Thursday, May 23, 2019


Think about this one. With all those huge data breaches, this is the first time Wall Street thinks a breach is significant (material?) Will Boards of Directors take notice?
Kate Fazzini reports:
Moody’s has just slashed its rating outlook on Equifax, the first time cybersecurity issues have been cited as the reason for a downgrade.
Moody’s lowered Equifax’s outlook from stable to negative on Wednesday, as the credit monitoring company continues to suffer from the massive 2017 breach of consumer data.
We are treating this with more significance because it is the first time that cyber has been a named factor in an outlook change,” Joe Mielenhausen, a spokesperson for Moody’s, told CNBC. “This is the first time the fallout from a breach has moved the needle enough to contribute to the change.”
Read more on CNBC.




Where does ‘just ignorant’ end and negligent begin?
Sean Gallagher reports:
cities aren’t the only highly vulnerable targets to be found by would-be attackers. There are hundreds of thousands of Internet-connected Windows systems in the United States that still appear to be vulnerable to an exploit of Microsoft Windows’ Server Message Block version 1 (SMB v. 1) file sharing protocol, despite repeated public warnings to patch systems following the worldwide outbreak of the WannaCry cryptographic malware two years ago. And based on data from the Shodan search engine and other public sources, hundreds of them—if not thousands—are servers in use at US public school systems.
Read more on Ars Technica.




There are some “bugs,” that no matter how innocent, smell of conspiracy or worse.
Deutsche Bank glitch blocked reporting of suspicious transactions
A software glitch at Deutsche Bank has for almost a decade prevented some potentially suspicious transactions from being flagged to law enforcement authorities, Germany's biggest bank has discovered.




I need clarification…
Gavin Reinke of Alston & Bird writes:
The Georgia Supreme Court recently issued a decision holding that there is no duty to safeguard personal information from a data breach under Georgia law. Georgia Department of Labor v. McConnell involved the accidental disclosure of a spreadsheet that contained the name, social security number, home telephone number, email address, and age of thousands of individuals who had applied for unemployment benefits or other services offered by the Department of Labor. Case No. S18G1316, slip op. at 2 (Ga. May 20, 2019). The plaintiff, whose information was among that which was disclosed, filed a putative class action against the Department of Labor, alleging claims for negligence, breach of fiduciary duty, and invasion of privacy.
Read more on their privacy blog.
[From the blog:
The Court concluded that the identity theft statute “does not explicitly establish any duty, nor does it prohibit or require any conduct act all.” McConnell, slip op. at 10. And the statute that restricts the disclosure of social security numbers applies only to intentional disclosures, not negligent disclosures like the one alleged in the complaint. Id., slip op. at 11.
This decision has potentially significant implications on plaintiffs’ attempts to certify nationwide class actions against retailers who are victims of a data breach based on a negligence theory. It illustrates that the law of negligence is not uniform across all jurisdictions, which will make attempts to certify a nationwide class in data breach cases difficult or impossible.




Do you suppose people are afraid of lawyers?
Brian Krebs reports:
Some of the most convincing email phishing and malware attacks come disguised as nastygrams from a law firm. Such scams typically notify the recipient that he/she is being sued, and instruct them to review the attached file and respond within a few days — or else. Here’s a look at a recent spam campaign that peppered more than 100,000 business email addresses with fake legal threats harboring malware.
Read more on KrebsOnSecurity.com.
This is timely for those of us who tend to get legal threats on an all-too-frequent basis.




A scorecard.
GDPR: One Year Down…Now What?
according to a recent report from the law firm DLA Piper, more than 59,000 personal data-breaches were notified to regulators between May 2018 and January 2019, yet many organizations report being unable to achieve anything near 100 percent compliance. In fact, a report released this week shows that nearly 145,000 complaints and questions were submitted to EU authorities charged with enforcing GDPR in the first year.


Another perspective.
How Silicon Valley gamed Europe’s privacy rules
Big fines and sweeping enforcement actions have been largely absent, as under-resourced European regulators struggle to define their mission — and take time to build investigations that will likely end up in court.
New forms of data collection, including Facebook’s reintroduction of its facial recognition technology in Europe and Google’s efforts to harvest information on third-party websites, have been given new leases on life under Europe’s General Data Protection Regulation, or GDPR.
Smaller firms — whose fortunes were of special concern to the framers of the region’s privacy revamp — also have suffered from the relatively high compliance costs and the perception, at least among some investors, that they can’t compete with Silicon Valley’s biggest names.
Big companies like Facebook are 10 steps ahead of everyone else, and 100 steps ahead of regulators,” declared Paul-Olivier Dehaye, a privacy expert who helped uncover Facebook’s Cambridge Analytica scandal. “There are very big questions about what they’re doing.”
"Even after 12 months, the reality is that there is no consensus or clear harmonization for how data should be processed," said Ahmed Baladi, co-chair of the privacy, cybersecurity and consumer protection unit at Gibson Dunn, a law firm in Paris. "We still need more guidance from national authorities."




The lawyers have figured it out?
ALI Principles of Law, Data Privacy
the American Law Institute (ALI) has approved the Principles of the Law, Data Privacy.
The Principles seek to provide a set of best practices for entities that collect and control data concerning individuals and guidance for a variety of parties at the federal, state, and local levels, including legislators, attorneys general, and administrative agency officials.”




The game’s afoot!”
Irish regulator opens first privacy probe into Google
Google’s lead regulator in the European Union, Ireland’s Data Protection Commissioner, opened its first investigation into the U.S. internet giant on Wednesday over how it handles personal data for the purpose of advertising.
The probe was the result of a number of submissions against the company, the Irish Data Protection Commissioner said, including from privacy-focused web browser Brave which complained last year that Google and other digital advertising firms were playing fast and loose with people’s data.
Brave argued that when a person visits a website, intimate personal data that describes them and what they are doing online is broadcast to tens or hundreds of companies without their knowledge in order to auction and place targeted adverts.
It said the enquiry would establish whether processing of personal data carried out at each stage of an advertising transaction was in compliance with the landmark European GDPR privacy law introduced a year ago.
The regulator said earlier this month that it had 51 large-scale investigations under way, 17 of which related to large technology firms including Twitter, LinkedIn, Apple and a number into Facebook and its WhatsApp and Instagram subsidiaries.
The probe could become a test case into the foundations of the data-driven model the online ad industry depends on.




Of interest to us bloggers…
Reddit Commenter's Fight for Anonynmity Is a Win for Free Speech and Fair Use
A fight over unmasking an anonymous Reddit commenter has turned into a significant win for online speech and fair use. A federal court has affirmed the right to share copyrighted material for criticism and commentary, and shot down arguments that Internet users from outside the United States can’t ever rely on First Amendment protections for anonymous speech.




Perspective.
It’s Time for Government to Regulate the Internet
During the Industrial Revolution, labor organizations, social movements, the media, and government came together to rein in big business, providing lessons on how to regulate firms of today like Facebook, Amazon, and Google, writes SSIR's editor-in-chief in an introduction to the Summer 2019 issue.
Many of the Web’s early supporters believed that it would usher in a utopian world where the powerless would be on an equal footing with the powerful. There was no central authority controlling access to the Web, or regulating who could create a website or what they could publish. A man living in Des Moines, Iowa, would have the same ability to reach everyone on the Web as the editors of The New York Times.
Software standards for the Web were open, license-free, and controlled by an international community—a far cry from the top-down profit-seeking approach to technology then pursued by the likes of IBM, Microsoft, and Apple. The possibilities for the Web were endless: open government, open data, open access, free education, and free information. The new crop of Web-based companies embraced that belief, arguing that the Internet and Internet-based companies shouldn’t be regulated. Libertarian ideology reigned.
But as we all know, the Internet became dominated by these same rebels—Facebook, Amazon, and Google—all of whom pursued profit and market dominance as aggressively as Standard Oil or US Steel ever did. The Internet not only has become dominated by these powerful companies but also is being used by companies, governments, and others to gather information on people and to actively misinform them.
One of the organizations that have been fighting for the digital rights of individuals and society for nearly 30 years is the Electronic Frontier Foundation (EFF). Much of its efforts have focused on limiting government control and preserving individual freedom on the Internet, issues that continue to be important. But other organizations are beginning to take on business as well.
In this issue of Stanford Social Innovation Review, we take a close look at the history of the EFF in our Case Study, “The Invention of Digital Civil Society.”




Unfortunately, there’s an App for that.
Anti-Groping Smartphone App is Popular in Japan
A smartphone app developed by Japanese police is being widely downloaded by women trying to protect themselves from gropers on packed rush-hour trains.
The “Digi Police” app was originally issued by Tokyo police three years ago, but a function to scare off molesters was only added a few months ago. Since then, the app has reportedly been downloaded hundreds of thousands of times — unusual for a government-developed mobile application.
Women in crowded trains and other public places in Japan often face sexual harassment, but are typically too afraid to call out for help due to a sense of embarrassment.
With the app, victims can press a “repel groper” icon to produce a written message saying “There is a groper here. Please help.” With another press, the message turns red and a voice repeatedly says, “Please stop!”


Meanwhile, in the US…
HERE’S WHERE YOU CAN FLIRT WITH A SEXTING AI CALLED SLUTBOT
To teach people how to responsibly and respectfully flirt and sext, an iOS app called Juicebox built an AI chatbot — aptly named Slutbot.
Slutbot can break the ice with users before jumping into mechanically-stilted dirty talk speckled with questions and comments about comfort zones and consent, according toThe New York Times. The. idea of getting intimate with a chatbot might seem odd, but the idea is that Slutbot will help people learn to navigate those conversations without the risk of alienating or insulting another person.




Background for my next statistics class. (and interesting)
The Quantum Random Number Generator
It’s real. And it will use quantum entanglement to generate true mathematical randomness. Here’s why that matters.




This has bugged me for some time, so I sent an inquiry to Google. (Aside from Russia, this looks like a normal day.)







No comments: