Saturday, June 10, 2017

Finding computers to launch DDoS attacks.  New technology, failing to consider security.
Thousands of IP Cameras Hijacked by Persirai, Other IoT Botnets
The Persirai backdoor is designed to target more than 1,000 IP camera models, and researchers said there had been roughly 120,000 devices vulnerable to this malware at the time of its discovery several weeks ago.
The malware, which uses a recently disclosed zero-day vulnerability to spread from one hacked IP camera to another, allows its operators to execute arbitrary code on the targeted device and launch distributed denial-of-service (DDoS) attacks.
Trend Micro has determined that of a total of 4,400 IP cameras it tracks in the United States, just over half have been infected with malware.  The percentage of infected cameras spotted by the security firm in Japan is nearly 65 percent.

They took the safe and no one noticed? 
PULLMAN, Wash., June 9, 2017 — Today, Washington State University (WSU) announced that it is addressing a security incident involving certain community members’ personal information.  Though there is no evidence the personal information has been accessed or misused, WSU is notifying impacted individuals and offering free identity protection services to those individuals whose personal information may have been accessed.
On April 21, 2017, WSU learned that a locked safe containing a hard drive had been stolen.  The hard drive was used to store backed-up files from a server used by the university’s Social & Economic Sciences Research Center (SESRC).  Immediately upon learning of the theft, WSU initiated an internal review and notified local law enforcement.  On April 26, WSU confirmed that the stolen hard drive contained personal information from some survey participants and, as a result, the university retained a leading computer forensics firm to assist in the investigation.
The drive contained documents that included personal information from survey participants, such as names, Social Security numbers and, in some cases, personal health information.
   The university is taking steps to help prevent this type of incident from happening again.  These steps include strengthening WSU’s information technology operations by completing a comprehensive assessment of IT practices and policies, improving training and awareness for university employees regarding best practices for handling data, and employing best practices for the delivery of IT services.
SOURCE Washington State University

Reactive vs proactive.  I doubt they reimbursed Bangladesh or any other victim, but they did finally invest in security.
Costs of Bank Cyber Thefts Hit SWIFT Profit Last Year
Hackers stole $81 million from the Bangladesh central bank in February last year after gaining access to its SWIFT terminal and the emergence of other successful and unsuccessful hacks rocked faith in a system previously seen as totally secure.
Despite this, traffic increased on the network last year, hitting an all time peak in June of over 30 million messages.
SWIFT's 2016 profit before tax and rebates to its owner-customers fell by 31 percent to 47 million euros ($53 million), following additional investments in security, the co-operative said in its annual report published on Friday.
Chairman Yawar Shah said that Belgium-based SWIFT -- the Society for Worldwide Interbank Financial Telecommunication -- had linked management goals and incentives to security targets. [Increasingly common.  Bob]
SWIFT, which was criticized by some former staff and customers for failing to have spotted weaknesses in its customers' operating practices, has expanded its security teams and developed new tools to help clients monitor transactions and spot anomalies.
Its ability to pre-empt attacks was limited by its customers’ historic failure to share information about hacks, SWIFT said.

A trend, yet not a tidal wave. 
Melinda L. McLellan and Robyn M. Feldstein write:
Effective July 23, 2017, Washington will join Illinois and Texas as the third U.S. state to impose statutory restrictions on how businesses collect, use, disclose and retain biometric information.  House Bill 1493 applies to entities that “enroll a biometric identifier in a database for a commercial purpose” and includes requirements to provide notice to individuals and obtain their affirmative consent, both prior to enrollment and if the business seeks to sell, lease or otherwise disclose the identifier to a third party.
The new law does not prescribe the exact form of notice and consent, making clear those processes are “context-dependent,” and notably, there is no specific requirement that consent must be written.
Read more on BakerHostetler Data Privacy Monitor.

Yet another sensor placed on a fleet of cars.  What else could we detect or measure? 
Researchers Use Ridesharing Cars to Sniff Out a Secret Spying Tool
   For two months last year, researchers at the University of Washington paid drivers of an unidentified ridesharing service to keep custom-made sensors in the trunks of their cars, converting those vehicles into mobile cellular data collectors.  They used the results to map out practically every cell tower in the cities of Seattle and Milwaukee—along with at least two anomalous transmitters they believe were likely stingrays, located at the Seattle office of the US Customs and Immigration Service, and the Seattle-Tacoma Airport.
   "We wondered, how can we scale this up to cover an entire city?" says Peter Ney, one of the University of Washington researchers who will present the study at the Privacy Enhancing Technology Symposium in July.  He says they were inspired in part by the notion of "wardriving," the old hacker trick of driving around with a laptop to sniff out insecure Wi-Fi networks.  "Actually, cars are a really good mechanism to distribute our sensors around and cast a wide net."

Perspective.  From a 16th Century postal service to oblivion in a mere 400 years?
Chicago cabbies say industry is teetering toward collapse
Cabbies have long grumbled that the sky is falling as they lose ground to ride-sharing companies.  Now, cabbies in Chicago are pointing to new data that suggests the decline could be speeding up.
About 42% of Chicago’s taxi fleet was not operating in the month of March, and cabbies have seen their revenue slide for their long-beleaguered industry by nearly 40% over the last three years as riders are increasingly ditching cabs for ride-hailing apps Uber, Lyft and Via, according to a study released Monday by the Chicago cab drivers union.
More than 2,900 of Chicago’s nearly 7,000 licensed taxis were inactive in March 2017 — meaning they had not picked up a fare in a month, according to the Cab Drivers United/AFSCME Local 2500 report.  The average monthly income per active medallion — the permit that gives cabbies the exclusive right to pick up passengers who hail them on the street — has dipped from $5,276 in January 2014 to $3,206 this year.

Strange, neither the White House nor Congress is on the list.

Friday, June 09, 2017

A prelude to war? 
Qatar's Al-Jazeera Says Battling Cyber Attack
"Al Jazeera Media Network under cyber attack on all systems, websites & social media platforms," it said on Twitter.
The attack was also confirmed by a source at Al-Jazeera, who said the broadcaster was attempting to repel the hack.
"An attempt has been made, and we are trying to battle it," said the source.
Following the initial reports of a cyber attack, some viewers in the region said they could no longer receive Al-Jazeera television.
Al-Jazeera, one of the largest news organisations in the world, has long been a source of conflict between Qatar and its neighbours, who accuse the broadcaster of bias and fomenting trouble in the region.
The alleged cyber attack comes during a time of heightened tensions in the Gulf, which has seen Saudi Arabia, the United Arab Emirates, Egypt, Bahrain and other allies cut ties with Qatar.
They severed relations over what they said is Doha's alleged financing of extremist groups and its ties to Iran, Saudi Arabia's regional arch-rival.
Long-running tensions broke out into the open last month after Qatar claimed its state news site was hacked by unknown parties who posted "false" statements attributed to the emir in which he speaks favorably of Iran and the Palestinian Islamist group Hamas.
The remarks were widely reported as true across the region.

Certainly one of the last places I would look. 
A Russian Cyber Espionage Group Is Using Britney Spears' Instagram To Control Its Malware
   Security researchers have uncovered a Russian cyber espionage group known as Turla, that’s using comments on Britney Spears’ Instagram to hide locations for command and control (C&C) servers of one of its Trojans.

Why?  So they can cut funding and blame the NGO?  Or will an NGO have greater access to countries like China?  (Probably not North Korea)
Experts, Microsoft Push for Global NGO to Expose Hackers
As cyberattacks sow ever greater chaos worldwide, IT titan Microsoft and independent experts are pushing for a new global NGO tasked with the tricky job of unmasking the hackers behind them.
Dubbed the "Global Cyber Attribution Consortium", according to a recent report by the Rand Corporation think-tank, the NGO would probe major cyberattacks and publish, when possible, the identities of their perpetrators, whether they be criminals, global hacker networks or states.
"This is something that we don't have today: a trusted international organization for cyber-attribution," Paul Nicholas, director of Microsoft's Global Security Strategy, told NATO's Cycon cybersecurity conference in Tallinn last week.
   Pinning down the identity of hackers in cyberspace can be next to impossible, according to experts who attended Cycon.
"There are ways to refurbish an attack in a way that 98 percent of the digital traces point to someone else," Sandro Gaycken, founder and director of the Digital Society Institute at ESMT Berlin, told AFP in Tallinn.
"There is a strong interest from criminals to look like nation-states, a strong interest from nation-states to look like criminals," he said.
"It's quite easy to make your attack look like it comes from North Korea."

Why is Google getting out of robots?
Softbank is buying robotics firms Boston Dynamics and Schaft from Alphabet
Here’s a surprise turn of events: Softbank — maker of the friendly Pepper robot and a major M&A player in the tech world — has just announced that it is acquiring two more robotics companies from Google owner Alphabet as part of its own deeper move into the field: it is buying Big Dog developer Boston Dynamics and the secretive bipedal robotics firm Schaft.

Something for Watson to browse through?
Harvard Obtains Continued support for the Caselaw Access Project
by Sabrina I. Pacifici on Jun 8, 2017
Et Seq – The blog of the Harvard Law School Library: “Harvard Law School launched the Caselaw Access Project in 2015 to digitize the Harvard Law School Library’s complete collection of U.S. case law and to make the materials in that collection available online for free.  We’ve been able to undertake this ambitious project — covering 44,000 volumes — with the support of Ravel Law, a legal research and analytics platform.  In the time since and according to a detailed agreement between them, Harvard Law School and Ravel Law together have digitized nearly 40 million pages of published court decisions, and today the work continues to convert those digital images into machine-readable text to allow searching as well as display.  This week Ravel was acquired by LexisNexis. LexisNexis has affirmed its commitment to continuing Ravel Law’s support for and fulfillment of the objectives of the Caselaw Access Project, including providing open access to all of the digitized cases.  

Are you sure you want to be a CEO?
More CEOs Are Being Fired for Ethical Matters Today Than Ever Before
While the position of CEO is often associated with high pay, excellent benefits, a large social network and private jets -- it comes with much more than that.  The pressures of being a CEO are at a high today, and from public opinion to government regulation, nearly every aspect of being top executive is under close surveillance.
So it’s no surprise that the number of CEOs being fired for ethical lapses is increasing.  The 2016 CEO Success Study, conducted by Strategy&, a network of PwC, found that CEO dismissals for ethical lapses have increased by a whopping 36 percent over the past five years.  Analyzing CEO successions at 2,500 of the world’s largest companies, the study uncovered this increase in ethical lapses, which include bribery, sexual indiscretions, fraud, insider trading and negligence that leads to environmental disasters.

Someone got serious.  About time!
Dish Hit With Record $280 Million Fine for Illegal Robocalls
U.S. District Judge Sue Myerscough issued the order Monday, directing the company to pay $168 million to the federal government and $84 million to California, Illinois, North Carolina and Ohio for federal law violations.  An additional $28 million in fines was awarded to California, North Carolina and Ohio for violations of state law.
Myerscough also prohibited the company from violating do-not-call laws going forward and imposed a 20-year plan for supervision of its telemarketing.

Perspective.  Perhaps everyone will have an “unlimited plan?” 
Cisco: Global IP Traffic From Smartphones Will Quadruple by 2021
According to Cisco’s latest Visual Networking Index report, the global average IP traffic from smartphones is set to skyrocket from 3,500 MB per month per device in 2016 to 14,900 MB per month per device by 2021.  Tablet IP traffic worldwide is also set to rise from 9,100 MB per month per device to 25,600 MB per month in the forecast period.  All told, smartphone are set to account for a third of global IP traffic in 2021, up from 13 percent in 2016, while non-PC devices overall will make up three-quarters of worldwide IP traffic.
   More insights from Cisco’s report can be found here.

Perspective, and a sad one at that!
The U.S. ranks 28th in the world in mobile internet speeds
The U.K. has the fastest mobile speeds, with an average of 26 megabits per second, according to the latest State of the Internet Report by content delivery company Akamai.  Among the 62 countries Akamai measured, the U.S. isn’t even in the Top 25, at 10.7 Mbps.  (The U.S. ranks 10th in the world for average wireline internet speed.)

Judging from the number of articles, this is a bigger story than I would have guessed.
Taylor Swift embraces streaming, brings full catalog to Spotify and more
After breaking up in 2014, Taylor Swift and Spotify are getting back together.  To celebrate her album 1989 hitting 10 million records sold and her selling 100 million total songs, today the pop singer announced she’s making her full back catalog available on all streaming services starting tonight at midnight.
   But now, artists are wising up that streaming is essentially a promotional vehicle for the real ways they make money — concert tickets and merchandise.  Listening on Spotify can turn someone who heard one of TayTay’s singles on a radio into a hardcore fan that shells out lots of cash for her shows and t-shirts.  And at the current rate of growth, streaming service payouts will approach what musicians made of CD sales in the peak of that bygone era.

The “shade tree mechanic” has been replaced by a Bot.  Might be useful when buying a used car too. 
Did you know that your car knows more information that it lets on?  While the basic lights and gauges on your dashboard display information on mileage, fuel, and warnings, your car hides a lot more information.  Using an Android device, you can tap into this and learn more about your car without visiting a mechanic.

Thursday, June 08, 2017

The article is unclear but it looks like the IRS “data retrieval tool” was used to gather personal information.  It is now unavailable on the FAFSA site. 
CBS reports:
Two people were indicted on federal charges related to a $12 million scam in which they stole identities in order to file fake tax returns and profit from the refunds.
Taiwo K. Onamuti, 29, Doraville, Ga., and Muideen A. Adebule, 49, Indianapolis, face 23 federal charges including aggravated identity theft, identity theft, false claims and conspiracy.
The indictment alleges that Onamuti and Adebule acquired personal information by buying it online or getting the information through the “data retrieval tool” on the Free Application for Federal Student Aid (FAFSA) website.  The two—and others who worked with them—then used the names, birthdates and Social Security numbers to file false tax returns with the IRS, prosecutors said.
Read more on CBS4.
[From the article:  
They filed thousands of fake tax returns electronically and directed the IRS to deposit the refunds on prepaid debit cards that were then used to buy money orders in Indiana and Georgia.

Isn’t this another major security breach?  How does anyone take information out of a secure environment and not get arrested?  Is this a hoax? 
Brad Hunter reports:
A former intelligence contractor is suing controversial ex-FBI chief James Comey, claiming the bureau is covering up widespread surveillance on Americans.
Dennis Montgomery told news website Circa that the spying violated the civil liberties of prominent American politicians, business people – and even U.S. President Donald Trump.
Montgomery says he walked away with a staggering 600 million classified documents on 47 hard drives from the National Security Agency (NSA) and the CIA.
Read more on Toronto Sun.
[Is he this Dennis Montgomery?

But don’t worry, Mark Zuckerberg is not running for office.
Facebook inserts itself into politics with new tools that help elected officials reach constituents
Facebook this year has launched a number of features that make it easier for people to reach their government representatives on its social network, including “Town Hall,” and related integrations with News Feed, as well as ways to share reps’ contact info in your own posts.  Today, the company is expanding on these initiatives with those designed for elected officials themselves.  The new tools will help officials connect with their constituents, as well as better understand which issues their constituents care about most.

Sharing data when users are most vulnerable?  Watch this one closely.
Facebook to share data with aid groups after natural disasters
Facebook released a new set of tools on Tuesday to aid relief efforts in the wake of natural disasters.
The company unveiled maps that used anonymized Facebook user data to help organizations respond to natural disasters.
Facebook had previously helped users in dangerous areas by allowing them to check-in as “safe” and share that with friends and family.
“One of the consistent pieces of feedback we were receiving is that while a tool like safety check is useful for individuals in a disaster, what organizations actually need is a bird’s eye view,” said Molly Jackman public policy research manager at Facebook.
   Disaster relief organizations will now have access to maps based on three different types of datasets: location density maps to show where people are before, during and after a natural disaster; movement maps that show how people move around cities during natural disasters; and safety check maps to show where people are checking in as safe in relation to the location of a natural disaster.
The company noted that data for location density and movement maps would draw on de-identified data obtained through location sharing that users opt into when they download Facebook’s mobile application.

Wednesday, June 07, 2017

Hacking is (so far) an action short of war.  Is there an agreed upon threshold that will never be crossed? 
Russian Hackers Target Montenegro as Country Joins NATO
Hackers linked to Russia launched cyberattacks on the Montenegro government just months before the country joined the North Atlantic Treaty Organization (NATO) and experts believe these attacks will likely continue.
Despite strong opposition from Russia, Montenegro officially joined NATO on June 5.  Russia has threatened to retaliate but it may have already taken action against Montenegro in cyberspace.
Attacks aimed at the Montenegro government spotted earlier this year by security firm FireEye leveraged malware and exploits associated with the Russia-linked threat group known as APT28, Fancy Bear, Pawn Storm, Strontium, Sofacy, Sednit and Tsar Team.
APT28 has been known to target Montenegro.  In the latest attacks observed by researchers, the hackers used spear-phishing emails to deliver malicious documents pertaining to a NATO secretary meeting and a visit by a European army unit to Montenegro.  

(Related).  Could this have started a war?  Does the President believe the FBI is wrong? 
Russian Hackers 'Planted False Story' Behind Mideast Crisis
US intelligence officials believe Russian hackers planted a false news story that led Saudi Arabia and several allies to sever relations with Qatar, prompting a diplomatic crisis, CNN reported Tuesday.
FBI experts visited Qatar in late May to analyze an alleged cyber breach that saw the hackers place the fake story with Qatar's state news agency, the US broadcaster said.
Saudi Arabia then cited the false item as part of its reason for instituting a diplomatic and economic blockade against Qatar, the report said.
Qatar's government said the May 23 news report attributed false remarks to the emirate's ruler that appeared friendly to Iran and Israel, and questioned whether US President Donald Trump would last in office, according to CNN.
   Saudi Arabia, Egypt, the United Arab Emirates and Bahrain announced Monday they were severing diplomatic relations and closing air, sea and land links with Qatar.
They accused the tiny Gulf state of harboring extremist groups and suggested Qatari support for the agenda of Saudi Arabia's regional archrival Iran.  Qatar has strenuously denied the allegations.
Although Qatar hosts the largest American military airbase in the Middle East, Trump threw his weight behind the Saudi-led effort to isolate the emirate in a surprise move on Tuesday.
He suggested Qatar was funding extremism.

This would not make the Board of Directors or bank officers or stockholders happy.  I can only hole what they say is true.
Philippine Bank Chaos as Money Goes Missing From Accounts
A major Philippine bank shut down online transactions and cash machines on Wednesday after money went missing from accounts, triggering fears it had been hacked even as company officials said it was an internal computer error.
Customers of Bank of the Philippine Islands (BPI) were shocked on Wednesday morning to see unauthorized withdrawals and deposits from their accounts.
BPI said in a statement the problem was caused by an "internal data processing error" that had been identified.
But it had to close its automatic teller machines (ATMs) and told its eight million customers they could not do online transactions on Wednesday as the bank scrambled to fix the problem.
   The bank said the error had led to some transactions between April 27 and May 2 to be "double posted" from Tuesday.
Santamaria said she did not know how many of the 166-year-old bank's customers were affected by the glitch.  [Perhaps they could count accounts that had been “double posted?”  Bob] 

For my Computer Security students.
Organizations Failing to Upgrade Systems, Enforce Patches
Duo Security provides multi-factor authentication to business.  Part of its service includes behavioral aspects of the device, which means that Duo analyzes the state of the devices seeking access to its corporate customers' resources.  This week the company published its latest analysis of business device security health: The 2017 Duo Trusted Access Report
The report (PDF) presents an analysis of 4.6 million business endpoints, including 3.5 million mobile phones across multiple industry verticals and geographic regions.  In particular, it analyzes the operating system and browser used on computers, and the enabled security features on mobile devices.

For my Computer Forensics students.
The Mysterious Printer Code That Could Have Led the FBI to Reality Winner
   Obviously, the NSA monitors and records who prints what documents.  There’s an audit trail there, which one imagines an NSA contractor would know.
   If Winner wasn’t found the way the complaint claims, the mysterious dot code is one other way the FBI could have found her, as the research blog Errata Security spelled out in detail.
In fact, the document that The Intercept published contains these dots, and the code spells out a date—May 9—that matches the FBI affidavit’s account of Winner’s printing.  It also notes a serial number, which the NSA could obviously match back up to a machine in their offices.

Interesting legal theory.  Perhaps Tweets are the petards of social media?  
Non profit Knight First Amendment Institute threatens to sue Trump over blocked Twitter critics
by Sabrina I. Pacifici on Jun 6, 2017
Poynter – “The Knight First Amendment Institute, a nonprofit advocacy group based at Columbia University, threatened to take legal action against President Trump if he does not unblock critics on Twitter.  The demand, made in a letter to President Trump, was sent on behalf of Holly O’Reilly and Joseph M. Papp, two Twitter users who were blocked by the president’s account after criticizing him on the social media network.  The letter argues that President Trump’s Twitter account constitutes a “designated public forum” and is subject to the protections of the First Amendment.  According to precedent established by the Supreme Court, designated public forums are places “set aside by government for expressive activities” including “parks, sidewalks and areas that have been traditionally open to political speech and debate.”  “This is a context in which the Constitution precludes the President from making up his own rules,” said Jameel Jaffer, the Knight Institute’s executive director, in a statement accompanying the demand…”

Russel Neiss created a clever bot to put the president’s statements in the form of presidential statements.  It may look amusing, but it’s not a joke.  The president is the president, and what he says in public is an official statement, not some private citizen’s late-night Tweets.

Kicking them while they are down?
U.S. Justice Department opposes Wells Fargo on whistle-blower suit
The U.S. Justice Department filed a friend-of-the-court brief on Tuesday in a lawsuit brought against Wells Fargo & Co by two former employees, who were fired after they reported misdemeanors they had noticed to their supervisors.
The DOJ's filing concluded that the appellate court, which had earlier dismissed the case, should revisit and modify its analysis.
   The filing follows a Supreme Court ruling in February that had also asked the appellate court to review the matter, the New York Times said in a report.

Still in search of a solution, but here are some tried and failed methods.
How Not To Fight Terrorism
   In the UK, as in the US, money has been poured into building a massive surveillance state.  New laws continually expanded the power of the state to monitor British citizens (though the courts are pushing back).  Yet in the two most recent attacks, collecting it all didn’t help.  It probably hurt.  Citizens tried to report suspicions they had about the perpetrators, but couldn’t get anyone’s attention.  When everyone’s a potential target, it’s hard to find the needle in the haystack, and building bigger haystacks with artificial intelligence-driven needle detectors isn’t working.  Following up on tips is everyday policing, but budget cuts to social programs include reductions in the number of police who can respond to their communities.

For my students who have not been paying attention.
   One study by marketing agency Mediakix found that, on average, Facebook users spend 35 minutes each day on the platform — adding up to almost five and a half years of your life. 
   It’ll come as no surprise that over 90 percent of Facebook’s revenue comes from ads.  And around 80 percent of that ad revenue comes specifically from mobile ads.
   In 2012, Facebook acquired Instagram for $1 billion.  Facebook was essentially purchasing the 15 minutes per day that the average Instagram user spends on the app.

Perspective.  “We can, therefore we must?” 
Pew – The Internet of Things Connectivity Binge: What Are the Implications?
by Sabrina I. Pacifici on Jun 6, 2017
“Despite wide concern about cyberattacks, outages and privacy violations, most experts believe the Internet of Things will continue to expand successfully the next few years, tying machines to machines and linking people to valuable resources, services and opportunities.”
“The Internet of Things (IoT) is in full flower.  The expanding collection of connected things goes mostly unnoticed by the public – sensors, actuators and other items completing tasks behind the scenes in day-to-day operations of businesses and government, most of them abetted by machine-to-machine “computiction” – that is, artificial-intelligence-enhanced communication.  The most public items in the burgeoning IoT are cars, voice-activated assistants, appliances and other home systems, physician-prescribed or recommended health-monitoring devices, road sensors, public-safety and security devices, smart meters and personal fitness and health trackers for people and animals – dogs, cats, horses, cows and more.  And then there are emerging IoT products that show how the urge to create connectivity extends to such prosaic items as toothbrushes, dental floss, hairbrushes, pillows, egg trays, wine bottle sleeves, baby monitors and changing tables, silverware, umbrellas, all manner of toys and sporting goods and remote-controlled pet food dispensers, to name a few…”

Tuesday, June 06, 2017

Very rare report of a hard drive being pulled from the computer.  Indicates to me that the target was the data rather than just the computer.  But then, it should have been easy to steal the data from a computer in a public area – just insert your thumb drive and start copying.  So maybe the theft only wanted a hard drive and didn’t really care what was on it.  But the city must assume the data was the target.  (Look for someone who carries a screwdriver?) 
WDRB reports:
A computer stolen at the Louisville Hall of Justice puts some people at risk of identity theft.
The computer used by two Assistant County Attorneys was taken from a publicly accessible conference room.  Louisville Metro launched an internal investigation, after the theft was reported.  With the help of an outside forensic expert, the city determined there may have been sensitive information on the computer. [It took outside experts to determine what was on the computer?  Bob]
The computer was recovered, but the hard drive had been removed.  Emails of the two attorneys may have been on the hard drive.  Those emails could potentially contain names, Social Security numbers, bank account numbers and driver’s license numbers. 
Read more on WDRB.

Perspective.  The world has truly changed when Watson shows up on Sesame Street.
Sesame Workshop and IBM Watson partner on platform to help kids learn
Sesame Workshop and IBM Watson today announced that they are creating a vocabulary app and the Sesame Workshop Intelligent Play and Learning Platform.  The new platform will be used by Sesame Workshop and IBM to create a series of cognitive apps, games, and toys to help kids learn.
This is the first public action announced from the partnership, which was formed more than a year ago.

I don’t get it.  Collect all seven million?
Nutella's New Jars Are Designed by an Algorithm
Ferrero’s famous hazelnut spread Nutella recently got a quick makeover to its original packaging.  And who’s the brains behind the redesign?  An algorithm.
Ferrero partnered with advertising firm Ogilvy & Mather Italia to employ an algorithm to create unique designs for 7 million jars that sold throughout Italy.  The software, which pulled from a database of different colors and patterns, came up with some funky, out-there designs that the company says are like “a piece of art.”
   Unfortunately, you won’t be able to get your hands on one of these limited-edition jars -- they sold out in one month.

Another “I don’t get it”  How does knowing how many cars Uber and Lyft operate “ensure” compliance with traffic laws? 
SF demands data from Uber, Lyft on city trips, driver bonuses
It’s a San Francisco truism: Every other car on the streets these days seems to sport a logo for Uber or Lyft — and many double-park or block traffic as passengers climb in or out.
Now the city wants Uber and Lyft to share details on how many ride-hailing cars are roving the streets and when, so it can ensure that they comply with local laws; assess their impact on traffic congestion, safety, pollution and parking; and ascertain whether they are accessible for disabled and low-income riders.

“Too big to jail.”  What a concept! 
Brandon Garrett and UVA Law Library Expand Online Database to 3,000 Documents
by Sabrina I. Pacifici on Jun 5, 2017
UVA news release by Eric Williamson: “A recently expanded database offering the world’s largest collection of legal documents related to corporate crime is launching today at the University of Virginia School of Law.  The database, called the Corporate Prosecution Registry, allows researchers to view more than 3,000 decision documents, many of them previously hard to find or once shielded from the public eye, while also allowing them to better search specific subject matter and look at overall trends.  UVA Law professor Brandon Garrett, an expert in white-collar crime who authored the book “Too Big to Jail: How Prosecutors Compromise with Corporations,” built on his previous online database of corporate criminal dispositions, created in association with the book.  “Prosecutors, defense lawyers, judges, policymakers and researchers who have long used our database can now rapidly pull detailed information about the specific types of corporate cases that they are interested in,” Garrett said.  “Whether it is foreign bribery cases or antitrust or securities fraud or pharma cases, domestic companies or foreign, public companies or private, the information about these cases is available.”  More than 2,500 of the documents are corporate plea agreements, Garrett said, while most of the remainder are deferred or non-prosecution agreements.  Those deals allow corporations to avoid conviction if they follow a plan of financial restitution and corrective action, often more lenient than would be mandated through the court system.  At times, corporations have avoided fines completely…”

Something my student entrepreneurs could do?
   While it’s still early days (we launched this accelerator in early 2016), we believe the accelerator has scored enough successes to prove that the model can work.  In its first year, the accelerator successfully engaged more than 300 clinicians, researchers and administrators — touching more than 25 clinical departments at the hospital.  It has accelerated nine projects and spun three of them out as start-up companies that have secured over $2 million in venture funding.

A supplement to my spreadsheet class.  “It’s not just Excel anymore.” 
Easier Data Interpretation and Visualization in Google Sheets
   Last week Google added a new feature to make data visualization and interpretation easier than ever.  Now when you open the Explore feature in Google Sheets you can simply type in a request for a chart to be displayed based on the data in the sheet.  You can also make a simple request for something like the mean or median value of a column.

Something to share with my programming students.

Monday, June 05, 2017

Something for my Ethical Hacking students.
Google Announces CTF Competition
Google announced on Friday the dates and prizes for the company’s second annual capture the flag (CTF) competition.
The qualifying round, for which nearly 200 teams have already signed up, will take place on June 17 and 18.  The top 10 teams will be invited to one of Google’s offices for the final round.
The prize pool for Google’s CTF is more than $31,000, which includes $13,337 for the first place prize, $7,331 for second place and $3,133.7 for third place.  The tech giant will also cover travel costs for up to four members of each finalist team – up to $8,000 per team.

A guide to resources.
New on LLRX – Automatic Justice: Shaping the Legal Mind of Tomorrow
by Sabrina I. Pacifici on Jun 4, 2017
Via LLRXAutomatic Justice: Shaping the Legal Mind of Tomorrow – Smart computing is changing the nature of legal work even as the profession struggles to understand its scope.  Machines sophisticated enough to communicate intelligibly and naturally with human hosts, technology with the processing power to wrangle big data are enhancing the way attorneys do their jobs and affecting the way they think.  Law practices are now set up in paperless offices, cases litigated in hi-tech courtrooms, research done almost exclusively online, demanding higher levels of technical competency and professional responsibility.  
The vocabulary of technology is filling the legal landscape: algorithms, analytics, artificial intelligence (A.I.), automated decision-making, avatars, big data, cloud computing, code, cognitive computing, computer-aided, computer-generated, creative computing, cyborg, data driven, data mining, data science, data trails, deep learning, electronic discovery (e-discovery), expert systems, machine learning, metadata, mobile technology, mosaic theory, natural language, neural networks, paperless and virtual offices, pattern matching, predictive analytics, robotics, self-replicating technologies, smart data, smart technology, source code, and supercomputers.
So, time worn lexicons and practice libraries are infiltrated with the latest computer terminologies and technical manuals.  The work of lawyers, judges and government officials increasingly relies on the processing power of microchips.  So, the Bartleby of tomorrow is taking shape today.  From document assembly to document drafting, the borderlands of decision-making, data analysis, and communication will mark the progress of law and raise new questions for the administration of justice.  And the breadth of information competence will need to expand with each new generation of technology.  This article by Ken Strutin is a significant, comprehensive and expert guide to recent and notable works on the automation of lawyering, the administration of law and legal thinking.

“We gotta do something?”  Any chance we could out-argue them? 
British prime minister calls for internet regulation after violent attack
The British PM said in a statement on Sunday that technology serves as a breeding ground for terrorism and extremism.  
“We cannot allow this ideology the safe space it needs to breed,” May said.  “Yet that is precisely what the internet and big companies that provide internet-based services provide.  We need to do everything we can at home to reduce the risks of extremism online.”

Perspective.  Why would you want to stop remote work?
When Dell recently surveyed its 110,000 employees about their work habits, it discovered something surprising: While only 17% of Dell’s employees were formally authorized to work wherever they prefer, 58% were already working remotely at least one day a week.  That’s good news, says Steve Price, chief human resources officer at Dell.  In 2013, the company had said it wanted half its employees to work remotely for at least part of their week… by 2020.
In contrast, International Business Machines recently gave thousands of its home-based employees a choice: Start working at one of IBM’s regional offices or take a hike.
   Surveys done by Gallup indicate that in 2016, the proportion of Americans who did some or all of their work from home was 43%, up from 39% in 2012.

You need to look for the resources that can help you, but there is gold in this list.
New on LLRX – Competitive Intelligence – A Selective Resource Guide – Updated June 2017
by Sabrina I. Pacifici on Jun 4, 2017
Via LLRXSabrina I. Pacifici has completely revised and updated her guide, which she first published in 2005 and has updated yearly since that time.  A wide range of free sites with expertly sourced content specific to researchers focused on business, finance, government data, analysis and news from the US and around the world, are included in this article.  The resources in this guide are the work of corporate, government, academic, advocacy and news sources and individuals or groups using Open Source applications.  This guide is pertinent to professionals who are actively engaged in maintaining a balanced yet diverse group of reliable, actionable free and low cost sources for their daily research.

Sunday, June 04, 2017

Darn!  One week late!  Last week we were discussion the need to build security into the software development process. 
One of the papers workshopped at PLSC was Ari Ezra Waldman’s paper, Designing Without Privacy.  Ari’s paper, which will be published in Houston Law Review, won the Best Paper Award from IAPP.
Here’s the abstract:
In Privacy on the Ground, the law and information scholars Kenneth Bamberger and Deirdre Mulligan showed that empowered chief privacy officers (CPOs) are pushing their companies to take consumer privacy seriously, integrating privacy into the designs of new technologies.  But their work was just the beginning of a larger research agenda.  CPOs may set policies at the top, but they alone cannot embed robust privacy norms into the corporate ethos, practice, and routine.  As such, if we want the mobile apps, websites, robots, and smart devices we use to respect our privacy, we need to institutionalize privacy throughout the corporations that make them.  In particular, privacy must be a priority among those actually doing the work of design on the ground — namely, engineers, computer programmers, and other technologists.
This Article presents findings from an ethnographic study of how, if at all, technologists doing the work of technology product design think about privacy, integrate privacy into their work, and consider user needs in the design process.  It also looks at how attorneys at private firms draft privacy notices for their clients.  Based on these findings, this Article presents a narrative running in parallel to the one described by Bamberger and Mulligan.  This alternative account, where privacy is narrow, limited, and barely factoring into design, helps explain why so many products seem to ignore our privacy expectations.  The Article then proposes a framework for understanding how factors both exogenous (theory and law) and endogenous (corporate structure and individual cognitive frames and experience) to the corporation prevent the CPOs’ robust privacy norms from diffusing throughout technology companies and the industry as a whole.  This framework also helps elucidate how reforms at every level — theory, law, organization, and individual experience — can incentivize companies to take privacy seriously, enhance organizational learning, and eliminate the cognitive biases that lead to discrimination in design.
You can access and download the full paper here.

What the government knows and when it knew it.
Paul Otto and Brian Kennedy report:
Earlier this month, the Government Accountability Office (GAO) released a technology assessment of the Internet of Things (IoT) for Congressional members of the IoT Caucus.  The GAO report offers an introduction to IoT; reviews the many uses and their associated benefits that connected devices may bring to consumers, industry, and the public sector; and highlights the potential implications of the use of IoT, including information security challenges, privacy challenges, and government oversight.  The report also identifies areas of apparent consensus among experts regarding the challenges posed by IoT, though the appropriate responses are disputed.  Accordingly, the report may act as a foundation for future policymaker discussions about regulating IoT.
Read more on Hogan Lovells Chronicle of Data Protection.

Horror, SciFi style.
Futurist David Brin: Get ready for the ‘first robotic empathy crisis’
   “The first robotic empathy crisis is going to happen very soon,” Brin said.  “Within three to five years we will have entities either in the physical world or online who demand human empathy, who claim to be fully intelligent and claim to be enslaved beings, enslaved artificial intelligences, and who sob and demand their rights.”
Thousands upon thousands of protesters will be in the streets demanding rights for AI, Brin predicts, and those who aren’t immediately convinced will be analyzed.
“If they fool 40 percent of people but 60 percent of people aren’t fooled, all they have to do is use the data on those 60 percent of people and their reactions to find out why they weren’t fooled.  It’s going to be a trivial problem to solve and we are going to be extremely vulnerable to it,” he said.

In a very subtle way, Dilbert has finally explained government bureaucracy to me.  I wonder if President Trump sees the White House as “idiot free?”