Saturday, October 27, 2018

I was at the Privacy Foundation (https://www.law.du.edu/privacy-foundation) seminar yesterday and spent much of the time thinking about how I have to revise my lectures and assignments for the classes I’m teaching this quarter.
Granted, the speakers told us that much of the GDPR (and the copycat laws) are still in flux. Granted, they believe that a good faith effort will keep the regulators from jumping in with maximum penalties, at least in the near term. However, that will change, and probably quickly.
My problem is I have to teach my students how to build and secure systems that will work in that not-too-distant future.
One analogy that sprang to (my simple) mind is the concept of “Sources and uses of funds.” I can easily explain to my non-accountants that this requires them to total up income (sales, interest, income from investments, etc) and then show where that money went (purchase of raw materials, manufacturing processes, salaries & benefits, advertising, taxes, and (if anything is left) profit.
Now think of a “Sources and uses of data” statement. Something I think we will need. As I see it, the GDPR will require me to add significant metadata to each record from each user. Recording everything I need to properly handle that record; how it entered my systems, where it came from (not just the user’s location, but which website, App or sensor), what applications it passed through, every place it was stored, when it left that storage (was it deleted or did it move elsewhere), and where (multiple locations) it now resides.
Will I need to determine in advance who might need to see that record? (See the hospital article below). Do I need to append all this information to each record? What must happen as I aggregate that information, for example in a customer dossier with data from other sources.
If a user requires me to delete his or her data, does that missing data taint other data? For example, if the deletion includes a record of a sale, what do I need to do to explain that missing information in my financial statements? How can I show that I wasn’t just laundering money?
Yoiks!


(Related) How can your data be secure if you don’t control access?
Anna Oberschelp de Meneses and Kristof Van Quathem write:
On July 17, 2018, the Portuguese Supervisory Authority (“CNPD”) imposed a fine of 400.000 € on a hospital for infringement of the European Union General Data Protection Regulation (“GDPR”). The decision has not been made public. Earlier this week, the hospital publicly announced that it will contest the fine.
According to press reports, the CNPD carried out an investigation at the hospital which revealed that the hospital’s staff, psychologists, dietitians and other professionals had access to patient data through false profiles. The profile management system appeared deficient – the hospital had 985 registered doctor profiles while only having 296 doctors. Moreover, doctors had unrestricted access to all patient files, regardless of the doctor’s specialty. The CNPD reportedly concluded that the hospital did not put in place appropriate technical and organizational measures to protect patient data.
Read more on Covington & Burling Inside Privacy.


(Related)
Apple CEO Backs Privacy Laws, Warns Data Being 'Weaponized'
Speaking at an international conference on data privacy, Apple CEO Tim Cook applauded European Union authorities for bringing in a strict new data privacy law in May and said the iPhone maker supports a U.S. federal privacy law.
Cook's speech, along with video comments from Google and Facebook top bosses, in the European Union's home base in Brussels, underscores how the U.S. tech giants are jostling to curry favor in the region as regulators tighten their scrutiny.
His speech comes a week after Apple unveiled expanded privacy protection measures for people in the U.S., Canada, Australia and New Zealand, including allowing them to download all personal data held by Apple. European users already had access to this feature after GDPR took effect. Apple plans to expand it worldwide.
The 28-nation EU took on global leadership of the issue when it launched GDPR. The new rules require companies to justify the collection and use of personal data gleaned from phones, apps and visited websites. They must also give EU users the ability to access and delete data, and to object to data use.




A legal tip for my Ethical hackers? (With, of course, implications under GDPR)




Told ya.
The midterms are already hacked. You just don’t know it yet.
… With the midterms two weeks away, news of electoral cyberattacks has begun to appear with growing frequency. In 2018, at least a dozen races for the House and Senate, mostly Democrats, have been the public targets of malicious cyber campaigns, in a variety of attacks that suggests the breadth of the threat: Campaigns have been besieged by network penetration attempts, spearphishing campaigns, dummy websites, email hacking, and at least one near-miss attempt to rob a Senate campaign of untold thousands of dollars.
“The Russians will attempt, with cyberattacks and with information operations, to go after us again,” said Eric Rosenbach, the former Pentagon chief of staff and so-called cyber czar, now at the Harvard Belfer Center, when I talked to him this summer. In fact, he added, “They’re doing it right now.”




Why would any intelligence service ignore the low hanging fruit?
Nobody’s Cellphone Is Really That Secure
But most of us aren’t the president of the United States.
Earlier this week, The New York Times reported that the Russians and the Chinese were eavesdropping on President Donald Trump’s personal cellphone and using the information gleaned to better influence his behavior. This should surprise no one. Security experts have been talking about the potential security vulnerabilities in Trump’s cellphone use since he became president. And President Barack Obama bristled at—but acquiesced to—the security rules prohibiting him from using a “regular” cellphone throughout his presidency.
Three broader questions obviously emerge from the story. Who else is listening in on Trump’s cellphone calls?
… There are two basic places to eavesdrop on pretty much any communications system: at the end points and during transmission. This means that a cellphone attacker can either compromise one of the two phones or eavesdrop on the cellular network. Both approaches have their benefits and drawbacks.
… an attacker could intercept the radio signals between a cellphone and a tower. Encryption ranges from very weak to possibly strong, depending on which flavor the system uses. Don’t think the attacker has to put his eavesdropping antenna on the White House lawn; the Russian Embassy is close enough.




Because we don’t have enough data to sift through? Typically, the USPS suggests a vast improvement in service but delivers only a half-vast result.
The US Postal Service will email you photos of your mail before it’s delivered
For those in the US now concerned about the contents of their mailboxes, rest assured. There is a way to check that whatever is delivered to you is safe and familiar. The United States Postal Service (USPS) has a free system that will email you images of your physical mail before it reaches you, called “Informed Delivery.”
The system is free and offers a number of conveniences, apart from the ability to screen incoming mail. “Digitally preview your mail and manage your packages scheduled to arrive soon! Informed Delivery allows you to view greyscale images of the exterior, address side of letter-sized mailpieces and track packages in one convenient location,” according to the USPS website. You can also leave instructions if you won’t be home for a delivery, reschedule deliveries, and set up notifications so that you’re aware of what mail is coming when.
The service does have limitations. For one, it seems that not every zip code qualifies, though there is a handy search tool that allows you to check if yours does before you sign up. And images of your mail will only be sent for letter-sized mail processed through USPS’ automated equipment, according to the postal service.




Propaganda is easy.
Iranian Propaganda Targeted Americans With Tom Hanks




The auto industry is shifting.
GM pushes national electric car plan as Trump tries to roll back emissions standards
General Motors is calling for the federal government to start a nationwide program that would put more electric vehicles on the roads and turbocharge innovation.
… GM's plan would be modeled on California's Zero Emission Vehicle program. Automakers would be required to sell a certain percentage of zero emissions vehicles, which are usually electric powered, or pay credits to other companies that make such vehicles.
… A program like this could make good business sense for GM. It would give the company a competitive advantage over most other automakers. GM has already invested heavily in creating the Chevrolet Bolt EV and Chevrolet Volt plug-in vehicles and committed to launch 20 emission-free models by 2023. That could include hydrogen fuel cell vehicles, which also qualify as zero emissions.
Under GM's proposal, 7% of vehicles each automaker sells in 2021 would have to qualify as "zero emissions."




I have to try this...
An Easy Way to Create Your Own Captioned Flipped Video Lessons
Two weeks ago I published a video about how to use the automatic captioning feature in Google Slides. A lot of people have asked if there is a way to download the captions that are automatically generated when you speak while presenting your slides. Unfortunately, there isn't a downloadable transcript of the captions. However, you could use a screencasting tool like Screencastify or Screencast-o-matic to easily make a video that includes the captions. And by doing that you would be making a video that could be used as a flipped lesson. Here's the outline of how you can use Google Slides and screencasting to create a captioned flipped lesson.


Friday, October 26, 2018

The first of many, many, many?
The Information Commissioner’s Office (ICO) has fined Facebook £500,000 for serious breaches of data protection law.
In July, the ICO issued a Notice of Intent to fine Facebook as part of a wide ranging investigation into the use of data analytics for political purposes.
After considering representations from the company, the ICO has issued the fine to Facebook and confirmed that the amount – the maximum allowable under the laws which applied at the time the incidents occurred – will remain unchanged. The full penalty notice can be read here.
The ICO’s investigation found that between 2007 and 2014, Facebook processed the personal information of users unfairly by allowing application developers access to their information without sufficiently clear and informed consent, and allowing access even if users had not downloaded the app, but were simply ‘friends’ with people who had.
[…]
… This fine was served under the Data Protection Act 1998. It was replaced in May by the new Data Protection Act 2018, alongside the EU’s General Data Protection Regulation. These provide a range of new enforcement tools for the ICO, including maximum fines of £17 million or 4% of global turnover.


(Related)
Europe’s parliament calls for full audit of Facebook in wake of breach scandal
The European Parliament has called for a full audit of Facebook following a string of data breach scandals — including the Cambridge Analytica affair.
… In the resolution, adopted today, they have also recommended Facebook make additional changes to combat election interference — asserting the company has not just breached the trust of European users “but indeed EU law”.




We should soon have a large(er) collection of DRM hacks!
In Groundbreaking Decision, Feds Say Hacking DRM to Fix Your Electronics Is Legal
Motherboard: “The new exemptions are a major win for the right to repair movement and give consumers wide latitude to legally repair the devices they own. The Librarian of Congress and US Copyright Office just proposed new rules that will give consumers and independent repair experts wide latitude to legally hack embedded software on their devices in order to repair or maintain them. This exemption to copyright law will apply to smartphones, tractors, cars, smart home appliances, and many other devices. The move is a landmark win for the “right to repair” movement; essentially, the federal government has ruled that consumers and repair professionals have the right to legally hack the firmware of “lawfully acquired” devices for the “maintenance” and “repair” of that device. Previously, it was legal to hack tractor firmware for the purposes of repair; it is now legal to hack many consumer electronics. Specifically, it allows breaking digital rights management (DRM) and embedded software locks for “the maintenance of a device or system … in order to make it work in accordance with its original specifications” or for “the repair of a device or system … to a state of working in accordance with its original specifications.”…”




For my Architecture students.
Chipotle CEO: Don't underestimate the power of digital to boost sales
  • In the third quarter, digital sales grew 48.3 percent and now account for 11.2 of overall sales, the company said.
  • CEO Brian Niccol's goal is to remove friction in all aspects of the ordering and making process, so that food gets to customers faster.
  • Since joining Chipotle in March, Niccol has championed upgrades to the company's mobile app, its internal software and in-restaurant technology.


(Related) Could we make these “self-driving?” Perhaps with robot package handlers?
UPS launches cargo e-bike delivery in Seattle, returning to bicycle courier origins a century later
… UPS has partnered with the Seattle Department of Transportation and University of Washington to make deliveries using electric-assist cargo bikes in downtown Seattle. During the year-long pilot, UPS will deliver packages in Pike Place Market and the surrounding neighborhood using the bikes. If the pilot is successful, UPS will expand its cargo e-bike delivery service to other parts of Seattle.
UPS worked with Silver Eagle Manufacturing to develop the e-bikes, which carry trailers packed with cargo containers. UPS has tested e-bike delivery in other cities, but the Seattle pilot is the first in which wagons with detachable containers will be used. The cargo bikes can hold up to 400 pounds. Couriers will drive on sidewalks and designated bike lanes to make their deliveries.




An opportunity for my students?
Making Sufficient Knowledge of Technology Available to Counsel
Chasse, Ken, Making Sufficient Knowledge of Technology Available to Counsel (September 14, 2018). Available at SSRN: https://ssrn.com/abstract=3249523 or http://dx.doi.org/10.2139/ssrn.3249523
(1) lawyers don’t know such evidence-producing technology sufficiently well so as to be able to challenge its performance by effective cross-examination and with their own expert witnesses (if Legal Aid will pay for them).
[…]
(11) defense counsel needs a constitutional right to a traditional full preliminary inquiry so as to be able to cross-examine witnesses (or demand that witnesses be made available for cross-examination) to learn enough about the technology that produced the evidence to be used by the prosecution at trial;
More specifically the problem is collectively made up of these individual problems…”




I never asked before, are we (US taxpayers) paying for President Trump’s Tweets?
Twitter is now consistently profitable
It took Twitter more than a decade to become profitable, but now it seems like those profits are here to stay.
Twitter reported its fourth straight profitable quarter on Thursday. The company’s net income was $789 million for the quarter, but a lot of that was attributed to a massive “one-time release of deferred tax asset valuation allowance,” which accounted for $683 million. If you take that out, Twitter’s net income was $106 million on $758 million in revenue, which was better than expected.
In the past four quarters, Twitter’s net profit is just over $1 billion. In the four quarters prior, Twitter lost $367 million.




For my students.
190 universities just launched 600 free online courses. Here’s the full list.
Quartz – “If you haven’t heard, universities around the world are offering their courses online for free (or at least partially free). These courses are collectively called MOOCs or Massive Open Online Courses. In the past six years or so, over 800 universities have created more than 10,000 of these MOOCs. And I’ve been keeping track of these MOOCs the entire time over at Class Central, ever since they rose to prominence. In the past four months alone, 190 universities have announced 600 such free online courses. I’ve compiled a list of them and categorized them according to the following subjects: Computer Science, Mathematics, Programming, Data Science, Humanities, Social Sciences, Education & Teaching, Health & Medicine, Business, Personal Development, Engineering, Art & Design, and finally Science. If you have trouble figuring out how to signup for Coursera courses for free, don’t worry — here’s an article on how to do that, too. Many of these are completely self-paced, so you can start taking them at your convenience…”


Thursday, October 25, 2018

What would you expect? This is similar to writing a postcard (not a sealed letter) or chatting while in a crowd. Why wouldn’t everyone (especially US intelligence agencies) listen in?
When Trump Phones Friends, the Chinese and the Russians Listen and Learn
When President Trump calls old friends on one of his iPhones to gossip, gripe or solicit their latest take on how he is doing, American intelligence reports indicate that Chinese spies are often listening — and putting to use invaluable insights into how to best work the president and affect administration policy, current and former American officials said.
Mr. Trump’s aides have repeatedly warned him that his cellphone calls are not secure, and they have told him that Russian spies are routinely eavesdropping on the calls, as well. But aides say the voluble president, who has been pressured into using his secure White House landline more often these days, has still refused to give up his iPhones. White House officials say they can only hope he refrains from discussing classified information when he is on them.




I find it difficult to believe that every country on earth is not trying to replicate the successes of 2016. Perhaps their techniques are less detectable (thanks to Facebook et al describing what they are looking for)
Facebook, Twitter Can’t Find China Election Meddling Trump Claims
Facebook Inc. and Twitter Inc. haven’t detected Chinese meddling in the 2018 elections, company officials said, casting doubt on claims by President Donald Trump that the Asian nation is trying to interfere.
The social media giants have reported online disinformation campaigns ahead of the Nov. 6 elections that appear to originate from Russia and Iran. But officials from both companies said they haven’t found evidence so far of such activity from China.




Now we have to determine if this was accessed by a curious teenager or a Russian intelligence agency.
Catalin Cimpanu reports:
A Maryland consulting firm that handles political fundraisers for the Democratic Party has left fundraiser data and passwords to databases storing voter records exposed online via an unsecured network attached storage (NAS) device.
The exposed data was found last week by Bob Diachenko, Director of Cyber Risk Research at Hacken, a cyber-security research firm, during a cursory Shodan search.
Diachenko tracked down the exposed NAS to Rice Consulting, a consulting firm that claims to have raised over $4.32 million over the 2017 fundraiser season for Maryland Democrats.
Read more on ZDNet.
[From the ZDNet article:
The exposed data was found last week by Bob Diachenko, Director of Cyber Risk Research at Hacken, a cyber-security research firm, during a cursory Shodan search.
… The NAS, which was left exposed online without a password, contained detailed information on Rice Consulting clients, including in-depth details on thousands of past fundraisers.




No doubt the FBI will start screaming again.
Apple Just Killed The 'GrayKey' iPhone Passcode Hack
Uncloaked by Forbes in March, Atlanta-based Grayshift promised governments its GrayKey tech could crack the passcodes of the latest iOS models, right up to the iPhone X. From then on, Apple continued to invest in security in earnest, continually putting up barriers for Grayshift to jump over. Grayshift continued to grow, however, securing contracts with Immigration and Customs Enforcement, and the Secret Service.
Now, though, Apple has put up what may be an insurmountable wall. Multiple sources familiar with the GrayKey tech tell Forbes the device can no longer break the passcodes of any iPhone running iOS 12 or above. On those devices, GrayKey can only do what’s called a “partial extraction,” sources from the forensic community said. That means police using the tool can only draw out unencrypted files and some metadata, such as file sizes and folder structures.




I’ve posed a similar question to my students for the last two or three years. Isn’t the proper answer the option with the highest probability to save lives? A 50% chance to save one person beats a 10% chance to save 4 people.
People want self-driving cars to prioritize young lives over the elderly
Today, MIT released the results of a global survey on the moral and ethical decisions that autonomous vehicles should be programmed to make. The survey reveals that general preferences include prioritizing human lives over animals, younger and healthier people over the elderly and saving more lives over fewer lives. People also preferred to spare bystanders (who were obeying the law) over jaywalkers.


(Related)
Waymo explains what its self-driving cars should do when pulled over - Roadshow
Every new driver learns to pull over and stop when a police car blaring red-and-blues approaches. But how would an autonomous vehicle handle being pulled over by the cops? As reported by The Washington Post today, Waymo has a new guide (PDF) that explains what its self-driving Chrysler Pacifica Hybrids is supposed to do in those situations.




For my students considering a consulting firm. Ask for tuition assistance for that PhD!
Silicon Valley's dirty secret: Using a shadow workforce of contract employees to drive profits
  • This year at Google, contract workers outnumbered direct employees for the first time in the company's 20-year history.
  • This trend is on the rise as public companies look for ways to trim HR costs or hire in-demand skills in a tight labor market.
  • Some 57.3 million Americans, or 36% of the workforce, are now freelancing, reveals a 2017 report by Upwork.




I collect resources like this.
Art Institute of Chicago Is Latest Museum to Offer Open Access to Thousands of Images in Its Archive
Artnet: “The Art Institute of Chicago is now offering unrestricted access to thousands of images—44,313 to be exact—from its digital archive. The release is part of the museum’s website redesign and the images have been made available under the Creative Commons Zero (CC0) license. The Art Institute has also enhanced the image viewing capabilities on the works, allowing them to be seen in far greater detail than before, for example. “Check out the paint strokes in Van Gogh’s The Bedroom, the charcoal details on Charles White’s Harvest Talk, or the synaesthetic richness of Georgia O’Keeffe’s Blue and Green Music,” wrote executive creative director Michael Neault a blog post. Neault says if you’re doing research, “you’ll appreciate how our collections search tool makes it easier to drill down and find exactly what you’re looking for.”…”
[Also something for my Architecture students:




Dilbert nails another one.


Wednesday, October 24, 2018

Why would Russia stop these attacks? There are no serious consequences.
Hack of Saudi Petrochemical Plant Was Coordinated From Russian Institute
… A new study of the malicious computer code used in a botched attack on a Saudi petrochemical plant concludes that much of the effort was coordinated from inside a state-owned Russian scientific institute, one of the most direct links between official Russian hackers and a hostile intrusion on a major piece of infrastructure.
The report, issued by FireEye, a major cybersecurity company, identifies the Central Scientific Research Institute of Chemistry and Mechanics, a technical research institute in Moscow with ties to Russian governments reaching back before the 1917 Bolshevik revolution. But it leaves unanswered the question of why Moscow would target a Middle Eastern plant, even given Russia’s rivalry with Saudi Arabia in the petroleum marketplace.
The New York Times identified the facility in March as a Saudi plant, at a time that there was wide consensus that the attack must have been initiated by Iran, Saudi Arabia’s great rival for regional influence.
It still may have been that Iran was behind the attack — but the new research suggests that, if it was, Iran had a lot of Russian help, and that when the malware needed to be fine-tuned, the Russian institute provided the expertise.




Covering up for 2 or three years didn’t buy them much.
Yahoo to pay $50M, other costs for massive security breach
Yahoo has agreed to pay $50 million in damages and provide two years of free credit-monitoring services to 200 million people whose email addresses and other personal information were stolen as part of the biggest security breach in history.
The restitution hinges on federal court approval of a settlement filed late Monday in a 2-year-old lawsuit seeking to hold Yahoo accountable for digital burglaries that occurred in 2013 and 2014, but weren’t disclosed until 2016.
… Yahoo revealed the problem after it had already negotiated a $4.83 billion deal to sell its digital services to Verizon Communications. It then had to discount that price by $350 million to reflect its tarnished brand and the specter of other potential costs stemming from the breach.




Security theater? If you don’t expect to find a weapon, why waste time and money on a search?
My Daughter's Middle School Plans to Teach Her Meek Compliance With Indiscriminate Invasions of Privacy
Friday afternoon, I received a notice from the Plano Independent School District, which runs the middle school our youngest daughter attends in Dallas, describing a new policy authorizing "random, suspicion-less metal detector searches" of students in grades 6 through 12.
… Any student "who refuses to comply with the search process will be removed from campus and subject to disciplinary consequences."
… According to the Supreme Court, targeted searches of public school students require "reasonable suspicion" that contraband will be discovered, which is a lighter burden than the usual standard of "probable cause" but still better than nothing. The constitutional rationale for Plano ISD's new policy, which was unanimously approved by the school board in August, is that the searches are "administrative," meaning there is no reason to believe that any particular student forced to undergo them is carrying a weapon. Perversely, this complete lack of evidence is supposed to make the searches compatible with the Fourth Amendment's ban on unreasonable searches and seizures.




Typical New Jersey. Call it: targeted fake news.
Middletown released residents' email addresses to a mystery third party
On July 10, the Middletown government received a public records request seeking all the names and email addresses of people who had voluntarily turned over this contact information to the town in order to receive emergency alerts and updates on local happenings.
Ten days later, Middletown gave "Watch07748@gmail.com" — the requesting party that provided no name or mailing address — all of those email addresses.
That might have been where the story ended, except that on Sept. 29 an email, purporting to be from a grassroots organization that doesn't appear to exist, landed in the inboxes of seemingly everyone who was on the township's email list.
The email attacked a Democratic candidate for township committee…
… When asked about it at Monday night's committee hearing, Perry said he did not write the email. He did not, however, completely distance his campaign from the email blast, stating that the email addresses were obtained legally.
The New Jersey Election Law Enforcement Commission says that political communications, in whatever form, must include language that identifies who paid to create or distribute that message. Failure to do so could be a violation of election law.


v

Tuesday, October 23, 2018

An interesting opportunity for my students.
The Rise of The Virtual Security Officer
The market for virtual security officers is growing. We’ve had virtual chief information security officers for a few years (vCISOs), and we can expect to see virtual data protection officers (vDPOs) in the next few. The demand for both is higher than it has ever been, and it is likely to grow.
It is increasingly important for organizations to have and be seen to have a CISO. The difficulty in keeping data safe from sophisticated cyber criminals and well-resourced and persistent nation state actors is compounded by a likely increase in regulatory demands that organizations have a named CISO or head of cybersecurity.
The latter is already happening. The New York State Department of Financial Services regulation 23 NYCRR Section 500 states, “Each Covered Entity shall designate a qualified individual responsible for overseeing and implementing the Covered Entity’s cybersecurity program and enforcing its cybersecurity policy (for purposes of this Part, ‘Chief Information Security Officer’ or ‘CISO’).” It then adds that this CISO need not be directly employed, but could, in fact, be a virtual CISO.
GDPR, Article 37, states, “The controller and the processor shall designate a data protection officer…” This requirement for a DPO applies to public bodies (apart from courts) and any organization where data subject processing or monitoring occurs ‘on a large scale’. Paragraph 2 adds, “A group of undertakings may appoint a single data protection officer provided that a data protection officer is easily accessible from each establishment;” again paving the way for virtual DPOs.




Keeping my architecture students up to date.
Uber's Online-Only Restaurants: The Future, Or The End Of Dining Out?
… Uber, the ride-sharing company, was suggesting she create a "virtual restaurant" — one that only exists online, and delivers through Uber Eats.
There are now about 800 such virtual restaurants in the U.S., often created when enough customers look through the Uber Eats app for a certain type of food in their area that they can't find.
"When we see people searching for something but not finding it, that signals to us that there's an opportunity and there's unmet demand," says Elyse Propis, who leads Uber Eats' virtual restaurant initiative across North America.
So the company approaches an eatery and suggests creating a virtual side restaurant, with those dishes people are craving but can't get.




Ideas worth adapting?
India Has Already Hit Record Number of $1 Billion Startups This Year
… India’s first generation of internet unicorns adapted business models from abroad. Ride-hailing company Ola looks like Uber, for example; online retailers Snapdeal and recent Walmart acquisition Flipkart, like Amazon.com; digital-wallet leader Paytm, like China’s Alipay. Like Dahiya’s company, the new cohort is aimed more squarely at the hundreds of millions of potential users who don’t live in India’s major cities and may not speak much English. Four of the five companies that researcher CB Insights says have reached $1 billion valuations in the past year target some of India’s fundamental needs in the education, logistics, and lodging industries, says Sanchit Vir Gogia, who heads analysis company Greyhound Research.




Perspective.
Addison Lee plans self-driving taxis by 2021
Taxi firm Addison Lee […] joined forces with self-driving software specialist Oxbotica, and says the tie-up means it will offer self-driving taxis in the capital by 2021.
… Addison Lee says it will now work with Oxbotica on digitally mapping public roads in and around the capital.
The detailed maps will record the position of kerbs, road signs and traffic lights in preparation for autonomous cars.




Perspective. My students are suggesting that gasoline powered cars are doomed.
Uber to charge its London passengers more for rides in $260 million drive to go all-electric by 2025
… Uber will pay its drivers a certain amount to help them pay for electric vehicles, dependent on the number of miles they have driven using the company's app. "For example, a driver using the app for an average of 40 hours per week could expect around £3,000 of support towards an EV in two years' time and £4,500 in three years," the firm said in a statement.
It expects 20,000 drivers to upgrade to electric vehicles by the end of 2021. The firm currently has 45,000 licensed drivers operating in the city and more than 3.5 million riders using the platform.




Perspective. Tracking another major player.




Just because I like lists. (Why pick that one?)
100 Websites That Shaped The Internet As We Know It
Gizmodod: 100 Websites That Shaped The Internet As We Know It – “The World Wide Web is officially old enough for us judge what it’s produced. That’s right, it’s time for the world to start building a canon of the most significant websites of all time, and the Gizmodo staff has opinions. What does a spot on this list mean? It certainly doesn’t mean “best.” A number of sites on this list are cesspools now and always have been. We’re not even sure the internet was a good idea — we’ll need another few decades before we come to any conclusions. In this case, we set out to rank the websites — not apps (like Instagram), not services (like PayPal) — that influenced the very nature of the internet, changed the world, stole ideas better than anyone, pioneered a genre, or were just really important to us. Some of these sites seemed perfectly arbitrary a decade ago and turned into monstrous destinations or world-destroying monopolies. Other sites have been net positives for humanity and gave us a glimpse of what can happen when the world works together. In many ways this list is an evaluation of power and who has seized it. In other ways, it’s an appreciation of the places that still make the web worth surfing. Next year will be the 30th anniversary of Tim Berners-Lee’s first proposal to CERN outlining what he originally called the “WorldWideWeb” (one word). Since then, Berners-Lee has had a few regrets about what’s become a bit of a Frankenstein’s monster, and who knows what the future holds. Below you’ll find our somewhat arbitrary idea of the virtual destinations that mattered most, ranked and curated by the Gizmodo staff and illustrated with screenshots that exemplify their history, as we’ve played, shared, fought, and meme’d our way into the current millennium. [Note – “some” of the sites referenced are Alive and Well – thankfully – an example is DuckDuckGo – however – this site, LLRX – was somehow left off the list (22 years on the web), and so was this one – BeSpacific.com – younger sister to LLRX – at 16 years of age].


Monday, October 22, 2018

Just a quick reminder: The October 26th Privacy Foundation Seminar
The EU GDPR (General Data Protection Regulation): Impact on the U.S.
Register online at: http://dughost.imodules.com/gdpr. If you have other questions, contact Sarah Brunswick sbrunswick@law.du.edu




We need intelligence that’s not too artificial.
Opinion | No, A.I. Won’t Solve the Fake News Problem
… As Mr. Zuckerberg has acknowledged, today’s A.I. operates at the “keyword” level, flagging word patterns and looking for statistical correlations among them and their sources. This can be somewhat useful: Statistically speaking, certain patterns of language may indeed be associated with dubious stories. For instance, for a long period, most articles that included the words “Brad,” “Angelina” and “divorce” turned out to be unreliable tabloid fare. Likewise, certain sources may be associated with greater or lesser degrees of factual veracity. The same account deserves more credence if it appears in The Wall Street Journal than in The National Enquirer.
But none of these kinds of correlations reliably sort the true from the false. In the end, Brad Pitt and Angelina Jolie did get divorced. Keyword associations that might help you one day can fool you the next.




If you copyright the only source of laws, have you created ‘secret law?” Georgia will probably stop paying for annotations now that they don’t own the copyright.
Appeals Court Says Georgia’s Laws (Including Annotations) Are Not Protected By Copyright And Free To Share
techdirt: “The 11th Circuit appeals court has just overturned a lower court ruling and said that Georgia’s laws, including annotations, are not covered by copyright, and it is not infringing to post them online. This is big, and a huge win for online information activist Carl Malamud whose Public.Resource.org was the unfortunate defendant in a fight to make sure people actually understood the laws that ruled them. The details here matter, so let’s dig in: For the past few years, we’ve been covering the fairly insane situation down in Georgia, where they insist that the state’s annotated laws are covered by copyright. This is not quite the same thing as saying the laws themselves are covered by copyright. Everyone here seems to recognize that Georgia’s laws are not covered by copyright. But here’s where the problem comes in. The state of Georgia contracts out with a private company, LexisNexis, to “annotate” the law basically giving more context, and discussing the case law interpretations of the official code. The deal with the state is that LexisNexis then transfers whatever copyright it gets from the creation of the annotations back to the state. Finally, the only “official” version of Georgia’s state laws is in the “annotated” version. If you want to look up the official law of Georgia you are sent to the “Official Code of Georgia Annotated” (OCGA), and it’s hosted by LexisNexis, and it has all sorts of restrictive terms of service on top of it. Indeed, every new law in Georgia literally says that it will amend “the Official Code of Georgia Annotated,” which certainly suggests that the OCGA — all of it — is the law in Georgia. And the state insisted that part of the law was covered by copyright. [Note: Twitter posting on this matter by The Free Law Project]
Malamud found this obviously troubling, believing that the law must be freely accessible to anyone in order to be valid. The state of Georgia threatened him and then sued him claiming that reposting the OCGA in a more accessible fashion was copyright infringement. The district court not only found that the annotations (even if part of the official law) could be covered by copyright but further that it was not fair use for Malamud to post them online. This was a horrifying decision. And, it’s also no longer a valid one.
The appeals court has put together a thorough ruling rebuking the lower court’s analysis, and noting that the OCGA is not subject to copyright at all.


Sunday, October 21, 2018

Would this create a guilty conscious? Would that increase the probability of believing the extortion emails?
Dan Goodin reports:
A recent hack of eight poorly secured adult websites has exposed megabytes of personal data that could be damaging to the people who shared pictures and other highly intimate information on the online message boards. Included in the leaked file are (1) IP addresses that connected to the sites, (2) user passwords protected by a four-decade-old cryptographic scheme, (3) names, and (4) 1.2 million unique email addresses, although it’s not clear how many of the addresses legitimately belonged to actual users.
Robert Angelini, the owner of wifelovers.com and the seven other breached sites, told Ars on Saturday morning that, in the 21 years they operated, fewer than 107,000 people posted to them.
Read more on Ars Technica.
In the meantime, people continue to receive unrelated extortion demands via email with claims that someone has obtained your files and video of you masturbating, etc. As examples, here are two emails this blogger received this week. They refer to two different BTC wallets, and are sent to two different email addresses, but both follow the same basic format in terms of the threats.




My classes have been debating this.
Will Tech Leave Detroit in the Dust?
As IPO proposals value Uber at an eye-popping $120 billion, auto makers are racing to gain ground in everything from car sharing to driverless technology. At stake: who will control the future of transportation
General Motors plans to roll out a robo-taxi service next year that will let urbanites hail a driverless Chevrolet Bolt. Ford is overhauling a dilapidated Detroit train station to become a tech hub aimed at attracting software superstars. Daimler wants to merge one of its divisions with archrival BMW to create a juggernaut for services like ride hailing and car sharing.
And Toyota says it’s evolving into an entirely different company, one that focuses more on services that move people around. “It’s a matter of surviving...




It never seems to have much impact when we tell people how they are being targeted.
How Political Campaigns Are Messing With Your Mind
… It’s impossible to know whether Cambridge Analytica’s psychographic algorithms truly made a difference in Trump’s victory. But the underlying idea—that political campaigns can identify and influence potential voters more effectively by gathering as much information as possible on their identities, beliefs, and habits—continues to drive both Republican and Democratic data firms, which are currently hard at work on the next generation of digital campaign tools. And while the controversy surrounding Cambridge Analytica exposed some of the more ominous aspects of election campaigning in the age of big data, the revelations haven’t led to soul-searching on the part of tech companies or serious calls for reform by the public—and certainly not from politicians, who benefit most from these tactics.


(Related) For people whose minds are made up?
Republicans Find a Facebook Workaround: Their Own Apps
Imagine a society in which everyone more or less agrees with you.
You wake up in the morning to online greetings from people who share your views on guns, religion and country. Your news feed contains only posts from like-minded politicians or articles from like-minded news outlets. You can safely post your own comments without fear of vitriol from trolls or challenges from naysayers.
This is the insular world in which tens of thousands of Americans who use conservative political apps are experiencing the midterm election season.




Perspective. (Although this seems more about not trusting the economists.) Do antitrust laws adequately consider companies with global reach and competitors one click away?
… The Federal Trade Commission (FTC) has launched its most wide-ranging study of corporate concentration in America in more than 20 years with a series of hearings being held around the country. Chairman Joseph Simons, a practical enforcement-minded leader, launched the hearings by expressing concern over the growing problem of monopoly, which is now found in nearly every sector of the economy.