Saturday, October 13, 2018

It’s time once again for the Privacy Foundation at University of Denver Sturm College of Law to have its fall seminar! It will be taking place October 26th, from 10:00am-1:00pm (with lunch to follow) at the Ricketson Law Building. The topic is: The EU GDPR (General Directive on Privacy Regulation): Impact on the U.S.
Three CLE credits are pending. The seminar will be free to DU Faculty/Staff/Students/Mentors, and $30 for the general public; additional contributions to the Privacy Foundation, a 501 (c) (3) non-profit, are always welcome. You can find all this information and register online at: http://dughost.imodules.com/gdpr.




Sound familiar? All that security stuff is so tedious.
Zack Whittaker reports:
FitMetrix, a fitness technology and performance tracking company owned by gym booking giant Mindbody, has exposed millions of user records because it left several of its servers without a password.
The company builds fitness tracking software for gyms and group classes that displays heart rate and other fitness metric information for interactive workouts. FitMetrix was acquired by gym and wellness scheduling service Mindbody earlier this year for $15.3 million, according to a government filing.
Last week, a security researcher found three FitMetrix unprotected servers leaking customer data.
Read more on TechCrunch.




Expect many, many more.
Twitter Under Formal Investigation for How It Tracks Users in the GDPR Era
… When Twitter (twtr, +3.67%) users put links into tweets, the service applies its own link-shortening service, t.co, to them. Twitter says this allows the platform to measure how many times a link has been clicked, and helps it to fight the spread of malware through dodgy links.
However, privacy researcher Michael Veale, who works at University College London, suspects that Twitter gets more information when people click on t.co links, and that it might use them to track those people as they surf the web, by leaving cookies in their browsers.
As is his right under the new General Data Protection Regulation (GDPR)—the sweeping set of privacy rules that came into effect across the EU in May—Veale asked Twitter to give him all the personal data it holds on him.
The company refused to hand over the data it recorded when Veale clicked on links in other people’s tweets, claiming that providing this information would take a disproportionate effort. So, in August, Veale complained to the Irish Data Protection Commission (DPC), which on Thursday told him it was opening an investigation. As is common with big tech firms, Twitter’s European operations are headquartered in Dublin, which is why Veale complained in Ireland.




Perspective. Artificial people don’t look cartoonish any more.
Magic Leap’s Mica AI Is Like A 21st Century Rorschach Test
Magic Leap introduced a concept called Mica and called it “her” during a section of its 3-hour keynote this week about how an artificial intelligence could operate as an assistant to humans.
I feel like I met in person what Magic Leap showed in its video.




Perspective. Sometimes it’s hard to picture how big the Indian market is.
5 days, $1 billion: Flipkart and Amazon spur Indian smartphone bonanza
The battle for India's online shoppers has triggered a smartphone gold rush.
Flipkart and Amazon are leading an online sales bonanza that will see Indians buy smartphones worth over $1 billion in just five days, according to tech consultancy Counterpoint Research.
Bangalore-based Flipkart said it sold 1 million devices during the first hour of an online phone sale on Thursday that was part of its "Big Billion Days" shopping festival. By the end of the day, it had sold more than 3 million phones.
… More than 300 million Indians now have smartphones, a number that is growing rapidly as tech companies and the Indian government attempt to bring the rest of the country's 1.3 billion people online.


Friday, October 12, 2018

How would you effectively sanction a government intelligence service?
U.K., Netherlands Lead EU Push for New Cyber Sanctions
The U.K., the Netherlands and other European Union governments are pushing the bloc to expand the scope of its sanctions regime to include cyber attacks, following alleged attempts by Russian and Chinese operatives to infiltrate the computer systems of agencies in Europe and the U.S.
The EU has sanctions protocols in place targeting states for violating nuclear and chemical weapons treaties or harboring terrorism. Now the group of countries, that also includes Estonia, Finland, Lithuania and Romania, wants the bloc to introduce a similar system against the individuals and organizations that are behind cyber-attacks, according to a memo obtained by Bloomberg. EU leaders are slated to discuss security next week in Brussels.
… EU sanctions typically take the form of asset freezes against companies and individuals and travel bans against individuals. The bloc also has the ability to apply broader economic penalties – a policy used against Russia over its encroachment in Ukraine.
The group is recommending that cyber penalties focus on individuals and entities. It said the door should also be left open to making cyber-crimes also subject to “sectoral measures.”
… Attributing cyber attacks remains a key hurdle to any sanctions regime, as bad actors often try to fake data points like internet protocol addresses and domain names that could trace back to them. The countries in their memo, however, pointed to detailed and well-researched reports produced by the private sector using open source evidence.
“The lack of an international response leads” actors to conclude that malicious cyber activity is “low cost,” the countries wrote. “Restrictive measures would be a powerful [??? Bob] tool to change behavior through signaling at a political level that malicious cyber activity has consequences.”




Not the smartest advertising slogan…
Facebook disables accounts for Russian firm claiming to sell scraped user data
Facebook disabled 66 profiles and pages run by a company claiming to sell user data scraped off the social network's platform. Facebook also sent a a cease and desist letter to the company, called Social Data Hub, whose CEO was quoted in Russian telling Inc. that his company is similar to Cambridge Analytica.


(Related) “Russians? We don’t need no stinking Russians!” (Also see the article on Congressional adoption of social media, below)
Made and Distributed in the U.S.A.: Online Disinformation
When Christine Blasey Ford testified before Congress last month about Justice Brett M. Kavanaugh’s alleged sexual assault, a website called Right Wing News sprang into action on Facebook.
The conservative site, run by the blogger John Hawkins, had created a series of Facebook pages and accounts over the last year under many names, according to Facebook.
After Dr. Blasey testified, Right Wing News posted several false stories about her — including the suggestion that her lawyers were being bribed by Democrats — and then used the network of Facebook pages and accounts to share the pieces so that they proliferated online quickly, social media researchers said.
The result was a real-time spreading of disinformation started by Americans, for Americans.
… This month, Twitter took down a network of 50 accounts that it said were being run by Americans posing as Republican state lawmakers. Twitter said the accounts were geared toward voters in all 50 states.
On Thursday, Facebook said it had identified 559 pages and 251 accounts run by Americans, many of which amplified false and misleading content in a coordinated fashion. The company said it would remove the pages and accounts.




Government’s dream?
… Though the details are still being worked out, it’s almost certain that all of us will need our genetic information to be safeguarded, even if you do decide to turn down a well-meaning gift of a free DNA test. According to the researchers, it will take only about 2 percent of an adult population having their DNA profiled in a database before it becomes theoretically possible to trace any person’s distant relatives from a sample of unknown DNA—and therefore, to uncover their identity. And we’re getting ever closer to that tipping point.
“Once we reach 2 percent, nearly everyone will have a third cousin match, and a substantial amount will have a second cousin match,” Erlich explained. “My prediction is that for people of European descent, we’ll reach that threshold within two or three years.”




The world my students will live in.
A Future Where Everything Becomes a Computer Is as Creepy as You Feared
… The industry’s new goal? Not a computer on every desk nor a connection between every person, but something grander: a computer inside everything, connecting everyone.
Cars, door locks, contact lenses, clothes, toasters, refrigerators, industrial robots, fish tanks, sex toys, light bulbs, toothbrushes, motorcycle helmets — these and other everyday objects are all on the menu for getting “smart.” Hundreds of small start-ups are taking part in this trend — known by the marketing catchphrase “the internet of things” — but like everything else in tech, the movement is led by giants, among them Amazon, Apple and Samsung.




I suspect each member hires people who actually understands social media to Tweet, mail, post, blog or whatever. Do they understand the impact of those whatevers? Do they actually analyze the input they (could) receive?
Social Media Adoption by Members of Congress: Trends and Congressional Considerations
“Communication between Members of Congress and their constituents has changed with the development of online social networking services. Many Members now use email, official websites, blogs, YouTube channels, Twitter, Facebook, and other social media platforms to communicate—technologies that were nonexistent or not widely available just a few decades ago. Social networking services have arguably enhanced the ability of Members of Congress to fulfill their representational duties by providing them with greater opportunities to share information and potentially to gauge constituent preferences in a real-time manner. In addition, electronic communication has reduced the marginal cost of communications. Unlike with postal letters, social media can allow Members to reach large numbers of constituents for a fixed cost. This report examines Member adoption of social media broadly. Because congressional adoption of long-standing social media platforms Facebook, Twitter, and YouTube is nearly ubiquitous, this report focuses on the adoption of other, newer social media platforms. These include Instagram, Flickr, and Google+, which have each been adopted by at least 2.5% of Representatives and Senators. Additionally, Members of Congress have adopted Snapchat, Medium, LinkedIn, Pinterest, Periscope, and Tumblr at lower levels. This report evaluates the adoption rates of various social media platforms and what the adoption of multiple platforms might mean for an office’s social media strategy. Data on congressional adoption of social media were collected by an academic institution in collaboration with the Congressional Research Service during the 2016-2017 academic year. This report provides a snapshot of a dynamic process. As with any new technology, the number of Members using any single social media platform, and the patterns of use, may change rapidly in short periods of time. As a result, the conclusions drawn from these data cannot necessarily be generalized or used to predict future behavior..”




When lawyers go to far…
Champagne Remark May Cost Lawyer $289 Million Bayer Award
The lawyer most responsible for winning a $289 million verdict against Bayer AG may end up wiping it out.
Brent Wisner was the lead trial attorney who in August convinced a jury that Monsanto Co.’s Roundup weed killer caused his client’s cancer. His compelling arguments and marshaling of evidence resulted in a blockbuster verdict that has spooked investors looking ahead to thousands of similar lawsuits across the U.S. pending against Monsanto, which Bayer acquired in June.
But Wisner’s closing arguments at trial irked the judge handling the case so profoundly that she’s considering tossing the verdict and ordering a new trial. The lawyer told jurors that Monsanto executives in a company board room were "waiting for the phone to ring" and that "behind them is a bunch of champagne on ice," according to a court filing. He said that “if the damages number isn’t significant enough, champagne corks will pop.”
At a hearing Wednesday, San Francisco Judge Suzanne Ramos Bolanos cited a number of reasons why she’s inclined to set aside or dramatically cut the verdict. But she singled out the champagne comment as she questioned whether Wisner’s impassioned rhetoric crossed a line. Wisner also told jurors their decision could “change the world” and they could become a “part of history.” Bolanos said the comments may prove “sufficiently prejudicial” to warrant a new trial.




Perspective. Automating fulfillment centers could save Amazon $15 per hour times a couple of hundred thousand employees.
CommonSense Robotics launches micro-fulfillment center in Tel Aviv
Imagine if your neighborhood grocery or convenience store offered one-hour, on-demand fulfillment — not through intermediaries like Postmates or Instacart, but entirely in-house — and made a profit on every order. As fantastical as the idea might seem, that’s the promise of CommonSense Robotics, an Israeli micro-fulfillment startup that today launched its first autonomous sorting and shipping center in downtown Tel Aviv.
… thanks to a combination of robotic sorting systems and artificially intelligent (AI) software, it can prepare orders faster than the average team of human workers — typically in less than three minutes.




Something to mention to my students.
Expert attorneys command 4 figure hourly billing fees
The Business Journals [paywall]: “Boston-based Ropes & Gray partner Douglas Meal, one of the most sought-after data privacy and cybersecurity attorneys in the country, typically charges $1,550 an hour for his services, according to a recent court filing. The filing offers a rare public glimpse into what some of the attorneys at Boston’s largest law firm bill on an hourly basis. It was made last week in a landmark case before a federal appeals court over the Federal Trade Commission’s ability to punish businesses for consumer data breaches. Ropes and other firms that worked on the case are asking the court to require the U.S. government to pay their attorneys’ fees, which is sometimes allowed in cases involving the government. Ropes’ client, an Atlanta medical laboratory named LabMD, is now out of business because of the litigation brought against it by the FTC [added link to FTC case summary, timeline and filings/documents], according to the firm. The appeals court sided with LabMD and against the FTC in the case. Ropes disclosed the typical hourly rates of Meal and other attorneys to show the court that they are offering to take a significant discount for their work on the case…”


Thursday, October 11, 2018

Another case of ignoring basic security procedures.
Zack Whittaker reports:
Navionics, an electronic navigational chart maker owned by tech giant Garmin, has secured an exposed database that contained hundreds of thousands of customer records.
The MongoDB database wasn’t secured with a password, allowing anyone who knew where to look to access and download the data.
The company’s main products give boat, yacht and ship owners better access to real-time navigation charts, and boasts the “world’s largest cartography database.”
Bob Diachenko, Hacken.io’s newly appointed director of cyber risk research, said in a blog post that the 19 gigabyte database contained 261,259 unique records, including customer names and email addresses.
Read more on TechCrunch.




Automating the legal process.
DoNotPay launches tools to lock security down, sue after hacks
First Joshua Browder went after parking tickets, building a bot that helped hundreds of thousands of users challenge their fines.
Then, the 21-year-old student broadened his focus, expanding into everything from landlord disputes to chasing compensation for lost luggage on flights.
In 2018, Browder took aim at Equifax after a data breach exposed the personal data the firm held on tens of millions of Americans, and his app DoNotPay was used to help file 25,000 lawsuits against the company.
The British entrepreneur is now expanding into privacy and data security. On Wednesday, he announced that DoNotPay will now help users easily lock the privacy settings on their social media accounts — and help sue those companies that expose users' data through hacks and breaches.
… DoNotPay is a tool that provides automated, free legal assistance. The user writes in what they need help with, and they're then asked relevant questions before being given appropriate documentation or guidance on how to tackle their problem — from flight refunds to maternity leave requests — sidestepping the need for traditional (and costly) legal guidance.
There's two strands to Wednesday's update. The first is focused on privacy, and helps users lock down their accounts from prying eyes. It automatically makes a series of what Browder calls "no brainer" changes to users' settings on Facebook, Instagram, and Twitter — like disabling personalized Twitter ads, deleting your call and text history from Facebook, and stopping other accounts seeing when you're online on Instagram.
[The iOS App is free at: https://itunes.apple.com/app/id1427999657 Bob]




No good deed goes unpunished?
uja Amin of Womble Bond Dickinson writes about a complaint that may be of interest to some readers:
…Just before the alert was sent out, Judge Katherine Polk Failla, rejected three self-represented New Yorkers’ request for a preliminary injunction to halt the test of the Presidential Alert system, apparently finding Plaintiffs’ claims “too speculative.” The New York Plaintiffs had filed its lawsuit, Nicholas v. Trump, case number 1:18-cv-08828, on September 26, 2018 in the Southern District Court of New York against Donald Trump and the head of FEMA, arguing that the new system violates First and Fourth Amendments of the U.S. Constitution.
In their complaint, the Plaintiffs proclaim that they are “American citizens who do not wish to receive text messages, or messages of any kind, on any topic or subject, from Defendant Trump.” Citing the Carpenter v. United States decision we discussed here on TCPALand a few months back, Plaintiffs allege that these messages allow the government “to trespass into and hijack” cellular devices without explicit consent, which violates the “Fourth Amendment right to privacy in their cellular devices.”
Read more on National Law Review. And thanks to Joe Cadillic for sending along this one!




Exactly what I tell my students. Almost.
Technology, Evidence, and Its Procedural Rules
Chasse, Ken, Technology, Evidence, and Its Procedural Rules (September 15, 2018). Available at SSRN: https://ssrn.com/abstract=3249947 or http://dx.doi.org/10.2139/ssrn.3249947
“The rules of procedure that govern proceedings concerning discovery, disclosure, and admissibility have to be flexibly applied to fit each technology that produces the evidence being dealt with because technology cannot be made to change its nature to suit rules of procedure. That is particularly important for those sources of very frequently used kinds of evidence such as, electronic records management systems (records now being the most frequently used kind of evidence), mobile phone tracking evidence, breathalyzer/intoxilyzer devices, and, TAR (technology assisted review) software programs that are used to conduct the “records review stage” of electronic discovery proceedings. Motivations to limit the time and cost of legal proceedings by limiting the issues to be decided are now outmoded because the more complex the sources of evidence become, the greater are the number and complexity of issues of law and fact that must be decided to determine the reliability of such evidence and adequacy of its production. And, the more complex a technology, the more ways it has to break down. And so, a motor vehicle has more ways, and therefore a greater probability to perform inadequately than does a bicycle. As a result, when society becomes dependent upon a more complex technology, legal proceedings must be expected to take longer and cost more. And so, mass transportation based upon motor vehicles, has imposed a vastly greater burden upon the justice system than did mass transportation based upon horses. But technology is constantly changing and so lawyers’ education has to change accordingly so that they can challenge the reliability of complex technology’s sources of evidence. Specialist legal research lawyers, able to advise all lawyers as to the nature and vulnerabilities of such technology will have to be formally recognized by law societies, and made available in law society-sponsored centralized legal research support services, operated at cost, per case so serviced. How else to provide the legal profession at large with such complex and ever-changing information with which to compose its cross-examinations and arguments adequately? That includes arguments as to why and how the rules of procedure must be flexibly applied so as to know, for example, the exact point at which the onus of proof can in fairness be transferred to the opposing party to provide “evidence to the contrary.” Given that technology is a constantly evolving, moving target, how to teach lawyers and law students about such factors as, software errors rates and architecture, the strengths and vulnerabilities of particular technologies, its national and international standards, and the requirements for its adequate manufacture, usage, and maintenance? Very little of that has an adequate legal infrastructure. Manufacturing motor vehicles allegedly does. Nevertheless, every year its manufacturers must recall millions of automobiles that they have inadequately made.
Technology that produces such evidence raises issues as to the reliability of software. The technical literature warns repeatedly, we trust software far too much. And so knowledge of technology is essential to “doing justice.” Otherwise, by default lawyers treat its sources of evidence as being infallible. It is far from that. And therefore, so are the rules of procedure that govern the use of such evidence. Blame lawyers; not judges. Judges must decide cases using only the evidence and argument provided by lawyers. Their purpose is to decide disputes; not to educate lawyers. The legal profession is just another industry that must keep up with technology in law and practice, or be bypassed by technology…”




Can Senators identify fake news?
Pentagon says memo asking for Broadcom-CA deal review is likely fake
The U.S. Department of Defense said on Wednesday that a memo purporting to show the Pentagon asking for a national security review of chipmaker Broadcom Inc’s $19 billion deal to buy software company CA Technologies was likely fake.
… The Pentagon is looking into who wrote the fake memo, according to a spokeswoman. She said they considered it likely to be fake based on an initial assessment.
… Senator Rand Paul’s office, however, reiterated his call for a national security review of the deal, denying that a memo was behind the lawmaker’s request for a review.




Perspective.
IFPI Report Finds Streaming Continues to Rise, YouTube Dominates Online Listening
… streaming continues to dominate music listening, with 86% of respondents engaging in music that way, with 57% in the 16- to 24-year-old demo using a paid audio service. Another finding shows nearly half of the time spent listening to on-demand music is through YouTube, with 52% of that total on video streaming, 28% on paid audio streaming and 20% on free audio streaming.
… Still copyright infringement remains an issue, with 38% of consumers obtaining music through infringing methods, stream ripping dominating with 32% of the audience.




Perspective.
EU hijacking: self-driving car data will be copyrighted...by the manufacturer
Today, the EU held a routine vote on regulations for self-driving cars, when something decidedly out of the ordinary happened...
The autonomous vehicle rules contained a clause that affirmed that "data generated by autonomous transport are automatically generated and are by nature not creative, thus making copyright protection or the right on databases inapplicable."
This is pretty inoffensive stuff. Copyright protects creative work, not factual data, and the telemetry generated by your car – self-driving or not – is not copyrighted.
But just before the vote, members of the European Peoples' Party (the same bloc that pushed through the catastrophic new Copyright Directive) stopped the proceedings with a rare "roll call" and voted down the clause.
In other words, they've snuck in a space for the telemetry generated by autonomous vehicles to become someone's property.




Perspective.
Amazon recently made headlines by announcing that it would voluntarily increase its minimum hourly wage to $15. With a federal minimum wage of only $7.25, this pledge might seem like a curious decision — especially for a company as laser-focused on cost containment as Amazon. But thinking only about the costs involved in raising wages misses a key issue: pay hikes can also boost workplace productivity.
Given Amazon’s well-deserved reputation as a data-driven (and long-term oriented) company, you can bet that Amazon’s management team has done the analysis and figured out that paying employees more is, from a business perspective, more benefit than cost. They’re not the first company to make a decision like this — most notably, Walmart set a minimum wage of $11 earlier in 2018 — and we hope others come to realize that paying workers more can be a matter of enlightened self-interest.
… First, higher wages allow firms to attract and retain better employees (assuming competitors don’t follow suit and raise their wages as well). But there is an important — and often overlooked — second effect. Paying wages that are above the market rate (known within economics as “efficiency wages”) can also be an important motivating force for your existing employee base. The intuition is straightforward: higher wages makes a job more desirable. This leads to a larger applicant pool waiting to take over when openings occur, and makes it easier to replace a slacker employee. It also means that workers have more to lose by slacking off — who cares if you’re fired from a $7.25 an hour job, but where else will you find somewhere that pays $15 per hour?
The concept of efficiency wages is an old idea, dating back at least to Henry Ford’s introduction of the “five dollar day” in 1914, at a time when the daily wage at manufacturing plants near his Highland Park factory was $2.30. Ford himself called it his finest cost-cutting move, because of the boost to productivity that came as a result.




For my Android users.




Wow! I just said the same thing to my boss.


Wednesday, October 10, 2018

Very familiar security problems, very weak excuses.
Cyber Tests Showed 'Nearly All' New Pentagon Weapons Vulnerable To Attack, GAO Says : NPR
The Pentagon only recently made cybersecurity a priority, the Government Accountability Office says in a new report, which found vulnerabilities in weapons that are under development.
Passwords that took seconds to guess, or were never changed from their factory settings. Cyber vulnerabilities that were known, but never fixed. Those are two common problems plaguing some of the Department of Defense's newest weapons systems, according to the Government Accountability Office.
The flaws are highlighted in a new GAO report, which found the Pentagon is "just beginning to grapple" with the scale of vulnerabilities in its weapons systems.
… The most capable workers – experts who can find vulnerabilities and detect advanced threats – can earn "above $200,000 to $250,000 a year" in the private sector, the GAO reports, citing a Rand study from 2014. That kind of salary, the agency adds, "greatly exceeds DOD's pay scale."
In a recent hearing on the U.S. military's cyber readiness held by the Senate Armed Services Committee, officials acknowledged intense competition for engineers.




Is AI really different or just difficult to understand?
Brookings – A blueprint for the future of AI
John R. Allen – President, The Brookings Institution: “Emerging technologies of the 21st century are poised to fundamentally transform modern society. Artificial intelligence, advanced robotics, and other emerging technologies are upending everything from transportation to manufacturing to health care, and as these and related technologies mature, they will have far-reaching impacts over our work, our lives, our security, and our politics. From gene-editing to quantum computing, each of these technologies represent substantial challenges and novel solutions to myriad problems, and are just a glimpse of what the future holds. And if society is to fully embrace the full range of social and political changes that these technologies will introduce, then we need to be thinking now about how best to maximize the benefits of these technologies while minimizing the risks to humanity along the way. The research community has a critical role to play in informing policymakers of the coming challenges associated with emerging technologies, and here, Brookings intends to be a leader. As a part of a new effort, an impressive assembly of the Institution’s scholars have stepped forward to address the complex challenges associated with emerging technologies within the context of their relevant areas of expertise. Each of the papers in this series grapples with the impact of an emerging technology on an important policy issue, pointing out both the new challenges and potential policy solutions introduced by these technologies. This compendium showcases in no uncertain terms the enormity of the changes to come, as well as many of the key policy imperatives as we move forward in the 21st century.”


(Related) Helping my students get jobs.
Make Data a Cornerstone of Your Team
If you were entering the job market in the early 90s, most job descriptions included “Macintosh experience” or “excellent PC skills” in their preferred qualifications. This quickly became a requirement for even the most non-technical jobs, forcing people across every industry and age group to adapt with the changing times, or risk getting left behind.
Today, the bar for computer proficiency is set much higher. There’s an ever-increasing demand for people who can leverage software to analyze, understand, and make day-to-day business decisions based on data. Data Science is now a quickly growing discipline, giving people with any kind of data expertise a serious competitive edge.
Corporate leaders are becoming convinced of the impact that effective data collection and analysis can have on the bottom line, from tracking daily reports against Key Performance Indicators to make informed decisions on where to spend marketing dollars, to monitoring and evaluating customer communications to adjust product offerings. Many are investing heavily in hiring talent with data skills and building out data proficiency across the organization.


Tuesday, October 09, 2018

Is the alternative to ignore Russia (et al) as they hack elections, rob banks and shut down infrastructure, limiting our response to a “stern warning” and sanctions of a few well insulated people who will never be extradited.
The US National Cyber Strategy
Last month the White House released the "National Cyber Strategy of the United States of America. I generally don't have much to say about these sorts of documents. They're filled with broad generalities.
… In a New York Times op ed, Josephine Wolff argues that this new strategy, together with the more-detailed Department of Defense cyber strategy and the classified National Security Presidential Memorandum 13, represent a dangerous shift of US cybersecurity posture from defensive to offensive:
… Wolff is right; this is reckless. In Click Here to Kill Everybody, I argue for a "defense dominant" strategy: that while offense is essential for defense, when the two are in conflict it should take a back seat to defense. It's more complicated than that, of course, and I devote a whole chapter to its implications. But as computers and the Internet become more critical to our lives and society, keeping it secure becomes more important than using it to attack others.




Perspective. Something not quite right here.
Google pulls plug on $10 billion Pentagon cloud deal
Google will ditch its bid for a cloud computing deal worth $10 billion with the Pentagon, as its new ethical guidelines don’t align with the requirements from the US Department of Defense (DoD).
The company said in a statement:
We couldn’t be assured that [the JEDI deal] would align with our AI Principles and second, we determined that there were portions of the contract that were out of scope with our current government certifications.




Perspective. The flip side of having a global audience hanging on your every tweet is knowing when to keep your tweeter shut!
Tesla Stock Boomed After the SEC Deal. Then Elon Musk Tweeted. Now the Company Is Worth $10 Billion Less
Tesla Inc. just can’t seem to catch a break.
If the rout sparked by an SEC investigation into CEO Elon Musk’s tweets on taking the carmaker private wasn’t enough, a subsequent tweet storm mocking the agency and an unflattering comparison to Lehman Brothers Holdings Inc. slewed off even more value. Shares extended losses for a fifth straight session Monday, falling 4.3% to the lowest in more than 18 months.


Monday, October 08, 2018

Depressing. They suggest there is nothing we can do to eliminate phishing success and suggest we concentrate on detecting the resulting intrusion.
Hook, Line and Sinker: After Phish Get Caught
Phishing is nearly as old as email, but it is still a major attack vector for cybercriminals. Some of the most prominent cyber incidents of the past few years are the result of phishing attempts. Despite the maturity of this problem, the solutions proposed by the industry during the past decades haven't been successful. At the recent Black Hat conference, several vendors all offered the same tactic for squishing phishing: user training to increase recognition of phishing attacks.
If that advice was going to work, it would have started working more than a decade ago and we would not have the scandals resulting from hacked political campaigns that have emerged since 2016.




What was the pre-Internet equivalent? Spies photographing the plans for new weapons? U2 overflights?
How Russian Spies Infiltrated Hotel Wi-Fi to Hack Victims Up Close
For years, the Kremlin's increasingly aggressive hackers have reached across the globe to hit targets with everything from simple phishing schemes to worms built from leaked NSA zero day vulnerabilities. Now, law enforcement agencies in the US and Europe have detailed another, far more hands-on tactic: Snooping on Wi-Fi from a vehicle parked a few feet away from a target office—or even from a laptop inside their hotel.




A hardware parallel for my Software Assurance students. Maybe all those security claims are not exactly accurate?
Watch a Homemade Robot Crack a Safe in Just 15 Minutes




A great summary Yasmin, but I would start with the general lowering of expectations. Does anyone still believe they can keep anything private?
Top Five Privacy Concerns of Tomorrow




Perspective.
The Internet’s keepers? “Some call us hoarders—I like to say we’re archivists”
… “I’ve got government video of how to wash your hands or prep for nuclear war,” says Mark Graham, director of the Wayback Machine at the Internet Archive. “We could easily make a list of .ppt files in all the websites from .mil, the Military Industrial PowerPoint Complex.”
… And the immediate takeaway is that the scale of the Internet Archive today may be as hard to fathom as the scale of the Internet itself.
The archive also maintains a nearby warehouse for storing physical media—not just books, but things like vinyl records, too. That’s where Graham jokes the main unit of measurement is “shipping container.” The archive gets that much material every two weeks.
The company currently stands as the second-largest scanner of books in the world, next to Google. Graham put the current total above four million.
Today, books published prior to 1923 are free to download through the Internet Archive, and a lot of the stuff from afterwards can be borrowed as a digital copy.
Of course, the Internet Archive offers much more than text these days. Its broadcast-news collection has more than 200 million hours with tools such as the ability to search for words in chyrons and access to recent news (broadcasts are embargoed for 24 hours and then delivered to visitors in searchable two-minute chunks). The growing audio and music portion of the Internet Archive covers radio news, podcasting, and physical media (like a collection of 200,000 78s recently donated by the Boston Library). And as Ars has written about, the organization boasts an extensive classic video game collection that anyone can boot up in a browser-based emulator for research or leisure. Officially, that section involves 300,000-plus overall software titles, “so you can actually play Oregon Trail on an old Apple C computer through a browser right now—no advertising, no tracking users,” Graham says.
In total, Graham says the Internet Archive adds four petabytes of information per year (that's four million gigabytes, for context). The organization’s current data totals 22 petabytes—but the Internet Archive actually holds on to 44 petabytes worth. “Because we’re paranoid,” Graham says. “Machines can go down, and we have a reputation.” That NASA-ish ethos helped the non-profit once survive nearly $600,000 worth of fire damage—all without any archived data loss.




If Harvard says so it must be true!




Tips for my students.
How To Email Like A CEO
… Most of us fluctuate between email, iMessage, G-chat, Slack, Instagram, Twitter, and Facebook every few seconds for hours on end. The amount of reading that we do is more than ever before, but when it comes to business one thing is for sure: The more senior you are, the faster your response time. CEO’s tend to respond faster than the majority of their employees. If you ever email a CEO, no matter what level you are, you can expect a response in under five minutes. If you don’t get one, I can assure you that they immediately forwarded your email to someone else to respond to it. Either way, it has been read.


Sunday, October 07, 2018

I admit I’m not sure what is going on here.
The Chinese Motherboard Hack Is a Crisis, Even If It Didn’t Really Happen
… The report claims that Chinese spies systematically infiltrated U.S. corporate and government computer systems by installing hardware exploits on the motherboards of servers destined for widespread use, from video-streaming services to the CIA. According to Businessweek, the infected machines provided a backdoor into any network on which the machines were installed. The reporting claims that at least 30 U.S. companies were affected, including Apple and Amazon, the most valuable companies in the world. Both companies have vociferously denied the claims, but Bloomberg stands by its story.




The other half of this problem is, no matter what the initial password is, users will want a simple password.
I’m really going to miss California when it falls off into the Pacific some day.
Zack Whittaker reports:
Good news!
California has passed a law banning default passwords like “admin,” “123456” and the old classic “password” in all new consumer electronics starting in 2020.
Every new gadget built in the state from routers to smart home tech will have to come with “reasonable” security features out of the box . The law specifically calls for each device to come with a preprogrammed password “unique to each device.”
It also mandates that any new device “contains a security feature that requires a user to generate a new means of authentication before access is granted to the device for the first time,” forcing users to change the unique password to something new as soon as it’s switched on for the first time.
Read more on TechCrunch.




With anonymity comes a release from morality? I guess there are sick minds everywhere. I hope this does not become a “thing” for high school kids. Should you shoot a video of the people near you? I’m assuming that the weirdo wants to be close to see your reaction.
Simple fix will stop your iPhone from receiving sexually explicit pictures via AirDrop
Apple's AirDrop feature allows an iPhone user to send photos, videos, documents and other files to other iPhone units nearby. For AirDrop to work, both Wi-Fi and Bluetooth have to be turned on. But some iPhone users are taking advantage of this technology to send sexually explicit pictures to strangers. This act even has its own name, "cyber-flashing."
… There is a way to prevent your iPhone from receiving images sent via AirDrop without having to turn off Wi-Fi or Bluetooth. Go to Settings and tap on General. Click on AirDrop. You will have the option of making your phone discoverable to "Everyone," or your "Contacts only."




Like Science Fiction, but with Grants.
University of Minnesota research shows how roads can be greener with driverless vehicles
… The move to wrest the controls from human drivers is gaining traction. The U has just received a $1.75 million grant from the National Science Foundation to further study autonomous vehicles and the future of transportation services.
… Already, researchers see big potential in an anticipated ability of autonomous vehicles to follow more precise paths, allowing roads to be much narrower, freeing up land for other purposes. Car sharing may increase, allowing back alleys to be redeveloped into pocket parks. Parking lots could become wetlands or ponds.
… Fully autonomous vehicles are expected to be available to consumers by 2025, according to a study by the National League of Cities.




He IS talking about the White House!