Saturday, November 24, 2018

It seems silly to deny that a breach happened when anyone can check for themselves.
Bob Diachenko recently reported on yet another massive data exposure:
On November 12th, when auditing the search results for open/exposed Elasticsearch databases with Binaryedge.ioplatform, we have found what appeared to be a collection of personal records compiled by FIESP, the Federation of Industries of the State of São Paulo. FIESP is the largest class entity in the Brazilian industry. It represents about 130 thousand industries in various sectors, of all sizes and different production chains, distributed in 131 employers’ unions.
Records were stored in Elasticsearch with the total count of 180,104,892.
The largest collection of data (FIESP collection) had 34,817,273 personal records with exposed info like:
  • name
  • personal ID number (RG number)
  • taxpayer registry identification (CPF)
  • sex
  • date of birth
  • full address
  • email
  • phone number
Read more on As has happened waaaaay too many times to Bob and others, including yours truly, he had difficulty making notification.
But when notification was finally made after someone on Twitter got thru to FIESP, it was not received as one might hope. Angelica Mari of ZDNet reported today that:
FIESP said it is “investigating the alleged access to its database by a company that claims to work in digital security,” but it has pretty much denied that anything serious has happened at all.
The trade body argued that the databases Hacken Proof is talking about didn’t contain sensitive information or passwords and that “so far, there is no news that any personal information from the database has been exposed.”
“FIESP contacted [Hacken Proof], who said it had not made the data public and subsequently destroyed the information that it claims to have had access to. [Hacken Proof] also stated that its objective was to expose possible vulnerabilities to prevent potential leaks.”

It’s all in the language you choose.
Rohan Pearce has an update to a breach that was first disclosed in June, 2018:
HR software company PageUp says that a forensic expert it engaged to examine its systems has found “no specific evidence” that data was stolen during a security breach earlier this year.
Read more on Computerworld.
[From the article:
After an initial investigation the company said that it believed on the “balance of probabilities” that “data relating to our clients, placement agencies, applicants, references and our employees” was accessed during the breach.
Data that it believed may have been vulnerable included the personal details of employees of PageUp customers, details of job applications lodged with the company’s customers, and employment reference information.
PageUp said though there was no evidence that data had been exfiltrated. [Note that is is somewhat different than saying, “there was evidence that the data was not exfiltrated.” Perhaps they kept no records (logs) of data movement. Bob]

The question should have been asked and answered prior to implementing the new meters. The same for any IoT device. If it was, why not mention that as part of the release. If it was not, are you ready for the lawsuits?
Bill Cameron reports:
As utility companies across the state roll out new Internet-connected electrical meters, Smithfield Township supervisors are calling on Met-Ed to show how they’re protecting customers’ information. The Board of Supervisors penned a letter this week to FirstEnergy Corp., Met-Ed’s parent company, and state regulatory officials asking what protections are in place to keep private consumer data from unwanted eyes.
“What limits have been placed on data collection and permissions for data collection beyond monthly billing cycle totals?” it says in the letter, dated Nov. 14, to FirstEnergy’s president, regional president, state president, the state Office of Consumer Advocates and the Pennsylvania Public Utility Commission. “The notice sent to our residents makes no mention of this, yet is it is of prime concern to us in order to protect and secure data of our residential households.”
Read more on GovTech.
Bravo. We need more agencies and watchdogs asking – and demanding – answers to these important questions.

’Tis the season! “Hey, if it works for Amazon...”
Matthew Field reports:
Hackers are offering Black Friday discounts for stolen credit card details being bought and sold on the dark web as they seek to cash in on an online shopping bonanza.
Security experts including the FBI, the UK’s cyber defence agency and online security firms have warned of a wave of hacking and fraud as criminals exploit Britain’s biggest weekend of online shopping across Black Friday and Cyber Monday.
Read more on The Telegraph.

..for the defense of Privacy everywhere?
Facebook Appeals its UK Fine in Cambridge Analytica Scandal
Facebook has appealed its 500,000-pound ($644,000) fine for failing to protect the privacy of its users in the Cambridge Analytica scandal, arguing that U.K regulators failed to prove that British users were directly affected.
Britain's Information Commissioner Office leveled the fine after concluding Facebook processed the personal information of users unfairly by giving app developers access to their information without informed consent.
"Their reasoning challenges some of the basic principles of how people should be allowed to share information online, with implications which go far beyond just Facebook, which is why we have chosen to appeal," said Facebook lawyer Anna Benckert in a statement. "For example, under ICO's theory people should not be allowed to forward an email or message without having agreement from each person on the original thread. These are things done by millions of people every day on services across the internet."

This could be an interesting source of privacy horror stories. Stay tuned.
Thai Minister Defends Controversial Cybersecurity Bill
A Thai government official on Wednesday defended a sweeping cybersecurity bill which experts have decried for allowing the wholesale seizure of private computers and property, saying that "every country has a need" to protect itself.
… In rare comments hitting out at the government, a senior judge at the Thai Appeals Court condemned the bill, calling it redundant.
"This law ignores the people's rights and freedom," said Sriamporn Saligupta.
"If the next government is not good and uses this as a tool, we will no longer have privacy rights."

The President and his minions are correct in their assumption that people are more interested in shopping and feasting than in worrying about the future. Much harder to change that than asking the President to change his mind. Maybe.
Trump administration criticized over timing of climate change report
The bombshell report, which warns of large-scale climate disasters if the U.S. continues down the track it's headed, was released without much rollout midday Friday.
Known as Black Friday, it's a day in which people are likely more concerned with shopping than national affairs. Late Friday in general is famous in Washington for being a "news dump," in which an administration quietly releases less-than-optimal news.

Clearly, it’s too late.

Friday, November 23, 2018

Who can the dental group turn to? What law enforcement agency could recover the data? Is anyone really equipt to do this?
The following is not your typical breach notification. It relates to a situation in which a business associate allegedly refuses to return the patient database despite its EULA and HIPAA obligation. The press release does not indicate whether the covered entity, Key Dental Group, is suing its former vendor to recover the database. Nor does it indicate how many patients have data in the database in question. has sent inquiries both to Key Dental Group and to the vendor, MOGO, to ask for more information and in MOGO’s case, their response to Key Dental Group’s allegations, but has received no replies as yet.
At first blush, the allegations and situation described below is reminiscent of a controversy between Texas and Xerox that I had reported on in 2014. This post will be updated if and when receives any replies to inquiries.
On October 19, 2018 Key Dental Group, PA (Pembroke Pines, FL) received notification from its former electronic medical record vendor MOGO (414 Plaza Drive, Suite 200 Westmont, IL 60559 that MOGO would not be returning Key Dental Group PA’s electronic medical record (EMR) database as required at the termination of the end user license agreement (EULA) between the two companies. MOGO’s decision appears to violate both the EULA it had in place with Key Dental Group, PA and also various portions of the Health Insurance Portability and Accountability Act (

Know the enemy. Be prepared. Hope for the best, plan for the worst.
Ransomware Attacks Ramping up in 2018, Showing No Signs of Stopping
According to a comprehensive new report from Datto, ransomware continues to be the leading form of cyber attack experienced by small- and medium-sized businesses (SMBs).
… As businesses continue to adopt a head-in-the-sand mentality about ransomware infections, one thing is clear: these attacks have the potential to cripple any organization that has not put the proper backup and recovery plan into place. Revenue lost to downtime can cripple a small business, and lost productivity or time that is spent offline can have serious financial implications.
… Moreover, suggests Datto, SMBs should think about having a business continuity & disaster recovery (BCDR) solution in place. This would help a business recover from an attack within a short period of time, even in as little as 24 hours, without the risk of significant business downtime that could cripple an organization.

Synthetic identity fraud to drive $48 billion in annual losses by 2023 – Juniper Research
Online payment fraud losses will reach $48 billion annually by 2023, up from the $22 billion in losses projected for 2018, a new study from Juniper Research has found.
Juniper’s new research claims that a critical driver behind losses from eCommerce, airline ticketing, money transfer and banking services will be “the continued high level of data breaches resulting in the theft of sensitive personal information.”
Synthetic identity fraud is on the rise, researchers found. Fraudsters are using fragments of real data gleaned from breaches to create new, synthetic identities, as they slowly move away from pure identity theft.
… “When criminals use a blend of different people’s data, as well as some entirely made up information, it becomes harder for law-enforcement officials to both realize the crime and then locate the culprit,” he is quoted as saying.

No joke.
What Do Lawyers and Hackers Have in Common
The activities of attorneys and the activities of hackers are not as different as you might expect, if you define hackers as creative, unconventional problem solvers.
Each explores vast spaces of complicated systems, looking to see how they work, both in ways intended and unintended, and to see what they can be made to do.
In general, the law typically does not keep up with changes in society or technology. As a result, lawyers often must formulate new and innovative ways to address difficult legal problems by using and combining existing legal tools in new ways.

Perspective. Clearly cash will become increasingly rare, so I’m going to start collecting US currency. I will pay you up to 30 cents for a $100 bill, depending on condition.
Sweden’s Push to Get Rid of Cash Has Some Saying, ‘Not So Fast’
Few countries have been moving toward a cashless society as fast as Sweden. But cash is being squeezed out so quickly — with half the nation’s retailers predicting they will stop accepting bills before 2025 — that the government is recalculating the societal costs of a cash-free future.
The financial authorities, who once embraced the trend, are asking banks to keep peddling notes and coins until the government can figure out what going cash-free means for young and old consumers. The central bank, which predicts cash may fade from Sweden, is testing a digital currency — an e-krona — to keep firm control of the money supply. Lawmakers are exploring the fate of online payments and bank accounts if an electrical grid fails or servers are thwarted by power failures, hackers or even war.
… Ask most people in Sweden how often they pay with cash, and the answer is “almost never.” A fifth of Swedes, in a country of 10 million people, do not use automated teller machines anymore. More than 4,000 Swedes have implanted microchips in their hands, allowing them to pay for rail travel and food, or enter keyless offices, with a wave. Restaurants, buses, parking lots and even pay toilets depend on clicks rather than cash.

Thursday, November 22, 2018

Krebs gives a full description of the technique used. Sometimes you have to connect with the right person to get a response, or be like Krebs who can tell a large audience about your poor security management.
Brian Krebs reports:
U.S. Postal Service just fixed a security weakness that allowed anyone who has an account at to view account details for some 60 million other users, and in some cases to modify account details on their behalf.
KrebsOnSecurity was contacted last week by a researcher who discovered the problem, but who asked to remain anonymous. The researcher said he informed the USPS about his finding more than a year ago yet never received a response. After confirming his findings, this author contacted the USPS, which promptly addressed the issue.

Is the idea to guide citizens to good behavior, like a parent rewarding or scolding a child? Or is the idea to protect the state by identifying non-conformists and limiting their interactions? How difficult would it be to do this here, but not make it public? Perhaps controlled by the Citizens Information Agency (CIA)
Beijing to Judge Every Resident Based on Behavior by End of 2020
China’s plan to judge each of its 1.3 billion people based on their social behavior is moving a step closer to reality, with Beijing set to adopt a lifelong points program by 2021 that assigns personalized ratings for each resident.
… The Beijing project will improve blacklist systems so that those deemed untrustworthy will be “unable to move even a single step,” according to the government’s plan.
… By the end of May, people with bad credit in China have been blocked from booking more than 11 million flights and 4 million high-speed train trips, according to the National Development and Reform Commission.
… The tracking of individual behavior in China has become easier as economic life moves online, with apps such as Tencent’s WeChat and Ant Financial’s Alipay a central node for making payments, getting loans and organizing transport. Accounts are generally linked to mobile phone numbers, which in turn require government IDs.
The final version of China’s national social credit system remains uncertain. But as rules forcing social networks and internet providers to remove anonymity get increasingly enforced and facial recognition systems become more popular with policing bodies, authorities are likely to find everyone from internet dissenters to train-fare skippers easier to catch -- and punish -- than ever before.

This seems prudent with everyone trying to redefine monopoly to look just like large tech companies.
Facebook looks like it's preparing for war with Trump after hiring a top Department of Justice antitrust lawyer
Facebook has hired one of the top antitrust lawyers in Silicon Valley, in a sign that the company could be preparing for war with Donald Trump's administration.
Kate Patchen, the chief of the Department of Justice's antitrust division in San Francisco, has joined Facebook as director and associate general counsel of litigation.
Patchen updated her LinkedIn profile earlier this month with the news, which was first spotted by the Financial Times. Business Insider has contacted Patchen and Facebook for comment.

Potential business models for my students?
European Privacy Search Engines Aim to Challenge Google
In the battle for online privacy, U.S. search giant Google is a Goliath facing a handful of European Davids.
The backlash over Big Tech's collection of personal data offers new hope to a number of little-known search engines that promise to protect user privacy.
Sites like Britain's Mojeek , France's Qwant , Unbubble in Germany and Swisscows don't track user data, filter results or show "behavioral" ads.
Qwant is even getting official support. Last month the French army and parliament both said they would drop Google and use Qwant as their default search engine, as part of efforts to reclaim European "digital sovereignty."
Walshe likes Startpage's new "anonymous view" feature, which goes a step further and lets users visit websites anonymously, so they won't be exposed to tracking by websites even after clicking a search result.

I guess I’m still a nerd. This is very cool. Probably not enough to push a 747, but drones for sure, maybe even sailplanes.
Silent and Simple Ion Engine Powers a Plane with No Moving Parts
… But Barrett and his team figured out three main things to make Version 2 work. The first was the ionic wind thruster design. Version 2’s thrusters consist of two rows of long metal strands draped under its sky blue wings. The front row conducts some 40,000 volts of electricity—166 times the voltage delivered to the average house, and enough energy to strip the electrons off ample nitrogen atoms hanging in the atmosphere.
When that happens, the nitrogen atoms turn into positively charged ions. Because the back row of metal filaments carries a negative charge, the ions careen toward it like magnetized billiard balls. “Along the way, there are millions of collisions between these ions and neutral air molecules,” Barrett notes. That shoves the air molecules toward the back of the plane, creating a wind that pushes the plane forward fast and hard enough to fly.

The really smart ones are in my class.

Wednesday, November 21, 2018

Here’s a parallel question: How many of these schools teach computer security?
Martin George reports:
The number of data breaches reported by schools increased by almost a quarter in just two years, new research shows.
Schools in the UK reported 703 data breaches to the Information Commissioner’s Office (ICO) in 2016-17, compared with 571 in 2014-15.
A freedom of information request by accountancy network UHY Hacker Young showed that 674 were reported in 2015-16.
Read more on tes.
It is hard to attempt to draw comparisons to the situation in the U.S. due to the absence of any one centralized agency in the U.S. that requires notifications to it (such as the Information Commissioner’s Office). By looking within states that have mandatory reporting to the state, we may be able to determine if reports are increasing over years, but getting actual numbers that are likely to be reliable seems to be a bit unlikely still.

(Related) Probably no better in the US.
From the Office of the New York State Comptroller, this follow-up report on the New York State Education Department shows ongoing concerns that have not been addressed at all or only addressed partially:
Issued: November 13, 2018 Link to full audit report 2018-F-17

For my students. Before you spend $28
Rebecca Jeshke of EFF writes:
Do you need some stimulating reading material for this long holiday weekend? Here’s a great option: the latest issue of Timothy McSweeney’s Quarterly Concern, The End of Trust. This is a collection of essays and interviews about technology, privacy, and surveillance, featuring many EFF authors—including EFF Executive Director Cindy Cohn, Special Advisor Cory Doctorow, and board member Bruce Schneier.
The End of Trust is on sale online and in bookstores now, but it’s also free to download under a Creative Commons BY-NC-ND license. In addition to essays from EFFers, contributors include anthropologist Gabriella Coleman examining anonymity, Edward Snowden tackling blockchain, and EFF Pioneer Award winner Malkia Cyril zeroing in on the historical surveillance of black bodies.
EFF has read and reviewed every piece of The End of Trust, and it’s a smart, thought-provoking, and entertaining issue. We are proud to be part of this project, and hope you enjoy it.

Have they really got the fact straight on this one? What happens when the rest of the world retaliates?
U.S. Mulls Curbs on Artificial Intelligence Exports
The administration of US President Donald Trump is exploring curbing exports of sensitive technologies including artificial intelligence for national security reasons, according to a proposal this week.
The proposal to control sales of certain technologies "essential to the national security of the United States" comes amid growing trade friction with Beijing -- and fears that China may overtake the US in some areas such as artificial intelligence.
The Commerce Department said in the proposed rules, published Monday, that it would consider curbs on various AI technologies such as neural networks and deep learning, computer vision, natural language processing and audio and video manipulation.
But banning AI exports could be counterproductive to US goals, said Daniel Castro, vice president of the Information Technology and Innovation Foundation, a Washington think tank.
"If the US government bans the export of AI technology, other countries will likely enact reciprocal policies," Castro said.
"It will mean US companies are locked out of certain markets, allowing firms in other countries to compete unchallenged."

Another case of “not being on the same page?”
The FCC’s plan to fight spam texts could give phone companies more power over messaging
… In its announcement, the agency said it plans to formally classify text messaging as an information service, a legal distinction it said will be key to battling spam text messages. The classification, the agency said, will allow phone carriers to continue to use blocking technology to stop spam messages from reaching phones.
But some consumer advocates have pushed for the FCC to instead classify messaging as a telecommunications service. Without that classification, groups like Public Knowledge have argued, phone companies will be able to discriminate against messages, deciding when and how to deliver texts in ways they say could harm consumers and free speech.

For my Architecture students. Read carefully.
Optimized Prime: How AI And Anticipation Power Amazon's 1-Hour Deliveries
By the time someone clicks "buy" on Amazon, Jenny Freshwater's team has probably expected it.
Freshwater is a software director in Amazon's Supply Chain Optimization Technologies group. Her team forecasts demand for everything sold by Amazon worldwide.
… In 2013, Amazon got a patent for so-called "anticipatory shipping." The idea was to get your order as close as possible to your address before you actually click buy.
… AI has learned that not all new products mean the same type of forecast.
Take tax software. Everyone wants the latest version. But the release of a new DSLR camera? That actually triggers huge demand for the older versions, which are cheaper.
AI has also determined that online shoppers often abandon their online grocery cart entirely, if bananas are sold out — and that bananas are most in demand on Mondays.

For my students who think start-ups can’t compete with Amazon.
SoftBank doubles down on Korean online retailer Coupang with $2 billion investment
SoftBank’s Vision Fund is investing an additional $2 billion in South Korea’s top e-commerce firm Coupang, the retailer said on Tuesday, as the loss-making startup seeks to cement its market dominance.
The latest investment follows the $1 billion that SoftBank invested in Coupang in 2015 and values the eight-year-old startup at around $9 billion, a source close to Coupang said.
Coupang has since grown rapidly to become the biggest player in South Korea’s e-commerce market. It clocked 2.7 trillion won ($2.4 billion) in revenue last year, with its online sales almost as much as the next three largest e-commerce sites in the country combined, according to research firm Statista.

Another self-driving option I had not considered. Probably more restful, possibly cheaper, definitely slower.
This self-driving hotel room could revolutionize travel
Question: What do you get if you cross a hotel room with a self-driving vehicle? Answer: The Autonomous Travel Suite (ATS).
A hotel room on wheels, the ATS is the brainchild of Toronto-based Steve Lee of Aprilli Design Studio and could revolutionize the way we travel.
… While car designers have focused on developing advanced versions of conventional vehicles, "as an architect, I see self-driving vehicles as more being more like a mobile room," says Lee.

Tuesday, November 20, 2018

Is the escalation from theft to industrial espionage to military espionage and no higher? Apparently, this is not a path to cyberwar, so feel free to hack all you like? With minimal downside, anything hackers can steal is virtually pure profit.
Surge in China Theft of Australia Company Secrets: Report
China has sharply escalated cyberattacks on Australian companies this year in a "constant, significant effort" to steal intellectual property, according to a report published Tuesday.
The investigation by Fairfax Media and commercial broadcaster Channel Nine comes just days after US Vice President Mike Pence accused Beijing at the APEC summit of widespread "intellectual property theft".
The report said China's Ministry of State Security was responsible for "Operation Cloud Hopper", a wave of attacks it said were detected by Canberra and its partners in the "Five Eyes" intelligence alliance -- the US, Britain, Canada and New Zealand.
An unnamed senior Australian government official told Fairfax the activity was "a constant, significant effort to steal our intellectual property", while other officials expressed frustration that firms and universities were not tightening their security.

I have students from India, Africa, all over the middle east and even Canada, but no one from the EU, as far as I know.
Luke Irwin reports:
…. A major concern is the GDPR’s requirement that organisations report certain types of data breach to their supervisory authority within 72 hours of becoming aware of the incident. It’s one of the toughest rules to meet, but this blog provides you with all the details you need.
Read more on IT Governance Blog.

“Those who cannot remember the past are condemned to repeat it.” George Santayana
Ivanka Trump used personal account for government business, posing security risk to White House
During the 2016 presidential election, US President Donald Trump aggressively went after Hilary Clinton for using her personal email account and server for official conversations during her time as US Secretary of State. Two years later, it is now Ivanka Trump’s turn to take the heat. Or not.
White House ethics officials confirmed she used a private email account to send official government-related emails last year, writes the Washington Post. Ivanka Trump exchanged hundreds of official emails with assistants, Cabinet officials and White House aides through a domain shared with her husband, Jared Kushner. The domain was created in December 2016, before she moved Washington. Because the domain was created through a Microsoft system, the emails are stored by the tech company.
Her actions could be in violation of the Presidential Records Act, which specifies that White House Communication must be secured and all data kept in a secure archive to prevent hacking and mishandling of data. Although her emails were mostly about personal travel dates and logistical data, some may still be in violation of federal records legislation, as they discussed official business and government policies.

Worth watching?
Operation Infektion: Russian Disinformation: From The Cold War To Kanye
Opinion Video Series | Operation Infektion By Adam B. Ellick and Adam Westbrook The New York Times, November 12, 2018
WATCH: This is a three-part film series. Scroll down at this link and click to play any episode
“Russia’s meddling in the United States’ elections is not a hoax. It’s the culmination of Moscow’s decades-long campaign to tear the West apart. “Operation InfeKtion” reveals the ways in which one of the Soviets’ central tactics — the promulgation of lies about America — continues today, from Pizzagate to George Soros conspiracies. Meet the KGB spies who conceived this virus and the American truth squads who tried — and are still trying — to fight it. Countries from Pakistan to Brazil are now debating reality, and in Vladimir Putin’s greatest triumph, Americans are using Russia’s playbook against one another without the faintest clue…”

(Related) He may not have time to do anything else!
Now eight parliaments are demanding Zuckerberg answers for Facebook scandals
Facebook’s founder is facing pressure to accept an invite from eight international parliaments, with lawmakers wanting to question him about negative impacts his social network is having on democratic processes globally.
Last week Facebook declined an invitation from five of these parliaments.
The elected representatives of Facebook users want Mark Zuckerberg to answer questions in the wake of a string of data misuse and security scandals attached to his platform. The international parliaments have joined forces — forming a grand committee — to amp up the pressure on Facebook.

Amid talk of Google as a monopoly, does this suggest they might have the power to revise the law? Could news sites expect a 51% or greater reduction in user visits?
Google News may shut over EU plans to charge tax for links
The Guardian – Search engine is lobbying hard to stop proposed tax, aimed at compensating news publishers – “Google’s top news executive has refused to rule out shutting down Google News in EU countries, as the search engine faces a battle with Brussels over plans to charge a “link tax” for using news stories. Richard Gingras, the search engine’s vice-president of news, said while “it’s not desirable to shut down services” the company was deeply concerned about the current proposals, which are designed to compensate struggling news publishers if snippets of their articles appear in search results. He told the Guardian that the future of Google News could depend on whether the EU was willing to alter the phrasing of the legislation. “We can’t make a decision until we see the final language,” he said. He pointed out the last time a government attempted to charge Google for links, in 2014 in Spain, the company responded by shutting down Google News in the country. Spain passed a law requiring aggregation sites to pay for news links, in a bid to prop up struggling print news outlets. Google responded by closing the service for Spanish consumers, which he said prompted a fall in traffic to Spanish news websites…”

(Related) The Spanish experience has been ignored.
New study shows Spain’s “Google tax” has been a disaster for publishers
… In the short-term, the study found, the law will cost publishers €10 million, or about $10.9 million, which would fall disproportionately on smaller publishers. Consumers would experience a smaller variety of content, and the law "impedes the ability of innovation to enter the market."
The study concludes that there's no "theoretical or empirical justification" for the fee. The full study (PDF) is available for download; it's in Spanish with an English-language executive summary.
… Whatever loss of traffic occurs due to readers who may read a news aggregator and then choose not to read an entire story, is more than made up for by the "market expansion" effect, the study found. In other words, given access to a news aggregator like Google, people read much more news.
The NERA analysis found a 6 percent overall drop in traffic from the Spanish Google News closure and a 14 percent drop for smaller publications.

Looks like you need computer geeks to succeed.
Throughout the global economy, big companies are getting bigger. They’re more productive, more profitable, more innovative, and they pay better. The people lucky enough to work at these companies are doing relatively well. Those who work for the competition aren’t.
Research by one of us (James) links this trend to software. Even outside of the tech sector, the employment of more software developers is associated with a greater increase in industry concentration, and this relationship appears to be causal. Similarly, researchers at the OECD have found that markups — a measure of companies’ profits and market power — have increased more in digitally-intensive industries. And academic research has found that rising industry concentration correlates with the patent-intensity of an industry, suggesting “that the industries becoming more concentrated are those with faster technological progress.” For example, productivity has grown dramatically in the retail sector since 1990; inflation-adjusted sales per employee have grown by roughly 50%. Economic analysis finds that most of this productivity growth is accounted for by a few companies such as Walmart who used information technology to become much more productive. Greater productivity meant lower prices and faster growth, leading to increased industry dominance. Walmart went from a 3% share of the general merchandise retail market in 1982 to over 50% today.

Perspective. Is Microsoft positioning itself to replace phone companies?
Skype calling now available on Alexa
Microsoft is bringing its Skype calling service to Amazon’s Alexa-enabled devices this week. Amazon’s Echo range will be able to access Skype’s basic calling, and hardware like the Echo Show will also include video calling support for Skype. This integration also lets Skype users call mobile and landlines using SkypeOut, and simply call contacts by saying “Alexa, call Tom on Skype” to activate a call.

Perspective. Probably inevitable.
In ‘Digital India,’ Government Hands Out Free Phones to Win Votes
Forget the old American campaign slogan of a chicken in every pot, or the Indian politician’s common pledge to put rice in every bowl.
Here in the state of Chhattisgarh, the chief minister, Raman Singh, has promised a smartphone in every home — and he is using the government-issued devices to reach voters as he campaigns in legislative elections that conclude on Tuesday.
… The phones are the latest twist in digital campaigning by the B.J.P., which controls the national and state government and is deft at using tools like WhatsApp groups and Facebook posts to influence voters. The B.J.P. government in Rajasthan, which holds state elections next month, is also subsidizing phones and data plans for residents, and party leaders are considering extending the model to other states.
… The phones themselves also actively promote Mr. Singh, who has run the state for 15 years and is seeking a fourth term.
His smiling face is set as the background image on the home screen, prompting some to nickname it the “Raman mobile.”

An interesting precedent?
A court ruled that judges can be Facebook friends with lawyers because those are not real friendships
Quartz: “Florida’s Supreme Court has ruled on something that most social media users already know: Facebook friendships are not real. Specifically, the court said in a Nov. 15 opinion that a Facebook friendship between a judge and an attorney does not mean the judge is too biased to preside over that attorney’s case. Ruling on an appeal in a case where one side argued a trial court judge should be disqualified because of a Facebook friendship, the court added that even traditional, IRL friendship wouldn’t necessarily be disqualifying, because the nature of friendship is “indeterminate.”
The ruling includes some philosophical musings on the meaning of friendship. For chief justice Charles Canady, who writes for the majority, a real friend, “is a person attached to another person by feelings of affection or esteem.” Meanwhile, a Facebook friend is a “person digitally connected to another person by virtue of their Facebook ‘friendship.’” And a Facebook friendship, he says, “does not objectively signal the existence of the affection and esteem involved in a traditional ‘friendship.’”…

It’s a “kill or die” game. Probably need a bit more subtlety. You can help.
MIT Moral Machine – building human opinions on machine action
Moral Machine – “From self-driving cars on public roads to self-piloting reusable rockets landing on self-sailing ships, machine intelligence is supporting or entirely taking over ever more complex human activities at an ever increasing pace. The greater autonomy given machine intelligence in these roles can result in situations where they have to make autonomous choices involving human life and limb. This calls for not just a clearer understanding of how humans make such choices, but also a clearer understanding of how humans perceive machine intelligence making such choices. Recent scientific studies on machine ethics have raised awareness about the topic in the media and public discourse.
This website aims to take the discussion further, by providing a platform for 1) building a crowd-sourced picture of human opinion on how machines should make decisions when faced with moral dilemmas, and 2) crowd-sourcing assembly and discussion of potential scenarios of moral consequence…”

I’ll have to give it a try.

For my new Security class.

Monday, November 19, 2018

I have an idea for a final exam…
The more you say you know about phishing, the more vulnerable you are … Until you’re hoodwinked
A study in which researchers sent phishing emails to 1,350 students has yielded a startling find: those who believe they know how to tell a phishing scam from a genuine email are actually more susceptible to the attack.
The study by the University of Maryland, Baltimore County (UMBC) involved various phishing tests to assess whether any demographic segments were more susceptible to phishing attacks.

Some interesting things to think about. We probably do it the same way (without the tea).
Inside the British Army's secret information warfare machine
They are soldiers, but the 77th Brigade edit videos, record podcasts and write viral posts. Welcome to the age of information warfare
… Explaining their work, the soldiers used phrases I had heard countless times from digital marketers: “key influencers", “reach", “traction".
… Ever since Nato troops were deployed to the Baltics in 2017, Russian propaganda has been deployed too, alleging that Nato soldiers there are rapists, looters, little different from a hostile occupation. One of the goals of Nato information warfare was to counter this kind of threat: sharply rebutting damaging rumours, and producing videos of Nato troops happily working with Baltic hosts.
Information campaigns such as these are “white”: openly, avowedly the voice of the British military. But to narrower audiences, in conflict situations, and when it was understood to be proportionate and necessary to do so, messaging campaigns could become, the officer said, “grey” and “black” too. “Counter-piracy, counter-insurgencies and counter-terrorism,” he explained. There, the messaging doesn't have to look like it came from the military and doesn't have to necessarily tell the truth.

We hate them, but we use them?
Poll – America sours on social media giants
Axios Poll – Does social media do more to help or hurt democracy and free speech? “Silicon Valley has a big and growing problem: Americans have rising concerns with its most popular products and a growing majority wants big social media companies regulated, according to new poll conducted by Survey Monkey for “Axios on HBO.”
Why it matters: The public is more aware than ever of some of the negative consequences of the technologies that have changed their lives, which makes Silicon Valley and social media ripe political and regulatory targets.
Between the lines: This is a rare topic uniting Republicans, Democrats and Independents…”

For my Software Architects.
Public Attitudes Toward Computer Algorithms
… despite the growing presence of algorithms in many aspects of daily life, a Pew Research Center survey of U.S. adults finds that the public is frequently skeptical of these tools when used in various real-life situations.
This skepticism spans several dimensions. At a broad level, 58% of Americans feel that computer programs will always reflect some level of human bias – although 40% think these programs can be designed in a way that is bias-free.
  • Majorities of Americans find it unacceptable to use algorithms to make decisions with real-world consequences for humans
  • Across age groups, social media users are comfortable with their data being used to recommend events – but wary of that data being used for political messaging

Inventing your own holiday seems to pay off so I’m declaring today “International Buy Your Favorite Blogger a Beer day!”
Alibaba Sold in 1 Day Just as Much as Amazon Sells in 3 Months -- The Motley Fool
Chinese e-commerce leader Alibaba just completed its ninth annual Singles Day sales event and smashed all previous records by selling $30.8 billion worth of goods.
To put that in perspective, the five-day kickoff to the Christmas shopping season that begins on Thursday, Thanksgiving Day, and runs through the following Monday, known as Cyber Monday, generated sales of $19.6 billion. And that's for all of retail. Alibaba's sales figure don't include the sales generated by other Chinese retailers, such as its biggest rival,, which sold $23 billion worth of merchandise (albeit over an 11-day period, though the bulk came on Singles Day itself).
Put another way, it took three months to sell $33.7 billion worth of goods in the third quarter, which also included its best-ever Prime Day event that sold an estimated $3.4 billion – and that was over 36 hours. Alibaba generated over $1 billion in gross merchandise value (GMV) in the first minute and a half and surpassed last year's $25 billion total in just under 15 hours.

Sunday, November 18, 2018

I guess governments do this when they no longer trust anonymous citizens to follow their laws. “We know who you are, we know what you did, and since we know you are guilty, we impose this penalty.”
Angus Berwick of Reuters reports:
  • Venezuela is rolling out a new, smart-card ID known as the “carnet de la patria,” or “fatherland card,” manufactured by Chinese telecom giant ZTE Corp.
  • The ID transmits data about cardholders to government computer servers, and is increasingly linked to subsidized food, health, and other social programs most Venezuelans rely on to survive.
  • The fatherland card, critics argue, illustrates how China, through state-linked companies like ZTE, exports technological know-how that can help like-minded governments track, reward, and punish citizens.
Read more on Business Insider.

The start of the 2020 Election disruption?
Suspected Russian Hackers Impersonate State Department Aide
U.S. cybersecurity experts say hackers impersonating a State Department official have targeted U.S. government agencies, businesses and think tanks in an attack that bears similarity to past campaigns linked to Russia.
The "spear phishing" attempts began on Wednesday, sending e-mail messages purported to come from a department public affairs official.
The State Department said: "The Department is aware of the recent malicious cyber event involving the spoofing (impersonation) of a Department employee reported by U.S. cybersecurity firm FireEye. No Department networks were compromised by this malicious cyber attempt." [The wording makes me wonder what was compromised. Bob]

Nothing really new here. This is the high end of the “Alexa, turn on the lights” AI spectrum. If I’m not ready to trust a self-driving car, I’m going to really have to be convinced that some mini-Terminator can be trusted.
Are Killer Robots the Future of War? Parsing the Facts on Autonomous Weapons
… The decision to use a lethal weapon in battle against combatants has always been a decision made by a human being. That may soon change. Modern advancements in artificial intelligence, machine image recognition and robotics have poised some of the world’s largest militaries on the edge of a new future, where weapon systems may find and kill people on the battlefield without human involvement. Russia, China and the United States are all working on autonomous platforms that pair weapons with sensors and targeting computers; Britain and Israel are already using weapons with autonomous characteristics: missiles and drones that can seek and attack an adversary’s radar, vehicle or ship without a human command triggering the immediate decision to fire.

YouTube is now showing ad-supported Hollywood movies
Last month, YouTube quietly began showing ad-supported movies for the first time, giving viewers access to Hollywood titles including "The Terminator" and "Legally Blonde" for free.

Global Warming! Global Warming! There haven’t been quite as many stories recently.
NASA warns long cold winter could hit space in months bringing record low temperatures
… “The thermosphere always cools off during Solar Minimum. It’s one of the most important ways the solar cycle affects our planet,” explains Mlynczak.
“We’re not there quite yet,” he said of the record cold, “but it could happen in a matter of months."
The most famous example of a prolonged sunspot minimum is the Maunder Minimum, referring to a period around 1645 to 1715 during which sunspots become exceedingly rare.
Maunder coincided with the middle part of the Little Ice Age, when Europe and North America experienced colder temperatures - fuelling speculation that the two were connected.