and hardware like the Echo Show will also include video calling support for Skype. This integration also lets Skype users call mobile and landlines using SkypeOut, and simply call contacts by saying “Alexa, call Tom on Skype” to activate a call.

Perspective. Probably inevitable.
In ‘Digital India,’ Government Hands Out Free Phones to Win Votes
Forget the old American campaign slogan of a chicken in every pot, or the Indian politician’s common pledge to put rice in every bowl.
Here in the state of Chhattisgarh, the chief minister, Raman Singh, has promised a smartphone in every home — and he is using the government-issued devices to reach voters as he campaigns in legislative elections that conclude on Tuesday.
… The phones are the latest twist in digital campaigning by the B.J.P., which controls the national and state government and is deft at using tools like WhatsApp groups and Facebook posts to influence voters. The B.J.P. government in Rajasthan, which holds state elections next month, is also subsidizing phones and data plans for residents, and party leaders are considering extending the model to other states.
… The phones themselves also actively promote Mr. Singh, who has run the state for 15 years and is seeking a fourth term.
His smiling face is set as the background image on the home screen, prompting some to nickname it the “Raman mobile.”

An interesting precedent?
A court ruled that judges can be Facebook friends with lawyers because those are not real friendships
Quartz: “Florida’s Supreme Court has ruled on something that most social media users already know: Facebook friendships are not real. Specifically, the court said in a Nov. 15 opinion that a Facebook friendship between a judge and an attorney does not mean the judge is too biased to preside over that attorney’s case. Ruling on an appeal in a case where one side argued a trial court judge should be disqualified because of a Facebook friendship, the court added that even traditional, IRL friendship wouldn’t necessarily be disqualifying, because the nature of friendship is “indeterminate.”
The ruling includes some philosophical musings on the meaning of friendship. For chief justice Charles Canady, who writes for the majority, a real friend, “is a person attached to another person by feelings of affection or esteem.” Meanwhile, a Facebook friend is a “person digitally connected to another person by virtue of their Facebook ‘friendship.’” And a Facebook friendship, he says, “does not objectively signal the existence of the affection and esteem involved in a traditional ‘friendship.’”…

It’s a “kill or die” game. Probably need a bit more subtlety. You can help.
MIT Moral Machine – building human opinions on machine action
Moral Machine – “From self-driving cars on public roads to self-piloting reusable rockets landing on self-sailing ships, machine intelligence is supporting or entirely taking over ever more complex human activities at an ever increasing pace. The greater autonomy given machine intelligence in these roles can result in situations where they have to make autonomous choices involving human life and limb. This calls for not just a clearer understanding of how humans make such choices, but also a clearer understanding of how humans perceive machine intelligence making such choices. Recent scientific studies on machine ethics have raised awareness about the topic in the media and public discourse.
This website aims to take the discussion further, by providing a platform for 1) building a crowd-sourced picture of human opinion on how machines should make decisions when faced with moral dilemmas, and 2) crowd-sourcing assembly and discussion of potential scenarios of moral consequence…”

I’ll have to give it a try.

For my new Security class.

Monday, November 19, 2018

I have an idea for a final exam…
The more you say you know about phishing, the more vulnerable you are … Until you’re hoodwinked
A study in which researchers sent phishing emails to 1,350 students has yielded a startling find: those who believe they know how to tell a phishing scam from a genuine email are actually more susceptible to the attack.
The study by the University of Maryland, Baltimore County (UMBC) involved various phishing tests to assess whether any demographic segments were more susceptible to phishing attacks.

Some interesting things to think about. We probably do it the same way (without the tea).
Inside the British Army's secret information warfare machine
They are soldiers, but the 77th Brigade edit videos, record podcasts and write viral posts. Welcome to the age of information warfare
… Explaining their work, the soldiers used phrases I had heard countless times from digital marketers: “key influencers", “reach", “traction".
… Ever since Nato troops were deployed to the Baltics in 2017, Russian propaganda has been deployed too, alleging that Nato soldiers there are rapists, looters, little different from a hostile occupation. One of the goals of Nato information warfare was to counter this kind of threat: sharply rebutting damaging rumours, and producing videos of Nato troops happily working with Baltic hosts.
Information campaigns such as these are “white”: openly, avowedly the voice of the British military. But to narrower audiences, in conflict situations, and when it was understood to be proportionate and necessary to do so, messaging campaigns could become, the officer said, “grey” and “black” too. “Counter-piracy, counter-insurgencies and counter-terrorism,” he explained. There, the messaging doesn't have to look like it came from the military and doesn't have to necessarily tell the truth.

We hate them, but we use them?
Poll – America sours on social media giants
Axios Poll – Does social media do more to help or hurt democracy and free speech? “Silicon Valley has a big and growing problem: Americans have rising concerns with its most popular products and a growing majority wants big social media companies regulated, according to new poll conducted by Survey Monkey for “Axios on HBO.”
Why it matters: The public is more aware than ever of some of the negative consequences of the technologies that have changed their lives, which makes Silicon Valley and social media ripe political and regulatory targets.
Between the lines: This is a rare topic uniting Republicans, Democrats and Independents…”

For my Software Architects.
Public Attitudes Toward Computer Algorithms
… despite the growing presence of algorithms in many aspects of daily life, a Pew Research Center survey of U.S. adults finds that the public is frequently skeptical of these tools when used in various real-life situations.
This skepticism spans several dimensions. At a broad level, 58% of Americans feel that computer programs will always reflect some level of human bias – although 40% think these programs can be designed in a way that is bias-free.
  • Majorities of Americans find it unacceptable to use algorithms to make decisions with real-world consequences for humans
  • Across age groups, social media users are comfortable with their data being used to recommend events – but wary of that data being used for political messaging

Inventing your own holiday seems to pay off so I’m declaring today “International Buy Your Favorite Blogger a Beer day!”
Alibaba Sold in 1 Day Just as Much as Amazon Sells in 3 Months -- The Motley Fool
Chinese e-commerce leader Alibaba just completed its ninth annual Singles Day sales event and smashed all previous records by selling $30.8 billion worth of goods.
To put that in perspective, the five-day kickoff to the Christmas shopping season that begins on Thursday, Thanksgiving Day, and runs through the following Monday, known as Cyber Monday, generated sales of $19.6 billion. And that's for all of retail. Alibaba's sales figure don't include the sales generated by other Chinese retailers, such as its biggest rival,, which sold $23 billion worth of merchandise (albeit over an 11-day period, though the bulk came on Singles Day itself).
Put another way, it took three months to sell $33.7 billion worth of goods in the third quarter, which also included its best-ever Prime Day event that sold an estimated $3.4 billion – and that was over 36 hours. Alibaba generated over $1 billion in gross merchandise value (GMV) in the first minute and a half and surpassed last year's $25 billion total in just under 15 hours.

Sunday, November 18, 2018

I guess governments do this when they no longer trust anonymous citizens to follow their laws. “We know who you are, we know what you did, and since we know you are guilty, we impose this penalty.”
Angus Berwick of Reuters reports:
  • Venezuela is rolling out a new, smart-card ID known as the “carnet de la patria,” or “fatherland card,” manufactured by Chinese telecom giant ZTE Corp.
  • The ID transmits data about cardholders to government computer servers, and is increasingly linked to subsidized food, health, and other social programs most Venezuelans rely on to survive.
  • The fatherland card, critics argue, illustrates how China, through state-linked companies like ZTE, exports technological know-how that can help like-minded governments track, reward, and punish citizens.
Read more on Business Insider.

The start of the 2020 Election disruption?
Suspected Russian Hackers Impersonate State Department Aide
U.S. cybersecurity experts say hackers impersonating a State Department official have targeted U.S. government agencies, businesses and think tanks in an attack that bears similarity to past campaigns linked to Russia.
The "spear phishing" attempts began on Wednesday, sending e-mail messages purported to come from a department public affairs official.
The State Department said: "The Department is aware of the recent malicious cyber event involving the spoofing (impersonation) of a Department employee reported by U.S. cybersecurity firm FireEye. No Department networks were compromised by this malicious cyber attempt." [The wording makes me wonder what was compromised. Bob]

Nothing really new here. This is the high end of the “Alexa, turn on the lights” AI spectrum. If I’m not ready to trust a self-driving car, I’m going to really have to be convinced that some mini-Terminator can be trusted.
Are Killer Robots the Future of War? Parsing the Facts on Autonomous Weapons
… The decision to use a lethal weapon in battle against combatants has always been a decision made by a human being. That may soon change. Modern advancements in artificial intelligence, machine image recognition and robotics have poised some of the world’s largest militaries on the edge of a new future, where weapon systems may find and kill people on the battlefield without human involvement. Russia, China and the United States are all working on autonomous platforms that pair weapons with sensors and targeting computers; Britain and Israel are already using weapons with autonomous characteristics: missiles and drones that can seek and attack an adversary’s radar, vehicle or ship without a human command triggering the immediate decision to fire.

YouTube is now showing ad-supported Hollywood movies
Last month, YouTube quietly began showing ad-supported movies for the first time, giving viewers access to Hollywood titles including "The Terminator" and "Legally Blonde" for free.

Global Warming! Global Warming! There haven’t been quite as many stories recently.
NASA warns long cold winter could hit space in months bringing record low temperatures
… “The thermosphere always cools off during Solar Minimum. It’s one of the most important ways the solar cycle affects our planet,” explains Mlynczak.
“We’re not there quite yet,” he said of the record cold, “but it could happen in a matter of months."
The most famous example of a prolonged sunspot minimum is the Maunder Minimum, referring to a period around 1645 to 1715 during which sunspots become exceedingly rare.
Maunder coincided with the middle part of the Little Ice Age, when Europe and North America experienced colder temperatures - fuelling speculation that the two were connected.

Saturday, November 17, 2018

It doesn’t have to be a hack, poor management is enough.
Nordstrom shares slide over credit card screw-up
During its third quarter earnings call Thursday, Nordstrom said it had to refund $72 million to some credit card users because it accidentally charged them a higher interest rate. The admission sparked a sell-off Friday, sending the stock down more than 12%.
… Nordstrom's quarterly profit fell 42% because of the credit card refunds. The company said if it wasn't for the screw-up, its earnings would have been "slightly ahead" of its expectations. Sales grew 3%.
The Seattle-based company's recent shift into digital is still paying off. Digital sales grew 20% year-to-date and its website now makes up 30% of its overall business.

Another example of the use of GDPR to force companies into compliance, short of a 4% or revenue fine. “You did it wrong, now do it over!”
Kristof Van Quathem and Anna Oberschelp de Meneses of Covington & Burling write:
On November 9, 2018, the French Supervisory Authority for Data Protection (known as the “CNIL”) announced that it issued a formal warning (available here) ordering the company Vectaury to change its consent experience for customers and purge all data collected on the basis of invalid consent previously obtained.
Vectaury is an advertising network that buys online advertising space on behalf of its customers (advertisers). The company also offers a software tool that advertisers can integrate into their apps to collect geolocation data and information on the device and browser of users.
Read more on Inside Privacy.

For our discussion of “(in)security by design.”
Many ATMs Can be Hacked in Minutes: Report
According to the study, 85% of the ATMs that were analyzed are vulnerable to network-level attacks as means to fraudulently dispense the cash inside. With access to the network to which the machine is connected, an attacker would only need about 15 minutes to compromise the machine, the security researchers say.
The report also shows that 27% of the tested ATMs were vulnerable to the spoofing of processing center, an attack scenario where the connection to the processing center is not properly secured, allowing the attacker to manipulate

(Related) There have been many unsecured databases on AWS recently. This may help, if users take advantage.
AWS rolls out new security feature to prevent accidental S3 data leaks
… Starting today, AWS account owners will have access to four new options inside their S3 dashboards under the "Public access settings for this account" section.
These four new options allow the account owner to set a default access setting for all of an account's S3 buckets. These new account-level settings will override any existing or newly created bucket-level ACLs (access control lists) and policies.
the new settings are meant to work as a master switch that prevents account owners or their employees/developers from accidentally opening S3 buckets and their data to the public by coding or misconfiguration errors at the app/bucket level.

This is not a new type of crime. You give the “kidnappers” all the information they need on social media.
Olympic swimmer Rowdy Gaines said scammers pretended to hold his daughter hostage
Olympic swimmer Rowdy Gaines is issuing a warning after his family almost became victims of a virtual kidnapping scam when they received a disturbing phone call from a stranger saying his daughter was being held hostage.
… Virtual kidnapping scams have been around for almost two decades. FBI Los Angeles Special Agent Erik Arbuthnot said in a 2017 report that it started happening more in the United States in 2015 and scammers typically choose various cities and will then cold-call "hundreds of numbers until innocent people fell for the scheme."

Why Ford Is Getting Into The Scooter Business
… Ford is buying electric scooter company Spin.
Ford and Spin won't confirm the price tag, but reports put the purchase price at $100 million and an overall investment from Ford of $200 million.
… Automakers are trying to broaden their business — to become "mobility" companies rather than just selling cars.
… This wasn't Ford's first foray into scooters and bikes. The automaker funded a project at Purdue University that brought 40 scooters to the West Lafayette, Ind., campus. Ford sponsors GoBike, which offers rentals of regular and electric bikes in the San Francisco Bay Area. Ford also sells its own licensed brand electric scooter through a company called Ojo. The scooters go for about $2,200.
… Another reason fueling Ford's purchase of Spin goes back to the way tech companies make money: collecting personal information, Drury says.
"This is a deal that makes sense because [Ford] will acquire data," he says. "Acquiring and knowing how people are utilizing other modes of transportation in addition to the ones that they already have."

Perspective. #2 is eBay, #5 is Home Depot.
Walmart passes Apple to become No. 3 online retailer in U.S.
Walmart has overtaken Apple to become the No. 3 online retailer in the U.S., according to a report this week from eMarketer. While Amazon still leads by a wide margin, accounting for 48 percent of e-commerce sales in 2018, Walmart – including also Sam’s Club and – is poised to capture 4 percent of all online retail spending in the U.S. by year-end, totaling $20.91 billion.

Apropos of nothing, I think this is an interesting idea.
Pirate Studios raises $20M from Talis Capital for its ‘self-service’ tech-enabled music studios
Pirate Studios, the music technology company that operates fully automated and self-service 24 hour music studios, has secured $20 million. The investment was led by Talis Capital, the London-based VC family office.
… what really sets Pirate Studios apart from a lot of existing rehearsal rooms and music production and recording studios, is that the startup is employing a lot of tech to power the logistics around its service and, in theory, make it a lot more scalable. This includes online booking, 24 hour keycode access, and other IoT controls for managing facilities.
… in just three years, Pirate has grown to 350 studios in 21 locations, including London, New York, and Berlin.

Sounds like my students.

Friday, November 16, 2018

This is changing. The GDPR is only the first of many laws and regulations that will make breaches much more expensive. (Even “material” in the accounting sense.)
Erik Sherman reports:
If you live in the United States, there’s almost a 50 percent chance your personal data was lost in the giant Equifax data breach a year ago of 143 million records. Google had its own data breach in October this year that exposed data on as many as 500,000 accounts. Or the most recent Facebook breach of data from 29 million users. Or, over the last five years alone, major breaches at Anthem, eBay, JPMorgan Chase, Home Depot, Yahoo, Target, Adobe … but you get the point. If it’s day that ends in “day,” there must have been another major data breach that keeps criminal hackers gainfully employed by selling your information.
Bad guys keep getting smarter, experts say. Why not corporations? The short answer is, because it’s not worth their trouble.
Read more on Motherboard.

(Related) For my students.
List of free GDPR resources and templates
  1. Webinars: Supporting you in your GDPR compliance project
  2. Green paper: EU General Data Protection Regulation – A compliance guide
  3. Video: What does the GDPR mean for your business in the UK
  4. Infographic: What the GDPR means in 1 minute
  5. GDPR templates: Documenting your compliance

There is a way, but no one has used it yet (to my knowledge). It requires voting machines to produce a paper voting summary with a random number. All the summaries are then published, in number order for voters to confirm. Any problem matching the voter’s copy with the “official” version is automatically documented. (There are a few more procedural steps, but nothing impossible to implement.)
Was Your Voting Machine Hacked? Without More User-Friendly Devices, We May Not Know
… In their preliminary review of Election Day, officials from the Department of Homeland Security reported vote-casting problems in Alabama, Georgia, Illinois, Indiana, Maine, North Carolina, Texas, and Virginia. But they said they did not detect “an outright hack of voting systems.” Good news, of course. Yet, our antiquated election infrastructure remains, on the whole, so unusable that even if voting machines were more secure, voters would still be acutely vulnerable to misinformation. This failure of “usability” means voters aren’t in a position to properly detect irregularities on the frontlines, a role that security specialists depend on from their end-users.
… When discussing the future of voting in the United States, it is absolutely right to call for verifiable, accurate, secure, and transparent voting systems. But in a world where “hacked,” “tampered,” and “rigged” is on the lips of many voters, we must provide the most important election stakeholders — the voters — with an easy, convenient, and intuitive voting experience.

Consider possible downsides. Could the watch tell your insurer that you are a bad risk? Could you “void” your insurance coverage?
UnitedHealthcare will pay for your Apple Watch if you meet your fitness goals
Back in 2016 UnitedHealthcare and Qualcomm teamed up on a fitness program called Motion. It's an incentive program that can earn you up to $1,460 a year by meeting fitness goals. While it started with a custom wearable, it soon added support for devices from Fitbit and then Samsung and Garmin.

Facebook: It’s where the data is!
Facebook reports a massive spike in government demands for data, including secret orders
Facebook has published the details of 13 historical national security letters it’s received for user data.
… These demands for data are effectively subpoenas, issued by the FBI without any judicial oversight, compelling companies to turn over limited amounts of data on an individual who is named in a national security investigation. They’re controversial — not least because they come with a gag order that prevents companies from informing the subject of the letter, let alone disclosing its very existence.
… (You can read all of the disclosed national security letters here.)
… Facebook’s latest transparency report shows that the number of government demands for data rocketed by 26 percent year-over-year, from 82,341 to 103,815 requests.
The U.S. government’s demands for customer data went up by 30 percent, to 42,466 total requests, Facebook said, affecting 70,528 accounts. The company said that more than half included a non-disclosure clause that prevented the company from informing the user.

(Related) Targeting better ads is very similar to finding high-level terrorists. I suspect Facebook hires people from certain government agencies to apply their skills.
Facebook Filed A Patent To Predict Your Household's Demographics Based On Family Photos
Facebook has submitted a patent application for technology that would predict who your family and other household members are, based on images and captions posted to Facebook, as well as your device information, like shared IP addresses. The application, titled “Predicting household demographics based on image data,” was originally filed May 10, 2017, and made public today. Facebook did not immediately respond to a request for comment, but the patent suggests that the company is interested in exploring the technology, which is intended to help Facebook target advertising more effectively.
… The system Facebook proposes in its patent application would use facial recognition and learning models trained to understand text to help Facebook better understand whom you live with and interact with most. The technology described in the patent looks for clues in your profile pictures on Facebook and Instagram, as well as photos of you that you or your friends post.
It would note the people identified in a photo, and how frequently the people are included in your pictures. Then, it would assess information from comments on the photos, captions, or tags (#family, #mom, #kids) — anything that indicates whether someone is a husband, daughter, cousin, etc. — to predict what your family/household actually looks like.

Lawyers do make mistakes, but this might work as well if it was deliberate. Will Ecuador change it’s mind about asylum?
Filing indicates indictment was prepared for Julian Assange
A court document filed by mistake has revealed that the Justice Department is preparing to criminally charge WikiLeaks founder Julian Assange.
In a slip unearthed by a former U.S. intelligence official and posted on Twitter, Assange’s name appears twice in an August court filing by a federal prosecutor in Virginia — an argument to keep sealed an unrelated case involving an accused child sex criminal.
The prosecutor wrote that the charges and arrest warrant “would need to remain sealed until Assange is arrested in connection with the charges in the criminal complaint and can therefore no longer evade or avoid arrest and extradition in this matter.”
At another point in the document, the prosecutor wrote that “due to the sophistication of the defendant and the publicity surrounding the case, no other procedure is likely to keep confidential the fact that Assange has been charged.”
.. Assange came to prominence after WikiLeaks published secret military and diplomatic documents leaked in 2010 by Pvt. Chelsea Manning.
Manning served 7 years in prison, but WikiLeaks was not prosecuted. Justice Department lawyers concluded at the time that they could not charge Assange and WikiLeaks even as American newspapers, protected by the First Amendment, were publishing the leaked material.
But in recent years, U.S. officials have sought to distinguish WikiLeaks from journalists, as when then-CIA Director Mike Pompeo referred to it as a “hostile non-state intelligence organization.”

Who knew that space could get crowded?
FCC tells SpaceX it can deploy up to 11,943 broadband satellites
The Federal Communications Commission voted to let SpaceX launch 4,425 low-Earth orbit satellites in March of this year. SpaceX separately sought approval for 7,518 satellites operating even closer to the ground, saying that these will boost capacity and reduce latency in heavily populated areas. That amounts to 11,943 satellites in total for SpaceX's Starlink broadband service.

Where my academic world is headed.
Germany pledges €3bn investment in artificial intelligence
Germany will spend €3 billion to boost its artificial intelligence capabilities over the next six years, as part of a belated effort by Berlin to catch up with leading AI nations such as China and the United States.
… The strategy paper also promises the creation of 100 university chairs with a focus on AI, along with additional research centres to complement facilities such as the German Research Centre for Artificial Intelligence (DFKI), which was founded in 1988. In total, Germany is aiming for a network of 12 centres for research, development and application of AI technologies offering “internationally attractive working conditions and pay”.

Thursday, November 15, 2018

Legacy systems get a break, show that you are working to comply and they go easy. My problem is trying to teach students to build systems that are fully compliant from the start.
Ezra Steinhardt of Covington & Burling writes:
Earlier this year, in the run-up to the General Data Protection Regulation’s (“GDPR”) May 25, 2018 date of application, a major question for stakeholders was how zealously the GDPR would be enforced. Now, as the GDPR approaches its six-month birthday, an answer to that question is rapidly emerging. Enforcement appears to be ramping up significantly. In this post, we set out some of the most prominent regulatory enforcement developments so far — but bear in mind other investigations are also proceeding.
Read more on InsidePrivacy.

Interesting idea, but depends on timely notification. By the time anyone who reuses passwords gets notified, hackers have probably already used your password everywhere they can think of. Still, for those of us who follow breaches, it might flag one we missed.
Natasha Lomas reports:
Mozilla is adding a new security feature to its Firefox Quantum web browser that will alert users when they visit a website that has recently reported a data breach.
When a Firefox user lands on a website with a breach in its recent past they’ll see a pop up notification informing them of the barebones details of the breach and suggesting they check to see if their information was compromised.
“We’re bringing this functionality to Firefox users in recognition of the growing interest in these types of privacy- and security-centric features,” Mozilla said today. “This new functionality will gradually roll out to Firefox users over the coming weeks.”
Read more on TechCrunch.

Great new locks installed on the wrong door?
Chip Cards Fail to Reduce Credit Card Fraud in the US
A new study finds that credit card fraud has not declined since the introduction of chip cards in the US. The majority of stolen card information comes from hacked point-of-sale terminals.
The reasons seem to be twofold. One, the US uses chip-and-signature instead of chip-and-PIN, obviating the most critical security benefit of the chip. And two, US merchants still accept magnetic stripe cards, meaning that thieves can steal credentials from a chip card and create a working cloned mag stripe card.
Boing Boing post.

For Users: Makes signing into a new site very simple. For Hackers: Makes hacking the logon process very desirable.
Hmm. This one could result in big numbers.
A notification from Title Nine about Annex Cloud. Annex Cloud is a service provider that you may never have heard of but may have used many times. The notification explains:
Annex Cloud provides a service that enables individuals to use their user name and password from social media and other websites, like Facebook and Google, to login to merchants’ websites, including Annex Cloud recently informed Title Nine that they had detected and removed unauthorized code that had been inserted into Annex Cloud’s systems that operate its login application. In its report, Annex Cloud identified four periods of time when the unauthorized code was present and could have captured information entered during the checkout process on our website. We removed Annex Cloud’s code from our website and mailed letters to those customers to let them know what occurred.
Despite its first report that only identified four time periods, Annex Cloud informed Title Nine that they had identified additional time periods between December 28, 2017 and July 9, 2018 when the unauthorized code was or could have been present. If present, the unauthorized code could have captured information entered during the checkout process on our website. Through October 25, 2018, Title Nine sought additional information from Annex Cloud to determine the transactions that might be involved, and Annex Cloud supplied additional information about their analysis regarding these periods, including their belief that there are certain times inside these additional periods when it cannot be determined if the unauthorized code was present. Thus, we are notifying you because you entered information during the checkout process during a time period when it is possible the unauthorized code may have been present.
What Information Was Involved
The information entered during the checkout process that the code may have been accessed includes name, address, payment card number, expiration date, and card security code (CVV).
So then today, I saw saw this notification from Stein Mart.
I wonder how many more notifications we will see linked to Annex Cloud.

As an old guy, I can remember working with many senior managers who had never touched a computer. That will never be true for anyone starting out today. You have to ask: Did they hire him to program or manage?
Japan's cyber-security minister has 'never used a computer'
Japan's new cyber-security minister has dumbfounded his country by saying he has never used a computer.
Yoshitaka Sakurada made the admission to a committee of lawmakers.
"Since I was 25 years old and independent I have instructed my staff and secretaries. I have never used a computer in my life," he said, according to a translation by the Kyodo news agency.
The 68-year-old was appointed to his post last month.
… But Mr Sakurada responded that other officials had the necessary experience and he was confident there would not be a problem.
However, his struggle to answer a follow-up question about whether USB drives were in use at the country's nuclear power stations caused further concern.
The disclosure has been much discussed on social media where the reaction has been a mix of astonishment and hilarity, with some noting that at least it should mean Mr Sakurada would be hard to hack.

I wonder if this asks all the required questions? Still, it’s a start.
Mozilla ranks dozens of popular ‘smart’ gift ideas on creepiness and security
If you’re planning on picking up some cool new smart device for a loved one this holiday season, it might be worth your while to check whether it’s one of the good ones or not. Not just in the quality of the camera or step tracking, but the security and privacy practices of the companies that will collect (and sell) the data it produces. Mozilla has produced a handy resource ranking 70 of the latest items, from Amazon Echos to smart teddy bears.

I’m going to look at this carefully before I comment. I had a brief vision of TSA Agents standing next to every computer controlled device in the country. Shudder!
Congress Passes Bill Creating Cybersecurity Agency at DHS
The U.S. House of Representatives this week passed a bill that creates a new cybersecurity agency at the Department of Homeland Security (DHS).
The Cybersecurity and Infrastructure Security Agency (CISA) Act, which passed Senate in October, is headed to the president to be signed into law. Congress passed the legislation unanimously.
The bill reorganizes the National Protection and Programs Directorate (NPPD) into the Cybersecurity and Infrastructure Security Agency (CISA), and puts it in charge of cyber and physical infrastructure security.

Finding a balance must be hard. Facebook is missing some content they should take down and taking down some they should not.
70 of the world's leading human rights groups ask Mark Zuckerberg to create due process for censored content
Pam Cowburn from Article 19 sez, "Over 70 civil society groups have written to Mark Zuckerberg asking for Facebook to review its content removal processes and give all users the opportunity to appeal against content takedowns that they think have been made in error."

It’s a people problem.
Billions spent on armored school doors, bulletproof whiteboards and secret snipers
Washington Post: “Although school security has grown into a $2.7 billion market — an estimate that does not account for the billions more spent on armed campus police officers — little research has been done on which safety measures do and do not protect students from gun violence. Earlier this fall, The Washington Post sent surveys to every school in its database that had endured a shooting of some kind since the 2012 killings of 20 first-graders in Newtown, Conn., which prompted a surge of security spending by districts across the country. Of the 79 schools contacted, 34 provided answers, including Sandy Hook Elementary. Their responses to questions about what they learned — some brief but many rich in detail — provide valuable insight from administrators in urban, suburban and rural districts who, as a group, have faced the full spectrum of campus gun violence: targeted, indiscriminate, accidental and self-inflicted.
When asked what, if anything, could have prevented the shootings at their schools, nearly half replied that there was nothing they could have done. Several, however, emphasized the critical importance of their staffs developing deep, trusting relationships with students, who often hear about threats before teachers do. Only one school suggested that any kind of safety technology might have made a difference. Many had robust security plans already in place but still couldn’t stop the incidents…”

My students were adamant that no one could compete with Amazon.
Amazon Go competitor Standard Cognition raises $40 million to expand its cashierless store solution
Cashierless shopping feels a little bit like magic. There’s something indescribably awesome about being able to grab something from a shelf, stuff it in a coat pocket, and waltz away without having to contend with long lines or busted self-checkout machines. That “coolness” factor — along with the significant cost savings cashierless experiences promise — have given rise to a cottage industry of solutions led by standard-bearer Amazon and its Amazon Go chain.
The space’s startups have been mostly retailer-agnostic so far, and it’s no wonder why — brick-and-mortar space is expensive. San Francisco-based Standard Cognition this summer announced a partnership with Paltac in Japan that will see its autonomous checkout solution deployed in 3,000 stores, along with unnamed retailers in North America and Europe — and it’s impressed investors with its progress.

Perspective. My students have been looking at the wider economic impacts.
How Autonomous Vehicles Will Upend Transportation
Knowledge@Wharton: How will it change the trucking industry?
Burns: When you look at an over-the-road tractor, ask yourself: What parts are on that tractor because there’s a driver in it? The windshield, the doors, the seats, the steering controls, the brakes — you begin to get the picture. In fact, the parts you can take off of that tractor will likely cost more than the parts you’re going to add to make it autonomous.
… After this DARPA Urban Challenge, the only company that really stepped up for public road use application of this was Google. Larry Page and Sergey Brin challenged a small team of the participants in that DARPA challenge to come up with a vehicle that could go on public roads and prove the concept out.
The auto industry was in denial for five or six years. We re-create that in Autonomy. We tell the story of how Google got started into this area, and then how some of the engineers on Google’s team reached out to the auto industry and had the door slammed in their face.

The squeaky wheel(My students would agree.)