Think
about this one. With all those huge data breaches, this is the first
time Wall Street thinks a breach is significant (material?) Will
Boards of Directors take notice?
Kate Fazzini reports:
Moody’s has just slashed its rating
outlook on Equifax, the first time cybersecurity issues have been
cited as the reason for a downgrade.
Moody’s lowered Equifax’s outlook
from stable to negative on Wednesday, as the credit monitoring
company continues to suffer from the massive 2017 breach of consumer
data.
“We
are treating this with more significance because it is the first time
that cyber has been a named factor in an outlook change,” Joe
Mielenhausen, a spokesperson for Moody’s, told CNBC. “This is
the first time the fallout from a breach has moved the needle enough
to contribute to the change.”
Where
does ‘just ignorant’ end and negligent begin?
Sean
Gallagher reports:
… cities
aren’t the only highly vulnerable targets to be found by would-be
attackers. There are hundreds of thousands of Internet-connected
Windows systems in the United States that still appear to be
vulnerable to an exploit of Microsoft Windows’ Server Message Block
version 1 (SMB v. 1) file sharing protocol, despite
repeated public warnings
to patch systems following the worldwide outbreak of the WannaCry
cryptographic malware two years ago. And based on data from the
Shodan search engine and other public sources, hundreds of them—if
not thousands—are servers in use at US public school systems.
There
are some “bugs,” that no matter how innocent, smell of conspiracy
or worse.
Deutsche
Bank glitch blocked reporting of suspicious transactions
A
software glitch at Deutsche Bank has for almost a decade prevented
some potentially suspicious transactions from being flagged to law
enforcement authorities, Germany's biggest bank has discovered.
I
need clarification…
Gavin
Reinke of Alston & Bird writes:
The
Georgia Supreme Court recently issued a decision holding that there
is no duty to safeguard personal information from a data breach under
Georgia law. Georgia
Department of Labor v. McConnell involved
the accidental disclosure of a spreadsheet that contained the name,
social security number, home telephone number, email address, and age
of thousands of individuals who had applied for unemployment benefits
or other services offered by the Department of Labor. Case No.
S18G1316, slip op. at 2 (Ga. May 20, 2019). The plaintiff, whose
information was among that which was disclosed, filed a putative
class action against the Department of Labor, alleging claims for
negligence, breach of fiduciary duty, and invasion of privacy.
[From
the blog:
The
Court concluded that the identity theft statute “does not
explicitly establish any duty, nor does it prohibit or require any
conduct act all.” McConnell, slip op. at 10. And the statute that
restricts the disclosure of social security numbers applies only to
intentional disclosures, not negligent disclosures like the one
alleged in the complaint. Id., slip op. at 11.
… This
decision has potentially significant implications on plaintiffs’
attempts to certify nationwide class actions against retailers who
are victims of a data breach based on a negligence theory. It
illustrates that the law of negligence is not uniform across all
jurisdictions, which will make attempts to certify a nationwide class
in data breach cases difficult or impossible.
Do
you suppose people are afraid of lawyers?
Brian
Krebs reports:
Some of the most convincing email
phishing and malware attacks come disguised as nastygrams from a law
firm. Such scams typically notify the recipient that he/she is being
sued, and instruct them to review the attached file and respond
within a few days — or else. Here’s a look at a recent spam
campaign that peppered more than 100,000 business email addresses
with fake legal threats harboring malware.
This
is timely for those of us who tend to get legal threats on an
all-too-frequent basis.
A
scorecard.
GDPR:
One Year Down…Now What?
…
according
to a recent report from the law firm DLA Piper, more than 59,000
personal data-breaches were
notified to regulators between May 2018 and January 2019, yet many
organizations report being unable to achieve anything near 100
percent compliance. In fact, a report released this week shows that
nearly
145,000 complaints and
questions were submitted to EU authorities charged with enforcing
GDPR in the first year.
Another
perspective.
How
Silicon Valley gamed Europe’s privacy rules
… Big
fines and sweeping enforcement actions have been largely absent, as
under-resourced European regulators struggle to define their mission
— and take time to build investigations that will likely end up in
court.
Smaller firms
— whose fortunes were of special concern to the framers of the
region’s privacy revamp — also have suffered from the relatively
high compliance costs and the perception, at least among some
investors, that they can’t compete with Silicon Valley’s biggest
names.
… "Even
after 12 months, the reality is that there is no consensus or clear
harmonization for how data should be processed," said Ahmed
Baladi, co-chair of the privacy, cybersecurity and consumer
protection unit at Gibson Dunn, a law firm in Paris. "We still
need more guidance from national authorities."
The lawyers
have figured it out?
ALI
Principles of Law, Data Privacy
… the
American Law Institute (ALI) has approved the Principles of the Law,
Data Privacy.
“The
Principles seek to provide a set of best practices for entities that
collect and control data concerning individuals and guidance for a
variety of parties at the federal, state, and local levels, including
legislators, attorneys general, and administrative agency officials.”
“The
game’s afoot!”
Irish
regulator opens first privacy probe into Google
Google’s
lead regulator in the European Union, Ireland’s Data Protection
Commissioner, opened its first investigation into the U.S. internet
giant on Wednesday over how it handles personal data for the purpose
of advertising.
The
probe was the result of a number of submissions against the company,
the Irish Data Protection Commissioner said, including from
privacy-focused web browser Brave which complained last year that
Google and other digital advertising firms were playing fast and
loose with people’s data.
Brave
argued that when a person visits a website, intimate personal data
that describes them and what they are doing online is broadcast to
tens or hundreds of companies without their knowledge in order to
auction and place targeted adverts.
… It
said the enquiry would establish whether processing
of personal data carried out at each stage of an advertising
transaction
was in compliance with the landmark European GDPR privacy law
introduced a year ago.
… The
regulator said earlier this month that it had 51 large-scale
investigations under way, 17 of which related to large technology
firms including Twitter, LinkedIn, Apple and a number into Facebook
and its WhatsApp and Instagram subsidiaries.
… The
probe could become a test case into the foundations of the
data-driven model the online ad industry depends on.
Of
interest to us bloggers…
Reddit
Commenter's Fight for Anonynmity Is a Win for Free Speech and Fair
Use
A
fight
over
unmasking an anonymous Reddit commenter has turned into a significant
win for online speech and fair use. A federal court has affirmed
the
right to share copyrighted material for criticism and commentary, and
shot down arguments that Internet users from outside the United
States can’t ever rely on First Amendment protections for anonymous
speech.
Perspective.
It’s
Time for Government to Regulate the Internet
During
the Industrial Revolution, labor organizations, social movements, the
media, and government came together to rein in big business,
providing lessons on how to regulate firms of today like Facebook,
Amazon, and Google, writes SSIR's editor-in-chief in an introduction
to the Summer 2019 issue.
… Many
of the Web’s early supporters believed that it would usher in a
utopian world where the powerless would be on an equal footing with
the powerful. There was no central authority controlling access to
the Web, or regulating who could create a website or what they could
publish. A man living in Des Moines, Iowa, would have the same
ability to reach everyone on the Web as the editors of The New York
Times.
Software
standards for the Web were open, license-free, and controlled by an
international community—a far cry from the top-down profit-seeking
approach to technology then pursued by the likes of IBM, Microsoft,
and Apple. The possibilities for the Web were endless: open
government, open data, open access, free education, and free
information. The new crop of Web-based companies embraced that
belief, arguing that the Internet and Internet-based companies
shouldn’t be regulated. Libertarian ideology reigned.
But
as we all know, the Internet became dominated by these same
rebels—Facebook, Amazon, and Google—all of whom pursued profit
and market dominance as aggressively as Standard Oil or US Steel ever
did. The Internet not only has become dominated by these powerful
companies but also is being used by companies, governments, and
others to gather information on people and to actively misinform
them.
… One
of the organizations that have been fighting for the digital rights
of individuals and society for nearly 30 years is the Electronic
Frontier Foundation (EFF). Much of its efforts have focused on
limiting government control and preserving individual freedom on the
Internet, issues that continue to be important. But other
organizations are beginning to take on business as well.
In
this issue of Stanford Social Innovation Review, we take a close look
at the history of the EFF in our Case Study, “The Invention of
Digital Civil Society.”
Unfortunately,
there’s an App for that.
Anti-Groping
Smartphone App is Popular in Japan
A smartphone app developed by Japanese police is
being widely downloaded by women trying to protect themselves from
gropers on packed rush-hour trains.
The “Digi Police” app was originally issued by
Tokyo police three years ago, but a function to scare off molesters
was only added a few months ago. Since then, the app has reportedly
been downloaded hundreds of thousands of times — unusual for a
government-developed mobile application.
Women in crowded trains and other public places in
Japan often face sexual harassment, but are typically too afraid to
call out for help due to a sense of embarrassment.
With the app, victims can press a “repel groper”
icon to produce a written message saying “There is a groper here.
Please help.” With another press, the message turns red and a
voice repeatedly says, “Please stop!”
Meanwhile, in the US…
HERE’S
WHERE YOU CAN FLIRT WITH A SEXTING AI CALLED SLUTBOT
To
teach people how to responsibly and respectfully flirt and sext, an
iOS app called Juicebox
built
an AI chatbot — aptly named Slutbot.
Slutbot
can break the ice with users before jumping into mechanically-stilted
dirty talk speckled with questions and comments about comfort zones
and consent, according
toThe New York Times.
The. idea of getting
intimate with a chatbot might
seem odd, but the idea is that Slutbot will help people learn to
navigate those conversations without the risk of alienating or
insulting another person.
Background
for my next statistics class. (and interesting)
The
Quantum Random Number Generator
It’s
real. And it will use quantum entanglement to generate true
mathematical randomness. Here’s why that matters.
This has bugged me for some time, so I sent an
inquiry to Google. (Aside from Russia, this looks like a normal
day.)
