Saturday, January 26, 2019

Critical Care, Pulmonary & Sleep Associates in Colorado has notified 23,377 patients of a privacy incident. Their on-site notice offers a useful reminder that while bad actors may be seeking to engage in financial theft or fraud, when files with ePHI are connected to employee email accounts, patients and HHS may wind up needing to be notified. And so once again, I ask: why was there so much ePHI connected to employees’ email accounts? How often does the entity require its employees to transfer data out of their email accounts and into more secure storage? And should/could the ePHI be encrypted while it is sitting in an employee’s email account? Or am I asking the wrong questions? In any event, here is their notification:
On November 23, 2018, CCPSA discovered that an unauthorized individual or entity gained access to an employee’s CCPSA email account and used the email address to send phishing emails to individuals in the employee’s electronic contacts seeking fraudulent financial payments.
… CCPSA’s forensic investigation concluded on December 14, 2018 and determined that there was unauthorized access to certain CCPSA accounts between August 14 and November 23, 2018. Importantly, CCPSA’s electronic medical records platform was NOT compromised or accessed by the hacker.

Flood of Complaints to EU Countries Since Data Law Adopted
"Citizens have become more conscious of the importance of data protection and of their rights," First Vice President Frans Timmermans and other commission officials said.
"And they are now exercising these rights, as national Data Protection Authorities see in their daily work. They have by now received more than 95,000 complaints from citizens," the joint statement added.
The officials, however, pointed out that Brussels was still waiting for five member countries to adapt the GDPR to their national legislation.
The five are Bulgaria, the Czech Republic, Portugal, Slovenia and Greece, a European source told AFP on condition of anonymity.
The GDPR is enforced by national data protection agencies.
The EU has billed the GDPR as the biggest shake-up of data privacy regulations since the birth of the web, saying it sets new standards in the wake of the Facebook data harvesting scandal.
The law establishes the key principle that individuals must explicitly grant permission for their data to be used and gives consumers the "right to know" who is processing their information and what it will be used for.
People will be able to block the processing of their data for commercial reasons and even have data deleted under the "right to be forgotten".

How GDPR-esque. (Have I just invented a word?) We even see companies opting out of the market.
Illinois Supreme Court rules against Six Flags in lawsuit over fingerprint scans. Here's why Facebook and Google care.
The Illinois Supreme Court on Friday upheld consumers’ right to sue companies for collecting data like fingerprint or iris scans without telling them how it will be used — a ruling that could have widespread implications for tech giants like Facebook and Google.
The unanimous ruling came in a lawsuit filed against Six Flags Entertainment Corp. by the family of a teenager whose fingerprint data was collected in 2014 when he bought a season pass to Great America, the company’s Gurnee amusement park. The lawsuit alleged violation of the 2008 Illinois Biometric Information Privacy Act, which has gained attention as biometric data are increasingly used for tasks such as tagging photos on social media and clocking in at work.
The law requires companies collecting information such as facial, fingerprint and iris scans to obtain prior consent from consumers or employees, detailing how they’ll use the data and how long the records will be kept. It also allows private citizens to sue, while other states let only the attorney general bring a lawsuit.
… Defendants in those cases, including Facebook, have argued that individuals shouldn’t have the right to sue if no real damage occurred after they handed over their biometric information. But the state Supreme Court ruled that violation of the law is damage enough.
… Nest, a maker of smart thermostats and doorbells, sells a doorbell with a camera that can recognize visitors by their faces. However, Nest, owned by Google parent Alphabet, does not offer that feature in Illinois because of the biometrics law.

(Related) How would a customer know this system did not use facial recognition?
Now Your Groceries See You, Too
Walgreens is piloting a new line of “smart coolers”—fridges equipped with cameras that scan shoppers’ faces and make inferences on their age and gender. On January 14, the company announced its first trial at a store in Chicago in January, and plans to equip stores in New York and San Francisco with the tech.
Demographic information is key to retail shopping. Retailers want to know what people are buying, segmenting shoppers by gender, age, and income (to name a few characteristics) and then targeting them precisely.
… Crucially, the “Cooler Screens” system does not use facial recognition. Shoppers aren’t identified when the fridge cameras scan their face. Instead, the cameras analyze faces to make inferences about shoppers’ age and gender. First, the camera takes their picture, [Does it ever delete it? Bob] which an AI system will measure and analyze, say, the width of someone’s eyes, the distance between their lips and nose, and other micro measurements. From there, the system can estimate if the person who opened the door is, say, a woman in her early 20s or a male in his late 50s. It’s analysis, not recognition.

We analyzed 16,625 papers to figure out where AI is headed next
… The sudden rise and fall of different techniques has characterized AI research for a long time, he says. Every decade has seen a heated competition between different ideas. Then, once in a while, a switch flips, and everyone in the community converges on a specific one.
At MIT Technology Review, we wanted to visualize these fits and starts. So we turned to one of the largest open-source databases of scientific papers, known as the arXiv (pronounced “archive”). We downloaded the abstracts of all 16,625 papers available in the “artificial intelligence” section through November 18, 2018, and tracked the words mentioned through the years to see how the field has evolved.
Through our analysis, we found three major trends: a shift toward machine learning during the late 1990s and early 2000s, a rise in the popularity of neural networks beginning in the early 2010s, and growth in reinforcement learning in the past few years.

Something to run by my students.
We’re Hiring Technology Writers

Dilbert. This is true AI.

Friday, January 25, 2019

For anyone who relies on (or might be fooled by) emails.
News outlet’s email security gap
Axios: “An Axios study shows that very few news organizations — around 6% of a broad sample — successfully use a critical technology that guarantees emails they send are authentic. The big picture: We’ve written before about the Department of Homeland Security’s struggle to get federal agencies and the White House to implement DMARC, a security protocol that prevents someone from successfully sending an email using someone else’s email address. It’s only fair to turn that lens on our own industry.
Why it matters: As the news industry increases its reliance on email alerts and newsletters (represent!), our credibility makes us a target for spammers, scammers and purveyors of disinformation or fraud.
  • Imagine a news alert that appears to come from a business publication claiming a company was going bankrupt.
  • Or consider a newsletter on Election Day claiming a candidate had suddenly changed position on a key issue.

I should have linked to this yesterday. Worth looking at the Cyber and AI issues.
22nd Annual Global CEO Survey
Last year, our survey revealed record-breaking CEO optimism. This year, chief executives tell a different story. Trade conflicts, political upset, and a projected slowdown in global economic growth have increased uncertainty and decreased confidence in revenue prospects. Explore the strategies organisations are using to navigate this new environment.

As expected, since it significantly tightens controls. It’s getting there that’s hard.
GDPR Compliance Brings Other Benefits: Cisco Study
The Data Privacy Benchmark Study shows that organizations that have invested in customer privacy requirements, mainly to become GDPR compliant and to avoid fines and penalties, are seeing some benefits beyond GDPR compliance.
Meeting data security requirements, internal training, keeping up with evolving developments, complying with privacy-by-design requirements, and meeting data subject access requests were cited as some of the most significant challenges in getting ready for GDPR.
The number of organizations that have reported sales delays due to data privacy concerns has increased to 87%, from 66% in the previous year. However, Cisco found that sales delays were 1-2 weeks shorter in the case of GDPR-ready organizations, compared to ones that expect to become compliant within a year or more.
While a majority of the surveyed companies admitted being hit by a data breach in the past year, the percentage of GDPR-ready organizations affected was 74%, compared to 80% in the case of organizations that expect to become ready in less than a year and 89% for ones that still have a long way to go.
Furthermore, GDPR-ready organizations that have suffered a data breach reported that the average number of impacted records was 79,000, compared to 212,000 reported by non-compliant organizations.
Cisco also found that the system downtime associated with a breach was shorter in the case of GDPR-ready firms, and the costs of dealing with the incident were also considerably smaller.

(Related) You have to get it right in the eyes of each EU country.
Google to Appeal 50-Million-Euro French Data Consent Fine
"We've worked hard to create a GDPR consent process for personalised ads that is as transparent and straightforward as possible, based on regulatory guidance and user experience testing," the company said in a statement.
"We're also concerned about the impact of this ruling on publishers, original content creators and tech companies in Europe and beyond," it added.
"For all these reasons, we've now decided to appeal."

This might work, until I figure how to keep the tag and change the content.
Twitter is testing an 'original tweeter' label for threads
Twitter is testing a way to make it easier to spot the person who started a thread. A small percentage of iOS and Android users are seeing an "original tweeter" label. The company said earlier this month that it would publicly test some context and organization features.
It's a useful feature, and it could reduce some types of abuse, particularly if the original tweeter is, say, Bill Gates and the replies include those from scammy imitation accounts. The label, along with the blue verified checkmark, could make it more immediately obvious when Gates himself is replying

Just in time for my Cryptography lecture.
Zuckerberg Plans to Integrate WhatsApp, Instagram and Facebook Messenger
Mark Zuckerberg, Facebook’s chief executive, plans to integrate the social network’s messaging services — WhatsApp, Instagram and Facebook Messenger — asserting his control over the company’s sprawling divisions at a time when its business has been battered by scandals.
… Mr. Zuckerberg has also ordered all of the apps to incorporate end-to-end encryption, the people said, a significant step that protects messages from being viewed by anyone except the participants in the conversation. After the changes take effect, a Facebook user could send an encrypted message to someone who has only a WhatsApp account, for example. Currently, that isn’t possible because the apps are separate.

Select the new machines as if everyone expects you to rig the election.
Georgia Official Seeks to Replace Criticized Voting Machines
Georgia's new elections chief asked lawmakers Wednesday for $150 million to replace the state's outdated electronic voting machines. In doing so, he all but closed the door on a hand-marked paper balloting system that experts say is cheapest and most secure.
The current machines and Georgia's registration practices became the subject of national criticism during last year's governor's race between Democrat Stacey Abrams and Republican Brian Kemp. Kemp served as secretary of state and refused calls to resign from overseeing his own election. He stepped down two days postelection after declaring himself the winner.

Perhaps we should think about ethics before the AI systems do?
Genevieve Bell and David Thodey push for AI ethics body
High profile Australian business and technology leaders Genevieve Bell and David Thodey are backing a push to create a new organisation to lead the development of an ethical framework for artificial intelligence.
In an open letter to be released on Friday, Ms Bell and Mr Thodey say there are significant challenges that need to be addressed as AI becomes more commonplace, be it the further entrenchment of discrimination on the basis of gender or "minority status", creating "ethical algorithms for autonomous vehicles, bias in AI-powered hiring processes" or "the impact of fake news bots".

An MIT researcher who analyzed facial recognition software found eliminating bias in AI is a matter of priorities
When we talk about algorithms and automation, we can't assume that handing responsibilities over to a machine will eliminate human biases. Artificial intelligence, after all, is constructed and taught by humans.
MIT Media Lab researcher and Algorithmic Justice League founder Joy Buolamwini has made it her mission not only to raise awareness of bias in facial recognition software, but also to compel companies around the world to make their software more accurate and to use its capabilities ethically.
… There are real stakes here. As she noted in a viral TED Talk and a New York Times editorial, it's one thing to have Facebook confuse people when analyzing a photo, but another when law enforcement or a potential employer is utilizing such software.

Dilbert continues to explore AI and Self-driving cars.

Thursday, January 24, 2019

Disaster Recovery. Whatever the cause and whoever is responsible, is there a repair team ready to respond?
It’s a matter of life or death’: Cell, internet outages prevent town from calling 911
When someone is in an emergency, the response time from emergency crews can be the difference between life or death. However, neighbors in Fair Bluff can’t even reach those emergency crews because of recent cell and Internet outages.
People in the town said the outages have happened several times for several hours over the past month.
… WECT called the town’s cell and Internet provider, RiverStreet Networks, about the issue.
A spokesperson said the outages are due to companies working in the Raleigh area accidentally cutting a fiber line. The spokesperson said those fiber lines connect to Fair Bluff. She said the company that does the damage has to fix it, so doesn’t know how long repairs will take.
… The outages are also affecting businesses. When the Internet is down, most places can only take cash, no cards.

Worth reading for the cyber threats and artificial intelligence issues.
2019 National Intelligence Strategy of the United States
“This National Intelligence Strategy (NIS) provides the Intelligence Community (IC) with strategic direction from the Director of National Intelligence (DNI) for the next four years. It supports the national security priorities outlined in the National Security Strategy as well as other national strategies. In executing the NIS, all IC activities must be responsive to national security priorities and must comply with the Constitution, applicable laws and statutes, and Congressional oversight requirements.”
“…The strategic environment is changing rapidly, and the United States faces an increasingly complex and uncertain world in which threats are becoming ever more diverse and interconnected. While the IC remains focused on confronting a number of conventional challenges to U.S. national security posed by our adversaries, advances in technology are driving evolutionary and revolutionary change across multiple fronts. The IC will have to become more agile, innovative, and resilient to deal effectively with these threats and the ever more volatile world that shapes them. The increasingly complex, interconnected, and transnational nature of these threats also underscores the importance of continuing and advancing IC outreach and cooperation with international partners and allies..”

This should be interesting…
Victory: Federal Court in Seattle Will Begin Disclosing Surveillance Records
The public will learn how often federal investigators in Seattle obtain private details about your communications, such as who you called and when, as a result of a petition to unseal those records brought by EFF client The Stranger.
Federal prosecutors and the U.S. District Court for the Western District of Washington clerk’s office have agreed to begin tracking and docketing various forms of warrantless surveillance requests and next year will issue reports every six months detailing the cases.

Timely indeed.
Blockchain and the Law: A Critical Evaluation
Quintais, João and Bodó, Balázs and Giannopoulou, Alexandra and Ferrari, Valeria, Blockchain and the Law: A Critical Evaluation (January 17, 2019). Pedro Quintais, B. Bodó, A. Giannopoulou, & A. Ferrari (2019). Blockchain and the Law: A Critical Evaluation. Stanford Journal of Blockchain Law & Policy (2)1; Amsterdam Law School Research Paper No. 2019-03; Institute for Information Law Research Paper No. 2019-01. Available at SSRN:
“It is a high-risk, high-reward enterprise to write a scholarly monograph on an emerging technology when its societal use, economic worth, and even its technical design are still in flux. With little empirical material with which to work, one often has to resort to extrapolating the future developments from the myriad seed of possibilities of the present. Yet, there are moments in time when undertaking such an enterprise seems inevitable, because there is a rough consensus that the emerging technology represents more than just an incremental improvement of already existing routines, and promises—or threatens—a disruption of the status quo. Such is the case of blockchain or distributed ledger technologies. In that light, Primavera De Filippi and Aaron Wright’s Blockchain and the Law is a timely and valuable contribution.”

Perspective. Note this is not being reported much in US newspapers.
In Davos, US executives warn that China is winning the AI race
… The Chinese government has made tech dominance a priority in its "Made in China 2025" plan.
Chinese leaders are pouring government money into AI research and development in a scientific push that has been compared to the space race or the Manhattan Project that the United States government funded during World War II to develop a nuclear weapon.
… For the first time this year, consulting firm PwC used its annual CEO survey to ask global business leaders whether they thought AI would have a larger impact that the Internet.
Eighty-four per cent of Chinese executives said AI would be bigger than the Internet, while only 38 per cent of American executives said the same.
… The survey asked executives how widely they had deployed AI initiatives in their company.
China was by far the leader, with a quarter of Chinese business leaders saying AI was utilised in a wide scale at their firm. Only 5 per cent of US executives said the same.

How Digital Ushers in a New Entertainment Golden Age
Listen to the podcast:
Digital technology makes piracy easier and thus has long threatened the dominance of Hollywood studios, the music industry and publishers in the creation and distribution of content. But this technology also lets anyone develop and disseminate content: Authors self-publish, musicians bypass record labels to release songs directly to the public, and filmmakers do the same without a major studio.
This democratization has led to a tsunami of content and ushered in a new Golden Age of entertainment, said Joel Waldfogel, associate dean of MBA programs at the University of Minnesota and a former Wharton professor of business economics and public policy.
An edited transcript of the conversation follows.

Anything that get children to read is a good idea.
Prisma’s style transfer tech creeps into kids’ books
… we find ourselves confronted with neural nets being used to serve up contextual illustrations of children so parents can gift personalized books that seamlessly insert a child’s likeness into the story, thereby casting them as a character in the tale.
… And while they note there are other publishing services that offer the chance to insert a bit of custom text and photography into a book they claim their collaboration is the only publishing technology that does this “seamlessly”, i.e. thanks to the AI’s style blending fingers.
Kabook, which was set up last year — describing itself as “a technology-based” children’s book publisher, with a focus on kids aged 0-7 years — is currently offering four stories that can be personalized with a kid’s AI-generated likeness.
Three of the books incorporate just one custom image into the story. While a fourth, called Hornswoggled!, makes uses of seven photos in a pirate-themed buried treasure adventure.
The personalized stories start at $24.99 per book, with hard and soft cover versions available.

Furthering our discussion of AI in self-driving cars.

Wednesday, January 23, 2019

Sighted at Teterboro, closed Newark?
Drone sighting disrupts major US airport
A pilot told air traffic control that one of the drones came within 30ft (9m) of his aircraft.
He was flying at Teterboro Airport, a nearby private facility, but officials closed Newark International as a precaution.
… Speaking about Tuesday's drone scare in New Jersey, the Federal Aviation Authority (FAA) said in a statement: "At approximately 5pm, we received two reports from incoming flights into Newark that a drone was sighted at about 3,500ft above Teterboro, New Jersey.

Analyzing 2018 Attacks to Prepare for Those in 2019
A new report from Check Point discusses major cyber incidents from 2018. From these data points, Check Point's analysts look for current trends in malware and attacks, in order to prepare for 2019's future attacks.
According to Check Point's Cyber Attack Trends Analysis 2019 report, the major attack categories and incidents from 2018 include ransomware (such as attacks against the City of Atlanta and the Ukraine Energy Ministry); data breaches (such as those affecting Exactis, and Marriott Hotels); mobile malware (such as AdultSwine and Man in the Disk); cryptocurrency attacks (such as Jenkins Miner and RubyMiner); botnet attacks (such as those from IoTroop and attacks against Democrat candidates during the 2018 primary's season); and APT attacks (such as Big Bang and SiliVaccine).
"Indeed," says the report (PDF), "never does a day go by that we do not see organizations under constant attack from the ever-growing number of malware spreading at higher rates than ever."

Another perspective on the encryption debate?
Encryption efforts in Colorado challenge crime reporters, transparency
Colorado journalists on the crime beat are increasingly in the dark. More than two-dozen law enforcement agencies statewide have encrypted all of their radio communications, not just those related to surveillance or a special or sensitive operation. That means journalists and others can’t listen in using a scanner or smartphone app to learn about routine police calls.
Law enforcement officials say that’s basically the point. Scanner technology has become more accessible through smartphone apps, and encryption has become easier and less expensive. Officials say that encrypting all radio communications is good for police safety and effectiveness, because suspects sometimes use scanners to evade or target officers, and good for the privacy of crime victims, whose personal information and location can go out over the radio.
… “You can’t get out to cover something if you don’t know it’s happening, and journalists would be at the mercy of police public information officers. Do we want the first draft of history dictated by police PIOs?”
Definitely not. A national study published in 2017 found that police PIOs zealously try to control the narratives about their departments. That’s especially concerning in Colorado, where law enforcement officials have downplayed transparency implications by saying they will release information about breaking news on social media, in press releases, and in daily reports—as if those are reasonable substitutes for independent reporting.

Police officers probably will not mention this to passengers.
Ed Hasbrouck writes:
Passengers in a car stopped by police don’t have to identify themselves, according to the 9th Circuit Court of Appeals.
That holds even in a state with a “stop and identify” law, and even if the initial stop of the car (for a traffic violation committed by the driver) was legal.
The opinion by a three-judge panel of the 9th Circuit earlier this month in US v. Landeros is one of the most significant decisions to date interpreting and applying the widely-misunderstood 2004 US Supreme Court decision in Hiibel v. Nevada.
Read more on Papers, Please!

I agree, this is interesting.
The Evolution of Darknets
This is interesting:
… Instead of using websites on the darknet, merchants are now operating invite-only channels on widely available mobile messaging systems like Telegram.
… The other major change is the use of "dead drops" instead of the postal system which has proven vulnerable to tracking and interception. Now, goods are hidden in publicly accessible places like parks and the location is given to the customer on purchase. The customer then goes to the location and picks up the goods. This means that delivery becomes asynchronous for the merchant, he can hide a lot of product in different locations for future, not yet known, purchases. For the client the time to delivery is significantly shorter than waiting for a letter or parcel shipped by traditional means - he has the product in his hands in a matter of hours instead of days. Furthermore this method does not require for the customer to give any personally identifiable information to the merchant, which in turn doesn't have to safeguard it anymore. Less data means less risk for everyone.
The use of dead drops also significantly reduces the risk of the merchant to be discovered by tracking within the postal system. He does not have to visit any easily to surveil post office or letter box, instead the whole public space becomes his hiding territory.

A most interesting analysis.
Why India’s Smartphone Revolution Is a Double-edged Sword
… “To most Indians, the smartphone is their first camera, first TV, first video device, first Walkman, and first MP3 player. It may even be their first alarm clock and calculator,” according to Ravi Agrawal, managing editor of Foreign Policy and former CNN New Delhi bureau chief. That is the dramatic change this small device is bringing to hundreds of millions of Indians, as extremely low-cost smartphones and data plans increasingly become available.
Technology in India has traditionally been only available to the rich, to English speakers, and to city dwellers, Agrawal noted.
… In addition to breaking the financial barrier, smartphones have broken the language barrier. Most of the population doesn’t speak English, and English used to be a necessity for internet use. But “smartphones have changed all of that,” observed Agrawal. Now if you speak Hindi, Bengali, or one of India’s many other tongues, multilingual software enables you to type, search, and read online.
Even illiterate individuals — of whom there are nearly 300 million in India — can learn to use the device. With the Google Assistant, they can say in their own language, for example, “‘Show me the Taj Mahal,’ and up pops a video showing them this great wonder that they’ve all heard of but never seen,” notes Agrawal. So in some ways the smartphone is a great equalizer.
… Yet with all the apparent benefits, “there is so much that can go wrong,” said Agrawal. One problem is the proliferation of “fake news,” which he noted has sparked religiously-motivated lynchings and other violence.
India has also experienced more internet shutdowns than any other nation — Syria and Iraq follow — in which the government temporarily pulls the plug in the name of halting rumors that spark unrest.
… There’s also been an explosion in pornography, Agrawal notes. “The head of one of India’s biggest wireless companies told me that 70% of his company’s bandwidth is porn, believe it or not.”

For my Disaster Recovery lecture.
Tonga facing 'absolute disaster' after internet cable blackout
Tonga's ability to communicate with the rest of the world has severely been restricted after a submarine cable broke, cutting off the Pacific island kingdom from almost all mobile phone and Internet services.
… "There's no Facebook, which is how the Tongan diaspora communicate with each other, businesses can't get orders out, airlines can't take bookings for passengers or freight."
While the authorities look into the cause and struggle to find a solution to the disruption, which began on Sunday, they have turned to a small, locally operated satellite connection as back-up.
… Officials said it could take up to two weeks to fix the problem.

Also useful in my Data Management class.
New on LLRX – 10 x 10: 100 Insightful KM Resources
Via LLRX – 10 x 10: 100 Insightful KM Resources – KM expert Stan Garfield shares ten categories of KM resources, each with ten links to useful sources of knowledge about the field. The ten resources in each category are recommended starting points for those who want to learn more about KM. Each category heading is linked to a more extensive list for greater exploration.

The future? Probably not for my 11 mile round trip to school, but I could see a Leadville to Denver hop.
Boeing’s passenger air vehicle prototype rises into the sky for its first test flight
Boeing says it has successfully completed the first test flight of a prototype for its autonomous passenger air vehicle, which could start carrying riders as early as next year.
The test was executed on Tuesday at an airport in Manassas, Va., near the headquarters of Aurora Flight Sciences, the Boeing subsidiary that’s been developing the electric-powered, vertical takeoff-and-landing aircraft, also known as an eVTOL craft.
… The craft is 30 feet long and 28 feet wide, with eight rotors for vertical lift and a tail rotor to facilitate forward flight. It’s designed to fly in full autonomous mode with a maximum range of 50 miles.
“This is what revolution looks like, and it’s because of autonomy,” said John Langford, president and CEO of Aurora Flight Sciences. “Certifiable autonomy is going to make quiet, clean and safe urban air mobility possible.”

Confusing. Surely they aren’t saying they found another chemical that does exactly what the patented chemical does. This is about a process that extracts a drug.
A.I. finds non-infringing ways to copy drugs pharma spends billions developing
Drug companies spend billions developing and protecting their trademark pharmaceuticals. Could artificial intelligence be about to shake things up? In a breakthrough development, researchers have demonstrated an A.I. which can find new methods for producing existing drugs in a way that doesn’t infringe on existing patents.
… As exciting as the work is, however, don’t expect this to be anything that brings down the world of big pharma — if that’s what you’re hoping for. Chematica, which was bought by pharma giant Merck in 2017, is more likely to be used to help these companies better protect their intellectual property.
[In our latest] paper we tackled three blockbuster drugs, very heavily guarded by patents — and yet a ‘stupid’ computer managed to find synthetic bypasses,” Grzybowski said. “Now, what if your competitors were to use such a tool? Could they bust your patents? Should you also use the tool? What if they come up with a better version? These sorts of question might point to an arms race in developing similar and competing software solutions.”

Resources for research. Marcus Zillman does great lists.
New on LLRX – Deep Web Research and Discovery Resources 2019
Via LLRXDeep Web Research and Discovery Resources 2019 – How big is the Deep Web? It is estimated to comprise 7,500 terabytes – although an exact size is not known, and the figures vary widely on this question. The magnitude, complexity and siloed nature of the Deep Web is a challenge for researchers. You cannot turn to one specific guide or one search engine to effectively access the vast range of information, data, files and communications that comprise it. The ubiquitous search engines index, manage and deliver results from the Surface web. These search results include links, data, information, reports, news, subject matter content and a large volume of advertising that is optimized to increase traffic to specific sites and support marketing and revenue focused objectives. On the other hand, the Deep Web – which is often misconstrued as a repository of dark and disreputable information [Note – it is not the Dark Web], has grown tremendously beyond that characterization to include significant content on a wide range of subject matters covering a broad swath of files and formats, databases, pay-walled content as well as communications and web traffic that is not otherwise accessible through the surface Web. This comprehensive multifaceted guide by Marcus Zillman providers you with an abundance of resources to learn about, search, apply appropriate privacy protections, and maximize your time and efforts to conduct effective and actionable research within the Deep Web.

A link for the toolkit.
Over 4,000 Free Cheat Sheets, Revision Aids and Quick References!

Tuesday, January 22, 2019

Self-inflicted wounds. Indistinguishable from a cyberwar attack?
Zimbabwe Government Shuts Down Internet, Backfires Spectacularly Affecting Economy - Toshi Times
Zimbabwe has been ravaged by widespread local unrest the past week. The catalyst? A controversial decision to increase the prices of petrol and diesel by a massive 150 percent.
Citizens of Zimbabwe have since this voiced their dissatisfaction with this decision through a series of protests and demonstrations. Social media platforms such as Twitter, Facebook, YouTube and WhatsApp have been integral in organizing these events.
… As such, it would appear that the governmental-led shutdown of the internet has led to immensely worse consequences. The national economy has effectively been disabled – however, this was not caused by the protestors, rather, it was the work of the government’s actions.
… a preexisting liquidity crisis in the country has already led citizens towards alternative means of exchange, such as cryptocurrencies or other cashless alternatives such as bank cards.
All of these payment systems have now been rendered moot, due to the government’s actions. It remains to be seen how all of this will ultimately play out – but it already seems plain that the government’s fear of economic turmoil has caused exactly that.

Further defining the response…
Massachusetts Amends Data Breach Notification Law to Require Free Credit Monitoring
The Governor of Massachusetts recently signed House Bill No. 4806 into law, which will amend certain provisions of the state’s data breach notification law. In addition to changing the information that must be included in notifications to regulators and individuals, the amendments will also require entities to provide eighteen months of free credit monitoring services following breaches involving Social Security numbers. The amendments, which will enter into force on April 11, 2019, are discussed in greater detail below.

An interesting reaction.
NYPD Spy Drones Fly into Privacy Headwinds
A squad of 14 New York Police Department drones will soon be soaring over the city’s skyline, with the ability to record people’s lives, even if that’s not their stated use. Some will be equipped with infrared cameras that have the ability to see through walls and record the privacy of bedrooms, although, again, NYPD says this isn’t the intent. Still, the technology isn’t just creepy (though it is creepy); if not monitored carefully, its deployment raises the specter of uses beyond those currently planned by the NYPD that could be illegal.
… New Yorkers are being asked to take the NYPD at its word, but many New Yorkers want a stronger guarantee. This is part of why advocates and activists are pushing for the Public Oversight of Technology Act (“POST Act”), a New York City Council bill that would require the NYPD to develop and publicize an “impact and use policy” for each piece of surveillance technology it purchases.

Is this machine as accurate as the lab? How good is “good enough?”
Coming Soon to a Police Station Near You: The DNA ‘Magic Box’
… in early 2017, the police booking station in Bensalem became the first in the country to install a Rapid DNA machine, which provides results in 90 minutes, and which police can operate themselves. Since then, a growing number of law enforcement agencies across the country — in Houston, Utah, Delaware — have begun operating similar machines and analyzing DNA on their own.
… In 2017, President Trump signed into law the Rapid DNA Act, which, starting this year, will enable approved police booking stations in several states to connect their Rapid DNA machines to Codis, the national DNA database. Genetic fingerprinting is set to become as routine as the old-fashioned kind.
… But already many legal experts and scientists are troubled by the way the technology is being used. As police agencies build out their local DNA databases, they are collecting DNA not only from people who have been charged with major crimes but also, increasingly, from people who are merely deemed suspicious, permanently linking their genetic identities to criminal databases.

A mere nibble. Wait for GDPR to bite!
Google has been fined $56.8 million by privacy regulators in France, marking the country’s first use of the tough new privacy rules enacted in Europe last year. Specifically, the company is accused of violating provisions of the General Data Protection Regulation (GDPR) by using, without proper consent, the private data of users to craft personalized ads; and by burying key privacy disclosures pages deep, amid oceans of text.
In a statement Monday, France’s privacy watchdog, CNIL, said that Google had been fined for needlessly obscuring information concerning the processing of its users’ data, which Europe’s privacy rules demand be made more easily accessible. Essential information about how user data is processed, stored, and used, it said, was “excessively disseminated across several documents.” It required, in some cases, up to five or six steps to unearth key disclosures, including details of how Google amasses personal information to help it pinpoint a user’s location.
… the French commission found Google’s process for informing users about what precisely they’re consenting to to be wholly inadequate.
… “We have found that large corporations such as Google simply ‘interpret the law differently’ and have often only superficially adapted their products,” Schrems reportedly told the station. “It is important that the authorities make it clear that simply claiming to be compliant is not enough.”

Yeah, it’s complicated.
Dutch surgeon wins landmark 'right to be forgotten' case
… The doctor’s registration on the register of healthcare professionals was initially suspended by a disciplinary panel because of her postoperative care of a patient. After an appeal, this was changed to a conditional suspension under which she was allowed to continue to practise.
But the first results after entering the doctor’s name in Google continued to be links to a website containing an unofficial blacklist, which it was claimed amounted to “digital pillory”.
… The judge said that while the information on the website with reference to the failings of the doctor in 2014 was correct, the pejorative name of the blacklist site suggested she was unfit to treat people, and that was not supported by the disciplinary panel’s findings.
The court further rejected Google’s claim that most people would have difficulty in finding the relevant information on the medical board’s Big-register, where the records are publicly held.
The surgeon’s lawyer, Willem van Lynden, from the Amsterdam firm MediaMaze, said the ruling was groundbreaking in ensuring doctors would no longer be judged by Google on their fitness to practise.

Don’t they store US user data in the US?
Russian Watchdog Launches 'Administrative Proceedings' Against Facebook, Twitter
The state regulator has repeatedly warned the companies they could be banned if they do not comply with a 2014 law requiring social networking sites to store the personal data of Russian users inside the country.
Zharov said Facebook and Twitter provided "no concrete information on localising the data of Russian users on the territory of the Russian Federation."
He added that the companies also did not provide a "timeframe" for when they plan to store the data of Russian users in Russia.
The 2014 law has caused widespread concern as it is seen as putting the information of Russian users at risk of being accessed by the country's intelligence services.

Would automating justice eliminate bias?
Machine Learning and the Rule of Law
Chen, Daniel L., Machine Learning and the Rule of Law (January 6, 2019). Computational Analysis of Law, Santa Fe Institute Press, ed. M. Livermore and D. Rockmore, Forthcoming. Available at SSRN:
“Predictive judicial analytics holds the promise of increasing the fairness of law. Much empirical work observes inconsistencies in judicial behavior. By predicting judicial decisions—with more or less accuracy depending on judicial attributes or case characteristics—machine learning offers an approach to detecting when judges most likely to allow extra legal biases to influence their decision making. In particular, low predictive accuracy may identify cases of judicial “indifference,” where case characteristics (interacting with judicial attributes) do no strongly dispose a judge in favor of one or another outcome. In such cases, biases may hold greater sway, implicating the fairness of the legal system.”

Gartner: Enterprise use of AI grew 270% over the past 4 years
Companies are adopting artificial intelligence (AI) like it’s going out of style, according to a new report by Gartner. The Stamford firm’s 2019 CIO Survey of more than 3,000 executives in 89 countries found that AI implementation grew a whopping 270 percent in the past four years, and 37 percent in the past year alone.
… “If you are a CIO and your organization doesn’t use AI, chances are high that your competitors do and this should be a concern.”

Tracing the evolution of an industry.
Are sitdown scooters the next big urban craze? Austin is about to find out
… Already home to thousands of electric scooters, many of them crowding downtown sidewalks, the Central Texas city will be the first to experience a new generation of shareable electric scooters from an Oxnard, California-based company called Ojo Electric. Unlike well-known scooter companies such as Bird and Lime, Ojo's models are bulkier and include a seat.
Referred to as a "light electric vehicle," the scooters can travel 50 miles on a single charge and have a top speed of 20 mph, in compliance with city regulations, the company said in a news release. The company says their vehicles are designed for bike lanes and streets.

What can I learn?
400 free Ivy League university courses you can take online in 2019
Quartz: “The eight Ivy League schools are among the most prestigious colleges in the world. They include Brown, Harvard, Cornell, Princeton, Dartmouth, Yale, and Columbia universities, and the University of Pennsylvania. All eight schools place in the top fifteen of the US News and World Report 2018 national university rankings. These Ivy League schools are also highly selective and extremely hard to get into. But the good news is that all these universities now offer free online courses across multiple online course platforms.
So far, they’ve created over 494 courses, of which around 396 are still active. Here’s a collection of all of them, split into courses in the following subjects: Computer Science, Business, Humanities, Social Sciences, Art & Design, Science, Health & Medicine, Data Science, Education & Teaching, Mathematics, Science, Engineering, Personal Development, and Programming…”

Monday, January 21, 2019

There does not seem to be any more detail, yet. To make this work, the ‘vouchers’ must not be identifiable as part of the group stolen. How would they track customer usage? Note: Another easily identified and easily fixed bug?
China's Pinduoduo reports theft of online discount vouchers to police
Chinese online group discounter Pinduoduo Inc said on Sunday that an online collective exploited a loophole on its platform to “steal” tens of millions of yuan worth of discount vouchers.
In a statement on its official Weibo account, Pinduoduo said it immediately rectified the bug and reported the incident to police.

Sounds more like the mafia? Are they this good? What, beside the Hong Kong bank account, points to China?
Cyber Fraud by Chinese Hackers Makes Headlines in India
… The cyber fraud scam started with a fraudulent email from Chinese hackers, spoofed to appear as if it were coming from the CEO of the company in Italy. The message was written in the tone and style of the CEO, and raised the prospect of a “secretive” and “highly confidential” acquisition that could only be pulled off if funds were wired to bank accounts in Hong Kong. After follow-up emails, there were then telephone conference calls between Italy and India, with Chinese fraudsters impersonating top executives and lawyers. They convinced the local Indian office that regulatory rules prevented a direct payment from corporate HQ in Milan; thus, the onus was on the local Indian operation to fund the acquisition. Payments were sent in three separate tranches of $5.6 million, $9.4 million, and $3.6 million. However, just before the fourth and final payment was about to be made, the real chairman of the Italian company showed up in India for a year-end visit. It’s not hard to imagine what happened next.
… But here’s where there is still a lot to explain: how did Chinese fraudsters impersonate top European officials, including one claiming to be a top Swiss lawyer? At some point, wouldn’t really bad accents or awkward phrases tip off the Indian officials that someone was being conned?
… In short, instead of a few hackers in pajamas trying to hack into computer systems from their basements, we may be seeing the rise of sophisticated global crime syndicates and hacking groups that are far more formidable adversaries for corporate IT directors.

No more “fake news” broadcasts? Of course if each of the five recipients forward the message to five friends, who each forward to five friends…
WhatsApp globally limits text forwards to 5 chats to curb rumours
Facebook Inc's WhatsApp messenger service is globally limiting message ‘forwards’ to five chats at a time, a practice it had introduced in India in July last year to crack down on spread of rumours and fake news through its platform.
… The messaging platform—which counts India, Brazil and Indonesia among its major markets—said it will continue to listen to user feedback on their experience, and “over time, look for new ways of addressing viral content”.
… The move comes at a time when governments and regulators across the world are looking at effective ways to curb the spread of fake messages through digital platforms.

(Related) Is this a reversal of the limits above?
Facebook launches petition feature, its next battlefield
Gather a mob and Facebook will now let you make political demands. Tomorrow Facebook will encounter a slew of fresh complexities with the launch of Community Actions, its News Feed petition feature. Community Actions could unite neighbors to request change from their local and national elected officials and government agencies. But it could also provide vocal interest groups a bully pulpit from which to pressure politicians and bureaucrats with their fringe agendas.
Community Actions embodies the central challenge facing Facebook. Every tool it designs for positive expression and connectivity can be subverted for polarization and misinformation.
… The question will be where Facebook’s moderators draw the line on what’s appropriate as a Community Action, and the ensuing calls of bias that line will trigger. Facebook is employing a combination of user flagging, proactive algorithmic detection, and human enforcers to manage the feature. But what the left might call harassment, the right might call free expression. If Facebook allows controversial Community Actions to persist, it could be viewed as complicit with their campaigns, but could be criticized for censorship if it takes one down. Like fake news and trending topics, the feature could become the social network’s latest can of worms.

Only after the rider gets off.
… Details are, as TechCrunch noted, “scarce,” but there’s a lot of speculation that Uber is investigating autonomous versions of the scooters and bikes of the short-term rental type that have already taken over many major cities. The Telegraph reported that Uber has begun hiring for the Micromobility Robotics team, which it wrote had the goal of developing scooters and bikes that can drive to charging stations themselves, or possibly to go and pick up riders after the prior passenger disembarks.
… like competitors Bird and Lime (the latter of which Uber owns a minority stake in) the logistics of using a small army of contractors to pick up the scooters after rides are already a major money-burner.
… As TechCrunch noted, Uber Jump recently unveiled a series of upgrades to give some of its bikes “self-diagnostic capabilities and swappable batteries,” designed to minimize downtime. Self-driving scooters are an obvious way to further streamline the business.

Might be fun to install on someone’s computer without telling them.
This incredibly simple tool gives every website you visit a 'dark mode'
… Go to and click on the web browser you use. You'll be taken to your browser's extensions store where you can download and install Dark Reader for free.
Once you install it, the vast majority of websites you visit will have a dark gray or black color where they used to be white.

I gotta share this with my PhD friends.

Sunday, January 20, 2019

Technology to help you break the law.
Google Maps wants to help you avoid that speeding ticket
… Google’s navigation app, Google Maps, is starting to roll out speed limit and speed trap features, according to
With the speed limit feature, drivers using Google Maps will be shown the post speed limit of the road they’re driving on in the lower left side of the app. Speed traps are designated with a small camera icon and shown on the visible area of the map. AndroidPolice’s source also reports that Google Maps provides an audio warning for drivers when they are approaching a speed trap.

(Related) He could have used it three years ago…
Hitman convicted thanks to fitness watch location data
An alleged hitman has learned hard lessons about the the value of GPS data on fitness watches. A Liverpool jury has found Mark Fellows guilty of the 2015 murder of mob boss Paul Massey in part thanks to location info from the accused's Garmin Forerunner. An expert inspecting the watch's info discovered that Fellows had recorded a 35-minute trip that took him to a field just outside Massey's home ahead of the murder. He appeared to be scouting the route he would take later to perform the hit, a claim supported by cell site and CCTV evidence showing Fellows driving his car past Massey's house numerous times in the week before the slaying.
Massey's murder had gone unsolved until the 2018 killing of his associate John Kinsella, where surveillance footage showed Fellows biking a similar scouting route before pulling the trigger. That led law enforcement to see if there were any connections to the Massey case. Fellows had a GPS jammer in his car when police investigated in 2018, suggesting that he knew enough to avoid location data at some point – just not while he was scouting Massey three years earlier.

I know lots of smart people. Maybe I should start an Institute? Do you think this one is there to provide Facebook with an “academic” justification?
Facebook backs Institute for Ethics in Artificial Intelligence with $7.5 million
Facebook will donate $7.5 million for the creation of The Institute for Ethics in Artificial Intelligence, a research center being made to explore topics such as transparency and accountability in medical treatment and human rights in human-AI interaction.
… Like initiatives undertaken by other AI research think tanks, the Institute for Ethics in Artificial Intelligence will work to share its research through conferences and symposiums with the wider community of AI practitioners.

The future of voice assistants like Alexa and Siri isn’t just in homes — it’s in cars
As smart speakers take off in the home, it’s important to note that cars are an even bigger market for voice assistants. Some 77 million US adults use voice assistants in their cars at least monthly, compared with 45.7 million using them on smart speakers, according to a new survey from voice tech publication