Thursday, June 22, 2017

Reports are still dribbling in. 
Honda Halts Production at Japan Plant After Cyber Attacks
Honda said Wednesday it had temporarily halted production at a plant in Japan after it suffered a cyberattack from the same ransomware that struck hundreds of thousands of computers worldwide last month.
The Japanese automaker said it had shut its plant in Sayama, near Tokyo, on Monday after discovering its computer system was infected with the so-called WannaCry virus.
The virus encrypts computer files, making them inaccessible until users pay a ransom.
"The malware affected the production of about 1,000 cars," a Honda spokeswoman told AFP, adding that production restarted on Tuesday.
   In May, French auto giant Renault was hit, forcing it to halt production at sites in France, Slovenia and Romania as part of measures to stop the spread of the virus.
Nissan's British unit in Sunderland was also hit in the attack.
   Japanese conglomerate Hitachi was also affected, saying its computer networks were "unstable", crippling its email systems.

I’m surprised it took so long.
Natasha Bertrand reports:
A data-analytics firm hired by the Republican National Committee last year to gather political information about US voters accidentally leaked the sensitive personal details of roughly 198 million citizens earlier this month.  And it’s now facing its first class-action lawsuit.
Deep Root Analytics, a data firm contracted by the RNC, stored details of about 61% of the US population on an Amazon cloud server without password protection for roughly two weeks before it was discovered by security researcher Chris Vickery on June 12.
The class-action lawsuit, filed by James and Linda McAleer of Florida and all others similarly situated, alleges Deep Root failed to “secure and safeguard the public’s personally identifiable information such as names, addresses, email addresses, telephone numbers, dates of birth, browsing history, and voter ID number, which Deep Root collected from many sources, including the Republican National Committee.”
Read more on Business Insider.
So here’s the thing, again.  Where’s the demonstrate of injury?  Spoiler alert: there doesn’t seem to be any.  According to Bertrand, the complaint says that those exposed in the data breach may be vulnerable to identity theft and “a loss of privacy,” and argue that the “actual damages” exceed $5 million.
Well, a lot of courts have already held that increased probability of possible harm does not confer standing.  And “loss of privacy?”  Well, that should be a cognizable harm or injury, but is it?
As bad as this misconfiguration/exposure seems, is this a case of “what might have been” or a case of “what happened?”  And either way, is what happened anything much more than publicly available information being made more conveniently publicly available? 

Keeping up with the e-criminals?
IC3 Issues Internet Crime Report for 2016
by Sabrina I. Pacifici on Jun 21, 2017
“The Internet Crime Complaint Center (IC3) has released its 2016 Internet Crime Report, describing the numbers and types of cyber crimes reported to IC3.  Business Email Compromise (BEC), ransomware attacks, tech support fraud, and extortion are all common schemes affecting people in the U.S. and around the world. US-CERT encourages users to review the 2016 Internet Crime Report for details and refer to the US-CERT Security Publication on Ransomware for information on defending against this particular threat.” [thanks Pete Weiss]

Another perspective.
Average Cost of Data Breach Drops Globally, Rises to $7.35 Million in U.S.
The 2017 IBM Security and Ponemon Institute annual report on the cost of a breach shows that the cost of stolen records and the total cost of a breach continues to rise -- at least in America.  The lost- or stolen-record cost rose from $221 to $225 each, while the average total cost of a breach increased from $7.01 million to $7.35 million for organizations in the United States.
In the European countries included in the study -- France, Germany Italy and the United Kingdom -- these costs actually fell.  For example, in the UK, the average per capita cost of a data breach decreased from £102 to £98 and the average total organizational cost decreased from £2.53 million in 2016 to £2.48 million in 2017.
The annual Cost of Data Breach Study (PDF) is one of security's yearly benchmark reports.

Some thoughts on propaganda.  Also useful for political campaigns? 
Computational Propaganda Worldwide: Executive Summary
by Sabrina I. Pacifici on Jun 21, 2017
Oxford Internet Institute, University of Oxford: “The Computational Propaganda Research Project at the Oxford Internet Institute, University of Oxford, has researched the use of social media for public opinion manipulation.  The team involved 12 researchers across nine countries who, altogether, interviewed 65 experts, analyzed tens of millions posts on seven different social media platforms during scores of elections, political crises, and national security incidents.  Each case study analyzes qualitative, quantitative, and computational evidence collected between 2015 and 2017 from Brazil, Canada, China, Germany, Poland, Taiwan, Russia, Ukraine, and the United States.”
The reports can be found at the following links:

The upside (downside) of the connected home? 
Joe Cadillic writes:
According to an article in the Telegraph, Houston County’s $46.5 million dollar 911 center allows police to spy inside homes and businesses:
“If the alarm goes off at your business, 911 operators will be able to view a live video stream from the security surveillance system and tell law enforcement what’s happening.”
“.. we’ll be able to have video streaming like if a burglar alarm goes off at a store … We can see inside of the store and see who’s in there,” Houston County sheriff’s Capt. Ricky Harlowe said.
FirstNet or Next Generation 911 allows police to spy inside people’s homes, and businesses without a warrant.
Police don’t need a warrant because citizens and business owners have given their alarm companies permission to spy on their homes.
Read more on MassPrivateI.

Simple surveillance tools marketed as friendly?
Snapchat acquires social map app Zenly for $250M to $350M
Snapchat’s newest feature, Snap Map, is based on its latest acquisition, social mapping startup Zenly.  TechCrunch has learned that Snapchat has bought Zenly for between $250 million and $350 million in mostly cash and some stock in a deal that closed in late May.  Snapchat will keep Zenly running independently, similar to how Facebook lets Instagram run independently.
Zenly’s app lets users see where their friends currently are on a map using constant GPS in the background.  People can then message these friends in the app to make plans to hang out.

Trying to get our heads around the future.
Regulation of Big Data: Perspectives on Strategy, Policy, Law and Privacy
by Sabrina I. Pacifici on Jun 21, 2017
Casanovas, Pompeu and de Koker, Louis and Mendelson, Danuta and Watts, David, Regulation of Big Data: Perspectives on Strategy, Policy, Law and Privacy (June 1, 2017).  Health and Technology (2017) DOI 10.1007/s12553-017-0190-6. Available at SSRN:
“This article encapsulates selected themes from the Australian Data to Decisions Cooperative Research Centre’s Law and Policy program.  It is the result of a discussion on the regulation of Big Data, especially focusing on privacy and data protection strategies.  It presents four complementary perspectives stemming from governance, law, ethics, and computer science.  Big, Linked, and Open Data constitute complex phenomena whose economic and political dimensions require a plurality of instruments to enhance and protect citizens’ rights.  Some conclusions are offered in the end to foster a more general discussion.  This article contends that the effective regulation of Big Data requires a combination of legal tools and other instruments of a semantic and algorithmic nature.  It commences with a brief discussion of the concept of Big Data and views expressed by Australian and UK participants in a study of Big Data use in a law enforcement and national security perspective.  The second part of the article highlights the UN’s Special Rapporteur on the Right to Privacy interest in the themes and the focus of their new program on Big Data.  UK law reforms regarding authorisation of warrants for the exercise of bulk data powers is discussed in the third part.  Reflecting on these developments, the paper closes with an exploration of the complex relationship between law and Big Data and the implications for regulation and governance of Big Data.”

I imagine there are many new things to consider when flying in places planes and helicopters don’t go.  Clothesline?  Dogs?  Sprinklers? 
Precise weather forecasting critical for product deliveries by drones
by Sabrina I. Pacifici on Jun 21, 2017

No comments: