Saturday, August 25, 2018

Imagine what a more subtle antagonist could do.
Russia Isn’t The Only US Foe That’s Learned To Exploit American Social Media
It’s not the endorsement Facebook, Twitter or Google wants.
But the U.S.’s geopolitical adversaries appear to be in agreement: Silicon Valley’s biggest social media companies provide some of the best tools for spreading propaganda.
After months of attention paid to Russia’s influence campaign, Facebook revealed Tuesday that Iran has spent years surreptitiously promoting its interests through inauthentic accounts and pages.
The effort, which started five years before Donald Trump was elected president, consisted of three campaigns that masked Iranian authorities as ordinary citizens, independent news organizations and civil society groups. Facebook said the fake Iranian accounts and pages garnered close to 1 million followers.
… “The main takeaway from Facebook’s announcement is not just that Russia-style meddling is exportable, but that it’s inevitable,” said Chris Meserole, a fellow in the Center for Middle East Policy at the Brookings Institution. “If Moscow authored the playbook, Tehran read it word for word, and they won’t be the only country to do so. Spreading disinformation on Facebook is so easy and effective that we need to assume every foreign adversary will now do it.”

For my Computer Security students.
This week’s news that Microsoft, Facebook, FireEye, and Google disrupted ongoing Russian and Iranian influence campaigns should garner significant attention in corporate boardrooms. The revelation of this fresh round of foreign hacking highlights important points about the intersection of business, geopolitics, and hacking that too often go overlooked — points that are especially important for platform businesses.
Even if geopolitics is the root cause of hacking attempts, corporations may find themselves on the front lines — both as victims but also, increasingly, as defenders. The coordinated action by Microsoft and the cybersecurity company FireEye, coupled with similar action by Facebook and, later, Google, demonstrates as much. The role of the U.S. government in pushing back against these foreign intelligence operations remains at best uncertain, though we can assume that classification and secrecy hide some actions from the public. Nonetheless, as Eric Rosenbach, then a senior cyber policy official at the Pentagon, testified in 2015, “The Department of Defense is not here to defend against all cyberattacks — only that top 2% — the most serious.” Far more frequently, the government isn’t rushing to the rescue.

Grasping the inevitable?
Melanie Ramey of Covington & Burling writes:
On August 14, Brazilian President Michel Temer signed into law the new General Data Privacy Law (Lei Geral de Proteção de Dados Pessoais or “LGPD”) (English translation), making Brazil the latest country to implement comprehensive data privacy regulation.
The law’s key provisions closely mirror the European Union’s General Data Privacy Regulation (“GDPR”), including significant extraterritorial application and vast fines of up to two percent of the company’s previous year global revenue (the GDPR allows for up to four percent in certain aggravated circumstances).
Read more on InsidePrivacy.

Danielle Keats Citron has an article in a forthcoming issue of Yale Law Journal: Sexual Privacy. U of Maryland Legal Studies Research Paper No. 2018-25


Those who wish to expose, control, and distort the identities of women, minorities, and minors routinely do so by invading their privacy. People are secretly recorded in bedrooms and public bathrooms, and “up their skirts.” Victims are coerced into sharing nude photographs and filming sex acts under the threat of public disclosure. People’s nude images are posted online without permission. Machine-learning technology is used to create digitally manipulated “deep sex fake” videos that swap people’s faces into pornography.
At the heart of these abuses is an invasion of sexual privacy—the specific set of identity-enabling and equality-protecting rules and norms that protect access to and information about our bodies; intimate activities; and gender and sexual identities. Invasions of sexual privacy coerce visibility and invisibility, undermining identity formation, human dignity, and equal opportunity. More often, marginalized and subordinated communities shoulder the abuse.
This Article explores how sexual privacy works, and should work. It shows how the efficacy of traditional privacy law is waning just as digital technologies magnify the scale and scope of the harm. We need a comprehensive approach to sexual privacy that includes legislation and updated privacy tort law. This would allow us to see the structural impact of sexual privacy invasions and prompt us to consider the privacy-enhancing and privacy-invading aspects of market efforts.
You can download the full paper from SSRN.

Amy Martyn reports:
While you were watching adult videos on the internet, a hacker who collects Bitcoin was secretly recording a double-screened video, and he’s now preparing to send it to your family and coworkers.
No, not really. But hackers are using stolen passwords to convince strangers online that that’s the case. In emails to unsuspecting victims, the hackers claim that they placed malware on pornography sites to make secret recordings of both the visitor and the site.
The hackers begin the emails by referencing a password linked to one of the recipients’ other accounts in order to convince their victims that they have more information than they really do.
The emails come with a demand for several thousand dollars in Bitcoin, instructions of how to pay, and a threat that the video will be sent to all of the victims’ contacts if they do not pay by a given deadline.
Read more on Consumer Affairs. This is exactly the kind of scam that I had noted on this blog two weeks ago with a sample extortion message.
It’s important to keep in mind that almost everyone has had their login credentials to at least one site breached by now, so the scammers could be able to tell you a password of yours that they had obtained from an older data dump that is still circulating on leak sites or forums. The fact that they have what was a legitimate password of yours, however, does not mean that they infected your system, got videos of you, etc. etc. Don’t panic if you get one of the extortion demands. But do report the scammers to the FBI. You can use their online complaint form at

Interesting read.
Americans’ Privacy at Stake as Second Circuit Hears Hasbajrami FISA Case
… On Monday, the Second Circuit will hear arguments in one of those cases: United States v. Hasbajrami. The case provides an opportunity to push back on two dangerous constitutional myths — along with one outright factual falsehood — that have begun to take root in Section 702 jurisprudence. I’ve discussed each of these in other Just Security posts, but collect and elaborate on them here, as the case readies for argument.

Four Ways Jobs Will Respond to Automation
… Counter to popular belief, it’s not necessarily blue-collar or non-college-educated workers who will be most threatened by automation in the coming decades. Our analysis suggests that a plumber may see less disruption than a legal professional. Simply instructing everyone to engage in continuous education and skill development is remiss. Workers must understand the four paths of job evolution — and the factors behind each path — if they hope to adapt.

Perspective. Not a cure for all that ails them, but perhaps a start?
A majority of U.S. teens are taking steps to limit smartphone and social media use
It’s not just parents who are worrying about their children’s device usage. According to a new study released by Pew Research Center this week, U.S. teens are now taking steps to limit themselves from overuse of their phone and its addictive apps, like social media. A majority, 54% of teens, said they spend too much time on their phone, and nearly that many – 52% – said they are trying to limit their phone use in various ways.
In addition, 57% say they’re trying to limit social media usage and 58% are trying to limit video games.
… Today, tech companies are finally waking up to the problem. Google and Apple have now both built in screen time monitoring and control tools into their mobile operating systems, and even dopamine drug dealers like Facebook, Instagram and YouTube have begun to add screen time reminders and other “time well spent” features.
But these tools have come too late to prevent U.S. children from developing bad habits with potentially harmful side effects.

Amusing. I have students who work there on occasion.
British Conspiracy Theorists Are Convinced This Air Force Base Is US Mind Control HQ
Schriever Air Force Base on the plains east of Colorado Springs has always been a place of mystery.
Home to the 50th Space Wing, which controls satellites including the Global Positioning System, Schriever has been dubbed “Area 52” and “The Place the Air Force Goes When it Wants to be Alone.”
But according to a fringe group headquartered in the United Kingdom, Schriever has another distinction: It’s home to a space-based satellite electronic mind-control and torture system run by the United States.

Because I have a couple students who are interested in machine learning.
Machine learning is the hottest thing in computing right now. It’s easy to see why with the technology being used everywhere, from self-driving cars to law enforcement, to stock market prediction.
TensorFlow is Google’s project based on machine learning and neural networks. Let’s find out what it is, its uses, and how to learn to use it.
… TensorFlow is Google’s open source neural network library, developed by the Google Brain team for a wide range of uses. In essence, TensorFlow removes the need to create a neural network from scratch. Instead, you can train TensorFlow with your data-set and use the results however you wish.
… Machine learning is an incredibly dense subject. A good grasp of statistics, mathematics, programming and general data science are all central to understanding. That said, TensorFlow does make it easy to get hands-on experience even as a beginner. The official TensorFlow tutorial takes a step by step approach for setup and use.
Most TensorFlow projects use the Python programming language. If you are new to the language, there are a wealth of great places to learn Python. If you are already more familiar with JavaScript, TensorFlow has tutorial videos covering the TensorFlow.js library.