Saturday, March 30, 2019

Ignorance (real or fake) is not bliss.
A Month After 2 Million Customer Cards Sold Online, Buca di Beppo Parent Admits Breach
On Feb. 21, 2019, KrebsOnSecurity contacted Italian restaurant chain Buca di Beppo after discovering strong evidence that two million credit and debit card numbers belonging to the company’s customers were being sold in the cybercrime underground. Today, Buca’s parent firm announced it had remediated a 10-month breach of its payment systems at dozens of restaurants, including some locations of its other brands such as Earl of Sandwich and Planet Hollywood.
In a statement posted to its Web site today, Orlando, Fla. based hospitality firm Earl Enterprises said a data breach involving malware installed on its point-of-sale systems allowed cyber thieves to steal card details from customers between May 23, 2018 and March 18, 2019.
Earl Enterprises did not respond to requests for specifics about how many customers total may have been impacted by the 10-month breach. The company’s statement directs concerned customers to an online tool that allows one to look up breached locations by city and state.




Coming soon, to a country near me.
In Ukraine, Russia Tests a New Facebook Tactic in Election Tampering
… Unlike the 2016 interference in the United States, which centered on fake Facebook pages created by Russians in faraway St. Petersburg, the operation in Ukraine this year had a clever twist. It tried to circumvent Facebook’s new safeguards by paying Ukrainian citizens to give a Russian agent access to their personal pages.
In a video confession published by the S.B.U., Ukraine’s domestic intelligence service, a man it identified as the Russian agent said that he resided in Kiev, Ukraine’s capital, and that his Russian handlers had ordered him “to find people in Ukraine on Facebook who wanted to sell their accounts or temporarily rent them out.”


(Related) All US elections are like that, we just don’t get the joke until after the election.
Eager for change, these Ukrainian voters back a comedian for president. Seriously
… Instead of traditional campaigning, Zelensky, an entertainer by trade, has been crisscrossing Ukraine with his variety show, “Kvartal 95.” Zelensky’s act doesn’t directly appeal for votes, but it mocks today’s politicians and hints at a candidate intent on doing things differently than the league of politicians who are the butt of most of his jokes.




Data capture for self-defense? A “selfie witness” for self-driving?
Tesla cars keep more data than you think, including this video of a crash that totaled a Model 3
If you crash your Tesla, when it goes to the junk yard, it could carry a bunch of your history with it.
That’s because the computers on Tesla vehicles keep everything that drivers have voluntarily stored on their cars, plus tons of other information generated by the vehicles including video, location and navigational data showing exactly what happened leading up to a crash, according to two security researchers.
… Many other cars download and store data from users, particularly information from paired cellphones, such as contact information. The practice is widespread enough that the US Federal Trade Commission has issued advisories to drivers warning them about pairing devices to rental cars, and urging them to learn how to wipe their cars’ systems clean before returning a rental or selling a car they owned.
But the researchers’ findings highlight how Tesla is full of contradictions on privacy and cybersecurity. On one hand, Tesla holds car-generated data closely, and has fought customers in court to refrain from giving up vehicle data. Owners must purchase $995 cables and download a software kit from Tesla to get limited information out of their cars via “event data recorders” there, should they need this for legal, insurance or other reasons.
At the same time, crashed Teslas that are sent to salvage can yield unencrypted and personally revealing data to anyone who takes possession of the car’s computer and knows how to extract it.




Over censoring?
Where to Draw the Line on Deplatforming
Facebook and YouTube were right to delete the video shot by the New Zealand shooter. Internet providers were wrong to try to do it, too.




“We just got these things to work (most of the time) and now you want to ban them?”
UK, US and Russia among those opposing killer robot ban
… Delegates have been meeting at the UN in Geneva all week to discuss potential restrictions under international law to so-called lethal autonomous weapons systems, which use artificial intelligence to help decide when and who to kill.
Most states taking part – and particularly those from the global south – support either a total ban or strict legal regulation governing their development and deployment, a position backed by the UN secretary general, António Guterres, who has described machines empowered to kill as “morally repugnant”.
But the UK is among a group of states – including Australia, Israel, Russia and the US – speaking forcefully against legal regulation. As discussions operate on a consensus basis, their objections are preventing any progress on regulation.




Fuel for our ongoing discussion of self-driving vehicles.
Daimler Trucks buys a majority stake in self-driving tech company Torc Robotics
Daimler Trucks just announced that it’s acquiring a majority stake in Torc Robotics, a deal that will see the two companies collaborating on the development of Level 4 self-driving trucks.
… Martin Daum, the member of Daimler’s board of management responsible for trucks and buses, had a statement praising the partnership as providing “the ideal combination between Torc’s expertise on agile software development [Any relation to successful self-driving software? Bob] and our experience in delivering reliable and safe truck hardware.”
… “With the ever rising demand for road transportation, not the least through e-commerce, there is a strong business case for self-driving trucks in the U.S. market and I believe the fastest path to commercialization for self-driving trucks is in partnership with Daimler Trucks, the OEM market leader,” said Torc CEO Michael Fleming in a statement.


Friday, March 29, 2019

Even a mini-blackout has an impact. You can’t even email your congressman or send a nasty Tweet!
First world problem? Fresno residents on day 17 of no internet after bus crash causes outage
Some neighbors near Fresno Street and Sierra Avenue in Northeast Fresno are on day 17 of no Wi-Fi, internet, phone service or cable.
"It is a first world problem I know, but it's just really inconvenient," Lori Meadors is a mom of three.
She says the outage is impacting her entire family, especially the kids.
"We had to take our kid to Starbucks to do homework, and our phone doesn't work," she said.
The lack of service is the result of a FAX bus crash that happened on March 10.
… "There is like four different stacks of wires, and there's a man working on it now," she said. "And he's able to restore one of the stacks, but the other three are completely and rewire it from scratch."




Only 90? Are there any points we can all agree on?
Without federal action on data privacy, states forge ahead on their own
With the odds of the federal government passing a data protection law dim, more state governments around the country are considering their own measures aimed at protecting their residents’ internet privacy. But such a decentralized push for internet users’ rights will result in a soup of regulations that vary from state to state, a data-privacy researcher told StateScoop.
… Little-Limbago said there are more than 90 separate pieces of legislation currently under discussion in statehouses that would either enhance existing breach-notification laws or implement new protections, with more likely on the way.




I’m pretty sure “awesome” is not the word I would use. I may use #4 to write my Final Exams in Shakespearean English. “Privacy is more than thou art.”
Artificial intelligence is already everywhere, and its influence is growing. It can be hard to get your head around exactly what AI does and how it can be deployed though, which is why we present to you these five fun online experiments—all you need is a web browser and a few minutes to see some of the party tricks AI is already capable of.

1) Semantris

What does it do? Recognizes words from your definitions

2) This Person Does Not Exist

What does it do? Creates artificial faces of people who don’t actually exist, using AI.

3) AutoDraw

What does it do? Turns your amateur scribbles into polished line drawings.

4) Cyborg Writer

What does it do? Carries on sentences using AI from your initial prompts.

5) Talk to Books

What does it do? Gives you a natural language response to a question.




Two of the top five searches (bottom of the summary report) are Russian. Note that I have not purchased a single “Bob for President” ad. So far.
Facebook launches searchable transparency library of all active ads
Now you can search Facebook for how much Trump has spent on ads in the past year, which Pages’ ads reference immigration or what a Page’s previous names were. It’s all part of Facebook’s new Ad Library launching today that makes good on its promise to increase transparency after the social network’s ads were used to try to influence the 2016 U.S. presidential elections.




Perspective. When did we start buying Apps? How much of the global economy did not exist 20 years ago?
Consumer spending in apps to reach $156B across iOS and Google Play by 2023
Consumer spending in mobile apps across both Apple’s App Store and Google Play will grow by 120 percent to reach $156 billion worldwide by 2023, according to a new report out today from app store intelligence firm, Sensor Tower. The forecast estimates that both stores will more than double their revenues during the next five years, with China, the U.S. and Japan leading the way on iOS and the U.S., South Korea and Japan leading on Google Play.




I call foul! The second robot is moving to catch the banana.
Google's banana throwing robot is highly accurate




It can’t hurt to mention this to my students. Maybe there is one for techies?
Legal Research Demystified: A Step-by-Step Approach
Voigt, Eric, Legal Research Demystified: A Step-by-Step Approach (Table of Contents and Chapter 5 on Research Plans) (March 18, 2019). Legal Research Demystified: A Step-by-Step Approach (Carolina Academic Press, 2019), ISBN 9781531007836. Available at SSRN: https://ssrn.com/abstract=3354594 -“Legal Research Demystified guides first-year law students through eight steps to research common law issues and ten steps to research statutory issues. It breaks down the research process into “bite-size” pieces for novice researchers, minimizing the frustration associated with learning new skills. Every chapter includes charts, diagrams, and screen captures to illustrate the research steps and finding tools. Each chapter concludes with a summary of key points that reinforces important concepts from the chapter. The process of legal research, of course, is not linear. This textbook constantly reminds students of the recursive nature of legal research, and it identifies specific situations when students may deviate from the research steps.
Legal Research Demystified differs from existing research textbooks in several aspects. This textbook (1) sets forth eight methods to identify and retrieve relevant secondary sources; (2) contains a chart identifying binding cases in almost every situation (e.g., state law issue in federal court); (3) discusses in detail how to find cases by topic on Lexis Advance; (4) sets forth six methods to find cases that interpret and apply relevant statutes; (5) includes an entire chapter on confirming the validity of relevant statutes, determining effective dates, and identifying the text of all amendments; (6) has a chapter devoted to reading relevant statutes critically; (7) explains in detail the differences between using citators for cases and statutes; and (8) has three chapters on finding persuasive authorities for common law and statutory issues.
This book’s companion website, Core Knowledge, provides professors with multiple assessment tools. Students can answer true-false and multiple-choice questions on Core Knowledge to test their understanding of every chapter. Students will receive immediate feedback. Additionally, students can complete interactive research exercises on Core Knowledge. These self-grading online exercises walk students through the research steps on Westlaw and Lexis Advance, giving professors the option to “flip” the classroom.”


Thursday, March 28, 2019


Finally, an intelligent question. Will they listen to the answer?
Senators demand to know why election vendors still sell voting machines with ‘known vulnerabilities’
TechCrunch: “Four senior senators have called on the largest U.S. voting machine makers to explain why they continue to sell devices with “known vulnerabilities,” ahead of upcoming critical elections. The letter, sent Wednesday, calls on election equipment makers ES&S, Dominion Voting and Hart InterCivic to explain why they continue to sell decades-old machines, which the senators say contain security flaws that could undermine the results of elections if exploited.
The integrity of our elections is directly tied to the machines we vote on,” said the letter sent by Sens. Amy Klobuchar (D-MN), Mark Warner (D-VA), Jack Reed (D-RI) and Gary Peters (D-MI), the most senior Democrats on the Rules, Intelligence, Armed Services and Homeland Security committees, respectively. “Despite shouldering such a massive responsibility, there has been a lack of meaningful innovation in the election vendor industry and our democracy is paying the price,” the letter adds. Their primary concern is that the three companies have more than 90 percent of the U.S. election equipment market share but their voting machines lack paper ballots or auditability, making it impossible to know if a vote was accurately counted in the event of a bug. Yet, these are the same devices tens of millions of voters will use in the upcoming 2020 presidential election…”




A not-uncommon result of phishing. How long could your company live with no email?
Colin Wood reports:
Oregon state government employees on Tuesday regained the ability to email people with certain email suffixes after a state employee fell victim to a phishing attack that briefly resulted in the state being blacklisted by email services offered by Microsoft.
According to an internal memo sent to agency directors by state Chief Information Officer Terrence Woods last week, state employees had lost the ability to send emails to Microsoft-operated email addresses, including those ending in outlook.com, msn.com, hotmail.com and live.com.
Read more on StateScoop




As a Security Manager, I’d be more concerned with why NO ONE NOTICED!
Kevin Collier reports:
A former National Security Agency contractor accused of the largest security breach in US intelligence history is expected to plead guilty on Thursday, his lawyer told CNN.
Harold “Hal” Martin, 54, had worked for 23 years as a contractor for companies that contracted with various intelligence agencies and maintained a government clearance throughout his career.
Prosecutors described him as a hoarder who took home a whopping 50 terabytes of files, including a number of classified ones he stored on drives in his home and car.
Read more on CNN.




Not the full-up embassy wealthier countries would have. I wonder if they were fully briefed on anything? Probably not.
AP reports:
Spain has issued at least two international arrest warrants for members of a self-proclaimed human rights group who allegedly led a mysterious raid at the North Korean Embassy in Madrid last month and offered the FBI stolen data from the break-in.
Read more on The Japan News.




Before you get to the gerrymandering, you need a population shift.
Exclusive - Fearful of fake news blitz, U.S. Census enlists help of tech giants
The U.S. Census Bureau has asked tech giants Google, Facebook and Twitter to help it fend off “fake news” campaigns it fears could disrupt the upcoming 2020 count, according to Census officials and multiple sources briefed on the matter.
… The census, they said, is a powerful target because it shapes U.S. election districts and the allocation of more than $800 billion a year in federal spending.




Towards an APP that will know everything about everyone with a face.
The Business of Your Face
While you weren't looking, tech companies helped themselves to your photos to power a facial recognition boom. Here's how.




Oh Ethics, where have you been?
Ethical question takes center stage at Silicon Valley summit on artificial intelligence
Technology executives were put on the spot at an artificial intelligence summit this week, each faced with a simple question growing out of increased public scrutiny of Silicon Valley: ‘When have you put ethics before your business interests?’
A Microsoft Corp executive pointed to how the company considered whether it ought to sell nascent facial recognition technology to certain customers, while a Google executive spoke about the company’s decision not to market a face ID service at all.
… Kent Walker, Google’s senior vice president for global affairs, said the internet giant debated whether to publish research on automated lip-reading. While beneficial to people with disabilities, it risked helping authoritarian governments surveil people, he said.
Ultimately, the company found the research was “more suited for person to person lip-reading than surveillance so on that basis decided to publish” the research, Walker said. The study was published last July.




Perspective. I told you AI had potential. Artificial Intelligence is better than Pretend Intelligence?
A quarter of Europeans want AI to replace politicians. That’s a terrible idea.
One in four Europeans want artificial intelligence — not politicians — to be making important decisions about how their country is run. In the UK and Germany, the proportion is even higher: one in three. In the Netherlands, fully 43 percent want AI to decide policy.
These striking findings come from a new survey conducted by the Center for the Governance of Change at IE University in Spain, which polled people in eight European countries. The questions explored how citizens feel about the way technology is transforming the world, from the workplace (40 percent think their company will disappear in a decade if it doesn’t make big changes) to the public square (68 percent fear that people will socialize more digitally than in person).




Interesting. Yesterday it was announced that Mr Pichai would meet with General Joseph Dunford, chairman of the Joint Chiefs of Staff, should this be considered a promotion or an escalation?
Sundar Pichai met with President Trump about Google’s ‘commitment to working with the US government’



Wednesday, March 27, 2019

The current threat environment.
Steve Ranger reports:
The volumes of malware in general and ransomware in particular have increased again for the third year running, and as well as pumping out more attacks, cyber crooks are also altering their techniques.
Global malware volume is up for the third straight year, with security company SonicWall recording 10.52 billion malware attacks in 2018 via a network of one million sensors the company has deployed in its customers networks.
[…]
The company said that hackers are shifting their approach, switching from scripts and executables to hiding malware in PDFs and Office files: SonicWall found new malware variants hidden in 47,073 PDFs and 50,817 Office files in 2018. It also said it found that 19.2 percent of all malware attacks came across non-standard ports in 2018, an 8.7 percent year-over-year increase, which are thus harder to identify and block. While the levels of ransomware hitting the US increased significantly, some countries saw a decline in attacks – the UK and India saw 59 and 49 percent reductions in ransomware volume, respectively.
Read more on ZDNet.




Keeping track…
Norsk Hydro May Have Lost $40M in First Week After Cyberattack
In an update shared on Tuesday, the company said it’s too soon to provide precise information on the financial impact resulting from the cyberattack, but a rough estimate puts losses at between 300-350 million Norwegian crowns ($35 - $41 million). A majority of that amount represents losses in the Extruded Solutions area, which has been hit the hardest.
Hydro has a solid cyber risk insurance policy with recognized insurers, with global insurer AIG as lead,” the company stated. [Will they pay? Bob]
On Tuesday, Hydro reported a production rate of 70-80% in Extruded Solutions, including Extrusion Europe, Extrusion North America and Precision Tubing. However, the Building Systems unit is almost completely shut down. On Friday, the Extruded Solutions unit had been running at roughly 50% of normal capacity.




Should we run and hide? What would China want?
Google’s AI Work in China Spurs CEO Sitdown With Pentagon Brass
When Google’s boss sits down with a top U.S. military official on Wednesday, the conversation will likely center on Google’s presence in China – particularly a lab that may be more trouble for the company than it’s worth.
Sundar Pichai, chief executive officer of Alphabet Inc.’s Google, will meet in Washington D.C. with General Joseph Dunford, chairman of the Joint Chiefs of Staff, according to a person familiar with the situation. The internet giant extended the invitation after criticism from Dunford about Google’s artificial intelligence work in China, which he said "indirectly benefits the Chinese military."
Dunford cited an AI lab that Google opened in Beijing in late 2017. Less than two years later, the small office is causing a massive headache for Google, sitting at the locus of a collision between the company’s global ambitions and the U.S. military’s mounting unease over China’s technical might.




Should be fun to implement. (Includes a version in Colorado)
Mitch Herckis reports:
A broad coalition of 14 organizations representing state contractors and issue advocacy groups released an open letter Monday opposing legislation that has cropped up in over 30 state legislatures that, if passed, would require government contractors to purchase and install monitoring software.
While varying somewhat from state-to-state, the bills typically require the software to take very specific actions, such as screenshots of all “state-funded activity at least once every three (3) minutes” and logging of “keystroke and mouse event frequency.” The legislation also demands contractors store that data for years to come.
Read more on NextGov.
[From the article:
The legislation is being pushed by TransparentBusiness, which describes itself on its website as a New York-based software company. The company says its software is “designed to help our clients increase freelancer productivity, protect client budgets from overbilling, allow coordination and monitoring of their workforce, and provide real-time information on the cost and status of all tasks and projects.”
On its website, the company has described its hiring of lobbyists to push the contractor monitoring bills, as well as offering “model legislation” that can be adopted.




Ethics: ready or not.
Chris Burt writes:
The Biometrics Institute has launched a set of Ethical Principles for Biometrics at its annual U.S. conference in Washington, D.C. to address the gaps left by lagging legislation and regulation.
Chief Executive Isabelle Moeller asked an audience of 70 stakeholders from the biometrics community “Just because we can, should we?”
[…]
The group identified seven principles to enable anyone working in the biometrics industry to demonstrate a commitment to addressing the ethical issues raised by new technology, and biometrics in particular. The seven principles are:
ethical behavior, meaning to avoid actions which harm people and the environment beyond legal requirements;
ownership of the biometric and respect for individuals’ personal data, including recognition of partial ownership of biometric data by individuals;
serving humans, which entails accounting for public good, community safety and net benefit to individuals;
justice and accountability, which means accepting principles of openness, independent oversight, accountability, and the right of appeal and appropriate redress;
promoting privacy-enhancing technology;
recognizing dignity of individuals and families; and
equality, which entails preventing discrimination or systemic bias.

Read more on Biometric Update.




Podcast. The illogic of politics?
Why Breaking Up Big Tech Could Do More Harm Than Good
… “The single biggest fundamental problem with the Warren proposals is that they do not sort out who is being harmed and who is benefiting.”


Tuesday, March 26, 2019

An update: Privacy Foundation at University of Denver Sturm College of Law Spring Seminar. April 19th, from 10am-1pm
The topic is:
After the GDPR--- California’s CCPA’s Response: Other States, Federal Efforts, and What Lawyers Need to Know.
The seminar will be free to DU Faculty/Staff/Students/Mentors, and $30 for the general public. You can find all this information and register online at: http://dughost.imodules.com/privacy2019ccpa.




As an evil hacker, I would like to thank you for helping to improve my ransomware.
LockerGoga Ransomware Neutralized by Shortcut Files
Experts at Alert Logic noticed that before LockerGoga starts encrypting files on a system, it performs an initial scan to create a list of files it should encrypt. If it comes across a .lnk file — a shortcut or link used by Windows as a reference to an original file — it will stop without attempting to encrypt anything.
Specifically, Alert Logic’s analysis shows that LockerGoga may be neutralized if the Recent Items folder contains a shortcut file that has an invalid network path or one that has no associated RPC endpoint.
When [LockerGoga] encounters a ‘.lnk’ file it will utilize the built-in shell32 / linkinfo DLLs to resolve the ‘.lnk’ path. However, if this ‘.lnk’ path has one of a series of errors in it, then it will raise an exception—an exception which the malware does not handle,” Alert Logic researchers explained. “Once the malware encounters an unhandled exception it is terminated by the operating system (as is standard procedure).”




Another way to distract teen drivers? Any liability here? Will the App work while the car is moving?
You can soon order Domino's pizza from your car's touchscreen
Domino's is continuing its quest to let you order pizza through every device imaginable. It's partnering with Xevo on an app that can order pies through your car's infotainment system, no tethered smartphone required.
… The technology is expected to come pre-loaded on "millions" of cars sometime later in 2019, although Domino's and Xevo didn't name specific brands or models.




I suspect the FBI will hate this.
Ben Lovejoy reports:
Two new Telegram privacy features are likely to prove controversial. The first removes the previous 48-hour time limit for ‘unsending’ anything you wrote from the devices of both participants using the secure messaging app …
The second is that you can now delete entire chats, again for both parties.
Telegram announced the changes, together with some less controversial changes, in a blog post.
Read more on 9to5Mac.




This Privacy Thing seems to be catching on.
Sydny Shepard reports:
District of Columbia Attorney General Karl A. Racine has introduced the Security Breach Protection Amendment Act of 2019, which would modernize the District’s data breach law and strengthen protections for residents’ personal information.
Racine introduced the bill in response to the major data breaches that have put tens of millions of consumers, and hundreds of thousands of District residents, at risk of identity theft and other types of fraud, according to a press release.
The new legislation would expand legal protections to cover additional types of personal information, require companies that deal with personal information to implement safeguards, include additional reporting requirements for companies that suffer a data breach, and require companies that expose consumers’ social security numbers to offer two years of free identity theft protection.
Read more on Security Today.


(Related)
Cameron Abbott of K&L Gates of writes:
In light of concerns over how personal data is being used by social media platforms and tech companies, the Commonwealth Government has proposed amendments to the Privacy Act in order to more harshly penalise companies for privacy breaches. The new regime, which aims to update Australia’s privacy laws in line with increased social media use, will see tougher penalties for all entities that are subject to the Privacy Act, not just the headline companies like Google and Facebook.
Read more on National Law Review.


(Related) More limited in scope, but definitely a reaction.
Connor Boyack writes:
Nearly every American regularly uses a pocket-sized supercomputer to store sensitive information, one that tracks our every movement. Some have suggested that the conveniences of cellphones come with an inevitable trade-off of less privacy, but one state has profoundly disagreed, passing a new data privacy law that sets an example for other states to follow.
Timothy Carpenter’s story demonstrates why elected officials need to step forward to protect privacy. In 2011, the FBI obtained several months’ worth of his cellphone location records, without a warrant, after suspecting that he was involved in criminal activity. These records revealed nearly 13,000 locations he had visited, providing them with sensitive information Carpenter considered private.
Read more of his opinion on Washington Examiner.




Gaps & Overlaps.
EDPB Joins the Dots of ePrivacy and GDPR
On 12 March 2019 at its Eighth Plenary Session, the European Data Protection Board (“EDPB”) adopted its Opinion 5/2019 on the interplay between the ePrivacy Directive (“ePD”) and the General Data Protection Regulation (“GDPR”). The Belgian Data Protection Authority had, on 3 December 2018, requested that the EDPB examine the overlap between the two laws and in particular the competence, tasks, and powers of data protection authorities (“DPAs”). The EDPB adopted its Opinion in response to this request and in order to promote the consistent interpretation of the boundaries of the competences, tasks, and powers of DPAs.




A simple question for my Privacy Professional friends. Why? I’d like to understand how we got this right.
Rita Heimes reports
The past few years have seen an explosion of data-related crises, from the Snowden revelations about government surveillance to the Cambridge Analytica scandal at Facebook to the constant drumbeat of data breaches at leading global companies, including Marriott, Equifax, and Under Armour. This in turn has boosted an industry of privacy professionals, experts versed not only in law and policy but also in technology and management of personal data. Uniquely in a corporate context, particularly in tech-related markets, the privacy profession displays gender parity all the way from entry-level positions to senior leadership roles.
Read more on Dark Reading.




“The first thing we do, let's automate all the judges.”
Can AI Be a Fair Judge in Court? Estonia Thinks So
Government usually isn't the place to look for innovation in IT or new technologies like artificial intelligence. But Ott Velsberg might change your mind. As Estonia's chief data officer, the 28-year-old graduate student is overseeing the tiny Baltic nation's push to insert artificial intelligence and machine learning into services provided to its 1.3 million citizens.
"We want the government to be as lean as possible," says the wiry, bespectacled Velsberg, an Estonian who is writing his PhD thesis at Sweden’s UmeÃ¥ University on how to use AI in government services. Estonia's government hired Velsberg last August to run a new project to introduce AI into various ministries to streamline services offered to residents.
… In the most ambitious project to date, the Estonian Ministry of Justice has asked Velsberg and his team to design a “robot judge” that could adjudicate small claims disputes of less than €7,000 (about $8,000). Officials hope the system can clear a backlog of cases for judges and court clerks.
The project is in its early phases and will likely start later this year with a pilot focusing on contract disputes. In concept, the two parties will upload documents and other relevant information, and the AI will issue a decision that can be appealed to a human judge. Many details are still to be worked out. Velsberg says the system might have to be adjusted after feedback from lawyers and judges.




I’m surprised that this isn’t already common on Wall Street.
Looking for economic indicators? Check Tweets and the internet search queries
Apurv Jain has used some unconventional data to predict the course of U.S. employment: 1.2 billion tweets and 830 million web searches.
It’s all part of the fast-growing world of alternative data, which “can provide details about the economic narrative of our country that the existing government data simply cannot,” said Jain, 41, now a visiting researcher at Harvard Business School. He presented his findings last week at a New York conference on artificial intelligence and data science in trading.




Gosh AI is wonderful! Before, you needed a PhD in the Humanities to ask, “Would you like fries with that?”
McDonald's is buying a startup that uses AI to try to make you spend more
McDonald's is buying a tech startup that it hopes will help it sell customers more of what they want.
… McDonald's said it would use the startup's technology to tailor the items displayed on menu boards at drive-thru outlets based on the weather, how busy the restaurant is and the time of day. It will also instantly recommend extra items based on a customer's initial order.




For my techie students who still think all big companies are profitable.
How Can a Company with $1.8 Billion in Revenue Lose $1.9 Billion? WeWork Shows How




For the Security Toolkit.
Search Encrypt
Search Encrypt uses local encryption to secure your searches. It combines AES-256 encryption with Secure Sockets Layer encryption. Search Encrypt then retrieves your search results from its network of search partners. After you’re done searching, your search terms expire so they are private even if someone else has access to your computer.”




FINALLY! A diet I can live with.
We salute the Army vet who dropped 25 pounds by consuming nothing but beer for weeks




What have I done to amuse/irritate Russia? This is my visitor count for Sunday, March 24th.




Monday, March 25, 2019

Will Switzerland use this system for the next election? Why not a system where each voter (using a random number generated by the voting machine/system) can check a public listing of (unencrypted) votes?
Second Critical Crypto Flaw Found in Swiss E-Voting System
Switzerland has been conducting e-voting trials since 2004 and Swiss Post believes it has now developed a fully verifiable system that can make e-voting widely available in the country.
However, it turns out that the components of the system designed to ensure that votes have not been manipulated, which should have already been thoroughly tested, have some potentially serious vulnerabilities.
The second weakness, which the researchers also described as “critical,” is related to the votes themselves. Each vote is encrypted and a cryptographic method known as zero-knowledge proof is used to ensure that the voting authority doesn’t declare a different vote choice than what the voter selected.
… “But our research has found that this proof is not sound. It’s possible to generate a proof that passes verification, but changes the contents of the encrypted vote.




Watch how ‘social’ you become.
Paper – I Lost My Job Over a Facebook Post – Was that Fair?
Mantouvalou, Virginia, ‘I Lost My Job Over a Facebook Post – Was that Fair?’ Discipline and Dismissal for Social Media Activity (October 31, 2018). 2019 International Journal of Comparative Labour Law and Industrial Relations; Faculty of Laws University College London Law Research Paper No. 2/2018. Available at SSRN: https://ssrn.com/abstract=3276055
“Is it fair to be dismissed for social media activity, and are there any limitations to the employer’s managerial prerogative? These are the questions that this article addresses by examining the compatibility of discipline or dismissal with human rights law, with a primary focus on United Kingdom (UK) and European human rights law. It argues that UK courts and tribunals erroneously accept the lawfulness of such dismissals most of the time. This is due both to weaknesses in the English law of unfair dismissal, and to courts’ and tribunals’ limited engagement with human rights at work. Technical aspects of social media usage, with which courts and tribunals are often unfamiliar, add a further layer of complexity. Two factors make dismissals for social media activity particularly challenging for courts: first, the fact that social media are online platforms that everyone can potentially access, and hence public rather than private space; second, that expression on social media, often spontaneous and thoughtless, is not viewed as a particularly valuable form of speech. The argument of the article is that both the right to private life and the right to free speech are implicated in dismissals for social media activity, and that they should be viewed as lawful in very limited occasions, for employers should not have the right to censor the moral, political and other views and preferences of their employees even if it causes business harm.”




Isn’t April First still a few days away?
The end of school: AI ‘Google brain’ implants to REPLACE education and ‘supercharge IQ’
… The CEO and Founder of Fountech.ai exclusively told Daily Star Online he is working on a revolutionary AI to “personalise education”.
“The current area of focus is personalised education – trying to demarketise and de monetise learning so that anyone can learn almost anything using AI,” he told Daily Star Online.
… Nick said the new learning tool could end school as we know it
“This AI will enable anyone in the world, no matter who or how old they are, to log on to their smart tv or their computer or their phone their smart glasses the AI in their car, and say ‘teach me about this’.




These read much like any writing guide, except for a few minor details. If I reverse these guidelines, will I rule anti-social media? Oh, wait. We already have a President who does that.
The Non-Writers' Guide To Writing Better Social Media Copy
… Even if you have zero experience with content or social media marketing, social media is a pillar of digital marketing, and can help you drive traffic, find leads, and rank higher in search.
… With so many options for writing social media copy – Facebook updates, tweets, Instagram captions, or even LinkedIn’s publishing platform for blog-length posts – we’ll start with the basics of writing for the web, then build out to best data-driven practices.




I suppose, “Good movies, dude!” is not what they’re looking for?
J.R.R. Tolkien fans — here's your chance to become part of Marquette University's oral history project
Marquette University — which has an extensive collection of Tolkien's notes, manuscripts, first drafts, maps and artwork — wants to hear from fans for an oral history project that hopes to collect 6,000 recordings.
Why 6,000 oral histories? Tolkien aficionados already know this, but for folks who have never heard of a hobbit, that's the number of riders of the Rohirrim.
The Tolkien Fandom Oral History Project launched recently with little fanfare but is now ramping up to include fans who can't come to Milwaukee to give a short spiel on why Tolkien is the greatest author ever.
The official announcement is Monday, which happens to be Tolkien Reading Day, an annual event to encourage reading the works of Tolkien. Why March 25? That's the day in Tolkien's timeline when the ring was destroyed.


Sunday, March 24, 2019

Prepare for more! Ransom is not the strategy here. If this goes much more wide-spread, who benefits?
Ransomware Forces Two Chemical Companies to Order ‘Hundreds of New Computers’
It appears that LockerGoga, the same ransomware that hit aluminum manufacturing giant Norsk Hydro this week, also infected American chemicals companies Hexion and Momentive, leaving employees locked out of their computers.
Hexion and Momentive, which make resins, silicones, and other materials, and are controlled by the same investment fund, were hit by the ransomware on March 12, according to a current employee. An internal email obtained by Motherboard and signed by Momentive’s CEO Jack Boss refers to a “global IT outage” that required the companies to deploy “SWAT teams” to manage.
… “Everything [went down]. Still no network connection, email, nothing,” they said in an online chat on Thursday.
Boss’s email said that the data on any computers that were hit with the ransomware is probably lost, and that the company has ordered "hundreds of new computers.”
… News of this attack shows that the hackers behind the LockerGoga ransomware may be more active than previously thought.
Until today, there were only two known victims of LockerGoga, a relatively new type of malware that infects computers, encrypts their files and ask for a ransom. The first known victim was Altran, a French engineering consulting firm that was hit in late January. Then earlier this week, the Norwegian aluminum giant Norsk Hydro revealed that it had been hit by a ransomware attack. A Kaspersky Lab spokesperson said that they have knowledge of more victims around the world.
… Joe Slowik, a security researcher at Dragos, a cybersecurity company that focuses on critical infrastructure and who has studied the malware, said that LockerGoga does not appear to be very good at its purported goal: collecting money from the victims. In fact, as the ransom note shows, and unlike other popular ransomware, victims have to email the hackers and negotiate a price to get files decrypted, making it harder for the criminals to scale their earnings.
“It’s a piece of very inefficient ransomware,” Slowik told Motherboard in a phone call.
It may be inefficient at collecting money, but it’s apparently good enough to slow down multinational companies in both Europe and the United States.




Oh. That’s what it’s for.
What Privacy is For
Privacy has an image problem. Over and over again, regardless of the forum in which it is debated, it is cast as old-fashioned at best and downright harmful at worst – antiprogressive, overly costly, and inimical to the welfare of the body politic. Privacy advocates resist this framing but seem unable either to displace it or to articulate a comparably urgent description of privacy’s importance. No single meme or formulation of privacy’s purpose has emerged around which privacy advocacy might coalesce. Pleas to “balance” the harms of privacy invasion against the asserted gains lack visceral force.
The consequences of privacy’s bad reputation are predictable: when privacy and its purportedly outdated values must be balanced against the cutting-edge imperatives of national security, efficiency, and entrepreneurship, privacy comes up the loser.
… As Part II discusses…
Privacy shelters dynamic, emergent subjectivity from the efforts of commercial and government actors to render individuals and communities fixed, transparent, and predictable.
… So described, privacy is anything but old-fashioned, and trading it away creates two kinds of large systemic risk, which Parts III and IV describe.




Interesting language?
Nigeria's 2019 Data Protection Regulation: A Fair Scale For Privacy And Commercial Rights?
On January 25, 2019, Nigeria's National Information and Technology Development Agency (NITDA) issued the Nigeria Data Protection Regulation 2019 (the Regulation). The Regulation took effect on same date. In the fashion of the European Union's Global Data Protection Regulation 2018 (GDPR), the Regulation seeks among other things, to safeguard the rights of natural persons to the privacy of their personal data by, among other measures, regulating transactions involving the collection, use and exchange of personal data. In this brief, we take a cursory look at the Regulation and some of its imperatives for businesses that deal in the personal data of those that the Regulation seeks to protect.
… The rights of Data Subjects include the following:
  1. Data Subjects have the right to know their rights. The rights of the Data Subject are required to be made known to him before his personal data is processed. In this regard, the Data Controller must ensure that the means through which personal data is being collected has a conspicuous and understandable privacy policy.




Clearly, Scott Adams gets Trump logic.