Saturday, January 19, 2019

We knew this was flawed. Will they make it worse?
Eric Goldman writes:
41 California privacy lawyers, professionals, and professors are urging the California legislature to make major changes to the California Consumer Privacy Act (CCPA), which the legislature hastily passed in 2018. The letter highlights six significant problems with the CCPA, including:
  • The CCPA affects many businesses who never had a chance to explain the law’s problems to the legislature;
  • The CCPA imposes excessive costs on small businesses;
  • The CCPA requires businesses to waste money complying with multiple privacy laws;
  • The CCPA degrades consumer privacy in several ways;
  • The CCPA’s definitions are riddled with problems; and
  • The CCPA reaches beyond California’s borders.
The text of the letter is on Eric’s site, linked below. A PDF copy of the letter is also available.

(Related) Another “privacy law gone bad.”
Student privacy and the law of unintended consequences
In 2014, the Louisiana legislature passed a law to protect student privacy. It required parents to approve nearly any collection and sharing of student data. In other words, no student information — no accomplishments or addresses, no batting averages or GPAs — was to be shared without a parent’s express permission.
… Facing the possibility of heavy fines or ending up in prison for even a well-intentioned mistake, teachers and administrators in a number of schools told us they were so afraid that they stopped collecting or sharing data for almost any reason. They stopped printing school yearbooks. They stopped announcing football players’ names at games. They stopped hanging student artwork in the hallways. Some even stopped referring students to state scholarship funds.

How much does take to get management’s attention?
The Washington Post reports:
U.S. regulators have met to discuss imposing a record-setting fine against Facebook for violating a legally binding agreement with the government to protect the privacy of its users’ personal data, according to three people familiar with the deliberations but not authorized to speak on the record.
The fine under consideration at the Federal Trade Commission, a privacy and security watchdog that began probing Facebook last year, would mark the first major punishment levied against Facebook in the United States since reports emerged in March that Cambridge Analytica, a political consultancy, accessed personal information on about 87 million Facebook users without their knowledge.
The penalty is expected to be much larger than the $22.5 million fine the agency imposed on Google in 2012.
Read more on the Union Leader.

In order to retrieve all data related to a user you have to know every place that data is stored. Automation would work, if the software looked every place data might be stored.
Privacy campaigner Schrems slaps Amazon, Apple, Netflix, others with GDPR data access complaints
European privacy campaigner Max Schrems has filed a fresh batch of strategic complaints at tech giants, including Amazon, Apple, Netflix, Spotify and YouTube.
The complaints, filed via his nonprofit privacy and digital rights organization, noyb, relate to how the services respond to data access requests, per regional data protection rules.
Article 15 of Europe’s General Data Protection Regulation (GDPR) provides for a right of access by the data subject to information held on them.
The complaints contend tech firms are structurally violating this right — having built automated systems to respond to data access requests which, after being tested by noyb, failed to provide the user with all the relevant information to which they are legally entitled.

Apple, Netflix and YouTube among Streamers Flouting EU Privacy Law, Say New Complaints
… If all the companies are found to have been violating the EU General Data Protection Regulation, by not revealing to users all the information they’re obliged to, they face fines to a total theoretical maximum of €18.8 billion ($21.4 billion.)

Another interesting interpretation.
Good question. St├ęphanie Martinier and Mathilde Pepin of Proskauer write:
The French Supreme Court sanctions a company for having produced complete employee pay slips in a litigation.
It is not news that the rules of evidence and data privacy laws may be conflicting. A recent decision of the French Supreme Court[1] illustrates this tension and highlights the need for litigators to take into account data privacy principles before producing evidence containing personal information. In this case, a company had organized mandatory staff representatives’ elections. The company had started a court action against three election candidates aiming at opposing their candidature due to certain requirements related to their job classifications not being met. Among the evidence produced by the company were the complete pay slips of the three employees. All of the trade unions that were participants in the election process were also parties to the litigation and as such, they all received copies of the evidence produced by the company.
The employees started an emergency proceeding to have the pay slips immediately removed from the court file, claiming that it was an invasion of privacy. The employees based their claim, among other things, on Article 8 of the European Convention on Human Rights. The company argued that it needed to provide the pay slips to evidence its claim.
The French Supreme Court disagreed and ruled in favor of the employees, recognizing an invasion to the employees’ privacy.
Read more on Privacy Law Blog.

How can anyone compete with Amazon? Could anyone with less money do this? Would they even try?
In India, Amazon and Walmart face off against the country’s richest man
As Amazon and Walmart-owned Flipkart scramble for ways to work around the impending new strict ecommerce policy in India, the two companies today stumbled upon a new challenge: India’s richest man.
Mukesh Ambani, who runs Reliance Industries, the country’s largest industrial house, announced today that his company will roll out a new online shopping platform for 1.2 million retailers and store owners in Gujarat, the nation’s westernmost state.

Perspective. The opposite of universal access?
Zimbabwe shuts down internet amid violent response to gas protests
Zimbabwe was under an internet blackout on Friday as authorities extended a communications ban to cover emails after days of deadly protests over price increases that pushed the cost of a gallon of gas to almost $13.

Here Come the Internet Blackouts
On the first day of the new year, the Democratic Republic of Congo cut internet connections and SMS services nationwide—for the second day in a row. The reason? To avoid the “chaos” that might result from its presidential election results. Not even a week later, on Jan. 7, Gabon’s government did the same after an attempted coup. On Tuesday, Zimbabwe cut off social media and internet access. The government restored much of the internet Wednesday but kept a WhatsApp ban in place. And it’s unlikely that these will be the last “internet blackouts” we hear about over the coming months
… In fact, we’ll likely see a rise in internet blackouts in 2019, for two reasons: countries deliberately “turning off” the internet within their borders, and hackers disrupting segments of the internet with distributed denial-of-service attacks. Above all, both will force policymakers everywhere to reckon with the fact that the internet itself is increasingly becoming centralized—and therefore increasingly vulnerable to manipulation, making everyone less safe.

… “The first thing we found,” Mitchell tells me in an interview, “is that many, many jobs, the majority of jobs are going to be affected by machine learning.” He pauses, goes on: “The next thing we found was that very few of those jobs will be completely automated. Instead, the predominant thing that you see is that most jobs will be affected because the bundle of tasks that make up that job—some of those tasks that are amenable to machine learning, semi-automation or automation.”
If this describes your job, or a task in your job, then an algorithm can probably be taught to do it.
1. Learning a function that maps well-defined inputs to well-defined outputs
2. Large (digital) data sets exist or can be created containing input-output pairs
3. The task provides clear feedback with clearly definable goals and metrics
4. No long chains of logic or reasoning that depend on diverse background knowledge or common sense
5. No need for detailed explanation of how the decision was made
6. A tolerance for error and no need for provably correct or optimal solutions
7. The phenomenon or function being learned should not change rapidly over time
8. No specialized dexterity, physical skills, or mobility required

Friday, January 18, 2019

Things go wrong. That’s why we teach people to check. Apparently, not everyone learned this in school.
Twitter bug revealed some Android users’ private tweets
Twitter accidentally revealed some users’ “protected” (aka, private) tweets, the company disclosed this afternoon. The “Protect your Tweets” setting typically allows people to use Twitter in a non-public fashion. These users get to approve who can follow them and who can view their content. For some Android users over a period of several years, that may not have been the case — their tweets were actually made public as a result of this bug.
The company says that the issue impacted Twitter for Android users who made certain account changes while the “Protect your Tweets” option was turned on.
For example, if the user had changed their account email address, the “Protect your Tweets” setting was disabled.
… What’s fairly shocking is how long this issue has been happening.
Twitter says that users may have been impacted by the problem if they made these account changes between November 3, 2014, and January 14, 2019 — the day the bug was fixed.

Not fool-proof (because we can always build a bigger fool) but worth sharing.
How to Protect Your Business from Phishing Scams
1. Spelling and grammar mistakes
2. Unwarranted sense of urgency
3. Threatening messages
4. Strange attachments

Start surveillance early! Get out the (enter political party here) message while they’re young! “Big Brother loves you!”
Toying with Privacy: Regulating the Internet of Toys
Haber, Eldar, Toying with Privacy: Regulating the Internet of Toys (December 8, 2018). Ohio State Law Journal, Forthcoming. Available at SSRN: “Recently, toys have become more interactive than ever before. The emergence of the Internet of Things (IoT) makes toys smarter and more communicative: they can now interact with children by “listening” to them and respond accordingly. While there is little doubt that these toys can be highly entertaining for children and even possess social and educational benefits, the Internet of Toys (IoToys) raises many concerns. Beyond the fact that IoToys that might be hacked or simply misused by unauthorized parties, datafication of children by toy conglomerates, various interested parties and perhaps even their parents could be highly troubling. It could profoundly threaten children’s right to privacy as it subjects and normalizes them to ubiquitous surveillance and datafication of their personal information, requests, and any other information they divulge. While American policymakers acknowledged the importance of protecting children’s privacy online back in 1998, when crafting COPPA, this regulatory framework might become obsolete in face of the new privacy risks that arise from IoToys. Do fundamental differences between websites and IoToys necessitate a different legal framework to protect children’s privacy? Should policymakers recalibrate the current legal framework to adequately protect the privacy of children who have IoToys? Finally, what are the consequences for children’s privacy of ubiquitous parental surveillance through IoToys — allegedly granted to safeguard children from online risks? And how might children’s privacy be better framed and protected in this context?
This Article focuses on the privacy concerns that IoToys raise. Part I briefly outlines the evolution of IoToys while examining their capacity to collect and retain data. Then, in reference to the legal framework chosen to protect children from online datafication twenty years ago, the next part discusses the American perception of children’s privacy, focusing on COPPA. Through this analysis, this part will show how key market players currently comply with COPPA regulation, and evaluate whether such compliance is relevant to IoToys’ dangers and challenges. Part III revisits COPPA, challenges it, and in calling for its recalibration offers some practical solutions to IoToys’ privacy threats. Thereafter Part IV normatively evaluates children’s conception of privacy and argues that IoToys’ monitoring practices could jeopardize the parent-child relationship and calls for recalibrating children’s privacy in the digital era. The final part summarizes the discussion and concludes that children’s privacy matters today perhaps more than ever before, and that the potential movement toward a ubiquitous surveillance era should not lead to its demise. [h/t Mary Whisher]
  • See also the Tech Policy Lab’s paper, Toys That Listen (2016): – “Hello Barbie, Amazon Echo, and the home robot Jibo are part of a new wave of connected toys and gadgets for the home that listen. Different than the smartphone, these devices are always on, blending into the background until needed by the adult or child user. We do not yet know all the information our new toys are collecting, storing, or disclosing. With an intended audience of designers and regulators, this project brings an interdisciplinary group of experts together to build a set of consumer protection best practices for design and user control of connected devices in the home.” View PDF »

Yes, I am not very active on social media, but my students are.
How to Monitor Your Social Media Mentions: 5 Listening Tools
Social Media Examiner: “Need help monitoring your company’s mentions on social media? Looking for tools to simplify the process? In this article, you’ll discover five social media monitoring tools to help you better engage online.”
  1. Enhance Customer Service: Agorapulse
  2. Understand Your Customers: Awario
  3. Handle a Reputation Crisis: Talkwalker Alerts
  4. Identify Brand Advocates: Mention
  5. Analyze Competitors: Brand24

I’m thinking that these two companies can manage their data more easily than the Facebooks or Googles. Then again, perhaps we’re just doing this alphabetically?
Acxiom, a huge ad data broker, comes out in favor of Apple CEO Tim Cook's quest to bring GDPR-like regulation to the United States
… "Acxiom, like Mr. Cook, also supports a national privacy law for the US, such as GDPR provides for the European Union," said the company in a statement to Business Insider. You can read the full statement below.
These comments were made in response to remarks made by Apple CEO Tim Cook in Time Magazine on Thursday. The Apple exec argued that the US needs to rein in data brokers in order to give people true privacy when it comes to their data.

Useful in many classes.
The Route of a Text Message
the scott blog irregular: “This is the third post in my full-stack dev (f-s d) series on the secret life of data. This installment is about a single text message: how it was typed, stored, sent, received, and displayed. I sprinkle in some history and context to break up the alphabet soup of protocols, but though the piece gets technical, it should all be easily understood. The first two installments of this series are Cetus, about the propagation of errors in a 17th century spreadsheet, and Down the Rabbit Hole, about the insane lengths one occasionally needs to go through to track down the source of a dataset…”

Perspective. Oh my, how will we ever get Senior Lawyers without the Darwinian competition among Junior Lawyers? (Didn’t the clerks do 90 percent of this work anyway?)
Artificial intelligence putting junior lawyers’ jobs at risk
An Australian legal technology company has used Amazon’s Alexa to build a prototype virtual lawyer that it says can create legal documents instantly like a real human, threatening the jobs of junior lawyers.
Smarter Drafter’s Alexa Skill – driven by the company’s Real Human Reasoning AI engine – asks questions a lawyer would and then drafts a legal document that considers the context, facts, jurisdiction and best practice. It takes a few minutes for the interview to take place and the legal document to appear by email.
… “We mapped the decision making process of expert lawyers in excruciating detail to create a tool that would perform at the level of a human lawyer. Lawyers already delegate legal drafting to other experts – now they can give those same instructions to software and have the job done in moments without any human errors. Here we’re testing whether we can put the same power in the hands of the document’s end user,” Long said.
Smarter Drafter is already used in more than 150 law firms across Australia but is currently only accessible to lawyers.
… “In the future, those that work with the robots are the ones that will thrive as they find efficiencies and better ways to serve their clients. For them, there’s an opportunity in spending more time with clients and demonstrating empathy, a skill that computers are a long way from having, instead of spending their time hacking away in Microsoft Word,” Long says.

Perspective. Broadcast TV gave ground to Cable. Now the Internet based services are grabbing a share.
Netflix is finally sharing (some of) its audience numbers for its TV shows and movies. Some of them are huge.
Netflix has more than 130 million customers watching its TV shows and movies. But for years, it refused to tell outsiders how many of those customers watched any particular show or movie.
Now that’s starting to change.
… Netflix estimates that it now accounts for 10 percent of TV screen time in the US. (Its math here: Netflix says it streams 100 million hours a day to TV screens in the US, and it figures those TVs — which include more than one TV per household, plus sets in bars, hotels, etc. — are on for a billion hours a day.) Netflix says it owns a smaller share of mobile screens, which makes sense, since Netflix says the vast majority of its viewing happens on TV screens.
… That Bird Box number is big, no matter how you parse it. And if you’re a Hollywood star, you may well end up concluding that it makes sense to try making a movie with Netflix, even though they are still relatively new at it: They’ll pay you whatever you would get (and perhaps even more) from a conventional Hollywood studio, and you don’t need to worry about the show disappearing into a pile of unseen documentaries and reruns. Netflix would be happy if you, and/or your agents/managers/lawyers, reach this conclusion.

Perspective. Use your smartphone to lace your sneakers? Should make an interesting hacking target.
Nike’s auto-laced future
Why does the world need a self-lacing shoe?
Haven’t you heard of Velcro?
How will you tie your shoes when the Wi-Fi is down?
That’s the gist of the instant response I got when I mentioned the new Adapt BB, a shoe from Nike with, yes, powered laces that tighten to a wearer’s foot automatically. The shoe is an evolution of the Nike HyperAdapt 1.0, which is itself a commercialization of the Air Mag — a self-lacing vanity project that realized the self-lacing shoes mocked up for Back to the Future II.
… And, honestly, I get it. It’s a hard sell to say that the solution to a laceless design is to add about half of the hardware that goes into your smartphone and the ability to talk to your shoes with your phone.
But the Adapt BB is really working on two levels, and to tease out whether there is a there there when it comes to connected shoes, you have to consider the context.
… If, however, you want to use the shoes free of the app you can. If your foot is in the shoe you can single tap to jump to desired tightness or tap and hold a button to bump them back to “wide open.” You can also make micro adjustments by tapping the buttons.
… The buttons, it should be noted, are pretty much mandatory in the NBA where phones are outlawed on the bench.

A Security Event.
SnowFROC 2019
Thu, March 14, 2019 7:00 AM – 6:00 PM MDT Tickets are $75
SnowFROC (Front Range OWASP Conference) is Denver's premier application security conference and is taking place Thursday March 14th, 2019. Our keynote speaker is Troy Hunt. Troy is an Australian web security expert known for public education and outreach on security topics.
The location of this event is The Cable Center on the University of Denver campus near I-25 and University. The Cable Center is across from a light rail station for convenience. We will have parking available at the site. [Parking at DU is normally impossible. Bob]

Really cheap travel. (Create your own Fake News!)
Picture Yourself in Front of Any Landmark With Remove.BG and Google Slides
Last weekend I published a video about and it has certainly been a hit with many readers. I've received a lot of comments and questions about it in my email, Facebook pages, and on Twitter. This morning a reader named Marni sent me a question that was typical of what I've been seeing this week.
I love the site. I can see my teachers using this for creative projects with students. My question is, do you have any suggestions regarding how to add new backgrounds to the modified pics? Is there a program I can share with teachers that allows students to, in essence, “relocate” themselves?
What I suggested to Marni and have suggested to others is to use Google Slides or PowerPoint to create a slide in which you layer the file over a background on the slide. Then export the slide as a PNG or JPEG. In the following video I demonstrate how to use, Google Slides, and Pixabay to put yourself in front of any world landmark.

Opinions vary.
Russia's top Orthodox bishop says the internet is a tool of the Antichrist

Thursday, January 17, 2019

A file collected by “the other guys.”
The 773 Million Record "Collection #1" Data Breach
Many people will land on this page after learning that their email address has appeared in a data breach I've called "Collection #1". Most of them won't have a tech background or be familiar with the concept of credential stuffing so I'm going to write this post for the masses and link out to more detailed material for those who want to go deeper.
Let's start with the raw numbers because that's the headline, then I'll drill down into where it's from and what it's composed of. Collection #1 is a set of email addresses and passwords totalling 2,692,818,238 rows. It's made up of many different individual data breaches from literally thousands of different sources. (And yes, fellow techies, that's a sizeable amount more than a 32-bit integer can hold.)
In total, there are 1,160,253,228 unique combinations of email addresses and passwords.
… Last week, multiple people reached out and directed me to a large collection of files on the popular cloud service, MEGA (the data has since been removed from the service). [MEGA was founded by Kim Dotcom. Bob]

I know articles like this seem repetitive, but I only select one or two each week to keep pounding my students with the “do it right the first time” message. Clearly many organizations do not.
FBI records, emails, Social Security numbers exposed in massive data leak, security experts say
A massive data leak has been discovered at the Oklahoma Securities Commission, in which millions of records – including files related to sensitive FBI investigations over the last seven years, emails dating back 17 years and thousands of Social Security numbers -- have been exposed.
The breach was uncovered last month by Greg Pollock, a cybersecurity researcher at UpGuard, who claims the millions of files were publicly available on an online server and didn’t require any password to access them.
… The Oklahoma agency is in charge of all financial securities business in the state and is tasked with regulation and enforcement of the business.

I guess that if half the world is below average that half is also ill-informed. (Okay. More than half.)
Most Facebook users still in the dark about its creepy ad practices, Pew finds
A study by the Pew Research Center suggests most Facebook users are still in the dark about how the company tracks and profiles them for ad-targeting purposes.
Pew found three-quarters (74%) of Facebook users did not know the social networking behemoth maintains a list of their interests and traits to target them with ads, only discovering this when researchers directed them to view their Facebook ad preferences page.
A majority (51%) of Facebook users also told Pew they were uncomfortable with Facebook compiling the information.
While more than a quarter (27%) said the ad preference listing Facebook had generated did not very or at all accurately represent them.

Something my students will probably read!
8 Sci-Fi Writers Imagine the Bold and New Future of Work
Ready Set Go…Wired – “Half of being human, give or take, is the work we do. Pick up a shift. Care for the sick. Fix the plumbing. Audition for a part. Sometimes it’s all we think about—and fret about, especially as technology comes for our jobs. Just search “future of” and autocomplete does the rest: Do you mean “future of work”? Freaking Google, surfacing our collective anxieties yet again. Economists and organizational behaviorists and McKinsey consultants crunch the numbers and tell us, with great surety, how we’ll spend our days. The careers and callings of tomorrow will inevitably be this, certainly not that, and look at all the superefficient self-guided factory robots! While the nature of work is always changing, the AI revolution has intensified the pace and magnitude of these predictions, painting a future that seems to need our labor less and less.
But charts and white papers only capture so much. Facts need feelings, and for that we turn to science fiction. Its authors are our most humane, necessary futurists, imagining not just what the future holds but how it might look, feel, even smell. In the following pages are stories from eight sci-fi specialists. Some are set in the near term; others, a bit farther out. All remind us that, no matter the inevitable upheavals, we don’t struggle alone—but with and for other people. And robots. —The Editors”

Wednesday, January 16, 2019

An interesting perspective for my students.
A New Era of Privacy – Why Regulations like the GDPR Are Actually a Good Thing for Your Business
… On the surface, the purpose of the GDPR (and of related legislation, such as the data privacy law that came into effect in California in July) is to give consumers more control over their personal information. While they certainly accomplish that, they also achieve something else. Something much more valuable to your organization.
They provide a framework for better cybersecurity.
Think about it. One of the core tenets of the GDPR is the right to be forgotten. At any given time, an EU citizen may request that a business delete all data related to their personal information – the business has to comply. Doing so is impossible without good data hygiene and a strong security posture.

Are they concerned about the tool or the users? (Long article, so I cut a bunch)
From the ACLU:
A coalition of over 85 racial justice, faith, and civil, human, and immigrants’ rights groups today sent letters to Microsoft, Amazon, and Google demanding the companies commit not to sell face surveillance technology to the government.
… “History has clearly taught us that the government will exploit technologies like face surveillance to target communities of color, religious minorities, and immigrants.

Background for my Software Architects.
One day your voice will control all your gadgets, and they will control you
… It’s tied to an idea that leading AI expert Kai-Fu Lee calls OMO, online-merge-of-offline. OMO, as he describes it, refers to combining our digital and physical worlds in such a way that every object in our surrounding environment will become an interaction point for the internet—as well as a sensor that collects data about our lives. This will power what he dubs the “third wave” of AI: our algorithms, finally given a comprehensive view of all our behaviors, will be able to hyper-personalize our experiences, whether in the grocery store or the classroom.
But this vision requires everything to be connected. It requires your shopping cart to know what’s in your fridge so it can recommend the optimal shopping list. It requires your front door to know your online purchases and whether you’re waiting for an in-home delivery.

The NYT's plan to make money from voice
The New York Times plans to build custom Alexa skills for advertisers through its branded content studio for roughly six figures. The campaigns will be sold as a white label service, with no distribution offering — just production.
… One of the research findings presented to advertisers includes that fact that consumers think voice is a healthier form of technology than other types of tech, like social media.

''The first thing we do, let's program replacements for all the lawyers!”
Meet ATJ Bot – The World’s First Legal Aid Voice Assistant
Artificial Lawyer: “LawDroid, the legal bot developer, has now launched ATJ Bot, a voice operated legal aid assistant that initially will focus on giving help on uncontested divorces. The project has been backed by America’s main legal aid body, the Legal Services Corporation, plus West Tennessee Legal Services and the Tennessee Alliance for Legal Services, with the system operating in that State. Development began in early 2018. ATJ Bot can be used either with voice or use typed in text via a web portal. The voice system is based on the Google Duplex system and allows a user to speak and receive answers, as well as to be guided through the process of filling in the legal forms necessary to file an uncontested divorce. Other legal tech businesses have used voice before – and LawDroid and its founder, Tom Martin, have developed several such bots in the past. But, this appears to be the first one to be officially backed by a legal aid organisation. Once a ‘client’ has completed their forms, with the help of the bot – which speaks in a man’s voice – it’s up to the divorcing parties to print out the documents and take them to a court in person to file them…”

Perspective. Some people plan for the future, some plan for a wall.
Microsoft to set up 10 AI labs, train 5 lakh youth in India
Microsoft India plans to train 5 lakh youth in artificial intelligence across the country over the next three years and set up AI labs in 10 universities.
The company would also upskill 10000 developers in emerging technology areas.
The software major said 700 organizations including government bodies in the country are using its AI solutions now and nearly 60% of them are large enterprises.

Tuesday, January 15, 2019

Would any corporate Board of Directors tolerate this? I wonder what will happen during the shutdown?
Defense Department Continuously Challenged on Cybersecurity
A recently published report from the United States Department of Defense (DoD) Inspector General shows that, while the Department has improved its security posture, it still faces challenges in managing cybersecurity.
The report (PDF) reveals that DoD Components implemented some corrective actions to improve system weaknesses identified by reports summarized in the cybersecurity summary report issued at the end of 2017, but also points out that DoD still faces cybersecurity challenges.
Of the 159 recommendations made in the summarized unclassified reports, the DoD has taken action to address only 19. Of the 175 recommendations the DoD oversight community and the GAO made between July 1, 2017, and June 30, 2018, 151 remained open as of September 30, 2018.

The pendulum swings again.
Feds forcing mass fingerprint unlocks is an “abuse of power,” judge rules
"Citizens do not contemplate waiving their civil rights when using new technology." [Now that’s a quote I can use! Bob]
According to a new ruling issued last week by a federal magistrate in Oakland, California, the government can't get a warrant granting permission to turn up at a local house allegedly connected to a criminal suspect, seize all digital devices, and force anyone found at the house to use biometrics to try to unlock those devices.
… US Magistrate Judge Kandis Westmore found that the government request here "runs afoul of the Fourth and Fifth Amendments," which protect against unreasonable searches and self-incrimination, respectively.
She continued, noting that the government request was "overbroad."
"The Government cannot be permitted to search and seize a mobile phone or other device that is on a non-suspect's person simply because they are present during an otherwise lawful search," the judge wrote.
Blake Reid, a law professor at the University of Colorado, told Ars that it was a positive step that another judge was understanding the possible ramifications of allowing the government to rifle through someone's phone.
"Accessing people's phones is, in my opinion, much more like accessing the contents of their brains than it is the contents of their file cabinets," he emailed.
Multiple times, Judge Westmore cited a 2018 Supreme Court decision known as Carpenter, which found that law enforcement needs a warrant to obtain more than 120 days of cell-site location information.
"Citizens do not contemplate waiving their civil rights when using new technology, and the Supreme Court has concluded that, to find otherwise, would leave individuals 'at the mercy of advancing technology,'" she wrote, citing the Carpenter opinion.

Your phone as their spy device. See Perspective below.
Location data is ground zero in privacy wars
Axios: “Our phones’ GPS and location capabilities are a key part of what make them magical — enabling them to speed our commutes, hail rides and find the devices when we lose them. These capabilities are also ground zero for the looming fight over defining the boundaries of privacy and acceptable uses of our personal information. The big picture: Three recent stories show just how common problems with location data can be — and how thorny they’ve become.
  1. Cell providers resell location info…
  2. Tweet locations reveal where you live…
  3. Slack monitors your itinerary…
  4. What’s next: Members of the new Congress plan to float a wide range of new privacy legislation this year, with location data at the heart of the debate. New laws will need to thread the needle between protecting personal information and enabling useful innovation.
  5. The bottom line: Your phone is also a surveillance device. Use it with care unless you want your life to be an open book — or map….”

Something to amuse all my students. (A quick way to profit from your Ethical Hacking class)
Pwn2Own contest will pay $900,000 for hacks that exploit this Tesla
Pwn2Own has been the foremost hacking contest for more than a decade, with cash prizes paid for exploits that compromise the security of all manner of devices and software. Browsers, virtual machines, computers, and phones have all been fair game. Now in its 13th year, the competition is adding a new category—a Tesla Model 3, with more than $900,000 worth of prizes available for attacks that subvert a variety of its onboard systems.
The biggest prize will be $250,000 for hacks that execute code on the car’s gateway, autopilot, or VCSEC.
… Pwn2Own will pay $100,000 for hacks that attack the Tesla’s key fob or Phone-as-Key either by achieving code execution, unlocking the vehicle, or starting the engine without using the key.

A backgrounder for my Software Architecture students. Look where the money is going! The graphic summaries are interesting.
Billionaire Masayoshi Son–not Elon Musk, Jeff Bezos, or Mark Zuckerberg–has the most audacious vision for an AI-powered utopia where machines control how we live. And he’s spending hundreds of billions of dollars to realize it. Are you ready to live in Masa World?

A heads-up. Flash was just a flash in the pan.
Firefox 69 to Disable Adobe Flash by Default
… “We are now scheduled to completely disable Flash in Firefox 69 which moves to the Stable release on August 3rd,” Mozilla notes on the browser’s roadmap page.
In July 2017, Adobe announced plans to completely kill Flash and stop providing security updates for it by the end of 2020.
While Flash continues to be used in numerous applications and websites, developers and content creators are encouraged to migrate from Flash to open standards such as HTML5, WebGL and WebAssembly, which are already supported by all major web browsers.

Perspective. This theme needs more development. Many devices vs. one device?
Once-revolutionary smartphone is losing its power to amaze and maybe its singular hold on our lives
WSJ [paywall] The Big Hangup: Why the Future Is Not Just Your Phone The once-revolutionary smartphone is losing its power to amaze—and maybe its singular hold on our live: “Steve Jobs took to a stage a dozen years ago this week to introduce a revolutionary new product to the world: the first Apple iPhone. That groundbreaking device, and the competitors that followed, changed the way people communicated, ordered dinner and hailed a taxi. The technology world reoriented around the smartphone, supplanting [??? Bob] the personal computer, MP3 players, the digital camera and maps. And the mobile economy was born. Today, it looks like the era of smartphone supremacy is starting to wane. The devices aren’t going away any time soon, but their grip on the consumer is weakening. A global sales slump and a lack of hit new advancements has underlined a painful reality for the matured industry: smartphones don’t look so singularly smart anymore. While once smartphones were like a centripetal force sucking up tools from dozens of devices, from flashlights to calculators to game consoles, functions are now flying out of phones and onto other products with their own embedded smart connections. Wristwatches can now text emojis. Televisions can talk and listen. Voice-activated speakers can order diapers. The number of “connected” devices in use that can stream music, clock mileage or download apps has more than doubled to 14.2 billion in the past three years, according to market researcher Gartner Inc. The total excludes smartphones.
What’s shifted most is the smartphone’s monolithic status as the device that software companies and businesses needed to reach mobile users—and for consumers to access their services. Now the universe has expanded to voice apps, car infotainment centers and wearable devices… Twelve years after the iPhone’s debut, more than half of the world’s population owns a smartphone. While that leaves billions of potential first-time buyers in countries from Indonesia to Brazil, they reside in poorer areas, offering lower profits. Meanwhile, the market in wealthier countries such as the U.S. has become saturated, as the improvements in the devices become more incremental and many consumers have decided they don’t need to get each new upgrade.
  • As recently as 2015, annual smartphone shipments grew at a double-digit clip. Those days are over: The industry saw its first declines at the end of 2017 and remained negative all last year. A major driver was China, the world’s largest smartphone market, where annual shipments sank 16%, according to government data…”

I said much the same things yesterday.
Investing in AI will determine future world superpowers
The world is witnessing a "cold technological war" between major powers that want to control the globe "digitally". International powers are trying to use their Artificial Intelligence (AI) capability to profit and accumulate wealth at the expense of other countries in economic, military and information fields.

For the reading shelf?
How the Blockchain Ushers in a New Form of Trust

Listen to the podcast: Wharton's Kevin Werbach provides an in-depth explanation of the blockchain, as presented in his new book.

Monday, January 14, 2019

A Cyberwar arms race? Worry about election meddling at least.
Israel needs national vision for AI or risks falling behind, tech authority says
… Freedom House, a US group that promotes freedom and democracy, reported that disinformation played an important role in elections in at least 18 countries last year.
In September, an Israeli cybersecurity firm announced that it had uncovered three Iran-run fake Hebrew and Arabic news sites targeting Israelis, as well as a score of fake social media accounts.

Oops! Another surveillance tool no one saw coming.
Apple AirPods may be used to spy on conversations, but please don’t
Apple’s AirPods are being misused to spy on conversations through a feature that was not meant to enable eavesdropping through the wireless earbuds.
The iOS 12 update, which Apple released last September, added the Live Listen feature to the AirPods. Previously reserved for hearing aids certified under the Made for iPhone hearing aid program, Live Listen allows the iPhone to be used as a directional microphone and the AirPods as hearing aids, in situations such as in a noisy restaurant.

(Related) Surveillance for insurance companies marketed as a safety tool?
Move aside, backseat driver! New tech at CES monitors you inside car
… In-car sensor technology is deemed critical to the full deployment of self-driving cars, which analysts say is still likely years away in the United States.
… When self-driving cars gain broad acceptance, the monitoring cameras and the artificial-intelligence software behind them will likely be used to help create a more customized ride for the passengers. Right now, however, such cameras are being used mainly to enhance safety, not unlike a helpful backseat driver.
… Data from the cameras is analyzed with image recognition software to determine whether a driver is looking at his cellphone or the dashboard, turned away, or getting sleepy, to cite a few examples.

I could use a few of these in my classes.
The Funniest Privacy and Security Stock Photos

Something my Software Architecture students will have to address.
The Internet of Bodies: A Convenient and Creepy New Platform for Data Discovery
Via Yahoo Finance as posted on ALM Legal Technology News: “In the Era of the Internet of Things, we’ve become (at least somewhat) comfortable with our refrigerators knowing more about us than we know about ourselves and our Apple watches transmitting our every movement. The Internet of Things has even made it into the courtroom in cases such as the hot tub saga of Amazon Echo’s Alexa in State v. Bates and an unfortunate wife’s Fitbit in State v. Dabate. But the Internet of Bodies? Yes, that’s right. It’s gone beyond the mere snooping of a smart TV. Data discovery has entered a new realm, and our bodies are the platform. A January 5 program at the Annual Meeting of the Association of American Law Schools (AALS) in New Orleans entitled, The Internet of Bodies: Cyborgs and the Law, discussed the legal, regulatory, and societal impact of this new living and breathing platform for data discovery…”
[From the article:
The Northeastern Law professor divides these IoB devices into three generations: 1) “body external” devices, such as Fitbits and Apple watches, 2) “body internal” devices, including Internet-connected pacemakers, cochlear implants, and digital pills, and 3) “body embedded” devices, hardwired technology where the human brain and external devices meld, where a human body has a real time connection to a remote machine with live updates.

An interesting area of study. Listening to each other – what a concept!
How your voice hides clues about your love life
… shift in emphasis is one of the more obvious ways we layer our speech with meaning. But there are many more layers that we add without realising it.
But there is a way to extract this hidden information from our speech. Researchers have even developed artificial intelligence that can then use this information to predict the future of couples’ relationships. The AI is already more accurate at this than professionally trained therapists.

Sunday, January 13, 2019

How do you get the Board of Directors to pay attention to Computer Security?
Craig A. Newman of Patterson Belknap writes:
Yesterday, a Superior Court judge in Santa Clara, California approved what is believed to be the first monetary award to a company in a data breach-related derivative lawsuit. Until now, such breach-related derivative cases have settled through a combination of governance changes and modest awards of attorney’s fees.
But the former officers and directors of Yahoo! Inc. agreed to pay $29 million to settle charges that they breached their fiduciary duties in the handling of customer data during a series of cyberattacks from 2013 until 2016. Three billion Yahoo user accounts were compromised in the attacks, making it one of the largest reported hacks in U.S. history. The settlement puts an end to three derivative lawsuits filed in Delaware and California against the company’s former leadership team and board including ex-CEO Marissa Mayer.
Read more on Data Security Law Blog.
[From the Blog:
Under the settlement, the lawyers will walk away with just under $11 million in fees and expenses, with the remaining $18 million paid to Yahoo! (now called Albata, Inc.). The settlement will be funded by insurance.

It sounds simple, but there more here than you might think. Points to a good article.
Dina Bass of Bloomberg reports:
Last year, Microsoft Corp.’s Azure security team detected suspicious activity in the cloud computing usage of a large retailer: One of the company’s administrators, who usually logs on from New York, was trying to gain entry from Romania. And no, the admin wasn’t on vacation. A hacker had broken in.
Microsoft quickly alerted its customer, and the attack was foiled before the intruder got too far.
Chalk one up to a new generation of artificially intelligent software that adapts to hackers’ constantly evolving tactics. Microsoft, Alphabet Inc.’s Google, and various startups are moving away from solely using older “rules-based” technology designed to respond to specific kinds of intrusion and deploying machine-learning algorithms that crunch massive amounts of data on logins, behavior and previous attacks to ferret out and stop hackers.
Read more on Daily Herald.

One would assume hope pray that a Privacy Officer looked at all these procedures and gave them an official okey-dokey?
Amazon’s ‘Ring’ security cameras plagued by privacy issues, employee snooping – report
Amazon’s popular security system, Ring, is billed as a round-the-clock sentry for homeowners. But lax privacy practices have allowed Ring employees to turn the security cameras into ‘surveillance’ devices, reports claim.
Starting in 2016, according to the Intercept, Ring provided employees based in Ukraine nearly unrestricted access to an Amazon database containing every video created by every Ring camera around the world. The company’s Ukraine team was also reportedly given the ability to link individual video files to corresponding Ring customers.

Helping to define the right to privacy?
From the folks at
EPIC is requesting to intervenein a case before the European Court of Human Rights testing the human rights standards for government hacking of computers and other devices. Brought by international NGO Privacy International, Privacy International v. United Kingdomasks whether remote hacking of devices and the use of malware by UK intelligence services violate the European Convention on Human Rights. EPIC seeks to present information to the Court on the unique privacy risks of government hacking. EPIC previously filed a brief with the Court of Human Rights in Big Brother Watch v. UK, which found UK mass surveillance violated fundamental rights to privacy and freedom of expression. EPIC also participated as amici in Apple v. FBI, concerning a court order that would have required Apple to assist the FBI hack a seized iPhone.

Ford announces electric versions of all vehicles in Europe
… The automaker announced plans to stop production of several vehicles in Europe, like it did last year in the US.
As for electric vehicles, the company says it wants to release “new all-electric vehicles and electrified options to be offered for all models.”
That’s something that several other automakers have announced in the past, like Volvo, Jaguar, and INFINITI. It means that all new vehicles will have a “hybrid, plug-in hybrid, or all-electric option.”