Saturday, March 09, 2019

How to do security poorly. Build in your own back door. Bypasses Credit Freeze PIN
Most people who have frozen their credit files with Equifax have been issued a numeric Personal Identification Number (PIN) which is supposed to be required before a freeze can be lifted or thawed. Unfortunately, if you don’t already have an account at the credit bureau’s new myEquifax portal, it may be simple for identity thieves to lift an existing credit freeze at Equifax and bypass the PIN armed with little more than your, name, Social Security number and birthday.

Probably nowhere near enough, so what’s next?
Kaori Yoshida reports:
North Korea has used cyberattacks and blockchain technology to circumvent economic sanctions and obtain foreign currency, according to a panel of experts reporting to the U.N. Security Council.
Pyongyang has amassed around $670 million in foreign and virtual currency through cyberthefts and used blockchain technology to cover its tracks, the panel told the Security Council’s North Korea sanctions committee, ahead of the council’s annual report, Nikkei has learned.
Read more on Nikkei Asian Review.

Can organizations keep this information from employees/customers under the GDPR and similar laws?
If you’re not transparent about a breach and people cannot figure out how to protect themselves, you may be almost guaranteeing people will sue you about it or file a grievance.
CBC reports:
The union representing faculty at Algonquin College has filed a grievance against the school after a recent data breach.
Ontario Public Service Employees Union (OPSEU) local 415, which represents faculty at the school, wants Algonquin College to disclose the exact nature of the information that was accessed in last month’s phishing attack — and take steps to protect any faculty whose personal information is used illegally.
The only assurance that the college has given the union is that no social insurance numbers were lost, said Pat Kennedy, the union’s local president.
Read more on CBC.

So, why not use the ‘news’ tag all the time?
YouTube fought Brie Larson trolls by changing its search algorithm
If you searched “Brie Larson” on YouTube a couple of days ago, the top search results were calls for a boycott of Captain Marvel, and angry rants about Larson’s involvement in the Marvel Cinematic Universe. With one small change, YouTube made all of that disappear.
This week, YouTube recategorized “Brie Larson” as a news-worthy search term. That does one very important job: it makes the search algorithm surface videos from authoritative sources on a subject. Instead of videos from individual creators, YouTube responds with videos from Entertainment Tonight, ABC, CBS, CNN, and other news outlets first.
… The noticeable shift in responses speaks to an even bigger conversation about YouTube’s search algorithm: if this is a way to prioritize higher-quality videos when people are searching for a topic, could this be used for non-news topics, too?
Some creators see it as a problem if YouTube favors videos from approved news outlets instead of individuals. On Twitter, some critics and creators called it censorship from YouTube, while others commended the site for taking some kind of action. YouTube has millions of creators on the platform who are fighting to get their videos seen; if traditional news outlets are shown favoritism, it’s a cultural shift that will see immense backlash from a large portion of the creator community.

Apparently lots of US companies have created the notice wall, but are gathering user “agreements” before local versions of GDPR (like California’s) come into effect.
Cookie walls don’t comply with GDPR, says Dutch DPA
Cookie walls that demand a website visitor agrees to their internet browsing being tracked for ad-targeting as the “price” of entry to the site are not compliant with European data protection law, the Dutch data protection agency clarified yesterday.
… So, in other words, a “data for access” cookie wall isn’t going to cut it. (Or, as the DPA puts it: “Permission is not ‘free’ if someone has no real or free choice. Or if the person cannot refuse giving permission without adverse consequences.”)

Anything to avoid the expense of compliance? Wait till you see what non-compliance costs.
From Paper Compliance to Operational Compliance
… With the European Union’s sweeping GDPR regulation having gone into effect last year, additional countries and jurisdictions have taken it upon themselves to create similar legislation that enhances individual privacy rights and holds companies accountable for ensuring that appropriate safeguards are in place to protect data.
… Much of the discussion around the California Consumer Privacy Act (“CCPA”) has centered around whether the law is set to become the “GDPR of the United States.” While GDPR is a more robust, complex data privacy regulation and framework, the CCPA is nevertheless sweeping in scope and impact, and the two acts are underpinned by many of the same data privacy principles. And while comparisons between the two acts have been frequent, not enough has been said about the concrete steps that organizations, specifically those in the financial services space, should be taking to get their processes, people and technology ready for CCPA compliance. These heavily-regulated organizations should be weary (sic) to view the CCPA as simply another law to comply with. In order to avoid scrutiny by the regulators and heavy fines along with potential reputational harm, they will need to shift their approach to data privacy.

The Ohio Data Protection Act and the Quiet Revolution
Since the 2018 U.S. state legislative sessions began, at least 12 states have brought into force updated or entirely new cybersecurity legislation.
… As a major privacy trend, several states are introducing data protection legislation in their respective 2019 legislative sessions, and some of these bills incorporate elements of other states’ data protection statutes. This “cross politization” of data protection and the sheer number of bills currently moving through state legislatures, along with 2018’s new legislation, collectively represent a quiet revolution in data protection practice in the U.S.; in doing so, it also represents a uniquely American approach to solving a societal problem.
Looking at Ohio, early in August of 2018, then-governor John Kasich signed into law the Ohio Data Protection Act.1 The law represented a novel approach to data protection:2 it provides an “affirmative defense” to a “covered entity” against tort claims brought against that entity as a result of a breach of personal information if the entity’s cyber security program conforms to industry recognized cybersecurity frameworks or federal regulations cited in the Act.

An un-civil suit?
Craig A. Newman of Patterson Belknap writes:
When we hear about discovery abuses in litigation, we often think of overzealous lawyers using obstructionist tactics. Such behavior, however, rarely involves litigants hacking into the email of an adversary or accessing privileged attorney-client communications that disclose litigation strategies.
But in a unanimous ruling last week, a New York state appeals court found that a litigant’s “improper and willful” misconduct – which included “improperly accessing approximately 12,000 of defendant’s privileged attorney/client communications … [and] deleting relevant documents” – justified the dismissal of an assault and battery lawsuit.
Read more on Data Security Law Blog.

Perspective. Because my students will want to talk about this.
Elizabeth Warren Wants To Break Up Amazon, Google And Facebook; But Does Her Plan Make Any Sense?
This isn't necessarily a big surprise, given that she's suggested this many times over the past few years, but 2020 Presidential candidate Elizabeth Warren has just laid out her plan for breaking up Amazon, Google and Facebook. It's certainly worth reading to understand where she's coming from, and some of the arguments are worth thinking about – but much of it does feel like just grandstanding populism in front of the general "anti-big tech" stance, without enough substance behind it.
Twenty-five years ago, Facebook, Google, and Amazon didn’t exist. Now they are among the most valuable and well-known companies in the world. It’s a great story — but also one that highlights why the government must break up monopolies and promote competitive markets.
I find this a very odd way to open this proposal. I don't see how the first sentence supports the second. Indeed, the first sentence would seem to contradict the second. Twenty-five years ago those companies didn't exist, and if you asked people what tech companies would take over the world, you'd get very different answers. Technology is an incredibly dynamic and rapidly changing world, in which big incumbents are regularly and frequently disrupted and disappear. One of my favorite articles to point people to was a 2007 article warning of the power of a giant monopolistic social network that would never be taken down by competition. That social network? MySpace. The article briefly mentions Facebook, but only to note that it "will always be on MySpace's periphery."

Interesting backgrounder.
What’s Driving the Demand for Data Scientists?
Data analytics is becoming mission-critical to more and more businesses. One of the biggest challenges they face: recruiting data scientists.
“There are very few data scientists out there passing out their resumes,” LinkedIn co-founder Allen Blue said. “Data scientists are almost all already employed, because they’re so much in deman
… Sethi added that he’s noticed many more organizations similarly looking into how to reskill their mid-career people. He observed, “I’ve got to believe that over the next few years, data analytics is going to be [extremely] prevalent. It’s like digital: everyone’s going to need to have a base level understanding of it.”

Self-driving fighter jets?
Here's what you should know about the Air Force's new robot wingman
There's a lot of buzz about the first flight of an unmanned U.S. Air Force drone, designed to accompany manned combat aircraft into battle, that many believe will herald a new age of aerial warfare.
… with its twin tail, curved fuselage and a jet engine that propels it to near-supersonic speed, the XQ-58A looks like a smaller F-35 stealth fighter.
… contract called for a drone with a top speed of Mach 0.9 (691 miles per hour), a 1,500-mile combat radius carrying a 500-pound payload, the capability to carry two GBU-39 small diameter bombs, and costing $2 million apiece when in mass production (an F-35 costs around $100 million).
This sounds like a description not of the clumsy drones we have today, but a real Unmanned Combat Air Vehicle, or UCAV. Put another way, this is a true robot warplane.

Friday, March 08, 2019

Should make an interesting discussion case.
Joseph Lazzarotti of Jackson Lewis writes:
According to reports, bank customers in Australia (yes, data breach notification requirements exist down under) have been affected by “an industry-wide” data breach experienced by a third-party service provider to the banks – property valuation firm, LandMark White. As expected, the banks are investigating and in some cases notifying customers about the incident. However, there are reports that some of the affected banks are suspending this vendor from the group of valuation firms they use. This is not an unusual reaction by organizations whose third party service providers have or are believed to have caused a data breach affecting the organization’s customers, patients, students, employees, etc. But, it is worth thinking about whether that is the best course of action.
Read more on JDSupra.

GDPA inspired? More specific Privacy requirements, now more specific Security requirements.
Mike Nonaka, Libbie Canter, David Stein and Sam Adriance of Covington & Burling write:
On March 5, 2019 the Federal Trade Commission (“FTC”) published requests for comment on proposed amendments to two key rules under the Gramm-Leach-Bliley Act (“GLBA”). Most significantly, the FTC is proposing to add more detailed requirements to the Safeguards Rule, which governs the information security programs financial institutions must implement to protect customer data.
In addition, the FTC is proposing to expand the definition of “financial institution” under the Safeguards Rule and the Privacy Rule to include “finders.” Finally, the FTC is proposing to amend the Privacy Rule to make technical and conforming changes resulting from legislative amendments to GLBA in the Dodd-Frank Act and FAST Act of 2015.
Read more on Inside Privacy.
[From the article:
Some of the specific proposed changes include:
  • Revising the requirement to designate an “employee or employees to coordinate [the] information security program” to require designation of a single individual, referred to as a Chief Information Security Officer (“CISO”), as responsible for overseeing and implementing the program;
  • Requiring financial institutions to implement access controls on information systems, as well as restrict access to physical locations containing customer information only to authorized individuals;
  • Requiring customer information to be encrypted, both in transit and at rest;
  • Requiring information systems to include audit trails designed to detect and respond to security events;
  • Requiring financial institutions to develop procedures for the secure disposal of customer information in any format that is no longer necessary for their business operations or other legitimate business purposes;
  • Requiring financial institutions to implement policies and procedures “to monitor the activity of authorized users and detect unauthorized access or use of, or tampering with, customer information by such users;”

A perspective on propaganda.
Beyond Hybrid War: How China Exploits Social Media to Sway American Opinion
… our research demonstrates that social media influence campaigns are not a one-size-fits-all technique. We studied Chinese state-run social media influence operations and concluded that the Chinese state utilized techniques different from the Russian state. These differences in technique are driven by dissimilar foreign policy and strategic goals.
… We believe that the Chinese state has employed a plethora of state-run media to exploit the openness of American democratic society in an effort to insert an intentionally distorted and biased narrative portraying a utopian view of the Chinese government and party.
… According to the French researchers, nation-state information manipulation includes three criteria:
  1. A coordinated campaign
  2. The diffusion of false information or information that is consciously distorted
  3. The political intention to cause harm

Nearly one-in-five Americans now listen to audiobooks
“Americans are spreading their book consumption across several formats, and the use of audiobooks is rising. About three-quarters (74%) of Americans have read a book in the past 12 months in any format, a figure that has remained largely unchanged since 2012, according to a Pew Research Center survey conducted in January. Print books remain the most popular format for reading, with 67% of Americans having read a print book in the past year. And while shares of print and e-book readers are similar to those from a survey conducted in 2016, there has been a modest but statistically significant increase in the share of Americans who read audiobooks, from 14% to 18%. Overall, Americans read an average (mean) of 12 books per year, while the typical (median) American has read four books in the past 12 months. Each of these figures is largely unchanged since 2011, when the Center first began conducting the surveys of Americans’ book reading habits…”

Sound trivial?
How Frito-Lay Applies Machine Learning
… “One of my first projects at the company involved building systems that could sense the texture of chips without destroying them,” said Mirza. For this project, he was capturing acoustic data and manually processing it.
“It's a system that hits the chip with lasers, listens to the sound coming off them, and then uses that data to correlate the sound into texture,” Mirza said. This system could provide an automated quality check for the company’s chip processing systems.
… Mirza said this project, which is still in process, is estimated to save the company over a million dollars a year based on its ability to optimize the potato peeling process in the U.S. alone. With a global deployment, additional savings are expected.

Just because we use it…
Turnitin to Be Acquired by Advance Publications for $1.75B
… Founded in 1998 by four university students, iParadigms, Turnitin’s previous parent company, launched with a vision to offer tools across different industries, from law to education and technology. Over the years, it saw the most success in education and the company shifted to focus specifically on that market.

An idea I missed.
Agri-tech startup Hello Tractor to expand across Nigeria, Kenya
Hello Tractor connects tractor owners to farmers through an Internet of Things (IoT)-enabled digital solution that bridges the gap between manual and mechanised farming.
The startup, which last year entered into a partnership with IBM Research to pilot a new tool for farmers, enables farmers to request affordable tractor services, while providing enhanced security to tractor owners through remote asset tracking and virtual monitoring.

Thursday, March 07, 2019

Should be amusing. Will the government reveal specifics or rely on the “it could happen” argument?
Huawei Takes US to Court over Ban, Cyberespionage Accusations
… Huawei decided to take the US government to court not only because of the restriction of business in the US, but also the accusations that it poses a threat to national security and the call for other countries to ban its 5G technology, the telecom said on Thursday, according to The Guardian.
The lawsuit, filed in federal court in Texas, hinges on a legislative act that prohibits as unconstitutional the act of depriving a group of a trial and declaring the party guilty.
… “The US Congress has repeatedly failed to produce any evidence to support its restrictions on Huawei products. We are compelled to take this legal action as a proper and last resort.”

A clear area where AI could improve security? All it would need to do is identify employees who have no connection to patient treatment. (Not as easy as it sounds.)
Dana Kozlov reports:
Dozens of workers at Northwestern Hospital may have been fired for improperly reviewing the medical records of Jussie Smollett, who was treated at the emergency room after he claimed he had been attacked by two men.
Sources say those workers have been terminated after gaining access to the “Empire” actor’s medical chart. Smollett has since been charged with staging the whole incident.
Read more on CBS.

Part of this strategy seems to be a recognition that GDPR like laws will proliferate.
Mark Zuckerberg says his vision to divide Facebook's products in 2 could put its $56 billion business model at risk
… Facebook has been signalling a pivot to privacy for months, but on Wednesday, CEO Mark Zuckerberg slammed the reset button in a thoughtful blueprint for the future.
In essence, Zuckerberg sets out a plan to split the Facebook product in two. To use his analogies, he wants to create:
  • A town square, where people can talk to many people at once. Think the Facebook Newsfeed, groups, Instagram posts, and Stories.
  • And a living room— a closed-off space where people can interact privately, using messaging with end-to-end encryption. Think WhatsApp, Messenger, and Instagram DMs.
… But it will come at a cost. End-to-end encryption — along with other plans to give people more control over their data such as a clear history tool and disappearing posts — will make it harder for Facebook to gather the user information on which its business model relies. The company made $55.8 billion in revenue in 2018, the bulk of which came from advertising.

(Related) Another reason to change?
U.S. users are leaving Facebook by the millions, Edison Research says
All the bad press about Facebook might be catching up to the company. New numbers from Edison Research show an an estimated 15 million fewer users in the United States compared to 2017. The biggest drop is in the very desirable 12- to 34-year-old group. Marketplace Tech got a first look at Edison's latest social media research. It revealed almost 80 percent of people in the U.S. are posting, tweeting or snapping, but fewer are going to Facebook.

Mark Zuckerberg Tried Hard To Get Facebook Into China. Now The Company May Be Backing Away
As we build our infrastructure around the world, we've chosen not to build data centers in countries that have a track record of violating human rights like privacy or freedom of expression,” Zuckerberg wrote on Wednesday.

AI impersonating a restaurant customer? What could possibly go wrong?
Google brings its Duplex AI restaurant booking assistant to 43 states
No moment wowed the audience at last year’s I/O more than Duplex. The demo of the artificial intelligence restaurant and appointment booking program left many in the audience wondering whether Google had just pulled a fast one over on them.
Turns out, it’s real.
Starting this week, Pixel 3 owners in 43 U.S. states will be able to use the Duplex technology to book appointments. The tech should work with any restaurants ... that accept reservations but do not have an online system to complete the booking.
In the coming weeks, the service will be rolled out to users on other Android and iOS devices, as the company continues to tweak the program based on user feedback.

The future? Hacking a fake license will become as easy as it was back when I was an 18, 21 and 24 year old in high school.
Google is working on securely storing Digital Driver's Licenses in Android
Carrying a wallet has become less of a necessity for me since I started using Google Pay to manage my credit cards, but there’s still no way I can travel anywhere without my driver’s license. I know a few people who use wallet cases to hold what few cards they must carry on their person, but I’m waiting for the day when I can legally drive to Walmart with just my phone on me. A digital driver’s license offers multiple advantages over the traditional ID card. You can’t lose it, you can update it remotely so you don’t have to stand in line at the DMV, you can wipe it remotely if your phone gets stolen, you’re less likely to get your identity stolen since you don’t need to carry a wallet with easily accessible information, you’re less likely to leave your phone at home, and you’ll have an easier time bringing it up on request. Authorities across the U.S. are slowly recognizing the benefits of a mobile driver’s license, which is why we’re hearing more U.S. states test their adoption each year.
… digital security company Gemalto is partnering with Colorado, Idaho, Maryland, Washington D.C., and Wyoming to run pilot programs before rolling out their digital driver’s license solution. At the same time, the American Association of Motor Vehicle Administrators is working to standardize this new form of electronic identification.

Should interest our programming students.
Microsoft open-sources its Windows calculator on GitHub
Microsoft is making the source code for its Windows calculator available on GitHub today. The software maker wants to “build an even better user experience in partnership with the community.” Opening up the calculator means anyone can contribute code to improve the app
… The source code is now available on GitHub and it includes the build system, unit tests, and even the product road map for the calculator feature in Windows.

Wednesday, March 06, 2019

My students can not understand why I don’t own a smartphone. This may be part of the reason: Without one, I don’t exist.
Phone numbers are the new Social Security numbers
Axios: “Cellphone numbers have become a primary way for tech companies like Facebook to uniquely identify users and secure accounts, in some ways becoming a proxy for a national ID.
Why it matters: That over-reliance on cellphone numbers ironically makes them a less effective and secure authentication method. And the more valuable the phone number becomes as an identifier, the less willing people will be to share it for communication.
Driving the news: Facebook faced criticism this week for its handling of phone numbers that users provide for the purpose of two-factor authentication (2FA) — in which a person’s login is protected by both a password and a device like their smartphone.
The big picture: American culture and law are hostile to establishing any sort of national ID, leaving businesses and organizations to find substitute… Many Americans try to avoid broadcasting SSNs online. But now people have to share them with so many institutions and clerks that there’s very little that’s truly secret about them…”

For my Computer Forensics and Ethical Hacking students. Just a couple small tweaks and this becomes quite useful!
NSA Makes Reverse Engineering Tool Freely Available
Initially announced in January, the release was accompanied by a demonstration of the tool at the RSA Conference 2019, which is taking place this week in San Francisco.
Ghidra, the NSA explains, is a software reverse engineering (SRE) suite of tools developed by the agency’s Research Directorate to analyze malicious code and malware, as well as to provide cyber-security researchers with information on potential vulnerabilities in their networks and systems.
The framework packs various software analysis tools compatible with multiple platforms, including Windows, macOS, and Linux, and provides capabilities such as disassembly, assembly, decompilation, graphing and scripting, and more.

Redefining ‘Jurisdiction’ for the Internet Age?
BREAKING: United States Supports Germany’s International Arrest Warrant for Accused Syrian War Criminal
On Tuesday, the United States government issued a statement supporting Germany’s request to Lebanon to extradite a high-ranking Syrian official accused of war crimes and crimes against humanity. Former officials from the Obama and Trump administrations spoke to me about the significance of this development.
By taking this step, the United States placed itself on the record in support of Germany’s exercise of a form of “universal jurisdiction,” a move that marks a significant development in U.S. legal practice. Under section 1 of the 2002 Code of Crimes Against International Law, German courts are allowed to exercise criminal jurisdiction over an accused person who has committed war crimes, crimes against humanity, or genocide—regardless of where the crimes were committed, regardless of whether the accused has any connection to Germany, and regardless of the nationality of the victims at the time the crimes were committed.

I found an amusing new term!
Amy Webb’s ‘The Big Nine’ predicts the impact of AI and tech giants over the next 50 years
… “We stop assuming that the G-MAFIA (Google, Microsoft, Apple, Facebook, IBM, and Amazon) can serve its DC and Wall Street masters equally and that the free markets and our entrepreneurial spirit will produce the best possible outcomes for AI and humanity,” author Amy Webb writes.

Minutes keep getting busier.
2019: This Is What Happens In An Internet Minute

For my Excel toolkit.

I do like lists, but “most widely available” is not the same as “best.”
OCLC publishes list of top 100 novels
OCLC, a leading library technology and research organization, has published The Library 100: Top Novels of All Time, a list of the novels most widely available in libraries today. The list is based on data in WorldCat, the world’s most comprehensive database of information about library collections. Produced and maintained by OCLC and individual member libraries and library organizations, WorldCat reflects the collections of more than 18,000 libraries worldwide. It includes information about more than 2.7 billion copies of more than 447 million titles. This aggregate worldwide library collection is likely the best view of the global scholarly and published record.
  • The full list, and more information about The Library 100 can be found at
  • …”Of course, the list of top novels emphasizes classics,” Prichard continued, “and so reflects dominant cultural views over the years about the canon and its formation. Librarians are aware of this and are more mindful than ever of the need to think critically about their collections. Librarians are actively seeking out and preserving overlooked, minority and marginalized perspectives.” (Read Prichard’s blog post at…

Tuesday, March 05, 2019

I’m guessing they won’t need to do this in the US. We’re much more ambiguity tolerant.
Google to ban political ads ahead of federal election, citing new transparency rules
Google is banning political advertising on its platforms ahead of the Canadian federal election because of new ad transparency rules it says would be too challenging to comply with.
The decision comes in response to the Liberals’ signature election measure, Bill C-76, which passed in December. Among other things, it requires online platforms to keep a registry of all political and partisan ads they directly or indirectly publish.
… Aside from the ad registry requirement, Google also expressed concerns about how it would detect ads of a partisan nature, which may not specifically mention a candidate or party by name. “The challenge for us is that that definition is extremely broad,” Mr. McKay said.

If true, why is it being announced by an aide? No one wants to take credit?
Disputed N.S.A. Phone Program Is Shut Down, Aide Says
The National Security Agency has quietly shut down a system that analyzes logs of Americans’ domestic calls and texts, according to a senior Republican congressional aide, halting a program that has touched off disputes about privacy and the rule of law since the Sept. 11 attacks.
The agency has not used the system in months, and the Trump administration might not ask Congress to renew its legal authority, which is set to expire at the end of the year, according to the aide, Luke Murry, the House minority leader’s national security adviser.

Perhaps individual opinions are not universal?
EU ‘Terrorist Content’ Proposal Sets Dire Example for Free Speech Online
… Last year, the German parliament enacted the NetzDG law, requiring large social media sites to remove posts that violate certain provisions of the German code, including broad prohibitions on “defamation of religion,” “hate speech,” and “insult.” The removal obligation is triggered not by a court order, but by complaints from users.
… While NetzDG required companies to create mechanisms to lodge complaints about posts, it failed to include parallel requirements for challenging removals. Within hours after it went into effect, warnings that the law would sweep too broadly were vindicated: Twitter deleted tweets from a far-right politician, as well as those of a satirical magazine that made fun of her.

These Cameras Can Spot Shoplifters Even Before They Steal
… While AI is usually envisioned as a smart personal assistant or self-driving car, it turns out the technology is pretty good at spotting nefarious behavior. Like a scene out of the movie “Minority Report,” algorithms analyze security-camera footage and alert staff about potential thieves via a smartphone app. The goal is prevention; if the target is approached and asked if they need help, there’s a good chance the theft never happens.

More on surveillance.
Chad Marlow of the ACLU has an article that I would encourage parents of school-age children to read.  And if you don’t have school-age kids, but just generally give a damn about letting little kids grow up to become adults instead of getting gunned down at school, read it anyway. Here’s just one snippet:
there is no demonstrated link between increasing student surveillance and decreasing gun violence on campus.
To the contrary, student surveillance — and indeed surveillance in general — has been shown to have no deterrent effect on violent crime. And one should not fall into the false forward-versus-backward analysis trap: Even if, after-the-fact, many school shooters are found to have posted threatening statements online, that doesn’t mean most, or even a significant number of students who post threatening statements are likely to become school shooters.
Do you know what the Dickey and Tiahrt Amendments are and how they are preventing us from getting meaningful research on stemming gun violence in schools? No? A lot of us didn’t/don’t know. But it’s time we all became more educated and insistent on really addressing the problem of gun violence at schools properly and effectively.
I grew up in the generation where we had atomic bomb drills in school. Today’s kids are growing up with active shooter drills. In one way, I think things are worse now because today’s kids are worrying about a fellow student or former student who comes in, looks them in the eye, and tries to take their life. Not someone remotely pushing a button that drops a bomb on the whole building or town, but someone you may know having the intent and means to kill you or your little brother down the hall….
What are we doing to children?
Read the ACLU’s post and stop drinking the Kool-Aid that the NRA hands out with one hand while providing campaign financing with the other hand.

A noble goal, but I don’t see a clear answer here.
How to Build Artificial Intelligence That Everyone Can Trust
Experts from IBM Watson and Kellogg discuss how to remove bias and increase transparency in machine-learning algorithms.

For my next Disaster Recovery lecture.
For Fukushima's nuclear disaster, robots may be the only hope

Perspective. Find something India wants, set sales records.
Spotify adds 1 million unique listeners in India in less than a week
Spotify Technology SA, the world’s most popular paid music streaming service, said it racked up more than 1 million unique users in India across its free and premium tiers since launching less than a week ago.
Spotify launched in India on Tuesday, stepping into a price-sensitive market crowded by well-funded players such as Reliance Industries’ JioSaavn and Apple’s Apple Music.
The Swedish company is offering a free version that will run with ads, alongside a premium ad-free variant that will charge users 119 Indian rupees ($1.68) per month.

Worth a try?
Shaking the Chrome habit is getting easier – try Brave
The Verge – Vlad Savov: “Readers of this august website may recall that a year ago, I lauded Firefox and its progress toward becoming a genuine alternative to Google’s dominant Chrome browser. As much as I liked where Firefox was going, however, I couldn’t stick with it over the long term. It wasn’t compatible with everything the way Chrome was, its extensions were different, and, for my way of using a browser, it was slower and less responsive. So I returned to Chrome after a few weeks of Firefox, but the urge to decouple my browsing habits from Google remained.

Dive deep!
Free Reading Spree to Kick Off Spring
We’re gearing up to release our Spring 2019 issue, which features an exciting lineup of big ideas from key management thinkers. To celebrate its publication in advance, we’re dropping our paywall on March 5 and 6 so that all of our content will be freely available to visitors online.

Monday, March 04, 2019

If you don’t want to unleash the nukes, what’s the next best thing?
Fossbytes reports:
A recent report by Hindustan Times stated that hackers from Pakistan attacked over 90 websites of the Indian Government. The recent escalations in tensions between the neighbors led to a surge in attacks in cyberspace, targeting key infrastructures.
The death of 40 CRPF personnel in a recent terror strike by Pakistan-based Jaish-e-Mohammad led to India retaliating with airstrikes on terrorist launch pads in Balakot, Pakistan. The attack is said to have wiped out a few hundred terrorists including leader Masood Azhar’s brother in law, Yousuf Azhar.
Read more on Fossbytes.
[From the article:
As reported on the 18th of Feb, Indian hacktivists had retaliated in cyberspace by hacking over 200 websites of the Pakistan Government, some of which are still not accessible from outside Pakistan.

The constant competition of capitalist China.
1 in 5 corporations say China has stolen their IP within the last year
  • Theft of intellectual property by Chinese companies is a major point of contention between the Trump administration and Chinese government.
  • Just under one-third of CFOs of North America-based companies on the CNBC Global CFO Council say Chinese firms have stolen from them at some point during the past decade.
  • U.S. trade policy remains a negative for businesses around the world, but right now European CFOs are expressing the biggest concerns about trade policy as an external risk factor…”

Security backgrounder.
IBM X-Force Intelligence Threat Index 2019
“As the cyber threat landscape evolves, what we saw in 2018 is organisations across all industries are facing unmanageable levels of cyber threats brought on by the changing threat landscape, the risk of exposure and an ever-growing attack surface. The IBM X-Force Research team is a crack team of security professionals who run thousands of spam traps around the world and monitor tens of millions of spam and phishing attacks daily while analysing billions of web pages and images to detect fraudulent activity and brand abuse. In the fight to stay one step ahead, this week we released the IBM X-Force Intelligence Threat Index 2019. The report contains notable security events in 2018 and looks ahead with a pre-emptive approach. It also shares insights and observations from data analysed via hundreds of millions of protected endpoints and servers across over 100 countries…
Some of the key findings in the report include: Ransomware & Malware are out & cryptojacking is in…”

Cisco Publishes Annual CISO Benchmark Study
Cisco's 2019 Chief Information Security Officer (CISO) Benchmark Study has one great strength. It queried more than 3,200 senior leaders with a CISO role (if not title) from 18 different countries.
The report (PDF) states, "ML, AI and more automation should be able to boost security efforts exponentially – and next year we need to see more respondents in the 'completely reliant' phase of implementation and practice."

Another perspective on AI.
New on LLRX – Nothing Artificial About It: How Law Firms (Really) Use AI in Practice
Via LLRXNothing Artificial About It: How Law Firms (Really) Use AI in Practice – Ed Walters, CEO of Fastcase, talks about how the new age of law firm innovation is changing legal services by moving from anecdotal to data-driven insights and thus providing better-informed guidance for clients. Walters also identifies the value of analytics to manage and mitigate risk, which he points out is almost always more cost effective than litigating the effects after the fact. Most importantly, Walters highlights not only how law firms are using AI, but that they are also building their own tools to deliver new types of services as well.

My AI reading list.
What Is The Best Book On Artificial Intelligence (AI)?
… honestly, it was just too difficult to narrow down my favorites to one book!
Instead, I offer you my top five.
The Fourth Age: Smart Robots, Conscious Computers, and the Future of Humanity
Life 3.0: Being Human in the Age of Artificial Intelligence
Homo Deus: A Brief History of Tomorrow By Yuval Noah Harari
AI Superpowers: China, Silicon Valley And The New World Order
Human + Machine: Reimagining Work in the Age of AI

Not exactly household names… How did GDPR change their practices?
Here are the data brokers quietly buying and selling your personal information
FastCompany: “It’s no secret that your personal data is routinely bought and sold by dozens, possibly hundreds, of companies. What’s less known is who those companies are, and what exactly they do. Thanks to a new Vermont law requiring companies that buy and sell third-party personal data to register with the Secretary of State, we’ve been able to assemble a list of 121 data brokers operating in the U.S. It’s a rare, rough glimpse into a bustling economy that operates largely in the shadows, and often with few rules. Even Vermont’s first-of-its-kind law, which went into effect last month, doesn’t require data brokers to disclose who’s in their databases, what data they collect, or who buys it. Nor does it require brokers to give consumers access to their own data or opt out of data collection. Brokers are, however required to provide some information about their opt-out systems under the law–assuming they provide one. If you do want to keep your data out of the hands of these companies, you’ll often have to contact them one by one through whatever opt-out systems they provide… Those include big names in people search, like Spokeo, ZoomInfo, White Pages, PeopleSmart, Intelius, and PeopleFinders; credit reporting, like Equifax, Experian, and TransUnion; and advertising and marketing, like Acxiom, Oracle, LexisNexis, Innovis, and KBM…”

Well, this didn’t take long. Apparently someone listened to his announcement.
How John Hickenlooper Could Win The 2020 Democratic Nomination

Sunday, March 03, 2019

The Privacy Foundation ( has stirred up some real interest or at least some concerns with our April 19th (changed from the 26th) seminar on “Current California Privacy Legislation” We’re even getting articles submitted that discuss (attempt to explain?) the law. Here are a few:

A quick comparison of California and GDPR
Your readiness roadmap for the California Consumer Privacy Act (CCPA)

(Registration required)
A Practical Guide to CCPA Readiness: Implementing Calif.’s New Privacy Law (Part 1)

CCPA is an unfamiliar type of law for the United States due, in large part, to its broad scope. It establishes a new privacy framework for businesses that fall within its jurisdiction.

… the most far-reaching privacy law in the United States.

A comparison PDF

A comparison chart (PDF)

Should Facebook ignore legislation it thinks will have a negative impact on the company? We’re talking degree here, not direction.
Revealed: Facebook’s global lobbying against data privacy laws
Facebook has targeted politicians around the world – including the former UK chancellor, George Osborne – promising investments and incentives while seeking to pressure them into lobbying on Facebook’s behalf against data privacy legislation, an explosive new leak of internal Facebook documents has revealed.
The documents, which have been seen by the Observer and Computer Weekly, reveal a secretive global lobbying operation targeting hundreds of legislators and regulators in an attempt to procure influence across the world, including in the UK, US, Canada, India, Vietnam, Argentina, Brazil, Malaysia and all 28 states of the EU. The documents include details of how Facebook:
• Lobbied politicians across Europe in a strategic operation to head off “overly restrictive” GDPR legislation. They include extraordinary claims that the Irish prime minister said his country could exercise significant influence as president of the EU, promoting Facebook’s interests even though technically it was supposed to remain neutral.
• Used chief operating officer Sheryl Sandberg’s feminist memoir Lean In to “bond” with female European commissioners it viewed as hostile.
• Threatened to withhold investment from countries unless they supported or passed Facebook-friendly laws.

Perspective. Could these be profitable? Implications for self-driving cars?
Shared scooters don't last long
I took a look at data on scooter rides in Louisville, Kentucky, shared online as part of the city’s open data policy. The latest data is available here. The data set I used was older and included monthly data on scooter trips from August through December. It also included a unique “ID” for each scooter, a detail that was key to my analysis and has been stripped out of subsequent data sets published by Louisville. The data doesn’t differentiate between Bird and Lime, but as Bird started operations in August 2018 and Lime that November, you can assume it skews toward Bird.
With that preamble, here are some things I found:
  • The average lifespan of a scooter in Louisville from August to December was 28 days
  • Median lifespan was 23 days
  • If you stripped out scooter IDs that first appeared in December, to focus on older vehicles, the average lifespan increased slightly to 32 days and the median lifespan to 28 days
  • Still stripping out scooter IDs that started in December, the median scooter took 70 trips over 85 miles