Saturday, May 18, 2019

Some sanity breaks out in California?
Ding Dong the CCPA Private Right of Action is (Mostly) Dead!
there is some good news about the California Consumer Privacy Act (CCPA) this Friday afternoon! SB 561 appears to have (mostly) died in the Senate Appropriations Committee during a hearing held yesterday.

I’m thinking this is a game anyone can play. I wonder what my students would come up with? Or if they would agree with these…
New laws of robotics needed to tackle AI – expert
The world has changed since sci-fi author Asimov in 1942 wrote his three rules for robots, including that they should never harm humans, and today's omnipresent computers and algorithms demand up-to-date measures.
According to Pasquale, author of "The Black Box Society: The Secret Algorithms Behind Money and Information", four new legally-inspired rules should be applied to robots and AI in our daily lives.
"The first is that robots should complement rather than substitute for professionals"
"The second is that we need to stop robotic arms races.
The third, and most controversial, rule is not to make humanoid robots or AI
The fourth and final law is that any robot or AI should be "attributable to or owned by a person or a corporation made of persons

This may be true in the minds of certain lawyers, but I rather doubt it.
Technology Is as Biased as Its Makers
From exploding Ford Pintos to racist algorithms, all harmful technologies are a product of unethical design. Yet, like car companies in the ’70s, today’s tech companies would rather blame the user.

Pretty clear what I’ll be teaching…
Microsoft aims to train and certify 15,000 workers on AI skills by 2022
Microsoft is investing in certification and training for a range of AI-related skills in partnership with education provider General Assembly, the companies announced this morning. The goal is to train some 15,000 people by 2022 in order to increase the pool of AI talent around the world. The training will focus on AI, machine learning, data science, cloud and data engineering and more.

Friday, May 17, 2019

Failure to plan is planning to fail.”
From the for-the-love-of-a-free-press-would-someone-PLEASE-teach-these-people-about-the-first-amendment? dept.
Earlier this week, this site noted reporting by Paterson Times about an alleged breach involving the Paterson Public Schools in New Jersey. We also picked up a follow-up report that covered some… um…unexpected claims by the District as to how many threat actors might be involved and whether it was a former employee, and…. a whole bunch of other claims that seemed premature, at best. Usually, entities shut up and say they are investigating. Paterson Public Schools seems to have decided to take another approach that is not adverse to making themselves look inexperienced at handling a data security incident.
Today, the Paterson Times reports:
After a news story exposed a massive data breach at the Paterson Public Schools, superintendent Eileen Shafer threatened to sue the Paterson Times for purported “serious reputational harm” to the school district, a lawsuit that would be prohibited by law. The letter also suggested the district would use legal means to obtain materials related to the breach held by the Times, which would be prohibited by the state’s reporter’s shield law.
He asserts the breach, which claimed more than 23,000 account passwords and was not detected until the Paterson Times brought it to the district’s attention, has caused the school system to be “unfairly held out for ridicule in the community.”
Read more on the Paterson Times.
The basis for any ridicule of the district is the district’s response to the reported or alleged breach. They have repeatedly been shooting themselves in the foot and need to get a real professional in there to handle incident response properly. Their claims, demands, and legal threats are, to put it bluntly, bullshit, and should be called out as such.
How sad that those with the responsibility of educating our youth seem to be totally ignorant about the First Amendment. Hopefully, the Paterson Times’ lawyers will hand them a clue stick.

Russia can’t stop rigging elections. It would have been cheaper to bribe someone to get her into a ‘prestigious American college.’
Russian bots rigged Voice Kids TV talent show result
The result of a popular Russian TV talent show - The Voice Kids - has been cancelled after thousands of fraudulent votes were found to have handed victory to a millionaire's young daughter.
There were complaints after singer Mikella Abramova, aged 10, won with 56.5% of the phone-in vote.
A cyber security firm, Group-IB, was hired to examine the vote for Mikella Abramova, after the final of The Voice Kids, which is in its sixth season on Russian TV.
"The interim results of the check confirm that there was outside influence on the voting, which affected the result," a Channel One statement said (in Russian).
According to investigators, more than 8,000 text messages were sent from about 300 phone numbers during the vote.
A Group-IB statement said that sequential phone numbers had been used to send automated votes - in other words, "bots were used in this case".
"More than 30,000 votes came in for one contestant from those phone numbers," Group-IB said. Rival singers got no more than 3,000 votes each, Russia's Kommersant daily reported.

Deliberate bias or helpful coaching?
The NYPD uses altered images in its facial recognition system, new documents show
A new report from Georgetown Law’s Center on Privacy and Technology (CPT) has uncovered widespread abuse of the New York Police Department’s facial recognition system, including image alteration and the use of non-suspect images. In one case, officers uploaded a picture of the actor Woody Harrelson, based on a witness description of a suspect who looked like Harrelson. The search produced a match, and the matched suspect was later arrested for petty larceny. [See? It works! Bob]

I suppose we’ll be calling this ‘voiceal recognition.’
Selective hearing: AI-powered listening device picks a voice out of a crowd

A video that justifies my choice to not own a phone?
How Smartphones Sabotage Your Brain’s Ability to Focus
WSJ Podcast [no paywall] – “Our phones give us instant gratification. But there’s a cost: loss of attention and productivity. WSJ’s Daniela Hernandez goes on a quest to understand the science of distractions and what you can do stay be more focused and productive.”

Thursday, May 16, 2019

This will take some thinking. What alternatives are available?
Trump Bars U.S. Companies From Foreign Telecoms Posing Security Risk
President Donald Trump declared a national emergency Wednesday barring US companies from using foreign telecoms equipment deemed a security risk -- a move that appeared aimed at Chinese giant Huawei.
The order signed by Trump prohibits purchase or use of equipment from companies that pose "an unacceptable risk to the national security of the United States or the security and safety of United States persons."
A senior White House official insisted that no particular country or company was targeted in the "company- and country-agnostic" declaration.
However, the measure -- announced just as a US-China trade war deepens -- is widely seen as prompted by already deep concerns over an alleged spying threat from Huawei.
US officials have been trying to persuade allies not to allow China a role in building next-generation 5G mobile networks, warning that doing so would result in restrictions on sharing of information with the United States.

Huawei Chairman Says Ready to Sign 'No-Spy' Deal With UK
Chinese telecom giant Huawei is willing to sign a "no-spy" agreement with countries including Britain, the firm's chairman said on Tuesday, as the head of NATO said Britain must preserve secure mobile networks.
Liang Hua visited Britain as the government weighs the risks of allowing the Chinese company to help develop its 5G infrastructure.
"We are willing to sign 'no-spy' agreements with governments, including the UK government, to commit ourselves, to commit our equipment to meeting the no-spy, no back-door standards," Liang told reporters.
The British government is in the middle of a furious debate over whether to let Huawei roll out its next-generation mobile service.

In this case, some good comes from an all too common bad. Failure to change the default settings.
What Colorado learned from treating a cyberattack like a disaster
The decision by then-Gov. John Hickenlooper to declare a statewide emergency on March 1, ten days after the initial infection was detected, allowed officials to bring in resources from the National Guard and other states, create a unified command structure and perhaps most crucially, spare the state’s IT workers from having to work any more 20-hour shifts fueled by junk food, said Kevin Klein, Colorado’s director of homeland security and emergency management.
Klein also recounted for the audience of state IT and security officials how the SamSam malware infested CDOT’s network. In mid-February 2018, the department activated a new virtual server for testing, but the server’s security software was still on its default settings, making it an appealing target when it started broadcasting its IP address to the rest of the internet.
It started broadcasting ‘I’m here, I’m here, come attack me,’ which of course happened within 48 hours,” Klein said.

(Related) In stark contrast…
Firms That Promised High-Tech Ransomware Solutions Almost Always Just Pay the Hackers

A good article for my first Computer Security lecture?
A new survey from Google and Harris Poll, released a year after Google introduced “.app” as a more secure alternative to “.com,” shows that while 55% of Americans over the age of 16 give themselves an A or B in online safety and security, 70% of them wrongly identified what a safe website looks like.

(Related) For my lecture on Backup
Your internet data is rotting
Many MySpace users were dismayed to discover earlier this year that the social media platform lost 50 million files uploaded between 2003 and 2015.
The failure of MySpace to care for and preserve its users’ content should serve as a reminder that relying on free third-party services can be risky.
MySpace has probably preserved the users’ data; it just lost their content. The data was valuable to MySpace; the users’ content less so.

(Related) A good day for Security articles.
The Best Free Online Proxy Servers You Can Use Safely

Should some crimes be “investigation proof?”
Peter Aldhous reports:
For the first time on record, the new forensic science of genetic genealogy has been used to identify a suspect in a case of violent assault. Cops in Utah had to obtain special permission to upload crime scene DNA to a website called GEDmatch, which had previously only allowed police to investigate homicides or rapes.
Critics worry that the case, which led to the arrest of a 17-year-old high school student who has not yet been named, marks the start of a “slippery slope” to law enforcement using such methods to investigate increasingly less serious offenses, eroding people’s genetic privacy.
Read more on BuzzFeed.
This is going to continue to be a significant privacy concern until sites create privacy policies that they then STICK TO. If you post a privacy policy about how your data may be used or disclosed and people opt-in based on your words in your policy, and you then do not stick to that, well….. how is this not a matter for the FTC to take up as a violation of Section 5?

This was the area that most concerned me. I had to rethink a lot of my Security planning.
All You Should Know about GDPR Acquiescent Software Development
In this article, we will take a closer look at some basic terms related to GDPR and explain several essential secured software development practices which all the software developers should learn and respect to create software that is more GDPR-compliant and future-safe.

Think Russia could afford $14?
In India election, a $14 software tool helps overcome WhatsApp controls
WhatsApp clones and software tools that cost as little as $14 are helping Indian digital marketers and political activists bypass anti-spam restrictions set up by the world’s most popular messaging app, Reuters has found.
After false messages on WhatsApp last year sparked mob lynchings in India, the company restricted forwarding of a message to only five users. The software tools appear to overcome those restrictions, allowing users to reach thousands of people at once.

Useful approach.
Five questions you can use to cut through AI hype

(Related) Similar concepts.
Our Six Principles For Ethically Developing Machine Learning

We don’t need AI to crack “uncrackable” codes.
Bristol academic cracks Voynich code, solving century-old mystery of medieval text “A University of Bristol academic has succeeded where countless cryptographers, linguistics scholars and computer programs have failed—by cracking the code of the ‘world’s most mysterious text’, the Voynich manuscript. Although the purpose and meaning of the manuscript had eluded scholars for over a century, it took Research Associate Dr. Gerard Cheshire two weeks, using a combination of lateral thinking and ingenuity, to identify the language and writing system of the famously inscrutable document. In his peer-reviewed paper, The Language and Writing System of MS408 (Voynich) Explained, published in the journal Romance Studies, Cheshire describes how he successfully deciphered the manuscript’s codex and, at the same time, revealed the only known example of proto-Romance language. “I experienced a series of ‘eureka’ moments whilst deciphering the code, followed by a sense of disbelief and excitement when I realised the magnitude of the achievement, both in terms of its linguistic importance and the revelations about the origin and content of the manuscript…”

Perspective. Architecting the military.
Army CIO Envisions Internet of Strategic Things
Lt. Gen. Bruce Crawford, USA, chief information officer/G-6, U.S. Army, suggests the possibility of an Internet of Strategic Things in addition to the Internet of Tactical Things.
We’ve had some really good discussions about the Internet of Things. That was a thing a couple of years ago. And then we started talking about the Internet of Tactical Things. I think what’s on the horizon is more of a discussion of the Internet of Strategic Things,” Gen. Crawford told the audience on the second day of the AFCEA TechNet Cyber 2019 conference in Baltimore.

The near future?
Electric air taxi startup Lilium completes first test of its new five-seater aircraft
Think midtown Manhattan to JFK International Airport in under 10 minutes for $70. (Currently, a company called Blade, which bills itself as “Uber for helicopters,” offers the same trip for $195.)
Lilium isn’t the only company with designs for flying taxis. There are more than 100 different electric aircraft programs in development worldwide, with big names including Joby Aviation and Kitty Hawk, whose models are electric rotor rather than jet powered as well as planned offerings from Airbus, Boeing, and Bell, which is partnered with Uber.

Wednesday, May 15, 2019

So a cop using the old Mark I Eyeball can still recognize crooks. A device that captures images of faces and presents them to a person for identification seems to be outlawed too.
San Francisco Bans Facial Recognition Use by Police
San Francisco on Tuesday became the first US city to ban use of facial recognition technology by police or other government agencies.
Backers of the legislation argued that using software and cameras to positively identify people is, as city councillor Aaron Peskin put it, "not ready for prime time."
"The propensity for facial recognition technology to endanger civil rights and civil liberties substantially outweighs its purported benefits, and the technology will exacerbate racial injustice and threaten our ability to live free of continuous government monitoring," read the legislation passed Tuesday.
The ban was part of broader legislation setting use and auditing policy for surveillance systems, creating high hurdles and requiring board approval for any city agencies.
"It shall be unlawful for any department to obtain, retain, access, or use any Face Recognition Technology or any information obtained from Face Recognition Technology," read a graph tucked into the lengthy document.
"Face recognition technology" means an automated or semi-automated process that assists in identifying or verifying an individual based on an individual's face.

A useful(?) quick summary.
What is the California Consumer Privacy Act and Does it Apply to Me?

Oh joy.
Quit worrying about killer robots, they are coming whether you like it or not – and they absolutely will not stop
The use of fully automated AI systems in military battles is inevitable unless there are strict regulations in place from international treaties, eggheads have opined.
Their paper, which popped up on arXiv [PDF ] last week, discusses the grim outlook of developing killing machines for armed forces. The idea of keeping humans in the loop has always been favoured because modern AI systems like neural networks are like black boxes, their inner workings are inherently difficult to understand. Plus, you know, we've all seen Terminator.

Counter suit anyone?
Adobe Warns Users Someone Else Might Sue Them For Using Old Versions Of Photoshop
For years we've noted repeatedly how in the modern era you no longer truly own the things you buy. From game consoles that magically lose important functionality post purchase, to digital purchases that just up and disappear, we now live in an era where a quick firmware update can erode functionality and overlong EULAs can strip away all of your rights in an instant, leaving you with a hole in your pocket and a glorified paperweight.
The latest case in point: Adobe this week began warning users of its Creative Cloud software applications that they are no longer authorized to use older versions of the company's software platforms (Lightroom Classic, Photoshop, Premiere, Animate, and Media Director). In the letter, Adobe rather cryptically implied that users could risk copyright infringement claims by mysterious third parties if they continued using older versions of these platforms and refused to update them. End users, not surprisingly, were equal parts confused and annoyed:
While Adobe couldn't be bothered to clarify this fact, the company was apparently making a vague reference to its ongoing legal dispute with Dolby Labs. Dolby sued Adobe last year (pdf) for copyright violations after it wasn't happy with the new revenue sharing arrangement crafted in the wake of Adobe's 2013 shift toward its controversial cloud-based "software as a subscription" model. There's really no indication that Dolby would actually sue Adobe customers, and it seems more than likely that Adobe was just interested in throwing some shade at Dolby -- without making it entirely clear that's what they were doing.
Regardless, copyright experts were quick to point out that given the overbroad nature of modern EULAs, users are completely out of luck when it comes to having any real legal recourse:

For our programmers.
JavaScript and machine learning: Google shows what's possible using the web programming language
Building and training machine-learning models using a web-scripting language might seem ambitious, but in 2019 it's perfectly feasible.
Helping make machine learning possible in the browser isTensorFlow.js, Google's open-source library for carrying out machine learning using JavaScript. The possibilities opened up by the library were showcased recently with a Google Doodle that generated a fresh Bach-style melody on demand.
TensorFlow.js can be used in JavaScript applications running in the browser, on servers inside a Node.js environment, on the desktop using Electron and on mobile browsers on Android and iOS devices. However, it is within the browser that Gupta sees the most possibilities.

Because, reading!
Redefine reading practice with Rivet
Rivet is a new reading app from Area 120, Google’s workshop for experimental projects, that addresses the most common barriers to effective reading practice through a free, easy-to-use reading experience optimized for kids. Evidence shows that one of the major differences between poor and strong readers is the amount of time spent reading, so we're introducing Rivet to make high-quality reading practice available to all.
Rivet is now available on Android smartphones, tablets, iPads, iPhones and Chromebooks in eleven countries worldwide. If you know a little reader who could benefit from better reading practice, check us out in the Play Store or App Store today.