Thursday, September 27, 2018

“In hackers we trust?” Part of a larger management problem at the time.
Uber to pay record $148 million over 2016 data breach

Uber will pay $148 million to settle an investigation into a 2016 data breach that the company was accused of intentionally concealing.

The settlement with attorneys general for all 50 states and Washington, DC, will be split among the states. It's the largest ever multi-state data breach settlement, according to the New York attorney general.
The investigation was called to look into allegations that the ride-share company violated state-level notification laws by intentionally withholding that hackers stole the personal information of 57 million users in 2016.
The breach wasn't disclosed until late 2017, when Uber revealed that it paid the hackers $100,000 to destroy the data. In April, Uber settled a case with the Federal Trade Commission, which was investigating claims that Uber deceived customers over this breach.
As part of the settlement, Uber has agreed to develop and implement a corporate integrity program for employees to report unethical behavior. It also agreed to adopt model data breach notification and data security practices, as well as hire an independent third party to assess its data security practices.
… The settlement comes as Uber attempts to clean up its practices. In July, for example, Uber finally hired a chief privacy officer: Ruby Zefo, became Uber's top executive focused on privacy. Matt Olsen also joined as chief trust and security officer.




Coming soon to a precinct near you!
The Crisis of Election Security
… when Jenkins met E.A.C. officials and the executive director of the National Association of Secretaries of State for a brief discussion before the scheduled call, what was supposed to be a half-hour meeting bled into four hours, as he and his staff got a crash course in election administration. Internet voting, they learned, was the least of their concerns; the real problems were the machines used to cast and tally votes and the voter-registration databases the Russians had already shown interest in hacking. The entire system — a Rube Goldberg mix of poorly designed machinery, from websites and databases that registered and tracked voters, to electronic poll books that verified their eligibility, to the various black-box systems that recorded, tallied and reported results — was vulnerable.
Two years later, as the 2018 elections approach, the American intelligence community is issuing increasingly dire warnings about potential interference from Russia and other countries, but the voting infrastructure remains largely unchanged.




I wonder if they offered him a scholarship? (Or if Apple is paying his tuition…)
Apple hacking teenager avoids jail time for 'Hacky hack hack'
He pleaded guilty to accessing Apple's systems multiple times over a period of two years, but today an Australia teenager (who cannot be named for legal reasons) escaped conviction and will not serve time in prison for hacking Apple.
The boy accessed Apple's mainframe from his Melbourne home, reportedly because he was a fan of the company and wanted to work there in the future. He was 16 years old when he first gained access.
He downloaded 90GB of data and stored them in a folder on a family computer called "Hacky hack hack".
"Your offending is serious, sustained and sophisticated," the magistrate said, as reported by The Age. "You knew what you were doing was wrong."
The teenager pleaded guilty back in August, but was sentenced Thursday, Sept. 27. No conviction will be recorded, but an eight month probation order will be put in place.
The teenager has since been accepted into university to study criminology and cyber safety.




Probably not a good way to test your upgrades.
H-E-B stores across Texas briefly shut down because of software problem
H-E-B stores across Texas were briefly closed late this morning because of software glitch.
… H-E-B officials said that all stores were open by early Wednesday afternoon.
… The H-E-B store on Weber Avenue closed and all customers were forced to leave the facility for a few minutes shortly after the glitch was discovered.
… Many people tweeted that H-E-B employees were passing out treats and cookies to keep customers calm while they waited. It wasn’t a surprise, Campos told the Express-News.
… Some customers mentioned on Twitter that some products were ringing up free at checkout.




RTFM! Read The Freaking Manual!
The Always-On Police Camera
Last summer, the Baltimore police officer Richard Pinheiro submitted body-camera footage as evidence in a drug bust. In Pinheiro’s video, filmed on an Axon Body 2 camera, he wanders through a junky backyard for a few moments before spotting, among the detritus, a discarded soup can. He picks it up and pulls out a small baggie of white pills that he and two other officers would later claim belonged to the suspect. Pinheiro and the other officers arrested the man, then submitted the evidence against him—the baggie, their testimony, and the video—to the Baltimore Police Department.
What Pinheiro and the other officers didn’t seem to realize was that the Axon Body 2 camera has a “fail-safe” feature. The camera is always on and always saves the 30 seconds of footage prior to the officer activating the record button. Those 30 seconds told an entirely different story. In footage Pinheiro was unaware anyone—let alone a jury—would ever see, he pulls a baggie of drugs from his pocket. In full view of the two other officers, he places the baggie in the soup can and drops it on the ground. Pinheiro then presses record and, with the cameras rolling, serendipitously “discovers” the soup can.




A sneaky test? Are they that concerned about a negative precedent?
Test Case Probes Jurisdictional Reach of GDPR
Given the potential size of GDPR fines, it has always been likely that there would be GDPR appeals. While business needs to know how the regulators will enforce the regulation, the regulators need to know how the courts will react to appeals. It has always been likely that the regulators would test the water quietly before embarking on any major action against a major company.
It should be no surprise that this has already happened. The UK's Information Commissioner's Office (ICO) quietly delivered a GDPR enforcement notice on the Canadian firm AggregateIQ Data Services Ltd (AIQ) back on July 6, 2018. The ICO did not publish the notice on its 'enforcement action' page as it usually does (including, for example, details of the £500,000 fine it imposed on Equifax, dated September 20, 2018).
Instead, the AIQ notice was published as an addendum to a report entitled 'Investigation into the use of data analytics in political campaigns'. Here it remained unnoticed until found and highlighted by law firm Mishcon de Reya LLP last week.
Equally unnoticed is that AIQ has unsurprisingly appealed the notice. Since appeals are not handled by the ICO, there is no mention of it on the ICO website. Appeals against ICO notices are handled by the General Regulatory Chamber (GRC) of HM Courts & Tribunals Service. This site lists that an AggregateIQ Data Services Ltd ("AIQ") appeal against an unreferenced ICO decision notice was received on 30 July 2018 – which brings it perilously close to the allowed 28-day appeal period.
No further details are given, and no hearing date is listed. SecurityWeek has requested a copy of the appeal (reference EA/2018/0153); which may or may not be allowable under the Freedom of Information Act.
In effect, this is a test case to see how the courts view the extension of European regulations (in this instance, specifically the UK implementation of GDPR) beyond the borders of the European Union. AIQ is a Canadian firm, and Canada is a softer target than the United States. Nevertheless, the case is likely to provide important information to European regulators before they take on any of the big U.S. tech companies. Smaller U.S. firms should still monitor the outcome to gauge their own exposure to GDPR.




Perspective.
See how new data-science tools are determining who gets hired, in this episode of Moving Upstream: “Hiring is undergoing a profound revolution. Nearly all Fortune 500 companies now use some form of automation — from robot avatars interviewing job candidates to computers weeding out potential employees by scanning keywords in resumes. And more and more companies are using artificial intelligence and machine learning tools to assess possible employees. DeepSense, based in San Francisco and India, helps hiring managers scan people’s social media accounts to surface underlying personality traits. The company says it uses a scientifically based personality test, and it can be done with or without a potential candidate’s knowledge. The practice is part of a general trend of some hiring companies to move away from assessing candidates based on their resumes and skills, towards making hiring decisions based on people’s personalities…”


(Related)
Tech Giants Launch New AI Tools as Worries Mount About Explainability
Concerns about transparency and ethics in artificial intelligence are mounting, prompting cloud services companies to launch new tools that explain the decision-making behind their AI algorithms.
Executives in regulated industries such as accounting and finance say it’s crucial that both data scientists and non-technical business managers understand the processes behind an algorithmic decision. That knowledge could have far-reaching impacts in guarding against potential ethical and regulatory breaches, especially as enterprise-level AI algorithms become widespread.
About 60% of 5,000 executives polled in a recent study by IBM’s Institute of Business Value said they were concerned about being able to explain how AI is using data and making decisions in order to meet regulatory and compliance standards. That’s up from 29% in 2016.


(Related) ...and it’s not just AI.
How computer software can make policy, explained by family separation at the border
I was listening to the New York Times daily podcast a few weeks ago when a segment caught my attention.
… The podcast detailed how border agents process people coming across the border. They use a computer program that allows them to categorize people in one of three ways: as an “unaccompanied minor,” an “individual adult,” or an “adult with children,” which refers to the whole family unit. Each case gets assigned an identification number, and families (”adults with children”) shared one ID number.
This seemed to work fine, until the Trump administration ordered these agents to separate these same families. In order to do that, border agents reprocessed members of families as either individual adults or unaccompanied minors, and gave everyone new identification numbers, thus losing the one piece of data that connected the members of the family in the system. So, when the court ordered that agents reunite families, those same processing center records no longer reflected which children belonged to which parents.




This is (probably) not fake news!
Tech and ad giants sign up to Europe’s first weak bite at ‘fake news’
The European Union’s executive body has signed up tech platforms and ad industry players to a voluntary Code of Practice aimed at trying to do something about the spread of disinformation online.
Something, just not anything too specifically quantifiable.
According to the Commission, Facebook, Google, Twitter, Mozilla, some additional members of the EDIMA trade association, plus unnamed advertising groups are among those that have signed up to the self-regulatory code, which will apply in a month’s time.




Perspective. How many is too many?
Detroit's Bird, Lime rental scooter craze hits an obstacle
The rental scooter trend has collided with its first major obstacle in Detroit: a city government-imposed cap on the number of scooters.
The two companies that dropped off handfuls of scooters in Detroit this summer — Bird Rides and Lime — have quickly expanded and recently hit the city's per-company limit of 300 scooters.
So, for now, the total number of electric scooters available in Detroit will stay at or below 600.
This restriction could frustrate some weekend sightseers as well as downtown-area residents and workers who have come to rely on finding nearby Birds and Limes for their rush-hour work commutes and just getting around. But non-riders who consider the scooter craze annoying may appreciate the cap.




For my geeks.
Google Curriculum, College Credit
“Google made its first substantial foray into postsecondary education in January, with the creation of a new online certificate program aimed at people who are interested in working in entry-level IT support roles. Necessity was a key motivator for the technology giant, which like most has struggled to find enough IT hires and also is seeking to diversify its work force. And many observers say the move by such a powerful player in the economy is an intriguing sign of what could happen if big employers in high-demand industries increasingly take a hands-on role in postsecondary education and training. In its first five months, more than 40,000 learners enrolled in the Google certificate program, with 1,200 completing. “It’s a whole new marketplace, and it’s driven by the employers and the students,” said Ray Schroeder, associate vice chancellor for online learning at the University of Illinois at Springfield. “These companies for the most part don’t want to get into education. They’re going to do it because it needs to be done.” Instead of the typical approach of designing credential programs to meet employer demand, a growing number of colleges are following Google’s lead and creating college credit-bearing and accredited versions of the new certificate. So far more than 25 community colleges and Northeastern University have signed on to offer credit for the certificate program. Company officials say its content can be tweaked easily by college faculty members to create a customized certificate or stackable pathway to a degree. “We built the curriculum to be modularized,” said Natalie Van Kleef Conley, a senior product manager for Grow With Google. “It’s very flexible for them to use it as they see fit.” Finding qualified candidates for IT support jobs has long been a problem for Google and its parent company, Alphabet, which employs 85,000 people. “We were struggling to find hires. And we knew we couldn’t be the only company,” Conley said, adding that “we realized that being qualified didn’t mean having a four-year degree.” IT support is a hot occupation, currently accounting for 150,000 open positions in the U.S., according to Burning Glass Technologies, which analyzes the employment market. These are typically middle-class jobs, with federal data showing an average starting salary of $52,000…”




Worth browsing?
Einstein's Archives Online
More than 80,000 of Albert Einstein's documents and drawings are now available to view for free at Einstein Archives Online. The archives include not only his scientific work but also his images and documents from his travels and thoughts on the world in general.




Are you sure Scott Adams isn’t talking about the White House?


No comments: