Saturday, July 07, 2018

See? You can tell when your data was accessed. Why don’t more companies do this?
There is a follow-up to an incident involving exposed Los Angeles County 211 call logs. The misconfiguration had been discovered by UpGuard and was reported in May.
Now the County has submitted its report to the California Attorney General’s Office. It states, in part:
Our investigation determined that the incident was caused by an employee who inadvertently misconfigured the settings during a recent upgrade, which caused a database file to be accessible from the internet. Our investigation also confirmed that the only unauthorized access was by the security firm who initially reported this incident to us, which access took place between March 14 and April 23, 2018. The security firm has assured us that all copies of the data have been destroyed. Based on our investigation to date, we have no evidence of any misuse of your information.
What Information Was Involved
The database contained information related to a call to 211 LA County that included your name and Social Security number, and driver’s license number provided during the course of the phone call.
Interestingly (to me, anyway), they don’t mention whether any medical information was involved, although UpGuard’s report had provided redacted examples of people calling for help getting resources for mental health issues, etc.




For my Computer Security students.
Survey identifies three types of consumer attitudes to data privacy
… A poll of 11,474 consumers commissioned by market intelligence consortium DMA has revealed that 51% are more than happy to hand over their personal data to businesses that can offer a clear benefit in exchange.
The report – Global data privacy: What the consumer really thinks – places these 51% into a category called “data pragmatists,” a group described as those who exchange their data as long as there’s a clear benefit.
Another important demographic is the “data unconcerned” (26%), described by the surveyors as those who do not mind how and why their data is used. The remaining 23% are the so-called “data fundamentalists,” or those who never share their data for any reason.




Perspective. Lots and lots of evil? But, is it enough?
Twitter is sweeping out fake accounts like never before, putting user growth at risk
Twitter has sharply escalated its battle against fake and suspicious accounts, suspending more than 1 million a day in recent months, a major shift to lessen the flow of disinformation on the platform, according to data obtained by The Washington Post.
The rate of account suspensions, which Twitter confirmed to The Post, has more than doubled since October, when the company revealed under congressional pressure how Russia used fake accounts to interfere in the U.S. presidential election. Twitter suspended more than 70 million accounts in May and June, and the pace has continued in July, according to the data.
… But Twitter’s increased suspensions also throw into question its estimate that fewer than 5 percent of its active users are fake or involved in spam, and that fewer than 8.5 percent use automation tools that characterize the accounts as bots. (A fake account can also be one that engages in malicious behavior and is operated by a real person. Many legitimate accounts are bots, such as to report weather or seismic activity.)




Perspective. Because my students are interested.
Long Road Ahead: The Promise — and Perils — of Self-driving Cars
Listen to the podcast:
Wharton management professor John Paul MacDuffie describes the state of play – and the future – of the self-driving car industry.




For the student resource toolkit.


Friday, July 06, 2018

Perhaps I could quiz my students?
Business, Technology, and Ethics: The Need for Better Conversations
… Two examples illustrate how the intersection of business, technology, and ethics can be problematic. First, let’s look at Facebook’s recent troubles. The social network sold data to companies that were trying to influence the 2016 U.S. presidential election. It also took money for nearly 3,000 political ads from foreign entities without disclosing who purchased them. The results have been devastating to the company. Many people have closed their accounts, and Facebook CEO Mark Zuckerberg has had to apologize and defend the company to inquiries from the U.S. Congress and European regulators. It is unclear what the long-term results of these incidents will be for both the company and for Facebook users.
Google faced similar problems, but it had a completely different response. In 2006, Google began operating within the Chinese market under that government’s condition that Google would censor any content that Chinese authorities saw as offensive, such as coverage of the Tiananmen Square demonstrations of 1989. But after Chinese hackers began attacking the company and the Gmail accounts of Chinese human rights activists, Google reversed its decision to assist the government in suppressing information. Google has since taken a censorship-free approach to the market largely due to the views of its stakeholders, who are mostly in favor of an open internet.




Always! (Do I win a prize for answering correctly?)
… If you search around the internet, you’ll find that most writing about algorithmic explainability falls into two camps. Advocates for rapid technology adoption often argue that humans are no better at explaining decisions than machines, and so we should table the question to accelerate innovation. These rhetorical arguments do not help professionals responsible for regulatory compliance. On the other hand, critics demand stringent requirements for transparency and vilify a “move fast and break things” culture. These arguments can stifle adoption, as not all machine learning use cases require the same level of oversight and accountability — some decisions are more important to be able to explain than others.




Plead “Crazy!”
Steven D. Zansberg of Ballard Spahr writes:
Judge Carlos E. Samour, Jr., on June 29 ordered unsealed the court filings surrounding psychiatric evaluations of James Eagan Holmes, the man convicted of killing 12 people and wounding 70 others in the Aurora, Colorado, theater shooting on July 20, 2012. As a result, the public will be able to see, for the first time, the reports two independent psychiatrists filed with the Court, and the treatment notes of two University of Colorado mental health professionals who counseled Mr. Holmes before his deadly rampage.
The ruling may be of significance beyond Colorado because it instructs judges elsewhere that reports of court-appointed psychiatric expert witnesses are not privileged and that defendants who place their mental state at issue in a criminal case thereby waive their doctor-patient privilege in actual treatment records that are entered into evidence.
Read more on The National Law Review.




Were the Supremes too quick?
Zing-a-ding. TheNewspaper.com reports:
State supreme courts do not always agree with the constitutional pronouncements of the US Supreme Court. State courts are free to cite more stringent provisions of their state constitutions if they wish to provide greater protections for residents. The Iowa Supreme Court did just that last week when it shot down the federal court’s doctrine allowing police to search any car at will without a warrant merely by finding a reason to tow it away so an “inventory” search can be made.
“We accept the invitation to restore the balance between citizens and law enforcement by adopting a tighter legal framework for warrantless inventory searches and seizures of automobiles under article I, section 8 of the Iowa Constitution than provided under the recent precedents of the United States Supreme Court,” Justice Brent R. Appel wrote. “In doing so, we encourage stability and finality in law by decoupling Iowa law from the winding and often surprising decisions of the United States Supreme Court.”
Read more on TheNewspaper.com.
[From the article:
"The end result of Whren, Atwater, and Bertine is law enforcement has virtually unlimited discretion to stop arbitrarily whomever they choose, arrest the driver for a minor offense that might not even be subject to jail penalties, and then obtain a broad inventory search of the vehicle – all without a warrant," Justice Appel wrote. "When considered in context, the inventory search does not emerge as something for the benefit of the owner or driver, but instead is a powerful unregulated tool in crime control."




Perspective. An interesting read…
How the Blockchain Can Transform Government


Thursday, July 05, 2018

Security failures are often management failures. This is especially true when management fails to learn from their mistakes.
Peter Cowan reports:
For the second year in a row the provincial government’s salary disclosure includes names and salaries that shouldn’t have been released.
The list, which is often called the “sunshine list” reveals the names and salary information for anyone making more than $100,000.
Read more on CBC.


(Related) I never have to look far to find really good “Bad Examples” for my Computer Security class.
Nico Arboleda and Steven Kiernan report what is pretty much a total destruction breach:
Digital marketing and web provider Cyanweb Solutions lost nearly all customer data and backups after a “criminal hacking incident” that compromised one of its servers last week.
The three-staff, Perth-based company provides web design, hosting, online marketing and search engine optimisation for around 500 clients. The company did not have offsite backups in place.
According to an advisory posted on its website, “A professional hacking group attacked, infiltrated the server and destroyed all data, including all available backup data.
Read more on CRN.




Should we expect more lawsuits in Richmond?
Joseph J. Lazzarotti, Jason C. Gavejian and Maya Atrakchi of Jackson Lewis write:
Cybersecurity incidents are on the rise, and so too is data breach litigation brought by plaintiffs who allege they were harmed by the unauthorized exposure of their personal information. Federal circuits across the United States are grappling with the issue of what satisfies the Article III standing requirement in data breach litigation, when often only a “risk of future harm” exists.
The United States Court of Appeals for the Fourth Circuit (“the Fourth Circuit”) is the latest circuit court to weigh in on standing in data breach litigation. In Hutton v. National Board of Examiners in Optometry, the court held that the plaintiffs satisfied the Article III standing requirement by alleging hackers stole and misused their personally identifiable information (PII), even though no financial loss was incurred.




Will right-wing hackers start sending compromising data to immigrant phones?
Europe is using smartphone data as a weapon to deport refugees
Smartphones have helped tens of thousands of migrants travel to Europe. A phone means you can stay in touch with your family – or with people smugglers. On the road, you can check Facebook groups that warn of border closures, policy changes or scams to watch out for. Advice on how to avoid border police spreads via WhatsApp.
Now, governments are using migrants' smartphones to deport them.
Across the continent, migrants are being confronted by a booming mobile forensics industry that specialises in extracting a smartphone’s messages, location history, and even WhatsApp data. That information can potentially be turned against the phone owners themselves.
In 2017 both Germany and Denmark expanded laws that enabled immigration officials to extract data from asylum seekers’ phones. Similar legislation has been proposed in Belgium and Austria, while the UK and Norway have been searching asylum seekers’ devices for years.
… Over the six months after Germany’s phone search law came into force, immigration officials searched 8,000 phones. If they doubted an asylum seeker’s story, they would extract their phone’s metadata – digital information that can reveal the user’s language settings and the locations where they made calls or took pictures.
… If a person says they were in Turkey in September, for example, but phone data shows they were actually in Syria, they can see more investigation is needed.
Denmark is taking this a step further, by asking migrants for their Facebook passwords. Refugee groups note how the platform is being used more and more to verify an asylum seeker’s identity.




Good or bad, it is another way for governments to tax citizens.
Uganda leader says social media used for 'lying', defends tax for access
Uganda’s President Yoweri Museveni has defended the country’s new social media tax, saying Ugandans were using such platforms for “lying”, and squandering the nation’s hard currency on fees to foreign-owned telecoms firms.
In May Uganda’s parliament passed new tax laws that introduced a levy of 200 shillings ($0.05) per day for access to a range of online services.
The platforms that have been identified by the country’s revenue service for the tax include Facebook, Twitter, WhatsApp, Google Hangouts, YouTube, Skype, Yahoo Messenger and many others.
The tax, collected by mobile phone internet service providers since July 1, is equivalent to about 20 percent of what typical Ugandan users pay for their mobile phone data plans.




Clearing the path?
Facebook Ads Offer Peek at Looming Supreme Court Fight
Even before President Trump’s new Supreme Court nominee is announced, a fight over the choice is raging on social media.
In the days since Justice Anthony M. Kennedy said he would retire, partisan groups have turned to Facebook, Twitter and other social networks with political ads. Some of the ads urge voters to pressure their senators to block or speed the confirmation process for Mr. Trump’s eventual nominee. Others oppose allowing specific jurists to fill the vacant seat.
Judicial Crisis Network, an organization that promotes conservative judicial nominees, announced last week that it would spend more than $1 million to support Mr. Trump’s nominee. So far, the group has spent as much as $140,000 on a series of nearly two dozen Facebook ads. Many of the Facebook ads are targeted at users in North Dakota, Indiana and West Virginia, all red states with vulnerable Democratic senators who are up for re-election this year.
… Demand Justice, an organization formed this year by veterans of the Hillary Clinton and Barack Obama campaigns, began running Facebook ads on Monday urging voters to “stop Trump’s SCOTUS takeover.” The group, which has said it plans to raise $10 million this year, has also run ads opposing Brett Kavanaugh, Amy Coney Barrett and Amul Thapar, three judges who are reported to be on Mr. Trump’s shortlist for the Supreme Court.
… These groups, which are classified as 501(c)(4) advocacy groups, are not required to identify their donors or disclose much of their spending. But new Facebook ad policies are for the first time giving a glimpse of how money from these organizations flows through social media.
In an attempt to avoid a repeat of 2016, when Russian disinformation campaigns successfully exploited flaws in its network, Facebook recently began requiring political advertisers to authenticate themselves as residents of the United States and label every ad with a “paid for by” indication. The company also began archiving all paid political content on Facebook and Instagram, including promoted news, in a searchable public database, along with information about how much was spent on the ads and basic details about how they were targeted.




Are we ready for this election? I doubt it.
Intel Committee Releases Unclassified Summary of Initial Findings on 2017 Intelligence Community Assessment
News release: “Today [July 3, 2018], Senate Select Committee on Intelligence Chairman Richard Burr (R-NC) and Vice Chairman Mark Warner (D-VA) released the Committee’s unclassified summary of its initial findings on the Intelligence Community Assessment (ICA) on Russian activities in the 2016 U.S. elections. The Committee finds that the overall judgments issued in the ICA were well-supported and the tradecraft was strong. The course of the Committee’s investigation has shown that the Russian cyber operations were more extensive than the hack of the Democratic National Committee and continued well through the 2016 election.
“The Committee has spent the last 16 months reviewing the sources, tradecraft and analytic work underpinning the Intelligence Community Assessment and sees no reason to dispute the conclusions,” said Chairman Burr. “The Committee continues its investigation and I am hopeful that this installment of the Committee’s work will soon be followed by additional summaries providing the American people with clarity around Russia’s activities regarding U.S. elections.”
“Our investigation thoroughly reviewed all aspects of the January 2017 ICA, which assessed that Russian President Vladimir Putin ordered an influence campaign to target our presidential election and to destabilize our democratic institutions,” said Vice Chairman Warner. “As numerous intelligence and national security officials in the Trump administration have since unanimously re-affirmed, the ICA findings were accurate and on point. The Russian effort was extensive and sophisticated, and its goals were to undermine public faith in the democratic process, to hurt Secretary Clinton and to help Donald Trump. While our investigation remains ongoing, we have to learn from 2016 and do more to protect ourselves from attacks in 2018 and beyond.”
The summary is the second unclassified installment in the Committee’s report on Russian election activities. The Committee held a closed door hearing in May to review the ICA on “Assessing Russian Activities and Intentions in Recent U.S. Elections.” Members heard testimony from former Director of National Intelligence James Clapper, former Director of the Central Intelligence Agency John Brennan and former Director of the National Security Agency Mike Rogers, which informed the Committee’s report. You can read a copy of the unclassified summary here.”




Where do your experiences fall?
Stories From Experts About the Impact of Digital Life
“While many technology experts and scholars have concerns about the social, political and economic fallout from the spread of digital activities, they also tend to report that their own experience of digital life has been positive… Over the years of canvassings by Pew Research Center and Elon University’s Imagining the Internet Center, many experts have been anxious about the way people’s online activities can undermine truth, foment distrust, jeopardize individuals’ well-being when it comes to physical and emotional health, enable trolls to weaken democracy and community, compromise human agency as algorithms become embedded in more activities, kill privacy, make institutions less secure, open up larger social divisions as digital divides widen, and wipe out untold numbers of decent-paying jobs. An early-2018 expert canvassing of technology experts, scholars and health specialists on the future of digital life and well-being contained references to some of those concerns. The experts who participated in that research project were also asked to share anecdotes about their own personal experiences with digital life. This report shares those observations…”




Re-purposing an e-discovery tool? Seems like an obvious step to me.
AI spots legal problems with tech T&Cs in GDPR research project
Technology is the proverbial double-edged sword. And an experimental European research project is ensuring this axiom cuts very close to the industry’s bone indeed by applying machine learning technology to critically sift big tech’s privacy policies — to see whether AI can automatically identify violations of data protection law.
The still-in-training privacy policy and contract parsing tool — which is called ‘Claudette‘: Aka (automated) clause detector — is being developed by researchers at the European University Institute in Florence.
… Early results from this project have been released today, with BEUC saying the AI was able to automatically flag a range of problems with the language being used in tech T&Cs.
… In theory, all 15 parsed privacy policies should have been compliant with GDPR by June, as it came into force on May 25. However some tech giants are already facing legal challenges to their interpretation of ‘consent’. And it’s fair to say the law has not vanquished the tech industry’s fuzzy language and logic overnight. Where user privacy is concerned, old, ugly habits die hard, clearly.




Another article for my Security collection.
Do You Know What Apps Have Access To Your Gmail? Here’s How to Find and Remove Them


Wednesday, July 04, 2018

If you have to “agree” to allow this access, would lawyers be inviting a third party into any exchange of data with a client? (Just one scenario that leaps to mind.)
Your phone isn’t listening to you, researchers say, but it may be watching everything you do
You’ve seen the YouTube videos. It’s a shaky-cam iPhone shot with a wide-eyed someone giggling under their breath “cat food,” or some other miscellaneous thing they allegedly never talk about or search for near or on their device. The climax of this plot line hits in the following hours or days after they’ve muttered said random phrase, and they’re suddenly served an ad on Facebook of the exact same thing they said before. Preposterous! It’s the classic “your phone is listening to everything you say,” conspiracy theory that so many people have willingly started to believe. But, according to researchers from Northeastern University, reported by Gizmodo’s Kashmir Hill, this isn’t the case at all. After a yearlong study, they found no evidence that your apps are listening to you, but they did find out that they may be watching everything that you do.
A group of computer science academics ran an experiment that tested over 17,000 of the most popular Android apps in order to determine if any of them recorded audio from the phone’s microphone.
… Using an automated program as a method of interacting with the apps on the devices, all of the traffic created was analyzed and the researchers determined that no audio files were sent to any third-party domains.
… But, the researchers did notice something else funky, according to Gizmodo. Several apps had taken video recordings and screenshots of what people were doing. These screenshots were then sent off to third-party domains.




Free, encrypted speech has a few flaws beyond yelling fire in a crowded theater?
India asks WhatsApp to curb spread of false messages
India has asked Facebook Inc-owned WhatsApp messenger to take steps to prevent the circulation of false texts and provocative content that have led to a series of lynchings and mob beatings across the country in the past few months.
… “The government has also conveyed in no uncertain terms that WhatsApp must take immediate action to end this menace and ensure that their platform is not used for such malafide activities,” it added.




This is going to require a bit of tweaking…
Facebook’s Political Rule Blocks Ads for Bush’s Beans, Singers Named Clinton
Under rules for the new archive that strives for transparency in politics, all sorts of organizations with names linked to presidents are finding their promotions blocked.




Impossible requirements?
… Among the issues raised by the bill is a vague requirement in Article 13 that requires popular websites—estimated to encompass the top 20 percent of sites—to utilize a content filtering system that prevents copyrighted works from ever being posted to the platform. The other key issue is Article 11, also known as the “link tax.” In an effort to push readers back to the homepages of news organizations, lawmakers want to charge websites fees for linking to news and using snippets of text from articles. Both articles have broad implications for upending the way the internet functions as we know it today, but activists have warned from the beginning that online encyclopedias that rely on fair use practices would have their very existence threatened.




Perspective.
Amazon could be coming for CVS, Rite Aid, and Walgreens and over half of consumers say they are on board
In an informal survey of Business Insider readers, Business Insider Intelligence found that the majority of respondents (57%) would use a pharmacy service offered by Amazon over their current pharmacy. The data isn't representative of the general population — Business Insider readers tend to be younger, male, and tech-savvy. Still, we think the data provides a strong indicator that retail pharmaceuticals will be one of the next industries to get "Amazon'd."


(Related) The “old school” view?
Amazon: How The PillPack Acquisition Is Shaking Up The Health Care Sector
… We expect that the move will force some changes on the incumbents, but we don’t think that any of them will be waving a white flag anytime soon. As an example, just last week CVS announced that it will begin shipping prescriptions nationwide for a nominal $4.99 fee. Walgreens also offers the same one-day service for $19.95 (we think that price may drop a bit now).




Perspective.
Netflix Crushes Cable and Broadcast TV for Home Viewing, Survey Finds
Consumers continue to move away from basic cable and broadcast television for Netflix, according to a new survey from financial research firm, Cowen Inc.
… Netflix was most popular, with 27% of respondents saying they used the streaming service most often. Basic cable came in second place at 20%, and broadcast television was third with 18%. YouTube, Hulu, Amazon Prime Video followed. Premium cable channels such as Showtime, HBO and Cinemax were next.


Tuesday, July 03, 2018

Anti-social media. Would this work in a country where citizens trusted the police to catch criminals?
As mob lynchings fueled by WhatsApp messages sweep India, authorities struggle to combat fake news
Five people were killed by a mob in India on Sunday after rumors spread on social media that they were child traffickers, the latest in a string of lynchings tied to fake social media messages that have left officials stunned and grappling with ways to control the rising violence.
More than a dozen people have been killed across India since May in violence fueled mainly by messages on the WhatsApp service. The cases largely feature villagers, some of whom may be using smartphones for the first time.
… In recent days, officials of WhatsApp — owned by Facebook and based in Menlo Park, Calif. — have introduced a new function that allows administrators of groups to control which members can post messages, and the company is testing a plan to label which messages are forwards. WhatsApp is expanding outreach in India as its 2019 general election looms and political parties are signing up “WhatsApp warriors” by the thousands — who, in some cases, spread incendiary content themselves.




I see many many problems with this. A good discussion topic for my students.
Amelia Harper writes:
With the 2017-18 school year going on the books as the deadliest school year in decades, school leaders are looking at ways to prevent more school tragedies. The need to protect the lives of students and teachers has caused school districts to examine a number of solutions, including the increased monitoring of online threats that may affect schools.
These programs do not monitor all social media but look for keywords that indicate threats of violence to others or self-harm. Proponents of the program say that such measures mitigate [perhaps they define it differently. Bob] threats and prevent potential suicides, another important concern. Critics of social media monitoring point to possible violation of privacy concerns, potential human rights violations, and the possible misuse of such monitoring by schools to target students of color.
Read more on Education Dive.
[From the article:
"We are talking about the government actively seeking out children’s social media accounts, both public and private, and combining this information with existing law enforcement or social services records to profile which students are threats," Amelia Vance, of the Future of Privacy Forum, told the commission, saying that such programs should targeted at only "the most serious threats."




It’s a pretty messy mess.
Facebook’s disclosures under scrutiny as federal agencies join probe of tech giant’s role in sharing data with Cambridge Analytica
A federal investigation into Facebook’s sharing of data with political consultancy Cambridge Analytica has broadened to focus on the actions and statements of the tech giant and now involves multiple agencies, including the Securities and Exchange Commission, according to people familiar with the official inquiries.
Representatives for the FBI, the SEC and the Federal Trade Commission have joined the Department of Justice in its inquiries about the two companies and the sharing of personal information of 71 million Americans
… The questioning from federal investigators centers on what Facebook knew three years ago and why the company didn’t reveal it at the time to its users or investors, as well as any discrepancies in more recent accounts, among other issues, according to these people.
… The probe by the FTC, which oversees consumer privacy, concerns whether Facebook violated a 2011 consent decree regarding its privacy practices. An FTC fine could potentially reach into the billions of dollars.




Is there a fix?
Web creator Tim Berners-Lee focuses on fixing the web
Vanity Fair/Hive: “I Was Devastated: Tim Berners-Lee, the Man Who Created the World Wide Web, Has Some Regrets. Berners-Lee has seen his creation debased by everything from fake news to mass surveillance. But he’s got a plan to fix it…
“…Berners-Lee, who never directly profited off his invention, has also spent most of his life trying to guard it. While Silicon Valley started ride-share apps and social-media networks without profoundly considering the consequences, Berners-Lee has spent the past three decades thinking about little else. From the beginning, in fact, Berners-Lee understood how the epic power of the Web would radically transform governments, businesses, societies. He also envisioned that his invention could, in the wrong hands, become a destroyer of worlds, as Robert Oppenheimer once infamously observed of his own creation…
He is now embarking on a third act—determined to fight back through both his celebrity status and, notably, his skill as a coder. In particular, Berners-Lee has, for some time, been working on a new software, Solid, to reclaim the Web from corporations and return it to its democratic roots…”




Perspective. Move fast, pedal your way to success?
Uber launches shared bike service in Austin, entering crowded market
… Operating under the name Jump Bikes, Uber’s service will compete in an increasingly crowded shared services market that has been ramping up ever since dockless, electric scooters started appearing in downtown areas around the country months ago.


(Related)
Lyft gets into bike-share business, acquiring operator of Capital Bikeshare and Citi Bike
… The ride-hailing company acquired Motivate, the operator of Capital Bikeshare and New York’s Citi Bike, among other bikeshare services, in a deal believed to be valued at least $250 million. The company will introduce “Lyft Bikes,” seizing on the momentum around dockless and pedal-assist e-bikes in major U.S. cities


(Related) Find (map) your options.
Citymapper adds dockless bikes and scooters to its urban transport app
Citymapper has been adding a multitude of transport options to its popular city transit app over the past few weeks, with dockless bikes and motorized scooters now appearing globally.




Perspective. Is this always a bad thing?
Co-opting the Constitution: How Corporations Influence American Law
. In his new book, We the Corporations: How American Businesses Won Their Civil Rights, UCLA law professor Adam Winkler explores the 200-year history of how businesses have molded jurisprudence.




Something for website students.


Monday, July 02, 2018

I’m (so easily and frequently) confused. Isn’t this how the government tried to stop Phil Zimmerman from selling the PGP encryption software? Claiming it was a product restricted from export or some such. Is anything being exported here?
US Homeland Security’s ICE demands Twitter release data on cryptic Flash Gordon account – HOTforSecurity
Flash Gordon (@s7nsins), a mysterious Twitter user based in New Zealand, announced in a tweet that the US Department of Homeland Security’ Immigration and Customs Enforcement (ICE) sent Twitter an export enforcement subpoena in April to disclose the real identity of the person behind the account.
ICE demanded private information such as name, address, phone number, credit cards linked to the account, IP address history, complaints filed against the account and any other information that might lead to identifying Flash Gordon. Private messages and similar content were not requested, as a court order is necessary.
… The reasons behind the demand were not explained, but ICE could be interested in uncovering the person’s identity because the account has regularly released information about data breaches and leaked information found on unencrypted servers.


(Related)
Homeland Security subpoenas Twitter for data breach finder's account
… But serving an export enforcement subpoena -- used in cases to investigate US export law violations – is almost unheard of in the case of a data breach involving private and personal information, according to one export controls attorney.
"As a general matter, the subpoena is likely to relate to the development or production of a controlled item, and not names, addresses, and contact information," said the attorney in a phone call, who asked not to be named to avoid any conflicts with his work.
The attorney said that if the subpoena related to the ALERRT breach that this would be "a misuse" of the subpoena power, as the exposed personal data wouldn't be an export control matter.
… The attorney said it's "not clear how a Twitter account could even be relevant in an export control investigation," calling the case a "head scratcher."
The data breach finder said he's been left without answers, and doesn't know which offending tweets – if any – led to the legal process. As we covered last year, several prominent security researchers and data breach hunters spoke of a "chilling effect" on their work.




Gosh, what a shock. Only 102 state and 57 federal taps were encrypted.
Federal and State Wiretaps Skyrocket in Trump’s First Year
DCReport.com: Law Enforcement Sought 3,800 Taps—Not One Request Rejected—And It’s Not All Drug Dealers, David Cay Johnston: “The number of court-approved federal wiretaps rose 30% during Donald Trump’s first year in office, the latest indicator sign of how his administration is shifting our government from facilitating a healthy society into something closer to a police state. Not a single wiretap request, federal or state, was rejected by any judge, an annual disclosure report from the federal courts released on Wednesday. Nearly all the taps were of mobile phones. The report does not include national security intercepts–where, according to a separate report, judges rejected more requests last year than they had, in total, over the 38 years before that. As for the new wiretapping report, while of 3,813 taps were sought and approved, that almost certainly understates the actual number by close to a thousand. That’s because each year many officials were slow complying with the annual disclosures that Congress requires. Based on reports in the previous decade, which had to be revised because officials were late reporting approved wiretaps, as Congress requires they do annually. When the late reports are counted and disclosed next year it is likely that the increase in wiretaps will be not 30% but well more than 40%…”




A bigger part of the business that Mark suggested to Congress?
Facebook gave 61 companies access to sensitive user data
WSJ (paywall) – “Facebook Inc. disclosed it gave dozens of companies special access to user data, detailing for the first time a spate of deals that contrasted with the social network’s previous public statements that it restricted personal information to outsiders in 2015. The deals with app developers, device and software makers, described in 747 pages of documents released to Congress late on Friday / govdoc no paywall [June 29, 2018] represent Facebook’s most granular explanation of exemptions that previously had been revealed by The Wall Street Journal and other news organizations. The revelations come as lawmakers have demanded accountability at Facebook for allowing companies access to data on its billions of users without their knowledge, and questioned how far the universe of firms extends. Facebook said in Friday’s document that the special deals were required to give app developers time to become compliant with changes in its policies, and to enable device and software makers to create versions of the social network for their products. The company revealed it was still sharing information of users’ friends, such as name, gender, birth date, current city or hometown, photos and page likes, with 61 app developers nearly six months after it said it stopped access to this data in 2015. Facebook said it gave these 61 firms—which ranged from the dating app Hinge to shipping giant United Parcel Service Inc.—a six-month extension for them to “come into compliance” with the 2015 policy. In addition, five other companies “theoretically could have accessed limited friends’ data” because of access they received as part of a Facebook experiment, the company said in the document…”




As more data is gathered, more laws must be complied with. Does the strictest regulation always rule?
… It’s unclear just how Amazon plans on integrating PillPack into the rest of its offerings, with rumors of a Prime Prescriptions service or something similarly ominous.
One catch for Amazon, though: Federal regulations stipulating that private medical data, such as prescription histories, can’t be used for marketing purposes like the behavioral tracking Amazon uses to pump up its retail model. According to the Wall Street Journal, the company only has a few limited ways to proceed with patient data: It could compartmentalize the PillPack business into its own unit with limited data-sharing with the rest of Amazon, or it could reorganize the entire Amazon business to become compliant with the Health Insurance Portability and Accountability Act (HIPAA), which would probably be more trouble than it’s worth.


(Related) Too simplistic?
Here's the reason why Amazon is diving into health care
… Amazon's intent for entering into the venture with JPMorgan and Berkshire was to squeeze waste out of the cost of care by dispensing with profit-sucking middlemen like pharmacies.




Perspective. I’ve been wondering why. Perhaps this is an opportunity for companies with employees who do not object to working with the military?
Why Tech Employees Are Rebelling Against Their Bosses
… The revolt is part of a growing political [not Ethical? Bob] awakening among some tech employees about the uses of the products they build. What began as concern inside Google about a Pentagon contract to tap the company’s artificial-intelligence smarts was catalyzed by outrage over Trump administration immigration policies. Now, it seems to be spreading quickly.




I admit, I did not see this coming.
Bitcoin ATMs Becoming the Norm in US Inner Cities
Of the numerous humanitarian applications of blockchain that are being tested, and in some cases already used around the world, implementing cryptocurrency in places where populations are under-served by financial institutes is considered a winner.
Poor countries or island nations with rural people living far from city centers, who have had no chance at getting loans to create a small business or to take payments from family members working abroad through the banking system, can now by using Bitcoin or any number of cryptocurrencies.
Normally it is countries in Africa, South East Asia, or South America that are presented as case studies for the use of digital money. But the number of Bitcoin ATMs popping up in poor inner-city neighborhoods in the US are being used for the same reasons. According to The Virginian-Pilot, there are 80 Bitcoin ATMs in the Detroit area and 2,032 across the country.




I thought this was common. Apparently, I was wrong.
OpenPhone lets you get a business phone number with an app
OpenPhone is an app for iPhone, iPad and Android. After downloading the app, you can get a second phone number for $9.99 per month. It can be a local or a toll-free number in the U.S. or Canada. You can also port an existing phone number and get rid of your second phone.
… There are many advantages in having a second phone number. You can set up a different voicemail, you can also set your availability to control your business hours. You also get voicemail transcription through the OpenPhone app.
OpenPhone uses VoIP and routes all your calls and texts through your internet connection. You get unlimited calls and texts in the U.S. and Canada as part of your subscription.




“I’m shocked, shocked I tell you!”
The US Reportedly Has ‘Unequivocal Evidence’ That North Korea Is ‘Trying To Deceive’ Trump On Its Nuclear Program
… And though North Korea took several steps to indicate it was in the process of dismantling its weapons program, such as blowing up tunnels leading to a nuclear test site, critics who monitored the development say it may have all been for show.
“There’s no evidence that they are decreasing stockpiles, or that they have stopped their production,” a US official familiar with the intelligence report told NBC. “There is absolutely unequivocal evidence that they are trying to deceive the US.”


Sunday, July 01, 2018

Attacks are “mysterious” for obvious reasons.
Kelly Egan reports:
Even weeks after its discovery, Algonquin College is still not sure how many current and former students and employees are affected by a cyber attack that breached data banks.
However, a news release on Friday suggested thousands could be impacted after one of the college’s servers was “compromised” by a hacker.
It is, after all, a huge educational community: about 21,000 full-time students, another 42,000 registered in continuing education and 4,400 full and part-time employees and an alumni roster of 180,000 students.
It’s unclear what kind of information might be at risk — personal, financial or academic.
Read more on Ottawa Citizen.
[From the article:
“We have no reason to believe that financial information was potentially compromised,” communications executive director Scott Anderson said in an email.
… The college is conducting what it calls “a comprehensive forensic review” to determine the size of the breach and the kind of information that was attacked.
… The school said it acted immediately to secure the server once it was made aware of the problem. It has also alerted Ontario’s Information and Privacy Commissioner.
… In March, Algonquin’s chief information security officer, Craig Delmage, was part of a seminar in Perth about cybercrime in which he talked about the vulnerability of many corporate websites. He marvelled at the way hackers keep beating the system.
“Yeah, we probably have hackers at Algonquin College. But we can detect them,” the Perth Courier reported him saying. “It cannot be entirely prevented. You need to work this into your business operations.”




Because “Happy” is mandatory.
Don Lee reports:
At first, it just seemed cool.
When facial recognition cameras were installed at a century-old high school here in eastern China, students got in and out of campus, picked up lunch, borrowed books and even bought drinks from a vending machine just by peering into the cameras.
No more worrying about forgetting to carry your ID card.
But last March, the cameras appeared in some classrooms — and they did a lot more than just identify students and take attendance.
Read more on the Los Angeles Times.
[From the article:
Using the latest artificial intelligence software, the devices tracked students’ behavior and read their facial expressions, grouping each face into one of seven emotions: anger, fear, disgust, surprise, happiness, sadness and what was labeled as neutral.
Think of it as a little glimpse of the future.




If this capability exists (and it does) we could hack into it at any time.
Tracy Crane reports:
Danville police and school officials are working this summer on an agreement that would allow police to access school radio communications and video feeds during an emergency.
Dave Wesner, the city’s corporation counsel, said the agreement would allow Danville police and other emergency personnel to hear radio communications by administrators and teachers during an emergency inside a school, such as a school shooting.
Read more on The News-Gazette.
[From the article:
The agreement states that emergency personnel and law enforcement are restricted to accessing only live video feeds or "video feeds that are reasonably contemporaneous with an emergency event," and only from cameras likely to contain footage related to the emergency.




I’m not sure I believe all these arguments, but enough ring true to make this worth reading.
The Great Russian Disinformation Campaign
In a new book, Timothy Snyder explains how Russia revolutionized information warfare—and presages its consequences for democracies in Europe and the United States.




Perspective.
Mark Zuckerberg is a single point of failure at a company that is systemically important to the internet
Mark Zuckerberg is the founder, CEO, and chairman of the board at Facebook. He also controls a majority of the company's voting stock. His power at the company is complete. He cannot be fired or disciplined. If the directors on his board attempted to remove him, he could simply vote with his stock to replace them with friendlier ones. It is unlikely the current directors would do that because they are each paid at least $350,000 a year, except for the ones who are also Zuckerberg's company employees — they are paid many millions more.
Zuckerberg has much more power than ordinary CEOs at publicly traded companies, many of whom are held accountable by independent board chairmen and directors appointed at the behest of investors. On paper, everything ought to be going his way.
And yet Zuckerberg is at war with his own shareholders. As Business Insider's Jake Kanter reported last week, 83% of independent investors — those stockholders who are not Zuckerberg himself or his managing executives — believe he should be fired as chairman of the board.




Perspective. Interesting that people are just starting to notice this…
Forget the Everything Store—Amazon's an Everything Business
… The thing is, Amazon has always dabbled in many corners of the tech industry as it's pursued its well-worn mantra of "growth before profits." And that means the company is more than the world's largest retailer. It's also an Internet of Things company. A device maker. A payments company. The list goes on. Some bets, like its massive cloud computing service, Amazon Web Services, have proven hugely successful. Others, like the Fire phone, have .... not.
… Just six years after it launched, the company’s cloud computing infrastructure was estimated to run as much as 1 percent of the entire Internet.


(Related) A simple breakout of Amazon businesses.
Amazon Is Trying to Do (and Sell) Everything




Why not just a mobile App?
Here's How The New Postcard-Sized 1040 Differs From Your Current Tax Return