Wednesday, July 17, 2019
Perfect for my Security Compliance class.
The Essential Guide to Legislation
PoliticoPro – “During a single Congress, hundreds of bills are enacted into federal law – but the initial legislation proposed by lawmakers in the House and Senate can number well over 10,000 bills per session of Congress. With so much proposed legislation flowing through the standard processes, tracking can quickly become difficult. This guide breaks down each step of the legislation proposal process in the House and Senate, the steps that can result in changes to legislation before it becomes law, as well as how the two houses resolve legislative differences. A key difference in the legislative process between the two chambers is that majority leadership wields more legislative power in the House than in the Senate, where individual senators have more control throughout the process, especially on the floor.”
Table of Contents:
Give us a few years and we’ll figure this out.
GDPR Compliance Since May 2018: A Continuing Challenge
Companies must automate and streamline, or the challenge of GDPR compliance will overwhelm them.
… McKinsey research shows that few companies feel fully compliant: as many as half, feeling at least somewhat unprepared for GDPR, are using temporary controls and manual processes to ensure compliance until they can implement more permanent solutions. Broader organizational challenges persist as well – particularly honoring and protecting the rights of data subjects and ensuring that impact assessments, reporting of breaches, and audit organizations are functioning properly. With numerous stopgaps still in place, companies struggle to implement sustainable, long-term solutions.
Can we trust the antitrusters?
EU opens Amazon antitrust investigation
The EU’s Competition Commission has into Amazon to investigate whether the company is using sales data to gain an unfair advantage over smaller sellers on the Marketplace platform. The Commission says it will look into Amazon’s agreements with marketplace sellers, as well as how Amazon uses data to choose which retailer to link to using the “Buy Box” on its site. The announcement comes on the same day that to its third-party seller service agreement in response to a separate antitrust investigation by German regulators.
(Related) No doubt they will get to the bottom of that nagging question: How can you make money if Facebook is free?
Facebook Denies App Changes to Avoid Breakup: Antitrust Update
U.S. technology giants are headed for their biggest antitrust showdown with Congress in 20 years as lawmakers and regulators demand to know whether companies like ’s Google and use their dominance to squelch innovation. The House Judiciary antitrust subcommittee is holding a hearing Tuesday on the market power of the largest tech companies. Executives from , , Google and Facebook are testifying. Here’s the latest from the committee room:
Perspective. It’s what companies are doing outside of Africa that caught my eye.
What do automation and artificial intelligence mean for Africa?
… the latest round of technologies seems to be dealing Africa’s economic prospects a serious blow. Adidas, the German sporting goods company, has established “Speedfactories” in Ansbach in Germany and Atlanta in the U.S., that use computerized knitting, robotic cutting, and 3D printing to produce athletic footwear. Foxconn—the Taiwanese firm known for producing Apple and Samsung products in China’s Jiangsu province—recently replaced 60,000 factory workers with industrial robots. By reducing the importance of wage competitiveness, robots in “smart factories” can completely change what it takes for a place to be competitive in the global market for manufactures. If high-income economies are reshoring production, this could slow down and even reverse the migration of newcomers from Africa in global value chains.
Perspective. Since everyone now caries a portable device…
Education publisher Pearson to phase out print textbooks
The world's largest education publisher has taken the first step towards phasing out print books by making all its learning resources "digital first".
Pearson said students would only be able to rent physical textbooks from now on, and they would be updated much less frequently.
The British firm hopes the move will make more students buy its e-textbooks which are updated continually.
"We are now over the digital tipping point," boss John Fallon told the BBC.
A simple tool for creating “fake news.” Also a simple introduction to webpage coding?
See What's Behind Any Webpage With Mozilla's X-Ray Goggles
One of the topics that we talked about during the Practical Ed Tech Summer Camp was digital literacy and critical thinking. To that end, I presented Mozilla's X-Ray Goggles as a tool that can be used to create a modified version of real news story from legitimate sources. Mozilla's X-Ray Goggles lets you see the code behind any web page and change that code to display anything that you want in place of the original text and images. After you have made the changes you can publish a local copy of the web page.
Watch the following video that I created to learn how to use Mozilla's X-Ray Goggles.
Mozilla's X-Ray Goggles provides a good way for students to see how the code of a webpage works.
Tuesday, July 16, 2019
This week we are discussing HIPAA. Is GDPR worse?
Hospital fined €460,000 for privacy breaches after Barbie case
The Haga hospital in The Hague has been fined €460,000 for poor patient file security, after it emerged a tv reality soap star’s medical records had been accessed by dozens of unauthorised members of staff.
The Dutch privacy watchdog Authoriteit Persoonsgegevens said its research showed patient records at the hospital are still not properly secure.
… The hospital gave 85 members of staff an official warning for looking at the medical files of Samantha de Jong, better known as Barbie, when she was hospitalised after a suicide attempt last year.
The members of staff were not involved in treating the tv reality star and were therefore not entitled to check her files, the hospital said.
Concerns about privacy have been one of the major brakes on developing a nationwide digital medical record system in the Netherlands.
“Everything in war is very simple. But the simplest thing is difficult.” Carl von Clausewitz. Same with Computer Security.
How Small Mistakes Lead to Major Data Breaches
Four out of five of the top causes of data breaches are down to human or process error. In other words, human mistakes that could’ve been remedied with cybersecurity training or more careful consideration of security practices.
So far, no significant AI attack has been identified.
How can attackers abuse artificial intelligence?
… findings and topics covered in the study include:
- Adversaries will continue to learn how to compromise AI systems as the technology spreads
- The number of ways attackers can manipulate the output of AI makes such attacks difficult to detect and harden against
- Powers competing to develop better types of AI for offensive/defensive purposes may end up precipitating an “AI arms race”
- Securing AI systems against attacks may cause ethical issues (for example, increased monitoring of activity may infringe on user privacy)
- AI tools and models developed by advanced, well-resourced threat actors will eventually proliferate and become adopted by lower-skilled adversaries
Won’t you take the AI’s word for it?
Good luck deleting someone's private info from a trained neural network – it's likely to bork the whole thing
AI systems have weird memories. The machines desperately cling onto the data they’ve been trained on, making it difficult to delete bits of it. In fact, they often have to be completely retrained from scratch with the newer, smaller dataset.
That’s no good in an age where individuals can request their personal data be removed from company databases under privacy measures like the Europe's GDPR rules. How do you remove a person’s sensitive information from a machine learning that has already been trained? A 2017 research paper by law and policy academics hinted that it may even be impossible.
So what’s the answer?
How The Software Industry Must Marry Ethics With Artificial Intelligence
Intelligent, learning, autonomous machines are about to change the way we do business forever. But in a world where corporations or even executives may be liable in a civil or even criminal court for their decisions, who is responsible for decisions made by artificial intelligence (AI)?
In the United States, courts are already having to wrestle with this science fiction scenario after an Arizona woman was killed by an experimental autonomous Uber vehicle. The European Commission recently shared ethical guidelines, requiring AI to be transparent, have human oversight and be subject to privacy and data protection rules.
… How can we, as Dr. Joanna Bryson points out, avoid being “manipulated into situations where corporations can limit their legal and tax liability just by fully automating their business processes?”
I keep looking for something I understand.
How to explain deep learning in plain English
… “For decades, in order to get computers to respond to our requests for information, we had to learn to speak to them in a way they would understand,” says Tom Wilde, CEO at Indico Data Solutions. “This meant having to learn things like boolean query language, or how to write complex rules that carefully instructed the computer what actions to take.
… “Deep learning’s arrival flips that [historical context] on its head,” Wilde says. “Now the computer says to us, you don’t need to worry about carefully constructing your request ahead of time – also known as programming – but rather provide a definition of the desired outcome and an example set of inputs, and the deep learning algorithm will backward solve the answer to your question. Now non-technical people can create complex requests without knowing any programming.”
Interesting law. Does this apply to any terminated employee?
Lyft broke the law when it failed to tell Chicago about a driver it kicked off its app. A month later he was accused of killing a taxi driver while working for Uber
Lyft could face penalties of up to $10,000 for failing to report an incident to Chicago authorities last year.
After deactivating driver Fungqi Lu in July 2018 after a fight with a local attorney, Lyft was required by law to alert the city's Department of Business Affairs and Consumer Protection. However, the Chicago Sun-Times reported on Monday that never happened.
Meanwhile, Lu continued to drive for Uber despite being kicked off the Lyft platform. (Many drivers work for multiple companies.) It was four weeks after the first incident when he was accused of fatally kicking a 64-year-old taxi driver, Anis Tungekar, in a heated traffic argument caught on video.
… Earlier this year, the family of the late Tungekar filed a lawsuit against Uber, alleging that the company was negligent in its hiring of Lu and seeking $10 million in damages. Uber declined to comment on its policies for instances like this but passed along the following statement:
"This is a horrible tragedy and our thoughts are with Mr. Tungekar's family and loved ones," a spokesperson said. "As soon as we were made aware of this, we immediately removed this individual's access from the platform. [What are they talking about? Bob]
Monday, July 15, 2019
Once upon a time, governments cared about fair elections. How many “election officials” are elected?
AP Exclusive: New Election Systems Use Vulnerable Software
– “Pennsylvania’s message was clear: The state was taking a big step to keep its elections from being hacked in 2020. Last April, its top election official told counties they had to update their systems. So far, nearly 60% have taken action, with $14.15 million of mostly federal funds helping counties buy brand-new electoral systems. But there’s a problem: Many of these new systems still run on old software that will soon be outdated and more vulnerable to hackers. An Associated Press analysis has found that like many counties in Pennsylvania, the vast majority of 10,000 election jurisdictions nationwide use Windows 7 or an older operating system to create ballots, program voting machines, tally votes and report counts. That’s significant because Windows 7 reaches its “end of life” on Jan. 14, meaning Microsoft stops providing technical support and producing “patches” to fix software vulnerabilities, which hackers can exploit. In a statement to the AP, Microsoft said Friday it would offer continued Windows 7 security updates for a fee through 2023. Critics say the situation is an example of what happens when private companies ultimately determine the security level of election systems with a lack of federal requirements or oversight. Vendors say they have been making consistent improvements in election systems. And many state officials say they are wary of federal involvement in state and local elections…”
An increasingly common behavior. If your backup/recovery process isn’t already making significant progress, they know it probably never will.
Syracuse ransomware operators increase their demands as victims miss payment deadlines
Ransomware operators struck the schools as early as Monday last week, leaving the district struggling for seven days now. School administrators didn’t know why their systems were failing until they learned they had been infected with ransomware.
A spokesman said an “attack froze the district from accessing our own systems,” according to local news outlet Syracuse.com. Citing a source familiar with the matter, the report also reveals that, “the unknown hackers’ demands keep increasing as the district misses deadlines for payment.”
The SCSD’s insurer is urging administrators to pay the attackers, but the school district is following the FBI’s standard advice in ransomware cases — refrain from paying the criminals. [If you fail to follow the insurer’s advice, does that void your coverage? Bob]
… It is unclear whether the FBI has stepped in to help or the SCSD is merely taking a page from on dealing with ransomware.
… The district’s insurer is increasingly restless about the damage it will have to cover in case the ransom is not paid, sources say. A spokesman said the district had been instructed to keep details under wraps until a forensic audit is completed.
Some interesting language.
FBI Wants to Invest in Social Media Surveillance Tool
The FBI is looking into gaining more control over social media and the content shared on these platforms, allegedly to keep a closer eye on terrorist organizations, crime groups and national security threats, the agency last week.
The organization issued a Request for Proposal (RFP) looking for contracts for a social media surveillance tool that would alert them to suspicious online behavior.
… The tool would monitor keywords and gather data about social media users such as IDs, emails, IP addresses, phone numbers and location history, yet the FBI claims it would not violate civil liberties and user privacy.
It’s hard to believe the US government would not violate user privacy while conducting major surveillance over the web. The pervasiveness of any such tool is open to question, considering US President Donald Trump has expressed interest in using social platforms to monitor immigrants as well as people on disability benefits?
It probably is this simple.
4 Essentials for Complying With the New Data Privacy Regulations
Sunday, July 14, 2019
Really reads like a cover up.
New Bedford: public release of info on cyber attack could put city at further risk
Cyber professionals have “strongly advised” the city against providing any details about the impacts of a computer virus that has shut down municipal computers for more than a week.
Jonathan Carvalho, the city’s public information officer, released a statement late Friday that said New Bedford continues to implement restoration plans on its municipal computer network. For most of a week the city has provided little information about what is going on with a virus that has at least shut down some of the computers at both City Hall and in the Fire Department. It is not known what other departments may be affected although officials have said the police are not involved and neither is the 911 emergency network.
The city has refused to say exactly how many computers are down, where they are located, the name of the cyber security consultant it is working with or how much money the shutdown may be costing New Bedford. The city has said it has insurance against meltdown that could take out the network. [That’s pretty vague. Has the network been impacted? Bob]
For all my students.
Would you like to learn how to hack systems like black hat hackers and secure them like security experts? This free ebook (worth $23) could be what you’re looking for!
Whose idea was this? Was there any documentation suggesting this approach had official sanction or was it just the result of agent boredom?
From Papers, Please!:
The US Customs and Border Protection (CBP) division of DHS has agreed to a with passengers who were after a flight from San Francisco.
Nine of the passengers on the February 2017 flight, represented by the ACLU and cooperating lawyers from Covington & Burling, the CBP and CBP and Immigration and Customs Enforcement (ICE) officials. They that the warrantless, suspicionless dragnet search of the ID documents of everyone on the plane violated the 4th Amendment, and that the CBP policy for such searches was invalid.
Read more on
A change in method?
Zack Whittaker reports:
T-Mobile has reported a small decline in the number of government data requests it receives, according to its latest transparency report,
The third-largest cell giant in the U.S. reported 459,989 requests during 2018, down by a little over 1% on That includes an overall drop in subpoenas, court orders and pen registers and trap and trace devices used to record the incoming and outgoing callers; however, the number of search warrants issued went up by 27% and wiretaps increased by almost 3%.
Read more on
Speech is not text – why not?
The GDPR & Speech Data: Reflections of Legal and Technology Communities, First Steps towards a Common Understanding
Privacy preservation and the protection of speech data is in high demand, not least as a result of recent regulation, e.g. the General Data Protection Regulation (GDPR) in the EU. While there has been a period with which to prepare for its implementation, its implications for speech data is poorly understood. This assertion applies to both the legal and technology communities, and is hardly surprising since there is no universal definition of 'privacy', let alone a clear understanding of when or how the GDPR applies to the capture, storage and processing of speech data.
Employees are people? What a concept!
Jason C. Gavejian and Joseph J. Lazzarotti of Jackson Lewis write:
Employers, you are not out of the CCPA woods yet.
If you have been tracking the proposed amendments to the California Consumer Privacy Act (CCPA), you know that businesses and stakeholders have been clamoring to shape the new sweeping law in a number of ways. We earlier this year on some of the potential changes approved by the California Assembly Privacy and Consumer Protection Committee, which moved on for further consideration. Upon arrival at the Senate Judiciary Committee, several of these business-friendly changes met some resistance, including AB 25 which generally would have excluded employee personal information from being covered under the CCPA.
While employers had hoped AB 25 would amend the CCPA to exclude information gathered in the employment context outright, on July 9, 2019, the California Senate Judiciary Committee clarified that will be the case.
Read more on
Why AI is so appealing?
Workers waste half their time as they struggle with data
As data grows in complexity, data workers waste time searching for and preparing data instead of gaining insights according to a new report.
… The shows that data workers spend 90% of their working week (around 36 hours) on data-related activities such as searching, preparation and analytics.
Every generation invents the world anew. The Internet is merely the medium.
How the internet has changed the way we talk
People of a certain age were trained to use exclamation points to indicate excitement or even anger. And they never imagined that a simple period at the end of a sentence could get them into hot water.
But the social-media age has twisted the meanings of some of our most basic words and punctuation marks, reveals Wired magazine’s resident linguist Gretchen McCulloch in her new book, “Because Internet: Understanding the New Rules of Language” (Riverhead), out July 23.
In our current world, periods are now seen as aggressive, and a cartoon of a smelly poo is considered perfectly acceptable communication. [I’ll believe that when I see it in a legal brief. Bob]
… Definition: The “haphazard mashing of fingers against the keyboard to signal a feeling so intense you can’t possibly type real words.”
So, if someone types “asdfkf;jas” in a tweet, they’re likely trying to say they’re overwhelmed.
… Using a period for short messages has come to be seen as outright aggressive by Gen Z.
The first widespread indicator, McCulloch writes, came in 2009, when an Urban Dictionary user defined a period as “the new cool way to emphasize (usually moody-ass) sarcasm.”
Saturday, July 13, 2019
Is there real concern that DHS would cover up Russian hacking?
Bipartisan Legislation to Require DHS Alerts on Election Hacking
Bipartisan legislation formally unveiled this week would require the Department of Homeland Security to send notifications on breaches affecting the election systems.
… “It has now been nearly two months since Florida delegation members were briefed by the FBI on the two hacked counties in Florida – and the voters in these counties still don’t know if Russians have accessed their personal data,” Waltz said.
The bill would require federal officials to promptly alert appropriate state and local officials and Members of Congress when there is credible evidence that an election system has been breached and voter information believed to have been altered or otherwise affected.
State and local officials would then be required to alert potentially affected voters of the incident.
Microsoft Office 365: Banned in German schools over privacy fears
State of Hesse says student and teacher information could be "exposed" to US spy agencies.
… The that using the popular cloud platform's standard configuration exposes personal information about students and teachers "to possible access by US officials".
… Besides the details that German users provide when they're working with the platform, Microsoft Office 365 also transmits telemetry data back to the US.
Last year, that that data could include anything from standard software diagnostics to user content from inside applications, such as sentences from documents and email subject lines. All of which contravenes the EU's General Data Protection Regulation, or GDPR, the Dutch said.
How the police
Revealed: This Is Palantir’s Top-Secret User Manual for Cops
Palantir is one of the most significant and secretive companies in big data analysis. The company acts as an information management service for Immigrations and Customs Enforcement, corporations like JP Morgan and Airbus, and dozens of other local, state, and federal agencies. It’s been described by scholars as a “secondary surveillance network,” since it extensively catalogs and maps interpersonal relationships between individuals, even those who aren't suspected of a crime.
Palantir software is instrumental to the operations of ICE, which is planning one of the largest-ever targeted immigration enforcement raids this weekend on thousands of undocumented families. Activists argue raids of this scale would be impossible without software like Palantir.
… The document obtained by Motherboard for this story is public and viewable on DocumentCloud.
For a minute there I was excited. Then I realized they meant a human to ‘direct’ AI, not the other way around.
VA Appoints First-Ever Artificial Intelligence Director
The agency tapped Dr. Gil Alterovitz, a Harvard Medical School professor and member of the Computational Health Informatics Program at Boston Children’s Hospital, to spearhead its efforts to improve veteran care through AI-enabled solutions.
Making AI ubiquitous.
AI at the Very, Very Edge
TinyML is a community of engineers focused on how best to implement machine learning (ML) in ultra-low power systems.
… “TensorFlow Lite has been targeting mobile phones but we are excited about running it on ever smaller devices,” he said.
After building a model in TensorFlow, engineers can run it through the Tensor Flow Lite converter, which “makes it smaller and does things like quantisation, which allow you to reduce the size and precision of the model down to a scale where it will fit comfortably on the device you are targeting,” he said.
Situnayake described one technique that could be used to increase power efficiency, which involves chaining models together.
“Imagine a cascading model of classifiers where you have a really low power model using barely any power to detect if there is a sound going on, then another model that takes more energy to run, which figures out if it’s human speech or not,” he explained. “Then a deeper network that only wakes up when these conditions are met, that uses more power and resources. By chaining these together, you only wake up the [energy intensive] one when you need to, so you can make big savings on energy efficiency.”
The AI technique that could imbue machines with the ability to reason
… “Obviously we’re missing something,” he said. A baby can develop an understanding of an elephant after seeing two photos, while deep-learning algorithms need to see thousands, if not millions. A teen can learn to drive safely by practicing for 20 hours and manage to avoid crashes without first experiencing one, while reinforcement-learning algorithms (a subcategory of deep learning) must go through tens of millions of trials, including many egregious failures.
The answer, he thinks, is in the underrated deep-learning subcategory known as unsupervised learning. While algorithms based on supervised and reinforcement learning are taught to achieve an objective through human input, unsupervised ones extract patterns in data entirely on their own. (LeCun prefers the term “self-supervised learning” because it essentially uses part of the training data to predict the rest of the training data.)
What must we do to gain their attention?
Facebook’s $5 billion FTC fine is an embarrassing joke
Facebook gets away with it again
… From some other perspectives, that $5 billion fine is a big deal, of course: it’s the biggest fine in FTC history, far bigger than the $22 million fine levied against Google in 2012. And $5 billion is a lot of money, to be sure. It’s just that like everything else that comes into contact with Facebook’s scale, it’s still entirely too small: Facebook had $15 billion in revenue last quarter alone, and $22 billion in last year.
The largest FTC fine in the history of the country represents basically a month of Facebook’s revenue, and the company did that the stock price went up.
Here’s another way to say it: the biggest FTC fine in United States history increased Mark Zuckerberg’s net worth.
Perspective. (Podcast) “I am shocked. Shocked I tell you!”
Dysfunctional Justice: What’s Wrong with the U.S. Legal System
Bruce Cannon Gibney discusses his new book about how our legal system has deteriorated since the 1950s as laws have become needlessly complex, clouded by politics and influenced by money.