Saturday, February 23, 2019

What would happen if “the rest of the world” wouldn’t let them reconnect? Just saying.
Russia’s plan to unplug from the internet shows cyberwar is escalating
Russia is contemplating briefly detaching itself from the global internet at some point in the next few months, according to media reports this week.
Despite appearances, the experiment isn’t a sign of the country’s mounting isolationism, but rather part of Russia’s efforts to test its defences against large-scale cyberattack, presumably in the case of an increase in hostilities with either major European powers or the US.

A discussion with my Ethical Hackers. Consider what your lawyers will charge and all those years with no income, just a big roommate named Bubba.
Cybercriminals Promise Millions to Skilled Black Hats: Report
Posts on Dark Web forums reveal that one threat actor is willing to pay in excess of $64,000 per month ($768,000 per year) to skilled individuals willing to help them conduct nefarious operations. The salary would go up to $90,000 per month ($1,080,000 per year) for the second year.
Cybercrime groups looking for accomplices who can help them extort money from high-worth individuals, including company executives, lawyers and doctors, promise monthly pays starting at $30,000 per month ($360,000 per year), Digital Shadows notes in their report.

All data is useful if it helps increase sales?
Machiavellian Mega-Chain Domino’s Wants to Trade Pizza for Data
Domino’s, the normcore pizza chain that’s actually America’s best food delivery startup, recently launched a massive data mining project masquerading as a game where people can win free food.
… On the surface, this might see like just another interactive stunt from Domino’s designed to engender good will among America’s pizza-hungry masses. But the chain is most certainly motivated by other factors beyond merely spreading positive pizza vibes across the land. Over the last decade, the company has masterfully used data collected from online orders and the various iterations of its app, as well as third party sources, to map out local demographics and single out the pizza competition. By harnessing the power of this data, Domino’s is able to offer the most reliable food delivery service across America, while also keeping prices absurdly low.

Register for access.
AI, machine learning, and deep learning: The complete guide

Wouldn’t most people buy the most forgiving Digital Assistant? Or perhaps there should be a “lawyer mode” that warns you but will never reveal your conversations?
Digital assistants should discuss whether to report illegal activity
Smart assistants could soon come with a 'moral AI' to decide whether to report their owners for breaking the law.
That's the suggestion of academics at who say that household gadgets like the Amazon Echo and Google Home should be enhanced with ethical smart software.
This would let them to weigh-up whether to report illegal activity to the police, effectively putting millions of people under constant surveillance.
… Dr Slavkovik suggested that digital assistants should possess an ethical awareness that simultaneously represents both the owner and the authorities - or, in the case of a minor, their parents.
Devices would then have an internal 'discussion' about suspect behaviour, weighing up conflicting demands between the law and personal freedoms, before arriving at the 'best' course of action.

A new definition of antitrust?
Facebook Grew Too Big to Care About Privacy
Two years ago, a Yale Law School student published what became an influential paper about how antitrust law should apply to one of America’s superstar technology companies, which don’t fit the conventional mold of Standard Oil monopolists.
Now, another academic paper from a former advertising technology executive and Yale law graduate is arguing that Facebook Inc. abuses its power. Titled in part “The Antitrust Case Against Facebook,” its author, Dina Srinivasan, offers a deeply researched analysis of Facebook’s pattern of backtracking on the user data collection that allowed the company to become a star. Once Facebook was powerful and popular, Srinivasan says, it was able to overrun objections about its data-harvesting practices.
The core of Srinivasan’s argument is to treat two anxieties about Facebook — potential abuses of monopoly power and violations of users’ privacy — not as separate but as two sides of the same coin. It’s a relatively novel idea that has echoes in a recent order from Germany’s antitrust authority. (Facebook has said the German regulator was wrong to link enforcement of privacy law and antitrust, and the company said it is appealing the decision.)
The paper was published this week in the Berkeley Business Law Journal from the University of California, and I read a version that has been online for two weeks.

Friday, February 22, 2019

Computer Security backgrounder. Sounds like we’re on the attack.
Gen. Nakasone on US CyberCommand
Really interesting article by and interview with Paul M. Nakasone (Commander of U.S. Cyber Command, Director of the National Security Agency, and Chief of the Central Security Service) in the current issue of Joint Forces Quarterly. He talks about the evolving role of US CyberCommand, and it's new posture of "persistent engagement" using a "cyber-presistant force":
Unlike the nuclear realm, where our strategic advantage or power comes from possessing a capability or weapons system, in cyberspace it’s the use of cyber capabilities that is strategically consequential. The threat of using something in cyberspace is not as powerful as actually using it because that’s what our adversaries are doing to us. They are actively in our network communications, attempting to steal data and impact our weapons systems. So advantage is gained by those who maintain a continual state of action.

That’s the WWW part of the URL.
Celebrate the Web’s 30th Birthday
Hello, World In December 1990, an application called WorldWideWeb was developed on a NeXT machine at The European Organization for Nuclear Research (known as CERN) just outside of Geneva. This program – WorldWideWeb — is the antecedent of most of what we consider or know of as “the web” today. In February 2019, in celebration of the thirtieth anniversary of the development of WorldWideWeb, a group of developers and designers convened at CERN to rebuild the original browser within a contemporary browser, allowing users around the world to experience the rather humble origins of this transformative technology. This project was supported by the US Mission in Geneva through the CERN & Society Foundation.”

Might be useful for statistics or data analytics/
The Stanford Open Policing Project
“Currently, a comprehensive, national repository detailing interactions between police and the public doesn’t exist. That’s why the Stanford Open Policing Project is collecting and standardizing data on vehicle and pedestrian stops from law enforcement departments across the country — and we’re making that information freely available. We’ve already gathered 130 million records from 31 state police agencies and have begun collecting data on stops from law enforcement agencies in major cities, as well. We, the Stanford Open Policing Project, are an interdisciplinary team of researchers and journalists at Stanford University. We are committed to combining the academic rigor of statistical analysis with the explanatory power of data journalism.”

Another statistic based article. (Podcast)
Changing the Game: How Data Analytics Is Upending Baseball
… Wyner drew a parallel between how valuation is done for corporate M&A deals, keeping in mind the net present value of the future cash flows of acquisition targets. “What we assume that the teams should know, but never seem to get, is that you’re paying for the future, not the past,” he said. “Historically that seemed to be what people did, because statistically, people would look at the past and they would project the future by just dragging out the past. That is just not the right way to do it. The data available today has made it better and easier to forecast the future.”

Dilbert’s pointy haired Manager seems very similar to a certain strangely haired President.

Thursday, February 21, 2019

Gosh, what a surprise!
Sustained and ongoing’ disinformation assault targets Dem presidential candidates
A wide-ranging disinformation campaign aimed at Democratic 2020 candidates is already underway on social media, with signs that foreign state actors are driving at least some of the activity.
The main targets appear to be Sens. Kamala Harris (D-Calif.), Elizabeth Warren (D-Mass.) and Bernie Sanders (I-Vt.), and former Rep. Beto O’Rourke (D-Texas), four of the most prominent announced or prospective candidates for president.
A POLITICO review of recent data extracted from Twitter and from other platforms, as well as interviews with data scientists and digital campaign strategists, suggests that the goal of the coordinated barrage appears to be undermining the nascent candidacies through the dissemination of memes, hashtags, misinformation and distortions of their positions. But the divisive nature of many of the posts also hints at a broader effort to sow discord and chaos within the Democratic presidential primary.

Keeping up with the hackers.
Alyssa Newcomb reports:
Every month, thousands of retail websites are targeted by cyber criminals, who insert a small piece of malicious code that allows them to snatch customers’ credit card information. The hacking technique is called formjacking, and it’s the virtual equivalent of putting a device on an ATM to skim debit card numbers.
Affecting an average of 4,800 websites per month, formjacking is one of the newest favorite ways for hackers to steal personal data, according to security company Symantec’s annual Internet Security Threat Report.
Read more on Fortune.

Why would this be new or surprising?
Privacy Practices Cited as New Source of Risk in Alphabet Annual Report
For the past 12 months, Silicon Valley tech giants like Facebook and Google have been coming under increasing scrutiny from regulators, investors and consumers for their controversial privacy practices. Finally, it looks like those concerns are starting to be taken seriously by Google. In the Alphabet annual report for 2018, Google’s parent company provided additional guidance on how their privacy practices could impact the company’s overall business model, and hence, its ability to churn out billions of dollars of revenue each quarter.
Of course, previous 10K filings from Alphabet have cited privacy concerns as potential risk factors. But that was primarily legal boilerplate added to the Alphabet annual report – the type of vaguely worded statements designed to protect Alphabet from potential lawsuits from investors. So the additional insertion of detailed new language about privacy practices into the Alphabet annual report is worth paying attention to – it signals, at the very least, that Alphabet’s top executives are finally starting to wake up to the prospect of advertisers and consumers walking away from the company, or the U.S. government imposing fines or additional regulation upon the company.

Did Johnathan go easy on Mark, or was he handing him more rope?
Zittrain and Zuckerberg discuss encryption ‘information fiduciaries’ and targeted advertisements
Harvard Law Today: “Should Facebook be considered an “information fiduciary” when it comes to the privacy of its clients? How should we weigh the pros and cons of encryption schemes which might bolster privacy and data security at the risk of shutting out law enforcement? And why shouldn’t Facebook tell users how much advertising revenue their respective data generates on a daily basis? Those were some of the questions Facebook Co-founder and CEO Mark Zuckerberg discussed with Jonathan Zittrain ’95, HLS’s George Bemis Professor of International Law, in a conversation among students at Harvard Law School on Feb. 11.
The nearly two-hour discussion was part of a series of study sessions for Harvard’s Techtopia initiative, a program for students across the University to explore problems in technology and governance, and it included participants from Zittrain’s course on Internet & Society: The Technologies and Politics of Control. Zittrain launched the conversation at HLS by raising the question of whether Facebook and other data-hungry internet companies should become “information fiduciaries.” Developed with Yale Law Professor Jack Balkin, the concept involves making such companies abide by a duty of loyalty to their users when handling sensitive data–including putting the user’s interests in front of profits–much the same way a lawyer or doctor must protect a client’s confidentiality…”

Know what they do, it’s what you have to undo.
How tech companies use dark patterns to discourage us from exercising our rights to privacy
Dark Patterns – How tech companies use dark patterns to discourage us from exercising our rights to privacy. The Norwegian Consumer Council (the Forbrukerr├ądet or NCC) report criticizes “features of interface design crafted to trick users into doing things that they might not want to do, but which benefit the business in question.”
“In this report, we analyze a sample of settings in Facebook, Google and Windows 10, and show how default settings and dark patterns, techniques and features of interface design meant to manipulate users, are used to nudge users towards privacy intrusive options. The findings include privacy intrusive default settings, misleading wording, giving users an illusion of control, hiding away privacy-friendly choices, take-it-or-leave-it choices, and choice architectures where choosing the privacy friendly option requires more effort for the users. Facebook and Google have privacy intrusive defaults, where users who want the privacy friendly option have to go through a significantly longer process. They even obscure some of these settings so that the user cannot know that the more privacy intrusive option was pre-selected. The popups from Facebook, Google and Windows 10 have design, symbols and wording that nudge users away from the privacy friendly choices. Choices are worded to compel users to make certain choices, while key information is omitted or downplayed. None of them lets the user freely postpone decisions. Also, Facebook and Google threaten users with loss of functionality or deletion of the user account if the user does not choose the privacy intrusive option. The GDPR settings from Facebook, Google and Windows 10 provide users with granular choices regarding the collection and use of personal data. At the same time, we find that the service providers employ numerous tactics in order to nudge or push consumers toward sharing as much data as possible.”

My students thought this was addressed in the “cars talk to each other” strategy.
Someday Your Self-Driving Car Will Pull Over for Police
Driverless cars won’t be able to take over until automakers, engineers, lawmakers and police work through a series of thorny problems.

For my Architecture students. It’s is obvious, if you take the time to think about it.
How to Break Down Work into Tasks That Can Be Automated
Repetitive vs. Variable Work
Repetitive work is often predictable, routine, and determined by predefined criteria while more variable work is unpredictable, changing, and requiring adaptive criteria and decision rules.
Independent vs. Interactive Work
Independent work requires little or no collaboration or communication with others, while work performed interactively involves more collaboration and communication with others, and relies on communication skills and empathy.
Physical vs. Mental Work
Physical work is work that is primarily manual in nature, requiring manual dexterity and, often, strength while mental work requires one’s cognitive abilities.

Might make an overview more memorable?
A Beginner’s List of Links for those interested in visuals + law
Open Law Lab Blog – Margaret Hagan: “I was having a conversation with a professor this morning who is interested in amplifying her work in doing diagramming, drawing, and visualizations in law. We had a great conversation, and I pulled in a range of links for her to explore what’s going on in the world of visual design, law, and public interest work. I share these links here in case they might be helpful starters for others!..”

Tuesday’s visitors. Looks like I’m an international wonder! (I know that can’t be right.) 


Wednesday, February 20, 2019

If you can’t get them at the source, intercept them on the way to the bank.
Breach at PoS Firm Hits Hundreds of U.S. Restaurants, Hotels
Point-of-sale (PoS) solutions provider North Country Business Products, whose products are used at over 6,500 locations across the United States, recently disclosed a data breach that resulted in the exposure of payment card data.
The company said it learned on January 4 of suspicious activity in certain client networks. An investigation assisted by a third-party cyber forensics firm revealed that malicious actors had deployed a piece of malware to some of its customers between January 3 and January 24, 2019.
The malware was designed to harvest data belonging to individuals who used their payment cards at one of the impacted North Country customers. Exposed data includes cardholder names, card numbers, expiration dates, and CVV codes.
North Country has set up a dedicated website where it has provided a list of the restaurants and hotels impacted by the incident. The list includes 137 locations, mostly in Arizona and Minnesota, but also in Louisiana, Iowa, Missouri, North Dakota, South Dakota, Texas, Wisconsin, Tennessee, Oregon, and Ohio.

Bank robbers are fleeing the scene on shared electric scooters
… In September 2018, a burglar in Indianapolis, Indiana, used a Bird electric scooter to make off with a man’s wallet, laptop, and backpack. In December, a man in Baltimore, Maryland, stole a cellphone at gunpoint and fled on a Bird scooter. Also in December, a 19-year-old robbed a bank in downtown Austin, Texas, and hopped on one of Uber’s Jump e-scooters to make his getaway. Earlier this month, a bank robber in a suburb of Chicago, Illinois, took a Lyft to the bank, had it wait outside while he committed the robbery, and then took the same car to O’Hare airport.

Improving background checks?
Bree Burkitt reports:
Arizona could soon be one of the first states to maintain a massive statewide DNA database.
And if the proposed legislation passes, many people — from parent school volunteers and teachers to real estate agents and foster parents — will have no choice but to give up their DNA.
Under Senate Bill 1475, which Rep. David Livingston, R-Peoria, introduced, DNA must be collected from anyone who has to be fingerprinted by the state for a job, to volunteer in certain positions or for a myriad of other reasons.
Read more on AZcentral.

Amazon Alexa and the Search for the One Perfect Answer
This article is adapted from Talk to Me: How Voice Computing Will Transform the Way We Live, Work, and Think, by James Vlahos, to be published in March by Houghton Mifflin Harcourt.
… Two decades later, with the rise of voice computing platforms such as Amazon Alexa and Google Assistant, the world’s biggest tech companies are suddenly, precipitously moving in Tunstall-Pedoe’s direction. Voice-enabled smart speakers have become some of the industry’s best-selling products; in 2018 alone, according to a report by NPR and Edison Research, their prevalence in American households grew by 78 percent. According to one market survey, people ask their smart speakers to answer questions more often than they do anything else with them. Tunstall-Pedoe’s vision of computers responding to our queries in a single pass—providing one-shot answers, as they are known in the search community—has gone mainstream. The internet and the multibillion-dollar business ecosystems it supports are changing irrevocably. So, too, is the creation, distribution, and control of information—the very nature of how we know what we know.

Strategy Analytics: Amazon beat Google in Q4 2018 smart speaker shipments
Smart speakers continue to sell like hotcakes. That’s according to Strategy Analytics, which today reported that in the fourth quarter of 2018, shipments of AI-imbued speakers grew 95 percent from 22.6 million units in Q3 to 38.5 million units — more than the entire 2017 total. It brought the year-end tally to 86.2 million units.

AI Is Not Just Getting Better; It’s Becoming More Pervasive
… Deloitte predicts there will be more than half a billion mobile chips running machine learning on smartphones, tablets, and other devices in 2019. And continued innovation in AI hardware and software will lead to a growing number of devices and machines with built-in AI capabilities.
… And autonomous vehicles, perhaps the most prominent example of machines with embedded intelligence, are expected to reshape the transportation sector by offering a cheaper alternative to traditional car ownership through on-demand ride services. They could also make parking lots, traffic jams, and gas stations disappear, while upending traditional business models for auto insurers, logistics providers, and other companies.

Probable futures.
From Machine Learning to Blockchain, Gartner identifies Top 10 Data and Analytics Technology Trends for 2019
1: Augmented Analytics
2: Augmented Data Management
3: Continuous Intelligence
4: Explainable AI
5: Graph
6: Data Fabric
7: NLP/ Conversational Analytics
8: Commercial AI and Machine Learning
9: Blockchain
10: Persistent Memory Servers

Learn the difference between “Veblen goods” and “Giffen goods.”
Welcome to the Financial Times Lexicon Lexicon – “Browse thousands of words and phrases selected by Financial Times editors and suggest new terms for the glossary.”

How to make your PowerPoints really boring?
Can PowerPoint speak aloud & read the text in my slideshows?
PCWorld: “Can PowerPoint speak aloud and read the text in my slideshows? Yes, it can. Using the Speak command, also known as the Text to Speech (TTS) feature, PowerPoint can read the text in your slideshows and in your notes out loud. Be advised, however, that there is not a pause and continue feature with Speak. This is available only with the Read Aloud command, which is available in Word and Outlook, but not yet in PowerPoint or Excel…”

Tuesday, February 19, 2019

I have many questions...
20 of the best social media monitoring tools
Social Media Explorer: “There’s enough social media monitoring tools on the market to get you absolutely confused. This list is here to help. Every tool on the list does what it claims to do (which is not universal among software and products in general) – it either focuses on social media monitoring exclusively or does social media monitoring as a part of a broader toolkit. When in the right hands, it will definitely help improve customer service, raise brand awareness, and prevent a social media crisis. And some of the tools do even more than that…”

For all my students.
The wait for the victims of GandCrab is over: a new decryption tool has been released today for free on the No More Ransom depository for the latest strand of GandCrab, one of the world’s most prolific ransomware to date.
This tool was developed by the Romanian Police in close collaboration with the internet security company Bitdefender and Europol, together with the support of law enforcement authorities from Austria, Belgium, Cyprus, France, Germany, Italy, the Netherlands, UK, Canada and US FBI.
In addition to versions 1, 4 and early versions of 5, the new tool resolves infections with version 5.0.4 through 5.1 – the latest version developed by the cybercriminals.


GandCrab has surpassed all other strains of ransomware in 2018, having infected over half a million victims since it was first detected in January last year.
Back in October, a decryption tool was made available covering all but two versions of the then existing versions of the malware. This tool followed an earlier release back in February. Downloaded more than 400 000 times so far, these two tools have helped close to 10 000 victims retrieve their encrypted files, saving them some USD 5 million in ransomware payment.
The GandCrab criminals have since released new versions of the file-encrypting malware, all of which are covered by the tool released today.
The best cure against ransomware remains diligent prevention. Users are strongly advised to use a security solution with layered anti-ransomware defences, regularly back up their data and avoid opening attachments delivered with unsolicited messages.
Find more information and prevention tips on

While we’ve been concentrating on self-driving cars…
The Navy just bought a fleet of robot submarines to prowl the oceans and mess with adversaries
The Navy is bulking up its fleet of autonomous robot vessels with the purchase of a cadre of four of Boeing's extremely large and incredibly grandiose unmanned Orca submarines.
On Feb. 13, the Navy awarded Boeing a $43 million contract to produce four of the 51-foot Orca Extra Large Unmanned Undersea Vehicles (XLUUVs) that are capable of traveling some 6,500 nautical miles unaided, the U.S. Naval Institute reported.
According to USNI, the Navy could potentially deploy the Orcas from existing vessels to conduct "mine countermeasures, anti-submarine warfare, anti-surface warfare, electronic warfare and strike missions."

We need to know how this works.
Expanding transparency around political ads on Twitter
… Last May, we launched our Political Campaigning Policy in the United States to provide clear insight into how we define political content and who is advertising political content on Twitter. In conjunction, we launched the Ads Transparency Center (ATC). The ATC allows anyone across the globe to view ads that have been served on Twitter, with even more details on political campaigning ads, including ad spend and targeting demographics.
Today, we’re expanding our political ads policy and transparency approach to include all European Union member states, India, and Australia.

Over the weekend, Google presented a white paper at the Munich Security Conference detailing how it fights disinformation across its largest services. This includes efforts covering Google Search, News, and YouTube, as well as advertising platforms.
… The full white paper is worth a read and covers what steps Google is taking in its four key products.

GIGO. Garbage In, Garbage Out. An old sin with new sinners? Has anyone (BJS?) done a comparative study?
Dirty Data, Bad Predictions: How Civil Rights Violations Impact Police Data, Predictive Policing Systems, and Justice
Richardson, Rashida and Schultz, Jason and Crawford, Kate, Dirty Data, Bad Predictions: How Civil Rights Violations Impact Police Data, Predictive Policing Systems, and Justice (February 13, 2019). New York University Law Review Online, Forthcoming. Available at SSRN in PDF:
“Law enforcement agencies are increasingly using algorithmic predictive policing systems to forecast criminal activity and allocate police resources. Yet in numerous jurisdictions, these systems are built on data produced within the context of flawed, racially fraught and sometimes unlawful practices (‘dirty policing’). This can include systemic data manipulation, falsifying police reports, unlawful use of force, planted evidence, and unconstitutional searches. These policing practices shape the environment and the methodology by which data is created, which leads to inaccuracies, skews, and forms of systemic bias embedded in the data (‘dirty data’). Predictive policing systems informed by such data cannot escape the legacy of unlawful or biased policing practices that they are built on. Nor do claims by predictive policing vendors that these systems provide greater objectivity, transparency, or accountability hold up. While some systems offer the ability to see the algorithms used and even occasionally access to the data itself, there is no evidence to suggest that vendors independently or adequately assess the impact that unlawful and bias policing practices have on their systems, or otherwise assess how broader societal biases may affect their systems.
In our research, we examine the implications of using dirty data with predictive policing, and look at jurisdictions that (1) have utilized predictive policing systems and (2) have done so while under government commission investigations or federal court monitored settlements, consent decrees, or memoranda of agreement stemming from corrupt, racially biased, or otherwise illegal policing practices. In particular, we examine the link between unlawful and biased police practices and the data used to train or implement these systems across thirteen case studies. We highlight three of these: (1) Chicago, an example of where dirty data was ingested directly into the city’s predictive system; (2) New Orleans, an example where the extensive evidence of dirty policing practices suggests an extremely high risk that dirty data was or will be used in any predictive policing application, and (3) Maricopa County where despite extensive evidence of dirty policing practices, lack of transparency and public accountability surrounding predictive policing inhibits the public from assessing the risks of dirty data within such systems. The implications of these findings have widespread ramifications for predictive policing writ large. Deploying predictive policing systems in jurisdictions with extensive histories of unlawful police practices presents elevated risks that dirty data will lead to flawed, biased, and unlawful predictions which in turn risk perpetuating additional harm via feedback loops throughout the criminal justice system. Thus, for any jurisdiction where police have been found to engage in such practices, the use of predictive policing in any context must be treated with skepticism and mechanisms for the public to examine and reject such systems are imperative.”

(Related) Does anyone teach the proper use of emojis in high school English classes?
Emoji are showing up in court cases exponentially, and courts aren’t prepared
Bay Area prosecutors were trying to prove that a man arrested during a prostitution sting was guilty of pimping charges, and among the evidence was a series of Instagram DMs he’d allegedly sent to a woman. One read: “Teamwork make the dream work” with high heels and money bag emoji placed at the end. Prosecutors said the message implied a working relationship between the two of them. The defendant said it could mean he was trying to strike up a romantic relationship. Who was right?
Emoji are showing up as evidence in court more frequently with each passing year. Between 2004 and 2019, there was an exponential rise in emoji and emoticon references in US court opinions, with over 30 percent of all cases appearing in 2018, according to Santa Clara University law professor Eric Goldman, who has been tracking all of the references to “emoji” and “emoticon” that show up in US court opinions. So far, the emoji and emoticons have rarely been important enough to sway the direction of a case, but as they become more common, the ambiguity in how emoji are displayed and what we interpret emoji to mean could become a larger issue for courts to contend with.

Can Science Fiction Predict the Future of Technology?
… The article “Science Fiction and the Future” quotes Arthur C. Clarke: “A critical . . . reading of science fiction is essential training for anyone wishing to look more than ten years ahead.” And in “Does science fiction — yes, science fiction — suggest futures for news?”, Loren Ghiglione quotes author Orson Scott Card on the necessity of science fiction’s “thought experiments”: “We have to think of them so that if the worst does come, we’ll already know how to live in that universe.”
Both the idea of looking to the future, and the possibility of using fiction to do that, are relatively new. In “Has Futurism Failed?“, David Rejeski and Robert L. Olson write that:
A fundamental change in human thinking about the future began in the 18th century, as technological change accelerated to a point where its effects were easily visible in the course of a single lifetime, and terms such as progress and development entered human discourse… Speculation about the future became more common as human beings increasingly reshaped the world during the 19th and early 20th centuries, though it was seen largely as entertainment, a diversion from the often stark realities of everyday life. Yet some of that speculation proved surprisingly close to the mark.

For my geeks.

Monday, February 18, 2019

Perhaps China looking for politicians to support or compromise.
Australia accuses foreign government of cyber attack on lawmakers
A cyber attack on Australian lawmakers that breached the networks of major political parties was probably carried out by a foreign government, Prime Minister Scott Morrison said on Monday, but did not name any suspects.
As Australia heads for an election due by May, lawmakers were told this month told to urgently change their passwords after the cyber intelligence agency detected an attack on the national parliament’s computer network.
… Morrison did not reveal what information was accessed, but he said there was no evidence of election interference. [The best kind of hack! Bob]
Investors are still securing local networks, said Alastair MacGibbon, head of the Australian Cyber Security Centre, the government department responsible for online security.
… “When you consider motivation, you would have to say that China is the leading suspect, while you wouldn’t rule out Russia either,” said Fergus Hanson, head of the International Cyber Policy Centre at think-tank the Australian Strategic Policy Institute.
“It is the honey pot of juicy political gossip that has been hoovered up. Emails showing everything from the dirty laundry of internal fights through to who supported a policy could be on display.”
Ties with China have deteriorated since 2017, after Canberra accused Beijing of meddling in its domestic affairs.

Australia political parties hacked by 'sophisticated state actor'
… The announcement on Monday came 10 days after the launch of a probe into the cybersecurity breach of the parliament's computer network.
Morrison told parliament that, while investigating the parliament hack, "we also became aware that the networks of some political parties, Liberal, Labor and Nationals have also been affected"
… He added that the hackers were sophisticated enough to get into the network, but "not sophisticated enough to remain undetected".
He said it was unclear whether the attackers gained access to sensitive data or emails.
"We don't know. These are very early days," he said. "We genuinely do not know."

My Enterprise Architecture students will find the frameworks interesting.
The latest AI trends you need to know
It is an open source python based neural networks library that can run over Microsoft CNTK (Cognitive Toolkit), Tensorflow and many other frameworks.
KERAS is best to be used by beginners in AI development.
Pytorch is an open source machine learning code library based on python for natural language processing.
Sonnet is a python based AI development code library built on top of TensorFlow to build complex neural networks for deep learning. SONNET is best for Artificial Intelligence research and development it is not easy for beginners to develop in SONNET.
Apache MXNET is an open source deep learning software framework for training and deploying neural networks. It has a scalable training model which supports multiple programming languages Go, R, Scala, Perl, C++, Python, Julia, Matlab, JavaScript for AI development.

I’m beginning to think that someone who knew how Facebook operated reversed that thinking and created the GDPR.
Germany Sets New Data Collection Precedent with Facebook Anti-Trust Ruling - CPO Magazine
Germany’s Federal Cartel Office (FCO), the country’s competition law authority, set a new precedent recently with an antitrust ruling against Facebook. The ruling may force Facebook to make major changes to their data collection practices – at least in Germany.
The ruling sharply limited Facebook’s ability to collect data on user activities outside of the site. According to the company’s official line, Facebook collected anonymous data on anyone visiting a site that has one of their services or apps integrated. Testimony to the United States Congress by Mark Zuckerberg in 2018 revealed that the scope of this data collection was beyond what Facebook had previously been willing to be transparent about, however. The public learned that Facebook was creating “shadow profiles” using every scrap of information they could harvest, including profiles on people who do not have a Facebook account. This collection was not disclosed to end users, and would require logging in to Facebook to opt out of it.
… Within the boundaries of Germany, this ruling is devastating to Facebook’s advertising revenue streams. However, at this point, this is not something that applies to the company across the whole of the European Union. Facebook can continue with their current data collection in the country for the time being as they work through the appeal process. Should the appeal be denied, Facebook will immediately be required to provide notice of and obtain consent for all of the applicable data types and uses.

It’s all about employee retention. The marginal cost to Purdue of one more online student is pretty low, so I suspect Papa John’s isn’t likely to go broke on this.
Papa John’s offering employees free college tuition
… The pizza company is offering employees free college tuition.
The chain has teamed up with Purdue University Global.
Employees are eligible for free tuition at the online-only institution if they have worked more than 20 hours per week for at least 90 days.

Sunday, February 17, 2019

Who designs the “after the breach” customer contact?
Zack Whittaker reports:
Hotel chain giant Marriott will now let you check if you’re a victim of the Starwood hack.
The company confirmed to TechCrunch that it has put in place “a mechanism to enable guests to look up individual passport numbers to see if they were included in the set of unencrypted passport numbers.” That follows a statement last month from the company confirming that five million unencrypted passport numbers were stolen in the data breach last year.
The checker, hosted by security firm OneTrust, will ask for some personal information, like your name, email address, as well as the last six-digits of your passport number.
Read more on TechCrunch.
Note that you do not have to input your passport info – that’s merely recommended. You do need to input your first and last name, email address, and town, state, country, and zip code.
I tried the form using two different email addresses. After each submission, I was told to check my email for a confirmation email link that I would need to click to confirm. It’s two hours later, and I haven’t received any emails asking me to confirm my request. Zack had reported, “The checker won’t kick back a result straight away — you’ll have to wait for a response — and Marriott doesn’t say how long that’ll take.” I didn’t anticipate that even the confirmation email might take a long time.
Surely this part could have been handled more promptly???

I do advise my Computer Security students to talk to their insurers. This seems a bit much.
Noddy A. Fernandez reports:
A gift distribution company is suing a global insurance broker, citing alleged broker malpractice.
Hampton-Haddon Marketing Corp. (HHMC) filed a complaint on Jan. 28 in the U.S. District Court for the Eastern District of Pennsylvania against Willis of Tennessee Inc. and Willis Towers Watson PLC, alleging the defendants breached their duty to advise plaintiff of reasonable business risks and the availability of insurance to cover such risks, and specifically of cyber crime risks such as the BEC scam.
Read more on Penn Record.

You will love this App. That’s not a prediction, that’s a command. (How would this work in the US?)
China’s most popular app is a propaganda tool teaching Xi Jinping Thought
A slick tool for teaching “Xi Jinping Thought” has become the most popular smartphone app in China, as the country’s ruling Communist Party launched a new campaign that calls on its cadres to immerse themselves in the political doctrine every day.
Xuexi Qiangguo requires users to sign up with their mobile numbers and real names. “Study points” are earned by users who log on the app, read articles, make comments every day and participate in multiple-choice tests about the party’s policies.
That points feature also offers a method to monitor the compulsory use of the app. Party cadres across the country are now required to use the app every day and accumulate their scores, according to recent state media reports.

Coming (not so) soon to a country near you! Meanwhile, all we have is California?
GAO gives Congress go-ahead for a GDPR-like privacy legislation
An independent report authored by a US government auditing agency has recommended that Congress develop internet data privacy legislation to enhance consumer protections, similar to the EU's General Data Protection Regulation (GDPR).
The 56-page report was put together by the US Government Accountability Office (GAO), a bi-partisan government agency that provides auditing, evaluation, and investigative services for Congress. Its reports are used for hearings and drafting legislation.
The House Energy and Commerce Committee, which requested the GAO report two years ago, has scheduled a hearing for February 26, during which it plans to discuss GAO's findings and the possibility in drafting the US' first federal-level internet privacy law.

A Status Report on the California Consumer Privacy Act
Yesterday, I did a webinar for the California Lawyers Association on the status of the California Consumer Privacy Act (CCPA). This post recaps the discussion.

New tech, new issues. No doubt that shortly after the wheel was invented, it ran over the inventor’s foot.
New Study Highlights IoT Security and Privacy Flaws in Popular Off the Shelf Devices
According to a new report (“State of IoT Security”), so-called “smart” devices might not be so smart after all. The report from Pepper IoT and Dark Cubed detailed a wide variety of security issues and privacy flaws in common Internet of Things (IoT) devices, including some cases where devices such as smart light bulbs were communicating personal data and information to third-party companies in China. The major conclusion of the report is that both retailers and manufacturers need to be taking comprehensive new steps to resolve these IoT security and privacy issues.

This article is interesting. We are increasing the CJ/Computer Security relationship.
How the internet made it easier for all of us to be criminals, or victims
In 2007, the criminologist Karuppannan Jaishankar founded a field of research called cyber criminology, which he defined as "the study of causation of crimes that occur in the cyberspace and its impact in the physical space".
… "Cyber criminology is largely ignored or marginalised by mainstream criminology ... many criminologists refrain from examining this important, future-oriented issue. Whether it be that they are lacking the necessary understanding of technology, are intimidated by the jargon of the field, or that they continue to fail to realise the full extent of societal implications of this new type of crime, the lack of consideration is troubling."
Given that cybercrime is the single most common form of crime, this omission is unacceptable.
… This leads to a reasonable question, as Diamond and Bachmann point out: "Should cybercrime be conceptualised as a brand new crime type or traditional crimes pursued through a new medium?"
… But there is one thing that threatens the usefulness of traditional theories the most. "Criminological theories have long relied upon confluence of offenders and victims in time and space," say Diamond and Bachmann. But time and space no longer matter like they used to. We can plan an attack that happens days or years later, and never need to meet our victim.
… One theory that doesn’t completely break down in the face of this change is Routine Activity Theory (RAT), developed by Lawrence Cohen and Marcus Felson in 1979. They suggest that in order for a crime to be committed, there are three necessary ingredients. First, a motivated offender – someone who wants to commit a crime or otherwise do harm. Second, a suitable target – the offender needs a victim (barring a few exceptions such as perjury). Online, there are now billions of possible targets, all accessible without having to leave home. Third, the absence of a capable guardian. This means a lack of someone or something that can stop the offender from harming the victim, such as a police officer or a firewall.

Perspective. For my students, who seem to think every company with billions in income must be profitable.
Uber Lost $1.8 Billion in 2018 Despite Record Ride-Hailing, Food-Delivery Gains
Uber posted $50 billion in bookings for its ride-hailing and food-delivery services in 2018. However, the company still failed to turn a profit and its revenue growth slowed toward the end of last year, reports Reuters. That's bad news for Uber as the company looks to charm investors into an initial public offering (IPO) later this year.
Annual bookings were up 45 percent over 2017, according to Uber. Even then, the company's losses before taxes, depreciation, and other expenses still totaled $1.8 billion, down from the $2.2 billion loss the company posted in 2017. Uber's full-year revenue for 2018 was $11.3 billion, an increase of 43 percent from 2017.

Ford sees itself as a transportation company, not just a manufacturer. (These will also fit in a trunk.)
Ford gets into the electric scooter business, chooses Mesa for first Arizona roll out
… Spin, a micro-mobility company acquired by Ford late last year, launched 600 scooters in Mesa on Friday, competing with Lime, Bird, and Jump. Lyft also plans to begin offering electric scooters in Mesa, possibly later this month.
Spin scooters are $1 to unlock and 15 cents per minute. The bulk of the fleet has been stationed in west Mesa, near Mesa Community College. The idea is that riders will use the scooters to travel the last mile or two to their destination.
Scooters will be picked up each night and inspected before being deployed each morning.

I better start teaching AI.
Urgent need to re-skill about 50 pc of India’s IT workforce’: Nasscom official
This is due to the growth of disruptive technologies like AI and Data Analytics, as per Nasscom's IT-ITeS Sector Skills Council chief executive Amit Aggarwal.