Wednesday, August 19, 2015

Still paying for the breach.
Target to Settle Claims Over Data Breach
Target Corp. agreed to reimburse thousands of financial institutions as much as $67 million for costs incurred from a massive 2013 data breach that damaged the retailer’s reputation with shoppers and cut into sales.
… Target also said it is working with MasterCard Inc. on a similar deal for its card issuers.
The size of the two settlements could rival a 2010 agreement in which Heartland Payment Systems Inc. agreed to pay more than $100 million to Visa and MasterCard for a large 2008 breach.
Target’s data breach exposed 40 million credit and debit cards to fraud during the 2013 holiday season.
… The exact amount of fraud that resulted from the Target breach still isn’t known. Trade groups representing community banks and credit unions estimate that they spent more than $350 million to reissue credit and debit cards and deal with other issues tied to the Target breach and the subsequent Home Depot hack.

(Related) Apparently, the breach didn't turn customers away.
Target’s Earnings Beat Estimates After CEO Reins In Expenses

I doubt this embarrasses them at all...
People searching for the Ashley Madison data on Pirate Bay will also find ... an ad for Ashley Madison
… And, in a further embarrassment for Ashley Madison, people looking to get their hands on the data by searching the popular bittorrent indexer The Pirate Bay have also been served banner ads for Ashley Madison.

Interesting argument?
The Madison Record reports:
Yahoo answers a class action complaint of privacy invasion by pleading that no one can call its scanning practices surreptitious.
Yahoo’s scanning of emails has been the subject of media reports for years,” Peter Herzog of St. Louis wrote on Aug. 17.
He moved to dismiss a suit that Kaylynn Rehberger of Highland filed at U.S. district court in June, alleging violation of the Illinois Eavesdropping Statute.
Read more on Madison Record.

We knew that, right?
Henry Farrell reports:
Facebook’s privacy practices have always been controversial. It doesn’t charge its users–because its users are the product. The company sells information on its users, their social networks, services they like, and a multitude of other forms of information to advertisers and marketers. This gives Facebook a strong incentive to push privacy boundaries constantly, since the more personal information Facebook gathers on its users, the more money Facebook will be able to make by selling this information on to marketers.
This has meant, for example, that Facebook has frequently changed its privacy policies, often in confusing ways. Jennifer Shore and Jill Steinman, two undergraduate students at Harvard have just published a new research article in Technology Science showing that, over time, these changes have led to Facebook’s privacy policy becoming much, much worse.
Read more on Washington Post.

A tool for anyone who does not want people reading over their shoulders?
Confide brings ephemeral messaging to desktop, with Mac and Windows clients
When off-the-record messenger Confide launched more than a year ago, its main goal was to secure business communications. It started by making a mobile app for ephemeral text messaging and then expanded to include document and photo sharing. Now the company is rolling out a desktop version for both Windows and Mac to help employees share sensitive documents without having to reach for their phone.
… To make its app more widely available, Confide will be launching a paid business version later this year.
The service will allow businesses to deploy Confide broadly, rather than relying on individuals to download the app. Confide in its current incarnation is free, but Co-founder Jon Brod says the enterprise level Confide will charge companies a monthly fee per-user when it does launch.

For my Computer Security students. The Coasties are unusually effective, I think because of a very low BS factor. Let's follow this.
Maritime Experts Gather to Define Cybersecurity Research Challenges
In June, the Maritime Cyber Research Summit (MCRS) was held at the Cal Maritime Safety and Security Center. This summit was an intensive focus session on maritime cybersecurity risks and vulnerabilities.
… In a fortuitous combination of events, the USCG released its Cyber Strategy (PDF) one day prior to the event, which was made available to all MCRS participants.
… The purpose of the summit was to address the research challenges put forth by Vice Admiral Chuck Michel during the Maritime Cyber Security Symposium. The admiral challenged the assembled academics, industry, and federal, state, and local attendees to leverage their collective capability to help the USCG rigorously explore research areas and identify research priorities.
… During the summit, participants fleshed out six research challenges, identifying key priority topics and important research questions. The challenge areas are as follows:
  1. Vulnerabilities: What analysis could be employed to identify the greatest cyber vulnerabilities in the maritime domain/Maritime Transportation System (MTS), both shipboard and ashore?
  2. Resilience: Identify the best options for operational and systems cyber resilience. This research would include definition, operational, and legal considerations.
  3. Threats: What analysis framework and tools could be used to map and predict dynamic maritime cyber threats?
  4. Impacts: What framework should be employed for impact analysis for the MTS? What are the cascading consequences to the nation and economy of a cyber incident?
  5. Critical Points: What approach should be used to conduct nodal analysis to identify single points of failure for maritime cyber events within the MTS, including navigation systems?
  6. Info Sharing: How would a framework for network analysis be developed to support optimal information sharing with partners to address maritime cyber issues?

See? It's not just police-cams and license plate readers and cellphone interception and facial recognition and …
Internet Technology Could Aid Police, Courts and Prisons; Resolving Privacy Issues Key to Future Use
New Internet-based technology may aid criminal justice agencies through tools such as better criminal databases, remotely conducted criminal trials and electronic monitoring of parolees in the community, according to a new RAND Corporation study.
Top criminal justice priorities for new Internet tools include developing a common criminal history record that can be shared across agencies, developing real-time language translation tools and improved video displays for law enforcement officers to adapt to changing needs, according to the analysis.

Background for my IT Governance class as we consider unregulated technologies.
Regulation of Emerging Risks
by Sabrina I. Pacifici on Aug 18, 2015
Wansley, Matthew, Regulation of Emerging Risks (August 17, 2015). Vanderbilt Law Review, Forthcoming. Available for download at SSRN:
“Why has the EPA not regulated fracking? Why has the FDA not regulated e-cigarettes? Why has NHTSA not regulated autonomous vehicles? This Article argues that administrative agencies predictably fail to regulate emerging risks when the political environment for regulation is favorable. The cause is a combination of administrative law and interest group politics. Agencies must satisfy high, initial informational thresholds to regulate, so they postpone rulemaking in the face of uncertainty about the effects of new technologies. But while regulators passively acquire more information, fledgling industries consolidate and become politically entrenched. By the time agencies can justify regulation, the newly entrenched industries have the political capital to thwart them. This Article offers a prophylactic against this predictable regulatory failure. It defends an experimentalist model of regulation, in which agencies are empowered to impose moratoria on risky emerging technologies while regulators organize experiments to learn about the risks they pose and the means to mitigate them. The agency-coordinated experiments would expedite the promulgation of empirically informed rules. The moratoria would extend the political window for regulatory action and protect the public in the interim. The Article applies this experimentalist model to the regulation of fracking, e-cigarettes, and autonomous vehicles. It also identifies legal strategies for implementing experimental regulation under existing law. It challenges the conventional wisdom that agencies should postpone regulation until they can confidently predict the effects of new risky technologies.”

(Related) Speaking of unregulated... Another article for my future executives. (That's you, students!)
McKinsey – An executive’s guide to the Internet of Things
by Sabrina I. Pacifici on Aug 18, 2015
“As the Internet of Things (IoT) has gained popular attention in the five years since we first published on the topic, it has also beguiled executives. When physical assets equipped with sensors give an information system the ability to capture, communicate, and process data—and even, in a sense, to collaborate—they create game-changing opportunities: production efficiency, distribution, and innovation all stand to benefit immensely. While the consumer’s adoption of fitness bands and connected household appliances might generate more media buzz, the potential for business usage is much greater. Research from the McKinsey Global Institute suggests that the operational efficiencies and greater market reach IoT affords will create substantial value in many industries. (For more, see the video “What’s the one piece of advice for a business leader interested in the Internet of Things?” And to see how experts believe the Internet of Things will evolve, see “The Internet of Things: Five critical questions.”)

She doesn't seem “above the fray” rather she seems “deliberately ignorant” for someone who must know the questions will be asked again and again.
Hillary Clinton had a testy press conference filled with questions about her email server
Democratic presidential front-runner Hillary Clinton endured an at-times combative press conference Tuesday, during which she could not answer whether her email server, which was turned over to the FBI last week, had been "wiped" clean of data.
… "What, like with a cloth or something?" Clinton joked, before saying she didn't "know how it works digitally at all." [You'd think she would ask. Bob]
… Two sources close to the FBI investigation told NBC that an "attempt" was made to wipe Clinton's server sometime before it was handed over to the FBI. (It is unclear, however, when that attempt was made.) But federal agents are reportedly confident they can recover at least some of the deleted files.

This should be really interesting.
The government wants your Yelp reviews
… Yelp on Tuesday announced it reached a terms of service agreement with the federal government that will allow agencies and branch offices to set up their own Yelp pages and respond to constituent comments.
… “With the addition of Public Services and Government under the Yelp umbrella, agencies can continue to find new ways to use customer insights to improve citizen services,” said Justin Herman, who works for DigitalGov, within the General Services Administration.
Herman revealed the agreement earlier this month in a little noticed blog post.
It is unclear exactly which agencies and branch departments will utilize the new tool. A host of government pages have existed for years for local post offices, libraries and TSA posts.
The agreement will allow those branches to claim the existing pages if they want.

Making my students employable.
The 59 Commandments of Business Networking

Not free, but I bet my students will want it anyway.
This new dictation app is more powerful than any you've ever seen
Nuance plans to launch its new Dragon Anywhere dictation app this fall on iOS and Android, the Verge reports.
Most of us already have basic dictation features that come with our phones, but this app is much more powerful than any of the features offered by Apple and Google. Those companies’ features require you to constantly stop and wait, and with varying levels of success. Dragon Anywhere, on the other hand, has proved to be “quite accurate.”
… The only downside about this app is that it will exclusively be available as a subscription, the price of which has yet to be determined because running the servers to keep up with all the transcriptions will be expensive for Nuance. The desktop application will be sold at a flat rate.

Another toy for my students. (Digest Item #2)
Get Stephen Hawking’s Voice Software
The speech software that gives Stephen Hawking a voice despite his severe physical disabilities is now available for free. Intel has released the Assistive Context-Aware Toolkit (ACAT) as open-source code in the hopes that developers will expand its capabilities to a wider range of disabilities.
ACAT allows Hawking to express himself using nothing more than small facial movements, which are translated into text. The software has allowed Hawking, the world’s most famous theoretical physicist, to enjoy a long and illustrious career despite being diagnosed with ALS (amyotrophic lateral sclerosis) at the age of 21.
Sai Prasad, ACAT’s project owner, said, “Our hope is that, by open sourcing this configurable platform, developers will continue to expand on this system by adding new user interfaces, new sensing modalities, word prediction and many other features”. The software and user guide can be found on Github.

Dilbert on “undue reliance.”

No comments: