Tuesday, October 16, 2018

I like to keep my students aware of common security failures.
Weibrecht Law in New Hampshire recently submitted a notification to their state with this explanation of their breach:
On or about Monday September 10th, our office sent an unencrypted electronic copy (“thumb drive”) of a client file via US Postal Service. The envelope that the thumb drive was sent in was received by the recipient, damaged and without the thumb drive enclosed. We immediately contacted the USPS to investigate.
Okay, so far that sounds really familiar, right, although why entities would still send unencrypted thumb drives thru postal mail in 2018 is a bit disheartening. In any event, their report continues (with emphasis added by me):
A representative from our office spoke with a representative in the Claims and Inquiries Department of the USPS in Manchester, NH and learned that all items recovered from the mail processing center are sent to her department. She reported that because this was a common occurrence, she had several buckets of thumb drives that had similarly been torn free from their envelope in the mail sorting process.
Buckets of thumb drives? The possibilities are staggering.
She did a visual review for the USB but did not find it. She also reported that the USPS has its own internal privacy policies that would preclude an employee from actually opening any of the USBs that are recovered.
And we know that employees always rigorously adhere to policies, right?
Based on this information, we do not have reason to believe the information has been accessed by individuals intending to misuse it. In fact, our investigation indicates that the most likely disposition of the thumb drive was that it was destroyed in a post office mail processing machine.
Complete the “write your own misdadventure” starter above.
The law firm has taken steps to provide protective and remediation services and is changing their procedures for sending files, but how much time, money, and potential reputation harm could they have avoided by encrypting files during file transfer?
These lessons are so costly and painful for SMB. I wish we could help more entities avoid having to learn them.

Another common failure and a proper response.
Madison County computer system infected with ransomware
Madison County in Idaho fell victim to a ransomware attack last week, after an employee opened a phishing email asking for money. The IT department spent the week recovering the computer system from the attack, which took place over the three-day Columbus Day weekend.
The entire county network was affected, including payroll systems, sanitation services and the treasurer’s office, making it difficult for officials to conduct business operations. Employees couldn’t send emails and had to use backup data to issue paychecks.
… County Commissioner Brent Mendenhall and Madison County Clerk Kim Muir said they will not pay the ransom and, because the IT department had made backups, they were able to successfully restore the system.

Is this really cheaper than good security?
Insurer Anthem will pay record $16M for massive data breach
The nation’s second-largest health insurer has agreed to pay the government a record $16 million to settle potential privacy violations in the biggest known health care hack in U.S. history, officials said Monday.
The personal information of nearly 79 million people — including names, birthdates, Social Security numbers and medical IDs — was exposed in the cyberattack, discovered by the company in 2015.
The settlement between Anthem Inc. and the Department of Health and Human Services represents the largest amount collected by the agency in a health care data breach, officials said.

Cause and effect.
The Employer Surveillance State
“…In fact, electronic surveillance of employees, through technologies including not just video cameras but also monitoring software, has grown rapidly across all industries. Randolph Lewis, a professor of American Studies at the University of Texas at Austin and the author of Under Surveillance, Being Watched in Modern America, pointed to software that makes it possible for employers to monitor employee facial expressions and tone of voice to gauge their emotional states, such as rage or frustration. Among more conventional surveillance methods, employers can track employees’ website visits, and keep tabs on their employees’ keystrokes. Employers can also monitor employees’ personal blogs, and read their social-networking profiles. In one case in California, a sales executive at a money-transfer firm sued her employer, claiming she had been fired for disabling an app that used employer-issued cell phones to track workers via GPS, even when they were off the clock. (The suit was later settled out of court.) The proliferation of surveillance is due, at least in part, to the rising sophistication and declining cost of spy technology: Employers monitor workers because they can. Michel Anteby, a Boston University sociologist and business scholar who has watched how monitoring impacts employees at the TSA and other workplaces, has also noticed that the more employees are surveyed, the harder they try to avoid being watched, and the harder management tries to watch them. “Most TSA workers we observed do everything possible to stay under the radar, to essentially disappear,” he said. “They try to never speak up, never stick out, do nothing that might get noticed by management,” he said. “This leads to a vicious cycle, whereby management grows more suspicious and feels justified in ratcheting up the surveillance.”

“People? We don’t listen to no stinking people!”
Study: Nearly all unique comments to FCC opposed net neutrality repeal
… Singel discovered that of the 800,000 unique comments posted, 99.7 percent were in favor of net neutrality. His findings were released Monday and first reported by Motherboard.
The report, entitled “Filtering Out the Bots: What Americans Actually Told the FCC about Net Neutrality Repeal," showed that Americans were well-informed on what net neutrality is and made their feelings clear, Singel wrote in a blog post Monday.

My young students don’t know this. My international students don’t know what a “Sears” is. Sad.
Opinion | How Sears Was the Amazon of Its Day
The orders poured in from everywhere — 105,000 a day at one point — so much so that the company became an economic force. It could make or break suppliers by promoting their products. It could dictate terms on manufacturing. Its headquarters city boomed as this tech-driven retailer built huge warehouses and factories and attracted other businesses and rivals. State and local governments complained that the company was harming small-town retailers.
That was Sears, Roebuck & Company in the early 20th century in Chicago.
… Sears became the Amazon of its day because its co-founder Richard Warren Sears harnessed two great networks to serve his enterprise — the railroads and the United States Postal Service. When the Postal Service commenced rural free delivery in 1896 (the “last mile” in today’s jargon) every homestead in America became within reach.
And Richard Sears reached them. He used his genius for advertising and promotion to put a catalog in the hands of 20 million Americans in 1900, when the population was 76 million. The Wish Book […] could run a staggering 1,500 pages and offer more than 100,000 items.

Sounds interesting.
For the Love of Lit - Four Free Webinars for ELA Teachers
This week PBS Education is hosting the first webinar in a four part virtual professional development series called For the Love of Lit. This series features free webinars designed to help ELA teachers engage their students in learning about literature.
The four webinars in the series are as follows:
  • Inspiring Young Authors, with NaNoWriMo founder Chris Baty
  • Including All Readers, with student activist Marley Dias
  • Encouraging Bright Thinkers
  • Cultivating Young Book Lovers
You can register for one or all four registers right here. PD certificates are available for attending each session.

Oh, the horror!
Climate change to double costs of making beer, scientists say

Monday, October 15, 2018

When did the garage door open? Was the TV on? Who came to the front door? The answers to these and thousands of other questions are stored in your IoT devices.
Thomas Brewster reports:
Anyone pumped for this week’s launch of Google’s Home Hub might want to temper their excitement. A smart home is a surveilled home. That’s been the concern of privacy activists since citizens started lighting up their abodes with so-called “smart” tech in recent years.
Take Google’s current smart home division, Nest Labs. It’s been told to hand over data on 300 separate occasions since 2015. That’s according to a little-documented transparency report from Nest, launched a year after the $3.2 billion Google acquisition. The report shows around 60 requests for data were received by Google’s unit in the first half of this year alone.
Read more on Forbes.

For our CJ students.
Criminal Justice Research Network (CJRN)
SSRN – “We are pleased to announce the creation of the Criminal Justice Research Network (CJRN), which focuses on 10 major areas of scholarship. SSRN’s newest network provides a worldwide online community for criminal justice scholars and for the sharing of ideas across a broad spectrum of early-stage research.SSRN had added a new collection of e-journals on criminal law. Subscriptions are currently free. [time period not specified]. You can browse or search the entire CJRN collection of eJournals.”

Question: Will the same be true of homes filled with eBooks?
A large new study finds people who grew up in book-filled homes have higher reading, math, and technological skills
Home Libraries Confer Long-Term Benefits – “We’ve known for a while that home libraries are strongly linked to children’s academic achievement. What’s less certain is whether the benefits they bestow have a long-term impact. A new large-scale study, featuring data from 31 countries, reports they do indeed. It finds the advantages of growing up in a book-filled home can be measured well into adulthood. “Adolescent exposure to books is an integral part of social practices that foster long-term cognitive competencies,” writes a research team led by Joanna Sikora of Australian National University. These reading-driven abilities not only “facilitate educational and occupational attainment,” the researchers write in the journal Social Science Research. “[They] also lay a foundation for lifelong routine activities that enhance literacy and numeracy.” The researchers analyzed data from the Programme for the International Assessment of Competencies. Its surveys, taken between 2011 and 2015, featured adults (ages 25 to 65) in 31 nations, including the United States, Canada, Australia, Germany, France, Singapore, and Turkey.
All participants were asked how many books there were in their home when they were 16 years old. (One meter of shelving, they were told, holds about 40 books.) They chose from a series of options ranging from “10 or less” to “more than 500.” Literacy was defined as “the ability to read effectively to participate in society and achieve personal goals.” Participants took tests that “captured a range of basic through advanced comprehension skills, from reading brief texts for a single piece of information to synthesizing information from complex texts.” Numeracy tests measured the “ability to use mathematical concepts in everyday life,” while IT-related tests “assessed the ability to use digital technology to communicate with others, as well as to gather, analyze, and synthesize information.” The results suggest those volumes made a long-term difference. “Growing up with home libraries boosts adult skills in these areas beyond the benefits accrued from parental education, or [one’s] own educational or occupational attainment,” the researchers report. Not surprisingly, the biggest impact was on reading ability. “The total effects of home library size on literacy are large everywhere,” the researchers report…”

Perspective. The world is becoming Lake Woebegon!
A global tipping point: Half the world is now middle class or wealthier
Brookings report – Half the world is now middle class or wealthier: “…Our “middle class” classification was first developed in 2010 and has been used by many researchers. While acknowledging that the middle class does not have a precise definition that can be globally applied, the threshold we use in this work has the following characteristics: those in the middle class have some discretionary income that can be used to buy consumer durables like motorcycles, refrigerators, or washing machines. They can afford to go to movies or indulge in other forms of entertainment. They may take vacations. And they are reasonably confident that they and their family can weather an economic shock—like illness or a spell of unemployment—without falling back into extreme poverty. By classifying all households in the world into one of these four groups, using income and expenditure surveys from 188 countries, we are able to derive measures of the global distribution of income. Our social enterprise World Data Lab—the maker of World Poverty Clock—has refined these estimates and created a new interactive data model to estimate all income brackets for almost every country for every point in time until 2030 by combining demographic and economic data. A lot has been written about the world’s progress in reducing the number of people living in extreme poverty, as highlighted in the recent Goalkeepers report put out by the Bill and Melinda Gates Foundation. We believe that another story relates to the rapid emergence of the global middle class. This middle class story is probably bigger in terms of the number of people affected. In the world today, about one person escapes extreme poverty every second; but five people a second are entering the middle class. The rich are growing too, but at a far smaller rate (1 person every 2 seconds)…”

Resources. (If true)
Initiatives whose goal is to fight fake news – restore trust in news
“Dozens of new initiatives have launched to confront fake news and the erosion of faith in the media, Axios’ Sara Fischer reports:
  • The Trust Project, which is made up of dozens of global news companies, announced this morning that the number of journalism organizations using the global network’s “Trust Indicators” now totals 120, making it one of the larger global initiatives to combat fake news. Some of these groups (like NewsGuard) work with Trust Project and are a part of it.
  • News Integrity Initiative (Facebook, Craig Newmark Philanthropic Fund, Ford Foundation, Democracy Fund, John S. and James L. Knight Foundation, Tow Foundation, AppNexus, Mozilla and Betaworks)
  • NewsGuard (Longtime journalists and media entrepreneurs Steven Brill and Gordon Crovitz)
  • The Journalism Trust Initiative (Reporters Without Borders, and Agence France Presse, the European Broadcasting Union and the Global Editors Network )
  • Internews (Longtime international non-profit)
  • Accountability Journalism Program (American Press Institute)
  • Trusting News (Reynolds Journalism Institute)
  • Deepnews.ai (Frédéric Filloux)
  • Trust & News Initiative (Knight Foundation, Facebook and Craig Newmark in. affiliation with Duke University)
  • Our.News (Independently run)
  • WikiTribune (Wikipedia founder Jimmy Wales)”

Sunday, October 14, 2018

“We’ve revised our original guesstimate.”
Facebook Says 14 Million Accounts Had Broad Array Of Personal Data Stolen
… Initially, the social media giant estimated that 50 million accounts were affected by the hack but said it was not clear whether any information had been stolen.
Facebook has revised the total number of affected users down to around 30 million. But it has also confirmed that hackers accessed personal details in most of those cases — including, for about half of those users, recent searches and locations.
… Fifteen million of those users had their names and contact details — which could be email addresses or phone numbers — accessed.
In a more serious breach, 14 million people had a wider array of data accessed, including their gender, religion, relationship status, birthday, current city and hometown, device types, education and work history. Hackers also had access to those users' last 15 searches, and the last 10 locations they either checked into or were tagged in by someone else.
The 400,000 people whose accounts were first hacked were most seriously compromised, with hackers viewing their posts, their friend lists, their group memberships and the names of recent message conversations (though not, in most cases, the contents of those messages).

Every face counts? No more, “Hey! Look what I found!” I’m going to sell opaque “Face Proof” evidence bags.
Cops Told ‘Don’t Look’ at New iPhones to Avoid Face ID Lock-Out
… Last month, Forbes reported the first known instance of a search warrant being used to unlock a suspect’s iPhone X with their own face, leveraging the iPhone X’s Face ID feature.
But Face ID can of course also work against law enforcement—too many failed attempts with the ‘wrong’ face can force the iPhone to request a potentially harder to obtain passcode instead. Taking advantage of legal differences in how passcodes are protected, US law enforcement have forced people to unlock their devices with not just their face but their fingerprints too. But still, in a set of presentation slides obtained by Motherboard this week, one company specialising in mobile forensics is telling investigators not to even look at phones with Face ID, because they might accidentally trigger this mechanism.

Perspective. One company’s “Wow!” is an other’s “Oh? I hadn’t noticed.”
DuckDuckGo hits high of 30 million searches in one day
It’s about the same number of searches Google handles in 15 minutes.
DuckDuckGo, a privacy-focused search engine, achieved a new milestone by performing more than 30 million direct searches in a single day.
… Even at its latest peak, DuckDuckGo handles a fraction of a percent of the 3.5 billion searches processed by Google every day.

Saturday, October 13, 2018

It’s time once again for the Privacy Foundation at University of Denver Sturm College of Law to have its fall seminar! It will be taking place October 26th, from 10:00am-1:00pm (with lunch to follow) at the Ricketson Law Building. The topic is: The EU GDPR (General Directive on Privacy Regulation): Impact on the U.S.
Three CLE credits are pending. The seminar will be free to DU Faculty/Staff/Students/Mentors, and $30 for the general public; additional contributions to the Privacy Foundation, a 501 (c) (3) non-profit, are always welcome. You can find all this information and register online at: http://dughost.imodules.com/gdpr.

Sound familiar? All that security stuff is so tedious.
Zack Whittaker reports:
FitMetrix, a fitness technology and performance tracking company owned by gym booking giant Mindbody, has exposed millions of user records because it left several of its servers without a password.
The company builds fitness tracking software for gyms and group classes that displays heart rate and other fitness metric information for interactive workouts. FitMetrix was acquired by gym and wellness scheduling service Mindbody earlier this year for $15.3 million, according to a government filing.
Last week, a security researcher found three FitMetrix unprotected servers leaking customer data.
Read more on TechCrunch.

Expect many, many more.
Twitter Under Formal Investigation for How It Tracks Users in the GDPR Era
… When Twitter (twtr, +3.67%) users put links into tweets, the service applies its own link-shortening service, t.co, to them. Twitter says this allows the platform to measure how many times a link has been clicked, and helps it to fight the spread of malware through dodgy links.
However, privacy researcher Michael Veale, who works at University College London, suspects that Twitter gets more information when people click on t.co links, and that it might use them to track those people as they surf the web, by leaving cookies in their browsers.
As is his right under the new General Data Protection Regulation (GDPR)—the sweeping set of privacy rules that came into effect across the EU in May—Veale asked Twitter to give him all the personal data it holds on him.
The company refused to hand over the data it recorded when Veale clicked on links in other people’s tweets, claiming that providing this information would take a disproportionate effort. So, in August, Veale complained to the Irish Data Protection Commission (DPC), which on Thursday told him it was opening an investigation. As is common with big tech firms, Twitter’s European operations are headquartered in Dublin, which is why Veale complained in Ireland.

Perspective. Artificial people don’t look cartoonish any more.
Magic Leap’s Mica AI Is Like A 21st Century Rorschach Test
Magic Leap introduced a concept called Mica and called it “her” during a section of its 3-hour keynote this week about how an artificial intelligence could operate as an assistant to humans.
I feel like I met in person what Magic Leap showed in its video.

Perspective. Sometimes it’s hard to picture how big the Indian market is.
5 days, $1 billion: Flipkart and Amazon spur Indian smartphone bonanza
The battle for India's online shoppers has triggered a smartphone gold rush.
Flipkart and Amazon are leading an online sales bonanza that will see Indians buy smartphones worth over $1 billion in just five days, according to tech consultancy Counterpoint Research.
Bangalore-based Flipkart said it sold 1 million devices during the first hour of an online phone sale on Thursday that was part of its "Big Billion Days" shopping festival. By the end of the day, it had sold more than 3 million phones.
… More than 300 million Indians now have smartphones, a number that is growing rapidly as tech companies and the Indian government attempt to bring the rest of the country's 1.3 billion people online.

Friday, October 12, 2018

How would you effectively sanction a government intelligence service?
U.K., Netherlands Lead EU Push for New Cyber Sanctions
The U.K., the Netherlands and other European Union governments are pushing the bloc to expand the scope of its sanctions regime to include cyber attacks, following alleged attempts by Russian and Chinese operatives to infiltrate the computer systems of agencies in Europe and the U.S.
The EU has sanctions protocols in place targeting states for violating nuclear and chemical weapons treaties or harboring terrorism. Now the group of countries, that also includes Estonia, Finland, Lithuania and Romania, wants the bloc to introduce a similar system against the individuals and organizations that are behind cyber-attacks, according to a memo obtained by Bloomberg. EU leaders are slated to discuss security next week in Brussels.
… EU sanctions typically take the form of asset freezes against companies and individuals and travel bans against individuals. The bloc also has the ability to apply broader economic penalties – a policy used against Russia over its encroachment in Ukraine.
The group is recommending that cyber penalties focus on individuals and entities. It said the door should also be left open to making cyber-crimes also subject to “sectoral measures.”
… Attributing cyber attacks remains a key hurdle to any sanctions regime, as bad actors often try to fake data points like internet protocol addresses and domain names that could trace back to them. The countries in their memo, however, pointed to detailed and well-researched reports produced by the private sector using open source evidence.
“The lack of an international response leads” actors to conclude that malicious cyber activity is “low cost,” the countries wrote. “Restrictive measures would be a powerful [??? Bob] tool to change behavior through signaling at a political level that malicious cyber activity has consequences.”

Not the smartest advertising slogan…
Facebook disables accounts for Russian firm claiming to sell scraped user data
Facebook disabled 66 profiles and pages run by a company claiming to sell user data scraped off the social network's platform. Facebook also sent a a cease and desist letter to the company, called Social Data Hub, whose CEO was quoted in Russian telling Inc. that his company is similar to Cambridge Analytica.

(Related) “Russians? We don’t need no stinking Russians!” (Also see the article on Congressional adoption of social media, below)
Made and Distributed in the U.S.A.: Online Disinformation
When Christine Blasey Ford testified before Congress last month about Justice Brett M. Kavanaugh’s alleged sexual assault, a website called Right Wing News sprang into action on Facebook.
The conservative site, run by the blogger John Hawkins, had created a series of Facebook pages and accounts over the last year under many names, according to Facebook.
After Dr. Blasey testified, Right Wing News posted several false stories about her — including the suggestion that her lawyers were being bribed by Democrats — and then used the network of Facebook pages and accounts to share the pieces so that they proliferated online quickly, social media researchers said.
The result was a real-time spreading of disinformation started by Americans, for Americans.
… This month, Twitter took down a network of 50 accounts that it said were being run by Americans posing as Republican state lawmakers. Twitter said the accounts were geared toward voters in all 50 states.
On Thursday, Facebook said it had identified 559 pages and 251 accounts run by Americans, many of which amplified false and misleading content in a coordinated fashion. The company said it would remove the pages and accounts.

Government’s dream?
… Though the details are still being worked out, it’s almost certain that all of us will need our genetic information to be safeguarded, even if you do decide to turn down a well-meaning gift of a free DNA test. According to the researchers, it will take only about 2 percent of an adult population having their DNA profiled in a database before it becomes theoretically possible to trace any person’s distant relatives from a sample of unknown DNA—and therefore, to uncover their identity. And we’re getting ever closer to that tipping point.
“Once we reach 2 percent, nearly everyone will have a third cousin match, and a substantial amount will have a second cousin match,” Erlich explained. “My prediction is that for people of European descent, we’ll reach that threshold within two or three years.”

The world my students will live in.
A Future Where Everything Becomes a Computer Is as Creepy as You Feared
… The industry’s new goal? Not a computer on every desk nor a connection between every person, but something grander: a computer inside everything, connecting everyone.
Cars, door locks, contact lenses, clothes, toasters, refrigerators, industrial robots, fish tanks, sex toys, light bulbs, toothbrushes, motorcycle helmets — these and other everyday objects are all on the menu for getting “smart.” Hundreds of small start-ups are taking part in this trend — known by the marketing catchphrase “the internet of things” — but like everything else in tech, the movement is led by giants, among them Amazon, Apple and Samsung.

I suspect each member hires people who actually understands social media to Tweet, mail, post, blog or whatever. Do they understand the impact of those whatevers? Do they actually analyze the input they (could) receive?
Social Media Adoption by Members of Congress: Trends and Congressional Considerations
“Communication between Members of Congress and their constituents has changed with the development of online social networking services. Many Members now use email, official websites, blogs, YouTube channels, Twitter, Facebook, and other social media platforms to communicate—technologies that were nonexistent or not widely available just a few decades ago. Social networking services have arguably enhanced the ability of Members of Congress to fulfill their representational duties by providing them with greater opportunities to share information and potentially to gauge constituent preferences in a real-time manner. In addition, electronic communication has reduced the marginal cost of communications. Unlike with postal letters, social media can allow Members to reach large numbers of constituents for a fixed cost. This report examines Member adoption of social media broadly. Because congressional adoption of long-standing social media platforms Facebook, Twitter, and YouTube is nearly ubiquitous, this report focuses on the adoption of other, newer social media platforms. These include Instagram, Flickr, and Google+, which have each been adopted by at least 2.5% of Representatives and Senators. Additionally, Members of Congress have adopted Snapchat, Medium, LinkedIn, Pinterest, Periscope, and Tumblr at lower levels. This report evaluates the adoption rates of various social media platforms and what the adoption of multiple platforms might mean for an office’s social media strategy. Data on congressional adoption of social media were collected by an academic institution in collaboration with the Congressional Research Service during the 2016-2017 academic year. This report provides a snapshot of a dynamic process. As with any new technology, the number of Members using any single social media platform, and the patterns of use, may change rapidly in short periods of time. As a result, the conclusions drawn from these data cannot necessarily be generalized or used to predict future behavior..”

When lawyers go to far…
Champagne Remark May Cost Lawyer $289 Million Bayer Award
The lawyer most responsible for winning a $289 million verdict against Bayer AG may end up wiping it out.
Brent Wisner was the lead trial attorney who in August convinced a jury that Monsanto Co.’s Roundup weed killer caused his client’s cancer. His compelling arguments and marshaling of evidence resulted in a blockbuster verdict that has spooked investors looking ahead to thousands of similar lawsuits across the U.S. pending against Monsanto, which Bayer acquired in June.
But Wisner’s closing arguments at trial irked the judge handling the case so profoundly that she’s considering tossing the verdict and ordering a new trial. The lawyer told jurors that Monsanto executives in a company board room were "waiting for the phone to ring" and that "behind them is a bunch of champagne on ice," according to a court filing. He said that “if the damages number isn’t significant enough, champagne corks will pop.”
At a hearing Wednesday, San Francisco Judge Suzanne Ramos Bolanos cited a number of reasons why she’s inclined to set aside or dramatically cut the verdict. But she singled out the champagne comment as she questioned whether Wisner’s impassioned rhetoric crossed a line. Wisner also told jurors their decision could “change the world” and they could become a “part of history.” Bolanos said the comments may prove “sufficiently prejudicial” to warrant a new trial.

Perspective. Automating fulfillment centers could save Amazon $15 per hour times a couple of hundred thousand employees.
CommonSense Robotics launches micro-fulfillment center in Tel Aviv
Imagine if your neighborhood grocery or convenience store offered one-hour, on-demand fulfillment — not through intermediaries like Postmates or Instacart, but entirely in-house — and made a profit on every order. As fantastical as the idea might seem, that’s the promise of CommonSense Robotics, an Israeli micro-fulfillment startup that today launched its first autonomous sorting and shipping center in downtown Tel Aviv.
… thanks to a combination of robotic sorting systems and artificially intelligent (AI) software, it can prepare orders faster than the average team of human workers — typically in less than three minutes.

Something to mention to my students.
Expert attorneys command 4 figure hourly billing fees
The Business Journals [paywall]: “Boston-based Ropes & Gray partner Douglas Meal, one of the most sought-after data privacy and cybersecurity attorneys in the country, typically charges $1,550 an hour for his services, according to a recent court filing. The filing offers a rare public glimpse into what some of the attorneys at Boston’s largest law firm bill on an hourly basis. It was made last week in a landmark case before a federal appeals court over the Federal Trade Commission’s ability to punish businesses for consumer data breaches. Ropes and other firms that worked on the case are asking the court to require the U.S. government to pay their attorneys’ fees, which is sometimes allowed in cases involving the government. Ropes’ client, an Atlanta medical laboratory named LabMD, is now out of business because of the litigation brought against it by the FTC [added link to FTC case summary, timeline and filings/documents], according to the firm. The appeals court sided with LabMD and against the FTC in the case. Ropes disclosed the typical hourly rates of Meal and other attorneys to show the court that they are offering to take a significant discount for their work on the case…”

Thursday, October 11, 2018

Another case of ignoring basic security procedures.
Zack Whittaker reports:
Navionics, an electronic navigational chart maker owned by tech giant Garmin, has secured an exposed database that contained hundreds of thousands of customer records.
The MongoDB database wasn’t secured with a password, allowing anyone who knew where to look to access and download the data.
The company’s main products give boat, yacht and ship owners better access to real-time navigation charts, and boasts the “world’s largest cartography database.”
Bob Diachenko, Hacken.io’s newly appointed director of cyber risk research, said in a blog post that the 19 gigabyte database contained 261,259 unique records, including customer names and email addresses.
Read more on TechCrunch.

Automating the legal process.
DoNotPay launches tools to lock security down, sue after hacks
First Joshua Browder went after parking tickets, building a bot that helped hundreds of thousands of users challenge their fines.
Then, the 21-year-old student broadened his focus, expanding into everything from landlord disputes to chasing compensation for lost luggage on flights.
In 2018, Browder took aim at Equifax after a data breach exposed the personal data the firm held on tens of millions of Americans, and his app DoNotPay was used to help file 25,000 lawsuits against the company.
The British entrepreneur is now expanding into privacy and data security. On Wednesday, he announced that DoNotPay will now help users easily lock the privacy settings on their social media accounts — and help sue those companies that expose users' data through hacks and breaches.
… DoNotPay is a tool that provides automated, free legal assistance. The user writes in what they need help with, and they're then asked relevant questions before being given appropriate documentation or guidance on how to tackle their problem — from flight refunds to maternity leave requests — sidestepping the need for traditional (and costly) legal guidance.
There's two strands to Wednesday's update. The first is focused on privacy, and helps users lock down their accounts from prying eyes. It automatically makes a series of what Browder calls "no brainer" changes to users' settings on Facebook, Instagram, and Twitter — like disabling personalized Twitter ads, deleting your call and text history from Facebook, and stopping other accounts seeing when you're online on Instagram.
[The iOS App is free at: https://itunes.apple.com/app/id1427999657 Bob]

No good deed goes unpunished?
uja Amin of Womble Bond Dickinson writes about a complaint that may be of interest to some readers:
…Just before the alert was sent out, Judge Katherine Polk Failla, rejected three self-represented New Yorkers’ request for a preliminary injunction to halt the test of the Presidential Alert system, apparently finding Plaintiffs’ claims “too speculative.” The New York Plaintiffs had filed its lawsuit, Nicholas v. Trump, case number 1:18-cv-08828, on September 26, 2018 in the Southern District Court of New York against Donald Trump and the head of FEMA, arguing that the new system violates First and Fourth Amendments of the U.S. Constitution.
In their complaint, the Plaintiffs proclaim that they are “American citizens who do not wish to receive text messages, or messages of any kind, on any topic or subject, from Defendant Trump.” Citing the Carpenter v. United States decision we discussed here on TCPALand a few months back, Plaintiffs allege that these messages allow the government “to trespass into and hijack” cellular devices without explicit consent, which violates the “Fourth Amendment right to privacy in their cellular devices.”
Read more on National Law Review. And thanks to Joe Cadillic for sending along this one!

Exactly what I tell my students. Almost.
Technology, Evidence, and Its Procedural Rules
Chasse, Ken, Technology, Evidence, and Its Procedural Rules (September 15, 2018). Available at SSRN: https://ssrn.com/abstract=3249947 or http://dx.doi.org/10.2139/ssrn.3249947
“The rules of procedure that govern proceedings concerning discovery, disclosure, and admissibility have to be flexibly applied to fit each technology that produces the evidence being dealt with because technology cannot be made to change its nature to suit rules of procedure. That is particularly important for those sources of very frequently used kinds of evidence such as, electronic records management systems (records now being the most frequently used kind of evidence), mobile phone tracking evidence, breathalyzer/intoxilyzer devices, and, TAR (technology assisted review) software programs that are used to conduct the “records review stage” of electronic discovery proceedings. Motivations to limit the time and cost of legal proceedings by limiting the issues to be decided are now outmoded because the more complex the sources of evidence become, the greater are the number and complexity of issues of law and fact that must be decided to determine the reliability of such evidence and adequacy of its production. And, the more complex a technology, the more ways it has to break down. And so, a motor vehicle has more ways, and therefore a greater probability to perform inadequately than does a bicycle. As a result, when society becomes dependent upon a more complex technology, legal proceedings must be expected to take longer and cost more. And so, mass transportation based upon motor vehicles, has imposed a vastly greater burden upon the justice system than did mass transportation based upon horses. But technology is constantly changing and so lawyers’ education has to change accordingly so that they can challenge the reliability of complex technology’s sources of evidence. Specialist legal research lawyers, able to advise all lawyers as to the nature and vulnerabilities of such technology will have to be formally recognized by law societies, and made available in law society-sponsored centralized legal research support services, operated at cost, per case so serviced. How else to provide the legal profession at large with such complex and ever-changing information with which to compose its cross-examinations and arguments adequately? That includes arguments as to why and how the rules of procedure must be flexibly applied so as to know, for example, the exact point at which the onus of proof can in fairness be transferred to the opposing party to provide “evidence to the contrary.” Given that technology is a constantly evolving, moving target, how to teach lawyers and law students about such factors as, software errors rates and architecture, the strengths and vulnerabilities of particular technologies, its national and international standards, and the requirements for its adequate manufacture, usage, and maintenance? Very little of that has an adequate legal infrastructure. Manufacturing motor vehicles allegedly does. Nevertheless, every year its manufacturers must recall millions of automobiles that they have inadequately made.
Technology that produces such evidence raises issues as to the reliability of software. The technical literature warns repeatedly, we trust software far too much. And so knowledge of technology is essential to “doing justice.” Otherwise, by default lawyers treat its sources of evidence as being infallible. It is far from that. And therefore, so are the rules of procedure that govern the use of such evidence. Blame lawyers; not judges. Judges must decide cases using only the evidence and argument provided by lawyers. Their purpose is to decide disputes; not to educate lawyers. The legal profession is just another industry that must keep up with technology in law and practice, or be bypassed by technology…”

Can Senators identify fake news?
Pentagon says memo asking for Broadcom-CA deal review is likely fake
The U.S. Department of Defense said on Wednesday that a memo purporting to show the Pentagon asking for a national security review of chipmaker Broadcom Inc’s $19 billion deal to buy software company CA Technologies was likely fake.
… The Pentagon is looking into who wrote the fake memo, according to a spokeswoman. She said they considered it likely to be fake based on an initial assessment.
… Senator Rand Paul’s office, however, reiterated his call for a national security review of the deal, denying that a memo was behind the lawmaker’s request for a review.

IFPI Report Finds Streaming Continues to Rise, YouTube Dominates Online Listening
… streaming continues to dominate music listening, with 86% of respondents engaging in music that way, with 57% in the 16- to 24-year-old demo using a paid audio service. Another finding shows nearly half of the time spent listening to on-demand music is through YouTube, with 52% of that total on video streaming, 28% on paid audio streaming and 20% on free audio streaming.
… Still copyright infringement remains an issue, with 38% of consumers obtaining music through infringing methods, stream ripping dominating with 32% of the audience.

EU hijacking: self-driving car data will be copyrighted...by the manufacturer
Today, the EU held a routine vote on regulations for self-driving cars, when something decidedly out of the ordinary happened...
The autonomous vehicle rules contained a clause that affirmed that "data generated by autonomous transport are automatically generated and are by nature not creative, thus making copyright protection or the right on databases inapplicable."
This is pretty inoffensive stuff. Copyright protects creative work, not factual data, and the telemetry generated by your car – self-driving or not – is not copyrighted.
But just before the vote, members of the European Peoples' Party (the same bloc that pushed through the catastrophic new Copyright Directive) stopped the proceedings with a rare "roll call" and voted down the clause.
In other words, they've snuck in a space for the telemetry generated by autonomous vehicles to become someone's property.

Amazon recently made headlines by announcing that it would voluntarily increase its minimum hourly wage to $15. With a federal minimum wage of only $7.25, this pledge might seem like a curious decision — especially for a company as laser-focused on cost containment as Amazon. But thinking only about the costs involved in raising wages misses a key issue: pay hikes can also boost workplace productivity.
Given Amazon’s well-deserved reputation as a data-driven (and long-term oriented) company, you can bet that Amazon’s management team has done the analysis and figured out that paying employees more is, from a business perspective, more benefit than cost. They’re not the first company to make a decision like this — most notably, Walmart set a minimum wage of $11 earlier in 2018 — and we hope others come to realize that paying workers more can be a matter of enlightened self-interest.
… First, higher wages allow firms to attract and retain better employees (assuming competitors don’t follow suit and raise their wages as well). But there is an important — and often overlooked — second effect. Paying wages that are above the market rate (known within economics as “efficiency wages”) can also be an important motivating force for your existing employee base. The intuition is straightforward: higher wages makes a job more desirable. This leads to a larger applicant pool waiting to take over when openings occur, and makes it easier to replace a slacker employee. It also means that workers have more to lose by slacking off — who cares if you’re fired from a $7.25 an hour job, but where else will you find somewhere that pays $15 per hour?
The concept of efficiency wages is an old idea, dating back at least to Henry Ford’s introduction of the “five dollar day” in 1914, at a time when the daily wage at manufacturing plants near his Highland Park factory was $2.30. Ford himself called it his finest cost-cutting move, because of the boost to productivity that came as a result.

For my Android users.

Wow! I just said the same thing to my boss.

Wednesday, October 10, 2018

Very familiar security problems, very weak excuses.
Cyber Tests Showed 'Nearly All' New Pentagon Weapons Vulnerable To Attack, GAO Says : NPR
The Pentagon only recently made cybersecurity a priority, the Government Accountability Office says in a new report, which found vulnerabilities in weapons that are under development.
Passwords that took seconds to guess, or were never changed from their factory settings. Cyber vulnerabilities that were known, but never fixed. Those are two common problems plaguing some of the Department of Defense's newest weapons systems, according to the Government Accountability Office.
The flaws are highlighted in a new GAO report, which found the Pentagon is "just beginning to grapple" with the scale of vulnerabilities in its weapons systems.
… The most capable workers – experts who can find vulnerabilities and detect advanced threats – can earn "above $200,000 to $250,000 a year" in the private sector, the GAO reports, citing a Rand study from 2014. That kind of salary, the agency adds, "greatly exceeds DOD's pay scale."
In a recent hearing on the U.S. military's cyber readiness held by the Senate Armed Services Committee, officials acknowledged intense competition for engineers.

Is AI really different or just difficult to understand?
Brookings – A blueprint for the future of AI
John R. Allen – President, The Brookings Institution: “Emerging technologies of the 21st century are poised to fundamentally transform modern society. Artificial intelligence, advanced robotics, and other emerging technologies are upending everything from transportation to manufacturing to health care, and as these and related technologies mature, they will have far-reaching impacts over our work, our lives, our security, and our politics. From gene-editing to quantum computing, each of these technologies represent substantial challenges and novel solutions to myriad problems, and are just a glimpse of what the future holds. And if society is to fully embrace the full range of social and political changes that these technologies will introduce, then we need to be thinking now about how best to maximize the benefits of these technologies while minimizing the risks to humanity along the way. The research community has a critical role to play in informing policymakers of the coming challenges associated with emerging technologies, and here, Brookings intends to be a leader. As a part of a new effort, an impressive assembly of the Institution’s scholars have stepped forward to address the complex challenges associated with emerging technologies within the context of their relevant areas of expertise. Each of the papers in this series grapples with the impact of an emerging technology on an important policy issue, pointing out both the new challenges and potential policy solutions introduced by these technologies. This compendium showcases in no uncertain terms the enormity of the changes to come, as well as many of the key policy imperatives as we move forward in the 21st century.”

(Related) Helping my students get jobs.
Make Data a Cornerstone of Your Team
If you were entering the job market in the early 90s, most job descriptions included “Macintosh experience” or “excellent PC skills” in their preferred qualifications. This quickly became a requirement for even the most non-technical jobs, forcing people across every industry and age group to adapt with the changing times, or risk getting left behind.
Today, the bar for computer proficiency is set much higher. There’s an ever-increasing demand for people who can leverage software to analyze, understand, and make day-to-day business decisions based on data. Data Science is now a quickly growing discipline, giving people with any kind of data expertise a serious competitive edge.
Corporate leaders are becoming convinced of the impact that effective data collection and analysis can have on the bottom line, from tracking daily reports against Key Performance Indicators to make informed decisions on where to spend marketing dollars, to monitoring and evaluating customer communications to adjust product offerings. Many are investing heavily in hiring talent with data skills and building out data proficiency across the organization.