Will any regulatory body take action, or even
notice?
Remember all that advice that I and Brian Krebs
tend to give consumers about putting “freezes” on your credit
reports instead of “alerts?” The freezes are supposed to prevent
entities from opening up any new lines of credit or accounts in your
name. They are supposed to prevent problems instead of just
detecting problems after they’ve already occurred.
Well, so much for the peace of mind that approach
might have given you. Cory Doctorow reports:
If you’ve had your identity stolen or if you’re worried about
having been doxxed by Equifax, you can freeze your credit record, and
then Equifax, Experian, Trans Union and Innovis will block any
requests to access your credit report.
But that doesn’t really matter. Equifax operates a secondary,
noncompliant credit bureau called National Consumer
Telecommunications and Utilities Exchange (NCTUE), on behalf of a
secretive cartel of owners led by AT&T, but also including
mysterious organizations like “Centralized Credit Check Systems.”
Freezing your credit report has no effect on NCTUE; what’s more,
NCTUE operates in a careless and incompetent fashion, with invalid
SSL certificates and other glaring errors. NCTUE has a separate
system for freezing your credit report there, but it doesn’t work —
filling in the form and submitting it just returns obscure errors.
You may be able to freeze your report by calling NCTUE, but they
might charge you a separate fee, and there’s no guarantee you’ll
get through.
Read
more on BoingBoing.
I tried to connect to the registration site, but
couldn’t connect on the first try (possibly everyone trying after
reading Cory’s article), but when I tried in Chrome, I got a
warning that the site was insecure:
I would have emailed NCTUE for a press statement
in response to Cory’s article and the SSL problem, but there’s no
press contact on their site, it seems. Oh well…
h/t, Joe Cadillic
Update:
Apologies
to Brian Kreb. When I posted the above, I did not realize that he
had posted an article on this earlier this morning. You can read
it here.
As always, he does a great job on these stories.
...and one example.
… The World Health Organization (WHO) defines
a medical device as “any instrument, apparatus, implement, machine,
appliance, implant, reagent for in vitro use, software, material […]
intended by the manufacturer to be used […] for human beings, for
one or more […] specific medical purpose”.
Although that sounds quite complicated, it just
means any device or software that may be used for medical purposes.
… The interface between software and hardware
often exposes exploitable vulnerabilities, as Saurabh
Harit showed at Black Hat Europe 2017. He obtained an IV
infusion pump, which injects medications into a patient’s blood,
which could be programmed and operated remotely.
After accessing the pump’s admin mode with a
default password found online, he was able to use the
unit’s infrared and an old PDA purchased from eBay
to import their Wi-Fi credentials to the pump’s network settings.
After accessing the pump’s admin mode with a
default password found online, he was able to use the unit’s
infrared and an old PDA purchased from eBay
to import their Wi-Fi credentials to the pump’s network settings.
Something my students who work for defense
contractors are long familiar with.
IBM bans
all staff from using USB drives out of security concern
IBM is banning all removable storage,
company-wide, in a new policy that seeks to avoid financial and
reputational damage stemming from a misplaced or misused USB drive.
IBM global chief Information security officer
Shamla Naidoo told staff in an internal e-mail that the company “is
expanding the practise of prohibiting data transfer to all removable
portable storage devices (eg: USB, SD card, flash drive).”
Although some departments already had this policy
in place for a while, “over the next few weeks we are implementing
this policy worldwide,” Naidoo said, according to The
Register.
Consider this in the hands of evil doers…
… Google Duplex is, in a nutshell, a scary
glimpse of the future. It’s a next-level artificial intelligence.
One that’s able to have natural-sounding conversations with
real-life human beings. And that enables Duplex
to make phone calls on your behalf.
As demonstrated by Google CEO Sundar Pichai,
Duplex can make appointments for you over the phone. And all without
the person on the other end of the call being aware they’re talking
to an AI.
… Google has programmed Duplex to sound human.
Instead of monotonal responses there’s human language patterns.
And Google has even programmed in the pauses and random words such as
“Um” and “Ah” humans use in conversations.
I think I understand! Scary.
https://www.bespacific.com/privacy-by-design-building-a-privacy-policy-people-actually-want-to-read/
Privacy by
Design: Building a Privacy Policy People Actually Want to Read
Privacy
by Design: Building a Privacy Policy People Actually Want to Read
By Richard Mabey, CEO of Juro,
the end-to-end contract management platform.
“We’ve been banging on about legal design at
Juro for some time now. So, when it came to updating our privacy
policy ahead of GDPR it was important to us from the get-go that our
privacy policy was not simply a compliance exercise. Legal documents
should not be written by lawyers for lawyers; they should be useful,
engaging and designed for the end user. But it seemed that we
weren’t the only ones to think this. When we read the regulations,
it turned out the EU agreed. Article 12 mandates that privacy
notices be “concise, transparent, intelligible and easily
accessible”. Legal design is not just a nice to have in the
context of privacy; it’s actually a regulatory imperative. With
this mandate, the team at Juro set out with a simple aim: design a
privacy policy that people would actually want to read. Here’s how
we did it…”
A marketing guide?
Russia's
2016 Facebook Strategy Exposed in Trove of 3,500 Ads
A trove of thousands of Russian-backed Facebook
ads, being made public for the first time, shows that Russia’s main
goal was provoking discontent in the U.S., leading to and continuing
beyond Donald Trump’s election in 2016.
The ads, which are one of the clearest
demonstrations of Russia’s financial investment in disrupting
American politics, have been much discussed by Congress, Facebook and
Special Counsel Robert Mueller behind closed doors.
… The 3,519 ads, released
Thursday by Democrats on the House Intelligence Committee, were
posted between 2015 and 2017. They were designed to draw clicks from
people who had liked Facebook groups on both sides of emotional
issues involving gun regulations, Muslims, gay rights, immigration,
African-Americans – and various candidates.
Making it hard to trust government?
DHS: Not
Entitled to Its Own Facts
The Department of Homeland Security (DHS) came out
with a press
release late last week, proclaiming that the “number of illegal
border crossers” at the southwest border had more than tripled in
April 2018 in comparison to April 2017. For the second month in a
row, according to DHS, “we have seen more than 50,000 individuals
try to illegally enter the United States.” Despite DHS’s
breathless claims to the contrary, the numbers don’t demonstrate a
“continuing security crisis along our southwest border.” Rather,
DHS’s blatant misrepresentation of newly released Customs and
Border Protection (CBP) data
is typical of the agency’s efforts to re-make data in support of
the Trump administration’s anti-immigrant agenda. It follows the
bad example set by the misleading and inaccurate January 2018 report
issued by DHS and the Department of Justice (DOJ), which
cherry-picked information to find ways to blame foreign nationals and
foreign-born Americans (especially Muslims) for all terrorism in the
U.S., and which has prompted the Brennan Center and others to file a
lawsuit
under the Data Quality Act.
… The press release also attempts to pull a
sly bait-and-switch: immediately after telling us that illegal border
crossings are up, it tells us that “more than 50,000 individuals
tr[ied] to illegally enter the United States.” But all 50,000 did
not actually enter the U.S. illegally, because the total number
includes 12,690 people who were deemed inadmissible when they
asked to be admitted through ports of entry at the border. Folks
lining up to have their passports checked at the border is hardly the
stuff of a “security crisis.”
Finally, the context regarding the tripling of
numbers between April 2017 and April 2018 that DHS fails to mention
is critical here. The April 2017 numbers were not only the lowest
for any month of 2017, and not only the lowest of any April in at
least the last six years, but the lowest number of any month for
at least the last six years, making the comparison an outlier at
best. Nor is the April 2018 number a particularly alarming
spike in the broader view. April numbers for both 2013 and 2014 were
higher than April 2018 by thousands.
Self driving vehicles are annoying?
Tech
founders take their self-driving food-delivery robots out of San
Francisco to focus on cities where they feel more welcome
… Beginning in 2016, companies like Marble
and Starship
Technologies started road testing self-driving delivery robots
that ferry food and groceries to a customer's door. These bots
promised to bring convenience for city dwellers and reduce the number
of delivery vehicles on the road.
But San Francisco threw the brakes on delivery
robots. In December, city officials passed some of the US's most
restrictive regulations on delivery robots.
Starship's founders, Ahti Heinla and Janus Friis,
both of whom previously helped launch Skype, say their robots have
left San Francisco to focus on cities where they're welcome.
Interesting. After all, 5 billion flies can’t
be wrong, eat garbage!
Crowdsourcing
& Data Analytics: The New Settlement Tools
Chao, Bernard and Robertson, Christopher T. and
Yokum, David V., Crowdsourcing & Data Analytics: The New
Settlement Tools (April 30, 2018). U
Denver Legal Studies Research Paper No. 18-13. Available at
SSRN: https://ssrn.com/abstract=3171186
“In the jury trial rights, the State and Federal
Constitutions recognize the fundamental value of having laypersons
resolve civil and criminal disputes. Nonetheless, settlement allows
parties to avoid the risks and cost of trials, and settlements help
clear court dockets efficiently. But achieving settlement can be a
challenge. Parties naturally view their cases from different
perspectives, and these perspectives often cause both sides to be
overly optimistic. This article describes a novel method of
providing parties more accurate information about the value of their
case by incorporating layperson perspectives. Specifically, we
suggest that working with mediators or settlement judges, the parties
should create mini-trials and then recruit hundreds of online mock
jurors to render decisions. By applying modern statistical
techniques to these results, the mediators can show the parties the
likelihood of possible outcomes and also collect qualitative
information about strengths and weaknesses for each side. These data
will counter the parties’ unrealistic views and thereby facilitate
settlement.”
It’s not the fine, it’s the future.
RBS is
swallowing a 'milestone' $4.9 billion fine for its role in the
financial crisis — and shares are going up
… RBS
announced on Thursday it has reached a deal with the US
Department of Justice to pay a civil penalty of $4.9 billion to
settle allegations of misselling mortgage-backed securities in the US
between 2005 and 2007. These complex debt products, which were
underpinned by bundled of mortgages, were one of the key triggers of
the crisis.
… RBS shares jumped as much as 6% at the open
in London.
While the share jump may seem counterintuitive,
the fine brings resolution to an issue that has long hung over RBS
and is also not as bad as some feared. Last year investors worried
that the bank could
be hit with a fine as big as $10 billion for its actions in the
run-up to the crisis.
No comments:
Post a Comment