Saturday, May 25, 2019

Just find another law that does apply.
Jason C. Gavejian and Maya Atrakchi of JacksonLewis write:
A district court in Tennessee recently concluded in Wachter Inc. v. Cabling Innovations LLC that two former employees who allegedly shared confidential company information found on the company’s computer system with a competitor did not violate the Computer Fraud and Abuse Act (CFAA). The CFAA expressly prohibits “intentionally accessing a computer without authorization or exceeding authorized access, and thereby obtaining… information from any protected computer”.

How stupid is repeating stupid (and thoroughly debunked) ideas? Remember, If I can’t encrypt I can still encode.
Germany Talking about Banning End-to-End Encryption
Der Spiegel is reporting that the German Ministry for Internal Affairs is planning to require all Internet message services to provide plaintext messages on demand, basically outlawing strong end-to-end encryption. Anyone not complying will be blocked, although the article doesn't say how. (Cory Doctorow has previously explained why this would be impossible.)

Amazon files patent to record before you say 'Alexa'
Amazon has filed to patent a method for Alexa to start recording before anyone uses the wake word.
The patent filing, first spotted by BuzzFeed News, would capture and process incoming audio, detect long pauses, and send the data to a remote server while Alexa waits for the wake word.

I’m teaching my Architecture students to determine the right time to move.
What Boards Need to Know About AI
normally, boards don’t have to get involved with individual operational projects, especially technical ones. In fact, a majority of boards have very few members who are comfortable with advanced technology, and this generally has little impact on the company.
This is about to change, thanks to machine learning and artificial intelligence.
More than half of technology executives in the 2019 Gartner CIO Survey say they intend to employ AI before the end of 2020, up from 14% today. If you’re moving too slowly, a competitor could use AI to put you out of business. But if you move too quickly, you risk taking an approach the company doesn’t truly know how to manage. In a recent report by NewVantage Partners, 75% of companies cited fear of disruption from data-driven digital competitors as the top reason they’re investing.

Someone thinks this is possible.
The rise of privacy preserving AI
Privacy-preserving AI techniques like federated learning are powering new systems that can benefit from multiple companies' data — without even having to know what the data is.
Perhaps the most obvious application for federated learning is in health care, where strict rules prevent sharing patient data — but the benefit of gathering lots is potentially very high.
  • Owkin, a French startup, has connected more than 30 hospitals and research centers to a system that learns from all of them, in the process rewarding the hospitals that contribute the best data.
  • Each institution's data stays on its own computers, rather than being sent elsewhere for processing.

I had not heard of these, but they make sense.
KCPD adds 'internet exchange' signs at stations for online sales
The Kansas City, Missouri Police Department now has official “internet exchange” areas at each of its six stations in the city.
Those who set up transactions online, such as through Craigslist or Facebook Marketplace, can meet at KCPD parking lots to complete the sale.
… Police warned that any buyer or seller not willing to meet at police stations “may have ulterior motives and could be unsafe.”

Friday, May 24, 2019

Reality. What a concept!
US Officials Say Foreign Election Hacking Is Inevitable
The hacking of U.S. election systems, including by foreign adversaries, is inevitable, and the real challenge is ensuring the country is resilient enough to withstand catastrophic problems from cyber breaches, government officials said Wednesday.

(Related) You hack, we nuke?
NATO Warns Russia of 'Full Range' of Responses to Cyberattack
The head of NATO told Russia and other potential foes Thursday that the Western military alliance was ready to use all means at its disposal to respond to cyber attacks.
Jens Stoltenberg's warning came with the bloc's members on alert for interference in European Parliament elections that kicked off in Britain and the Netherlands on Thursday.
"For deterrence to have full effect, potential attackers must know we are not limited to respond in cyber space when we are attacked in cyber space," Stoltenberg said during a joint press appearance in London with UK Foreign Secretary Jeremy Hunt.

Plan to notify your providers or expect them to take actions you might not like.
Google disables Baltimore's Gmail accounts used during ransomware recovery
Gmail accounts used by Baltimore officials as a workaround while the city recovers from the ransomware attack were disabled because the creation of a large number of new accounts triggered Google’s automated security system, a spokesman for the company said.
Lester Davis, a spokesman for Mayor Bernard C. “Jack” Young, said city employees began realizing there was a problem Thursday morning and were able to talk to senior executives at Google later in the day to resolve the issue.
A Google system detects when a large number of accounts is being created in one place and steps in because they might be used to send spam or commit fraud.
Google provides both a free Gmail service and a paid system for businesses and other organizations. The reason for the misunderstanding over the cause of the suspensions was not clear, but the creation of a large number of new addresses on a business account would not have been treated as suspicious by Google’s system.

Data that proves identity could provide a defense as well.
Online identification is getting more and more intrusive
“…LexisNexis Risk Solutions, an American analytics firm, has catalogued more than 4 billion phones, tablets and other computers in this way for banks and other clients. Roughly 7% of them have been used for shenanigans of some sort. But device fingerprinting is becoming less useful. Apple, Google and other makers of equipment and operating systems have been steadily restricting the range of attributes that can be observed remotely. That is why a new approach, behavioral biometrics, is gaining ground. It relies on the wealth of measurements made by today’s devices. These include data from accelerometers and gyroscopic sensors, that reveal how people hold their phones when using them, how they carry them and even the way they walk. Touchscreens, keyboards and mice can be monitored to show the distinctive ways in which someone’s fingers and hands move. Sensors can detect whether a phone has been set down on a hard surface such as a table or dropped lightly on a soft one such as a bed. If the hour is appropriate, this action could be used to assume when a user has retired for the night. These traits can then be used to determine whether someone attempting to make a transaction is likely to be the device’s habitual user…”

I’m sure there are legitimate reasons to create such videos. Right?
Samsung deepfake AI could fabricate a video clip of you from a single photo
Imagine someone creating a deepfake video of you simply by stealing your Facebook profile pic. Luckily, the bad guys don't have their hands on that tech yet.
But Samsung has figured out how to make it happen.
Software for creating deepfakes – fabricated clips that make people appear to do or say things they never did – usually requires big data sets of images in order to create a realistic forgery. Now Samsung has developed a new artificial intelligence system that can generate a fake clip by feeding it a little as one photo.

My students have been concerned about the “curb to door” gap. Here’s Ford’s solution.
Watch Ford’s Delivery Robot That Walks On Two Legs Like A Human
Ford partnered with Agility Robotics to create Digit, a two-legged robot that could deliver your packages straight to your door in the future. Ford claims this robot can carry packages up to 40 pounds, navigate stairs, and go around unexpected obstacles.

Thursday, May 23, 2019

Think about this one. With all those huge data breaches, this is the first time Wall Street thinks a breach is significant (material?) Will Boards of Directors take notice?
Kate Fazzini reports:
Moody’s has just slashed its rating outlook on Equifax, the first time cybersecurity issues have been cited as the reason for a downgrade.
Moody’s lowered Equifax’s outlook from stable to negative on Wednesday, as the credit monitoring company continues to suffer from the massive 2017 breach of consumer data.
We are treating this with more significance because it is the first time that cyber has been a named factor in an outlook change,” Joe Mielenhausen, a spokesperson for Moody’s, told CNBC. “This is the first time the fallout from a breach has moved the needle enough to contribute to the change.”
Read more on CNBC.

Where does ‘just ignorant’ end and negligent begin?
Sean Gallagher reports:
cities aren’t the only highly vulnerable targets to be found by would-be attackers. There are hundreds of thousands of Internet-connected Windows systems in the United States that still appear to be vulnerable to an exploit of Microsoft Windows’ Server Message Block version 1 (SMB v. 1) file sharing protocol, despite repeated public warnings to patch systems following the worldwide outbreak of the WannaCry cryptographic malware two years ago. And based on data from the Shodan search engine and other public sources, hundreds of them—if not thousands—are servers in use at US public school systems.
Read more on Ars Technica.

There are some “bugs,” that no matter how innocent, smell of conspiracy or worse.
Deutsche Bank glitch blocked reporting of suspicious transactions
A software glitch at Deutsche Bank has for almost a decade prevented some potentially suspicious transactions from being flagged to law enforcement authorities, Germany's biggest bank has discovered.

I need clarification…
Gavin Reinke of Alston & Bird writes:
The Georgia Supreme Court recently issued a decision holding that there is no duty to safeguard personal information from a data breach under Georgia law. Georgia Department of Labor v. McConnell involved the accidental disclosure of a spreadsheet that contained the name, social security number, home telephone number, email address, and age of thousands of individuals who had applied for unemployment benefits or other services offered by the Department of Labor. Case No. S18G1316, slip op. at 2 (Ga. May 20, 2019). The plaintiff, whose information was among that which was disclosed, filed a putative class action against the Department of Labor, alleging claims for negligence, breach of fiduciary duty, and invasion of privacy.
Read more on their privacy blog.
[From the blog:
The Court concluded that the identity theft statute “does not explicitly establish any duty, nor does it prohibit or require any conduct act all.” McConnell, slip op. at 10. And the statute that restricts the disclosure of social security numbers applies only to intentional disclosures, not negligent disclosures like the one alleged in the complaint. Id., slip op. at 11.
This decision has potentially significant implications on plaintiffs’ attempts to certify nationwide class actions against retailers who are victims of a data breach based on a negligence theory. It illustrates that the law of negligence is not uniform across all jurisdictions, which will make attempts to certify a nationwide class in data breach cases difficult or impossible.

Do you suppose people are afraid of lawyers?
Brian Krebs reports:
Some of the most convincing email phishing and malware attacks come disguised as nastygrams from a law firm. Such scams typically notify the recipient that he/she is being sued, and instruct them to review the attached file and respond within a few days — or else. Here’s a look at a recent spam campaign that peppered more than 100,000 business email addresses with fake legal threats harboring malware.
This is timely for those of us who tend to get legal threats on an all-too-frequent basis.

A scorecard.
GDPR: One Year Down…Now What?
according to a recent report from the law firm DLA Piper, more than 59,000 personal data-breaches were notified to regulators between May 2018 and January 2019, yet many organizations report being unable to achieve anything near 100 percent compliance. In fact, a report released this week shows that nearly 145,000 complaints and questions were submitted to EU authorities charged with enforcing GDPR in the first year.

Another perspective.
How Silicon Valley gamed Europe’s privacy rules
Big fines and sweeping enforcement actions have been largely absent, as under-resourced European regulators struggle to define their mission — and take time to build investigations that will likely end up in court.
New forms of data collection, including Facebook’s reintroduction of its facial recognition technology in Europe and Google’s efforts to harvest information on third-party websites, have been given new leases on life under Europe’s General Data Protection Regulation, or GDPR.
Smaller firms — whose fortunes were of special concern to the framers of the region’s privacy revamp — also have suffered from the relatively high compliance costs and the perception, at least among some investors, that they can’t compete with Silicon Valley’s biggest names.
Big companies like Facebook are 10 steps ahead of everyone else, and 100 steps ahead of regulators,” declared Paul-Olivier Dehaye, a privacy expert who helped uncover Facebook’s Cambridge Analytica scandal. “There are very big questions about what they’re doing.”
"Even after 12 months, the reality is that there is no consensus or clear harmonization for how data should be processed," said Ahmed Baladi, co-chair of the privacy, cybersecurity and consumer protection unit at Gibson Dunn, a law firm in Paris. "We still need more guidance from national authorities."

The lawyers have figured it out?
ALI Principles of Law, Data Privacy
the American Law Institute (ALI) has approved the Principles of the Law, Data Privacy.
The Principles seek to provide a set of best practices for entities that collect and control data concerning individuals and guidance for a variety of parties at the federal, state, and local levels, including legislators, attorneys general, and administrative agency officials.”

The game’s afoot!”
Irish regulator opens first privacy probe into Google
Google’s lead regulator in the European Union, Ireland’s Data Protection Commissioner, opened its first investigation into the U.S. internet giant on Wednesday over how it handles personal data for the purpose of advertising.
The probe was the result of a number of submissions against the company, the Irish Data Protection Commissioner said, including from privacy-focused web browser Brave which complained last year that Google and other digital advertising firms were playing fast and loose with people’s data.
Brave argued that when a person visits a website, intimate personal data that describes them and what they are doing online is broadcast to tens or hundreds of companies without their knowledge in order to auction and place targeted adverts.
It said the enquiry would establish whether processing of personal data carried out at each stage of an advertising transaction was in compliance with the landmark European GDPR privacy law introduced a year ago.
The regulator said earlier this month that it had 51 large-scale investigations under way, 17 of which related to large technology firms including Twitter, LinkedIn, Apple and a number into Facebook and its WhatsApp and Instagram subsidiaries.
The probe could become a test case into the foundations of the data-driven model the online ad industry depends on.

Of interest to us bloggers…
Reddit Commenter's Fight for Anonynmity Is a Win for Free Speech and Fair Use
A fight over unmasking an anonymous Reddit commenter has turned into a significant win for online speech and fair use. A federal court has affirmed the right to share copyrighted material for criticism and commentary, and shot down arguments that Internet users from outside the United States can’t ever rely on First Amendment protections for anonymous speech.

It’s Time for Government to Regulate the Internet
During the Industrial Revolution, labor organizations, social movements, the media, and government came together to rein in big business, providing lessons on how to regulate firms of today like Facebook, Amazon, and Google, writes SSIR's editor-in-chief in an introduction to the Summer 2019 issue.
Many of the Web’s early supporters believed that it would usher in a utopian world where the powerless would be on an equal footing with the powerful. There was no central authority controlling access to the Web, or regulating who could create a website or what they could publish. A man living in Des Moines, Iowa, would have the same ability to reach everyone on the Web as the editors of The New York Times.
Software standards for the Web were open, license-free, and controlled by an international community—a far cry from the top-down profit-seeking approach to technology then pursued by the likes of IBM, Microsoft, and Apple. The possibilities for the Web were endless: open government, open data, open access, free education, and free information. The new crop of Web-based companies embraced that belief, arguing that the Internet and Internet-based companies shouldn’t be regulated. Libertarian ideology reigned.
But as we all know, the Internet became dominated by these same rebels—Facebook, Amazon, and Google—all of whom pursued profit and market dominance as aggressively as Standard Oil or US Steel ever did. The Internet not only has become dominated by these powerful companies but also is being used by companies, governments, and others to gather information on people and to actively misinform them.
One of the organizations that have been fighting for the digital rights of individuals and society for nearly 30 years is the Electronic Frontier Foundation (EFF). Much of its efforts have focused on limiting government control and preserving individual freedom on the Internet, issues that continue to be important. But other organizations are beginning to take on business as well.
In this issue of Stanford Social Innovation Review, we take a close look at the history of the EFF in our Case Study, “The Invention of Digital Civil Society.”

Unfortunately, there’s an App for that.
Anti-Groping Smartphone App is Popular in Japan
A smartphone app developed by Japanese police is being widely downloaded by women trying to protect themselves from gropers on packed rush-hour trains.
The “Digi Police” app was originally issued by Tokyo police three years ago, but a function to scare off molesters was only added a few months ago. Since then, the app has reportedly been downloaded hundreds of thousands of times — unusual for a government-developed mobile application.
Women in crowded trains and other public places in Japan often face sexual harassment, but are typically too afraid to call out for help due to a sense of embarrassment.
With the app, victims can press a “repel groper” icon to produce a written message saying “There is a groper here. Please help.” With another press, the message turns red and a voice repeatedly says, “Please stop!”

Meanwhile, in the US…
To teach people how to responsibly and respectfully flirt and sext, an iOS app called Juicebox built an AI chatbot — aptly named Slutbot.
Slutbot can break the ice with users before jumping into mechanically-stilted dirty talk speckled with questions and comments about comfort zones and consent, according toThe New York Times. The. idea of getting intimate with a chatbot might seem odd, but the idea is that Slutbot will help people learn to navigate those conversations without the risk of alienating or insulting another person.

Background for my next statistics class. (and interesting)
The Quantum Random Number Generator
It’s real. And it will use quantum entanglement to generate true mathematical randomness. Here’s why that matters.

This has bugged me for some time, so I sent an inquiry to Google. (Aside from Russia, this looks like a normal day.)

Wednesday, May 22, 2019

What if these attacks became much more common?
Baltimore ransomware nightmare could last weeks more, with big consequences
It's been nearly two weeks since the City of Baltimore's networks were shut down in response to a ransomware attack, and there's still no end in sight to the attack's impact. It may be weeks more before the city's services return to something resembling normal—manual workarounds are being put in place to handle some services now, but the city's water billing and other payment systems remain offline, as well as most of the city's email and much of the government's phone systems.
To top it off, unlike the City of Atlanta—which suffered from a Samsam ransomware attack in March of 2018 —Baltimore has no insurance to cover the cost of a cyber attack. So the cost of cleaning up the RobbinHood ransomware, which will far exceed the approximately $70,000 the ransomware operators demanded, will be borne entirely by Baltimore's citizens.
It's not like the city wasn't warned. Baltimore's information security manager warned of the need for such a policy during budget hearings last year. But the final budget did not include funds for that policy, nor did it include funding for expanded security training for city employees, or other strategic investments that were part of the mayor's strategic plan for the city's information technology infrastructure.

Will anyone listen? (Aside from Russia, et al.)
Poor Security Hygiene Found Across Almost All Political Parties in US, Europe
SecurityScorecard's latest report analyzes the visible security posture of leading U.S. political parties and those from ten EU countries.
… Four risk categories were examined during Q1, 2019. These were application security (including detectable vulnerabilities), DNS health (looking at DNS configurations), network security (including open ports and SSL certificate issues), and patching cadence (software updates and patching frequency).
Apart from examining individual parties, the report (PDF) also combines results by nation to provide a general view of national political security cadence.
Overall, Sweden, followed by Northern Ireland has the most secure political parties, according to SecurityScorecard. The U.S. scores fifth, while the UK is a lowly ninth out of eleven. France comes last.

Where will the liability lie?
Comcast is working on an in-home device to track people’s health
The device will monitor people’s basic health metrics using ambient sensors, with a focus on whether someone is making frequent trips to the bathroom or spending more time than usual in bed. Comcast is also building tools for detecting falls, which are common and potentially fatal for seniors, the people said.
Unlike most home speakers, the device won’t be positioned as a communications or assistant tool, and won’t be able to do things like search the web or turn lights on and off. But it will have a personality like Alexa and it will be able to make emergency phone calls in the case of a health event, the people said.
In addition to developing new hardware, Comcast has been in talks with several large hospitals, including Rush in Chicago, said a person familiar with the conversation. The discussions with Comcast have centered around using the device to ensure that patients don’t end up back in the hospital after they’ve been discharged. Increasingly, hospitals are getting penalized by the federal government for failing to ensure that patients don’t end up right back in the emergency room, and are looking into tools to monitor patients remotely.

This is NOT new.
It’s Time to Combine Security Awareness and Privacy Awareness
The security and privacy professions have always found kinship over a certain type of risks: the risks involved in securing the personal data that the organization gathers. Privacy pros recognize that part of their responsibility is to designate appropriately secure places to store data, and security pros recognize their responsibility in building and guarding these secure places.
But their risk domains diverge substantially after that: security folks are determined to resist attacks from a variety of malevolent outsiders, including cybercriminals, nation-state hackers, and hacktivists, and to ensure that employees do not expose the organization to these external dangers in the ways they store, transmit, and destroy data. In the security domain, the threats are largely external and they are imposed on the organization against its will. (Though of course, there are also risks posed by employees who through negligence, ignorance, malice, or inattention pose a threat.)
The threats faced by the privacy profession are quite different. Perhaps the greatest difference is that privacy risks are created by the business as it handles personal information in the conducts of its work; such risks are voluntarily chosen, not imposed by an outside actor. They are the risks that arise when you put complicated work in the hands of fallible humans, and very often they involve questions of ethics and judgment that can be genuinely complicated.

Perspective. Basic math?
Small loads from Internet-connected devices all add up
Our always-on devices turn out to consume a lot of power. Do I really need to connect my garage door to the Internet?
It is a subject we have covered before on TreeHugger, where we have noted that every single little smart device has a small electrical drain to run its radio; I calculated that my Hue Smart Bulbs on my dining room table use more energy while they are off than while they are on, and they are not my only Smart devices. It all adds up quickly.
Lance Turner at Renew goes through the list of those little loads that we all have in our homes now, from modems and routers to range extenders, cordless phone base stations and alarm systems.

Why can’t my students be more like Wally? Oh wait, they are!

Tuesday, May 21, 2019

Is gathering data always ‘stealing’ data?
US Warns Chinese Drones May Steal Data: Report
The Department of Homeland Security sent out an alert on Monday flagging drones built in China as a "potential risk to an organization's information", CNN reported.
The US government has "strong concerns about any technology product that takes American data into the territory of an authoritarian state that permits its intelligence services to have unfettered access to that data or otherwise abuses that access," wrote CNN, quoting the DHS alert.
The DHS report did not name any specific Chinese manufacturers, but the southern China-based DJI produces about 70 percent of the world's commercial drones.
"For government and critical infrastructure customers that require additional assurances, we provide drones that do not transfer data to DJI or via the internet," the company added.

Opinion | Your Car Knows When You Gain Weight
Vehicles collect a lot of unusual data. But who owns it?

This comes from failure to RTFM.
DHS Highlights Common Security Oversights by Office 365 Customers
As organizations migrate to Microsoft Office 365 and other cloud services, many fail to use proper configurations that ensure good security practices, the U.S. Department of Homeland Security's (DHS) Cybersecurity and Infrastructure Security Agency (CISA) warns.
According to CISA, customers who used third-parties to migrate email services to Office 365 did not have multi-factor authentication enabled by default for administrator accounts, had mailbox auditing disabled and password sync enabled, and allowed for the use of legacy protocols that did not support authentication.
Although Azure Active Directory (AD) Global Administrators have the highest level of administrator privileges at the tenant level in an Office 365 environment, multi-factor authentication (MFA) is not enabled by default for these accounts, CISA points out.

Spy gooder! Clear security implications.
The Spycraft Revolution
Changes in technology, politics, and business are all transforming espionage. Intelligence agencies must adapt—or risk irrelevance.

How honest should you be? What have you been telling your customers?
Isn’t this what I’ve been saying for more than a decade now?
Now there’s a study that agrees with me. Laurel Thomas-Michigan reports on a study called, “You `Might’ Be Affected: An Empirical Analysis of Readability and Usability Issues in Data Breach Notifications” by Yixin Zou, Shawn Danino, Kaiwen Sun, Florian Schau. She reports:
Building on their previous research that showed consumers often take little action when facing security breaches, researchers analyzed the data breach notifications companies sent to consumers to see if the communications might be responsible for some of the inaction.
They found that 97 percent of the 161 sampled notifications were difficult or fairly difficult to read based on readability metrics, and that the language used in them may have contributed to confusion about whether the recipient of the communication was at risk and should take action.
Read more on Futurity.
You can access the full report in html or pdf from here.

(Related) Dilbert is on point, again.

Are you being paid enough for your data?
Return on Data
Consumers routinely supply personal data to technology companies in exchange for services. Yet, the relationship between the utility (U) consumers gain and the data (D) they supply — “return on data” (ROD) — remains largely unexplored. Expressed as a ratio, ROD = U / D. While lawmakers strongly advocate protecting consumer privacy, they tend to overlook ROD. Are the benefits of the services enjoyed by consumers, such as social networking and predictive search, commensurate with the value of the data extracted from them?

Sure they do…
Microsoft wants a US privacy law that puts the burden on tech companies
Microsoft's idea of a US privacy law would make it easier for people to protect their data.
The company's corporate vice president and deputy general counsel, Julie Brill, wrote Monday that people have a right to privacy, as they become increasingly alarmed by how much data tech giants have gathered on them.
Tech giants like Facebook, Google and Apple have also called for a data privacy law, though the specific details vary. In Microsoft's vision for privacy regulation, it calls for shifting the burden of protecting your data from the person to the tech companies.
Microsoft has the numbers to back up how often people actually take that extra step to protect their own privacy. In the year since GDPR came into effect and Microsoft released its Privacy Dashboard, Brill said more than 18 million people have used those tools.
Considering that there are about 1.5 billion Windows devices, that would mean only 1 percent of Microsoft users have actually changed their privacy settings. Similarly, there were about 2.5 billion visits last year to Google's Accounts page, but only about 20 million people viewed their ads settings.

Architecting the LoC.
Digital Strategy for the Library of Congress
The Library of Congress’s mission is to engage, inspire, and inform the Congress and the American people with a universal and enduring source of knowledge and creativity. To accomplish that mission, the Library is adopting a digital-forward strategy that harnesses technology to bridge geographical divides, expand our reach, and enhance our services. This document describes how we will secure the Library’s position in an increasingly digital world as we realize our vision that all Americans are connected to the Library of Congress.
The Digital Strategy complements the Library’s 2019-2023 strategic plan, Enriching the User Experience, which enumerates four high-level goals: expand access, enhance services, optimize resources, and measure results.
The Digital Strategy describes how we will use each interaction as an opportunity to move users along a path from awareness, to discovery, to use, and finally to a connection with the Library through three main goals: throwing open the treasure chest, connecting, and investing in our future.”

What is that thingie?
Understanding Artificial Intelligence and Machine Learning
The opening session of FPF’s Digital Data Flows Masterclass provided an educational overview of  Artificial Intelligence and Machine Learning – featuring Dr. Swati Gupta, Assistant Professor in the H. Milton Stewart School of Industrial and Systems Engineering at Georgia Tech; and Dr. Oliver Grau, Chair of ACM’s Europe Technology Policy Committee, Intel Automated Driving Group, and University of Surrey. To learn more about the Basics of AI/ML and how Bias and Fairness impact these systems, watch the class video here,
In conjunction with this class, FPF released The Privacy Expert’s Guide to AI and Machine Learning. Covering much of the course content, this guide explains the technological basics of AI and ML systems at a level of understanding useful for non-programmers, and addresses certain privacy challenges associated with the implementation of new and existing ML-based products and services.

Lip service or a basis for legal actions?
US to back international guidelines for AI ethics
Only some countries will support the principles, though.
American companies have fostered ethical uses of AI before. Now, however, the government itself is posed to weigh in. Politico understands that the US, fellow members of the Organization for Economic Cooperation and Development and a "handful" of other countries will adopt a set of non-binding guidelines for creating and using AI. The principles would require that AI respects human rights, democratic values and the law. It should also be safe, open and obvious to users, while those who make and use AI should be held responsible for their actions and offer transparency.
… The guidelines should be released on May 22nd

The Ethics of Smart Devices That Analyze How We Speak
Speech lies at the heart of our social interactions, and we unwittingly reveal much about ourselves when we talk. When someone hears a voice, they immediately start picking up on accent and intonation and make assumptions about the speaker’s age, education, personality, etc. Humans do this so we can make a good guess at how best to respond to the person speaking.
But what happens when machines start analyzing how we talk? The big tech firms are coy about exactly what they are planning to detect in our voices and why, but Amazon has a patent that lists a range of traits they might collect, including identity (gender, age, ethnic origin, etc.”), health(“sore throat, sickness, etc.”), and feelings, (“happy, sad, tired, sleepy, excited, etc.”).

Code faster and cleaner. Maybe.
Microsoft wants to apply AI ‘to the entire application developer lifecycle’
At its Build 2018 developer conference a year ago, Microsoft previewed Visual Studio IntelliCode, which uses AI to offer intelligent suggestions that improve code quality and productivity. In April, Microsoft launched Visual Studio 2019 for Windows and Mac. At that point, IntelliCode was still an optional extension that Microsoft was openly offering as a preview. But at Build 2019 earlier this month, Microsoft shared that IntelliCode’s capabilities are now generally available for C# and XAML in Visual Studio 2019 and for Java, JavaScript, TypeScript, and Python in Visual Studio Code. Microsoft also now includes IntelliCode by default in Visual Studio 2019.

Perspective. A podcast on a hot topic.
Is Amazon Getting Too Big?
In an era when legacy retailers such as Sears and Macy’s are scaling back or going bust, online behemoth Amazon continues to boom. The company is the second-largest retailer in the United States behind Walmart, and last year it became the second company in the world to reach $1 trillion in market capitalization. Perhaps more significantly, it’s also one of the world’s largest tech companies, with reams of data collected from an enormous customer base. Amazon has sold 100 million units of its voice assistant, Alexa, and an equal number of Prime subscriptions. But is Amazon too big?
… “Typically, when you think about antitrust, you think about whether the consumer is worse off. And Amazon has been so far pretty clean on that,” Kahn said, adding that Amazon hasn’t lowered product quality or raised prices. The company also appears to be transparent with its customers.

A possible follow on to our spreadsheet class?
Nine Tutorials for Making Your Own Mobile App
Glide is a service that anyone can use to create a mobile app without doing any coding. Glide lets you take one of your Google Sheets and have the information become a mobile app. It's easy to use and you can get started in minutes.
Glide recently published their own official tutorial videos. Glide offers these eight tutorials that will walk you through each step of using Glide from sign-up through publication of your app.