Saturday, January 04, 2020

Is educating users enough?
Here’s what you need to know about recent Amazon Ring hacking cases
A California lawsuit filed Dec. 26 details eight alleged instances of Amazon Ring security devices being hacked by strangers who taunted children, yelled racist obscenities or threatened to kill device owners via the two-way speaker system.
… A Ring spokesperson said in a statement to the Deseret News that the company has investigated reported incidents like this one and that “malicious actors” who gained access to account credentials are responsible for the hacking incidents. There is no evidence that Ring’s system or network was compromised, the spokesperson said.
Ring’s statement says, “when the same username and password is reused on multiple services, it’s possible for bad actors to gain access to many accounts.
“Consumers should always practice good password hygiene and we encourage Ring customers to enable two-factor authentication and change their passwords,” the statement reads.
But the Orange lawsuit says Ring is wrongfully placing the blame on users. The company could do more to encourage users to choose strong passwords and set up two-factor authentication; it could also alert users of attempted log-in from unknown IP addresses and require unique account names rather than using e-mail login, the lawsuit claims.

AI is people!
Shenzhen Court Rules AI-Generated Articles are Entitled to Copyright Protection
The Shenzhen Nanshan District People’s Court recently ruled in favor of plaintiff Shenzhen Tencent Computer System Co., Ltd. in their claim for copyright infringement against Shanghai Yingmou Technology Co., Ltd. for an article written by the artificial intelligence (AI) software Dreamwriter.
According to the Legal Daily, the Court stated, the Tencent team members used the Dreamwriter software to generate the article at issue and met the legal requirements to be a written work and accordingly was a legal person’s work created by the plaintiff. Accordingly, the Court ordered the defendant to compensate plaintiff for economic losses and fees associated with the enforcement.
This is believed to be the first copyright case in Guangdong Province related to AI-generated works.

(Related) AI Ain’t people.
EU patent office says only humans can be inventors as it rejects applications for beverage holder and signalling device created by artificial intelligence

Friday, January 03, 2020

Doing less than what was possible and hoping to fly under the hacker radar?
They were obviously not monitoring at an appropriate level’: Before Wawa data breach, Visa warned it could happen
About a month before Wawa disclosed a data breach exposing customers’ credit and debit card numbers, the nation’s largest credit card network warned that hackers were targeting gas stations to steal payment card information.
Visa reported in November that gas stations emerged as attractive targets for cybercriminals because many have been slow to adopt more-secure payment-processing technology. Specifically, Visa said the attacks could continue as long as gas stations used magnetic-stripe readers to accept card payments, instead of devices that take cards equipped with computer chips.
Wawa said this week that it is implementing chip technology at gas pumps and expects all pumps to be upgraded in 2020.
An investigation into Wawa’s data breach is continuing, and it’s unclear how malicious software got on Wawa’s payment-processing servers.
… “Fuel dispenser merchants should take note of this activity as the group’s operations are significantly more advanced than fuel dispenser skimming, and these attacks have the potential to compromise a high volume of payment accounts,” Visa’s fraud unit warned.
Wawa has said malware was on its store systems starting after March 4, about eight months before Visa warned of the attacks on Nov. 14. Wawa said it found the malware on Dec. 10 and contained it by Dec. 12, but by then cardholder names, numbers, and expiration dates used in-store and at gas pumps were compromised. The breach went undetected for roughly nine months.

It is good to see that Yasmin is on the job!
California Consumer Privacy Act ("CCPA")
On Jan 1, 2020, the California Consumer Privacy Act (“CCPA”) finally came to fruition. The act has been criticized for its ambiguity and hasty legislative enactment. Many liken CCPA to GDPR (General Data Protection Regulation of the EU). Even though there are many similarities, these regulations are not identical. If you comply with GDPR, you’re not automatically in compliance with CCPA. It’s important to dive further and work with your legal team to make sure your company is truly set. If you’re sweating about CCPA, it’s time to start moving. We’re currently in the six-month grace period, and you don’t want to be a sitting duck with fines.

As goes California, so goes the Mozilla browser.
Mozilla: All Firefox users get California's CCPA privacy rights to delete personal data
The next version of Firefox will give users a way of requesting Mozilla delete their telemetry data.

Foodal recognition? Toys for those rich enough to have cooks.
Samsung and LG go head to head with AI-powered fridges that recognize food
Get ready for a smart fridge showdown at CES 2020, because Samsung and LG will both be unveiling fridges with added artificial intelligence capabilities this year. Samsung’s latest edition of its Family Hub refrigerator and LG’s second-generation InstaView ThinQ fridge both tout AI-equipped cameras that can identify food. The idea is that the cameras can scan what’s inside and let users know what items they’re short on, even making meal suggestions based on the ingredients they still have.

Talking about AI with my students.
Analytics, AI and Insights: 5 Innovations That Redefined Legal Research Since 2010
Lexis and Westlaw laid the foundations for today’s online research market in the 1970’s and 1980’s. Their dominance in the legal research arena was challenged on two fronts in the 2010’s. First they were challenged by the emergence of two full service competitors: Bloomberg Law and Fastcase. More surprising was the disruptive impact of the disgruntled, entrepreneur lawyers with a good idea and some venture capital who invented some completely new ways of approaching research and delivering insights..

Thursday, January 02, 2020

Special Operations is shifting to Techie Operations. My library reading list.
Hackers will be the weapon of choice for governments in 2020
Indeed, as a new crop of books expertly explain, cyber capabilities are expanding and transforming the old game of statecraft. The Russians are playing right alongside the Americans, Chinese, Iranians, North Koreans, and others in using hackers to shape history and try to bend geopolitics to their will.
Over two decades, the international arena of digital competition has become ever more aggressive,” writes Ben Buchanan, a professor at Georgetown University’s School of Foreign Service, in his upcoming The Hacker and the State. “The United States and its allies can no longer dominate the field the way they once did. Devastating cyber attacks and data breaches animate the fierce struggle among states.”
Meanwhile, Sandworm, a new book by journalist Andy Greenberg, zeroes in on multiple interrelated Russian hacking groups responsible not only for the sprawling campaign against the Olympics but for an impossibly long list of headline-making hacks.
Hacker States, an upcoming book by the British academics Luca Follis and Adam Fish, distinguishes between the different dimensions of destruction. Whether or not a hack achieves a specific technical goal—malware installed, account taken over, data breached—it can undermine public confidence and democracy.

A first. Should employers be required to tell applicants about the law?
Illinois says you should know if AI is grading your online job interviews
Artificial intelligence is increasingly playing a role in companies’ hiring decisions. Algorithms help target ads about new positions, sort through resumes, and even analyze applicants’ facial expressions during video job interviews. But these systems are opaque, and we often have no idea how artificial intelligence-based systems are sorting, scoring, and ranking our applications.
A new Illinois law — one of the first of its kind in the US — is supposed to provide job candidates a bit more insight into how these unregulated tools actually operate. But it’s unlikely the legislation will change much for applicants. That’s because it only applies to a limited type of AI, and it doesn’t ask much of the companies deploying it.
Set to take effect January 1, 2020, the state’s Artificial Intelligence Video Interview Act has three primary requirements. First, companies must notify applicants that artificial intelligence will be used to consider applicants’ “fitness” for a position. Those companies must also explain how their AI works and what “general types of characteristics” it considers when evaluating candidates. In addition to requiring applicants’ consent to use AI, the law also includes two provisions meant to protect their privacy: It limits who can view an applicant’s recorded video interview to those “whose expertise or technology is necessary” and requires that companies delete any video that an applicant submits within a month of their request.

Interesting reading.
The Decade in Legal Tech: The 10 Most Significant Developments
LawSites – Robert Ambrogi – “In legal technology, it was a decade of tumult and upheaval, bringing changes that will forever transform the practice of law and the delivery of legal services. Feisty startups took on established behemoths. The cloud dropped rain on legacy products. Mobile tech untethered lawyers. Clients demanded efficiency and transparency. Robots arrived to take over our jobs. “Alternative” became a label for new kinds of legal services providers. An expanding justice gap fueled efforts at ethics reform. Investment dollars began to pour in. Data got big.
Every year, I write a year-end wrap-up of the most significant developments in legal technology. But as we reach the end of a decade, I decided to look back on the most significant developments of the past 10 years. Looking back, it may well have been the most tumultuous decade ever in changing how legal services are delivered. (Here are my prior years’ lists of the most important developments: For several years now, I’ve closed out the year with a round-up of the 10 most important legal developments 2018, 2016, 2015, 2014, 2013. In 2017, I bypassed the list to focus on a single overarching development, The Year of Women in Legal Tech.)…”

The pursuit of freebies!
Movies, Music, and Books That Enter the Public Domain in 2020
Gizmodo: “[January 1, 2020] isn’t just a day to nurse your hangover from New Year’s Eve—it’s also a day to celebrate the public domain. Movies, books, music, and more from 1924 are all entering the public domain today, meaning that you’re free to download, upload, and share these titles however you see fit. And it’s completely legal. Some titles from 1924, like the movie The Thief of Baghdad, already entered the public domain because there were stricter rules about registering copyright before the 1970s. If a copyright holder forgot to renew a copyright or put a mandatory copyright notice on their work, it could slip into the public domain accidentally. But there are plenty of other works that finally lose their copyright-protected status on January 1, 2020, like classic movies from silent-era comedians Buster Keaton and Harold Lloyd. There are also books from Thomas Mann and E. M. Forster, and an English translation of We by Yevgeny Zamyatin, a pioneering dystopian science fiction novel from the Soviet Union. Even George Gershwin’s song “Rhapsody in Blue,” one of the most famous songs of the 20th century, finally becomes public domain today. While the list below, inspired by the work of Duke Law’s Center For the Study of the Public Domain and the Public Domain Review, may not be comprehensive, it’s a good place to start.

Wednesday, January 01, 2020

CO: Aurora Water announces data breach involving Click2Gov payment system
Janet Oravetz reports:
Personal information of some Aurora Water customers, such as names, card numbers and expiration dates, may have been compromised through a data breach, according to the city’s water department.
The department made an announcement about the security incident on Monday and said customers who used the Click2Gov payment system to make one-time payments or set up recurring payments between Aug. 30 and Oct. 14 were impacted.
Read more on 9News.

Let’s face it...
Fight against facial recognition hits wall across the West
Face-scanning technology is inspiring a wave of privacy fears as the software creeps into every corner of life in the United States and Europe — at border crossings, on police vehicles and in stadiums, airports and high schools. But efforts to check its spread are hitting a wall of resistance on both sides of the Atlantic.
One big reason: Western governments are embracing this technology for their own use, valuing security and data collection over privacy and civil liberties. And in Washington, President Donald Trump’s impeachment and the death of a key civil rights and privacy champion have snarled expectations for a congressional drive to enact restrictions.
The result is an impasse that has left tech companies largely in control of where and how to deploy facial recognition, which they have sold to police agencies and embedded in consumers’ apps and smartphones.

The joy of universal ID?
Man endures ‘living hell’ as Aadhaar card is put online
He was told while his Aadhaar number could not be changed, it could be cancelled and that he should do so. However, Dhapre was reluctant to cancel his number it since it was linked to his legitimate accounts as well, and doing so would throw his life into turmoil.
They wanted me to lodge a complaint for every single fraudulent transaction. That is an impossible task. They need to have a better solution to my problem as I am suffering for no fault of my own.”

Since no one complained, we went hunting ourselves.
Belgian Supervisory Authority Imposes Cookie Fine
On December 17, 2019, the Belgian Supervisory Authority (“SA”) imposed a fine of € 15,000 on an SME operating a legal information website that welcomes approximately 35,000 unique visitors a month. Interestingly, in the apparent absence of any actual complaints submitted to the SA, it carried out this enforcement action on its own initiative.
In a 43-page decision, the SA explained that the company in question was fined because:

Papers for techies.
2019 in Review: 10 AI Papers That Made an Impact
The volume of peer-reviewed AI research papers has grown by more than 300 percent over the past three decades (Stanford AI Index 2019 ), and the top AI conferences in 2019 saw a deluge of paper. CVPR submissions spiked to 5,165, a 56 percent increase over 2018; ICLR received 1,591 main conference paper submissions, up 60 percent over last year; ACL reported a record-breaking 2,906 submissions, almost doubling last year’s 1,544; and ICCV 2019 received 4,303 submissions, more than twice the 2017 total.
As part of our year-end series, Synced spotlights 10 artificial intelligence papers that garnered extraordinary attention and accolades in 2019.

Tuesday, December 31, 2019

Somehow, this report does not give me a warm, fuzzy feeling. What happened? Did they only look for evidence that Russia interfered?
Feds: No Evidence Hackers Disrupted North Carolina Voting
A federal investigation didn’t turn up any evidence that cyber attacks were responsible for computer errors that disrupted voting in a North Carolina county in 2016, according to a report issued Monday.
The U.S. Department of Homeland Security’s report said it didn’t identify any malware or remote access to the Durham County Board of Elections systems that it analyzed.
Laptops used in some Durham County precincts on Election Day in November 2016 showed inaccurate data to poll workers, such as erroneously identifying voters as having already voted and identifying registered voters as being unregistered.

Even a lawyer should have figured this out.
Vadodara lawyer loses Rs 70,000 in cyber fraud, many more cheated.
Dave said that he had received a message on WhatsApp from one Naveen Kumar on December 25 asking him for registration of his marriage. Kumar told Dave that he had found his number through a search portal providing contact details of different service providers.
Dave responded to Kumar on Saturday and informed him about the documents which he would need for registration. During the conversation, Kumar told Dave that he works in the Indian Army currently posted in Delhi and would be coming to Vadodara on January 1. When Dave said that he would charge Rs 5,000 for the registration and asked him to transfer money through Google Pay, Kumar said that he will have to verify first.
Kumar asked him to transfer Rs 20,000 in his army camp’s bank account saying he would transfer it back. “I transferred Rs 20,000 four times but every time he said that the transaction has failed and no money was received by him. I then transferred just Rs 10,000,” Dave told TOI. Although he received an sms intimating that Rs 90,000 had been debited from his account, he got only Rs 20,000 back. “I have only received sms of credit, but there is no entry of it in my passbook,” Dave said.
As Dave informed about this fraud in a WhatsApp group of lawyers, several other lawyers came forward saying that they too were conned similarly.

It ain’t easy.
How to spot a bot (or not)
First Draft – The main indicators of online automation, co-ordination and inauthentic activity. “First Draft has put together a number of indicators that might suggest — but not proof — automated activity online. Bot detection is no simple task… From talking with academics and researchers, studying  the work of others, and carrying out our own investigations, First Draft has put together a list of indicators to help anyone identify suspicious online activity. The list of indicators is broken down by category: the account’s pattern of activity, account information, content posted by the account, and network of other accounts it may be a part of. Within each category are different metrics which are red flags for automation…”

Just another tool. (Where would Amazon see your hands?)
Amazon files patent for tech to identify you using the veins in your hand
USA Today: “What if you could pay for your groceries using your veins? Amazon filed a patent for technology that could identify you by scanning the wrinkles in the palm of your hand and by using a light to see beneath your skin to your blood vessels. The resulting images could be used to identify you as a shopper at Amazon Go stores. It was previously reported that the Seattle-based tech giant might install these hi-tech scanners in Whole Foods grocery stores. However, the U.S. Patent and Trademark Office published an application on Thursday that suggests the e-commerce behemoth sets its sites on Amazon Go stores. Many of the inventors named on the application include Amazon Go executives such as vice president Dili Kumar and senior manager Manoj Aggarwal. Engineer Nikolai Orlov, who previously lead Amazon Go projects, was also listed as an inventor…”

On the other hand, technology works both ways.
Will the digital age kill off spying? CIA in crisis as facial recognition, biometrics and AI make it increasingly difficult for agents to maintain their cover abroad
  • Some foreign governments no longer see the need to physically follow CIA officers because facial recognition and surveillance is so advanced
  • U.S. intelligence agencies are facing a growing crisis because developments in technology are making it increasingly more difficult to conceal operatives
  • Given the advances in technology, some intelligence officials across the world are now simply hiding in plain sight using their real identities

For the first time, 
the internet in 2020 will account for more than half of both U.S. and worldwide ad spending.
That’s a key takeaway from Ad Age Marketing Fact Pack 2020, our annual guide to marketers, media and agencies. You can download a free 
copy at

For my students, mostly.

Monday, December 30, 2019

The camera seems to see a lot!
Wyze leaks personal data for 2.4 million security camera users
You buy a home monitoring camera to improve your security, but Wyze customers might have wound up achieving the opposite. The company, which makes $20 security cameras to pepper around your home, has admitted that data on more than 2.4 million users has been exposed. A database was left exposed, allowing people to access key pieces of data, although financial information was not included.
The issue was uncovered by consulting firm Twelve Security, who announced that sensitive user data had been left exposed on the internet. This included a staggering array of personal information including email addresses, a list of cameras in the house, WiFi SSIDs and even health information including height, weight, gender, bone density and more.
Wyze says it is investigating what happened and how the leak occurred, and that it plans to send an email notification to affected customers. In the meantime, if you have a Wyze account it's a good idea to change your password and turn on two-factor authentication.

Will they also look for missed deductions? (Mais non, mon ami.)
French court clears social media tracking plan in tax crackdown
France’s government can pursue plans to trawl social media to detect tax avoidance, its Constitutional Court ruled on Friday, although it introduced limitations on what information can be collected following a privacy outcry.
Customs and tax authorities will be allowed to review people’s profiles, posts and photographs on social media for evidence of undeclared income or inconsistencies.

Just to see if I agree with the list.
Top 10 Privacy Law Developments of the Decade 2010-2019

I told you I liked lists, even ones with some silly items.
52 things I learned in 2019
Emojis are starting to appear in evidence in court cases, and lawyers are worried: “When emoji symbols are strung together, we don’t have a reliable way of interpreting their meaning.” (In 2017, an Israeli judge had to decide if one emoji-filled message constituted a verbal contract)
Placebos are so effective that placebo placebos work: A pain cream with no active ingredients worked even when not used by the patient. Just owning the cream was enough to reduce pain.
Mechanical devices to cheat your phone pedometer (for health insurance fraud or vanity) are now all over AliExpress.
Using machine learning, researchers can now predict how likely an individual is to be involve in a car accident by looking at the image of their home address on Google Street View.

To AI or not to AI...
When Is It Ethical to Not Replace Humans with AI?
There are legitimate questions about the ethics of employing AI in place of human workers. But what about when there's a moral imperative to automate?
It is by now, well-known that artificial intelligence will augment the human worker and, in some instances outright take jobs once handled by humans. A 2019 report indicated that 36 million U.S. workers have “high exposure” to impending automation. For businesses, the opportunities of AI mean they must scrutinize which tasks would be more efficiently and cost-effectively performed by robots than by human employees, as well as which ones should combine human and AI resources.
Based on my own experiences as an AI strategist, I can identify at least three broad areas where the ethics of employing AI are not only sound but imperative:
1. Physically dangerous jobs
2. Health care
3. Data-driven decision-making

Sunday, December 29, 2019

Is it more profitable to release the product and wait for the lawsuits than to get it right before release?
Amazon, Ring hit with lawsuit over security camera hacking
Ring security cameras continue to be hacked, leaving victims, including children, terrified. Now, the company and its parent, Amazon, are facing a lawsuit in federal court.
The two companies are being sued for negligence, invasion of privacy, breach of implied contract, breach of implied warranty and unjust enrichment. According to the lawsuit, which was filed in the U.S. District Court for the Central District of California, the companies have known about the insufficiency of the system's security.

Expect a well considered law.
Canada Signals Overhaul of Data Privacy
Canadian Prime Minister Justin Trudeau has signaled his intent to overhaul data privacy within Canada. Prime Minister Trudeau recently sent a Mandate Letter to Navdeep Bains, the Minister of Innovation, Science and Industry, that contained a number of mandates with respect to data privacy. Specifically, the Mandate Letter states that Minister Bains is expected to work with the Minister of Justice, Attorney General of Canada and the Minister of Canadian Heritage to advance Canada’s Digital Charter and enhance powers for the Privacy Commissioner, in order to establish a new set of online rights, including:
  • the ability to review and challenge the amount of personal data that a company or government has collected;
  • the ability to be informed when personal data is breached with appropriate compensation; and,
  • the ability to be free from online discrimination including bias and harassment.

Automate lawyers not paralegals!
How A.I. Can Help Your Legal Practice
Artificial Intelligence (A.I.) is changing the landscape of the practice of law.
From e-Discovery to A.I. contract software, A.I. is impacting legal practices. A.I. is now capable of a more involved role in litigation, such as:
  • Drafting pleadings
  • Legal research
  • Process and analyze large volumes of data
  • Manage contracts more efficiently
  • Predict the likely outcomes of legal proceedings
Some law firms have been slow to adapt to the advantages that A.I. brings. The fear that they are replacing the work of attorneys is unfounded.

Looks like there is more to argue about.
Ethics and Artificial General Intelligence: Technological Prediction as a Groundwork for Guidelines
Artificial General Intelligence (AGI) is the possible future of computer systems which are as capable as humans across a broad range of intellectual requirements. In order to establish an ethical position or guidelines for the development of AGI, it is important to explore anticipated characteristics about the emergence of AGI: How sudden it could be (jolt), how soon it could be (timing), and how dangerous it could be (risk). By extrapolating today's trends in development and limitations of current AI algorithms, informed speculation can help set ethical positions and guidelines on the proper course. This paper concludes that the emergence of AGI will be gradual, soon, and only moderately dangerous and begins to address how ethical issues will change as AGI emerges from narrow AI.

Defining AI in Policy versus Practice
Recent concern about harms of information technologies motivate consideration of regulatory action to forestall or constrain certain developments in the field of artificial intelligence (AI). However, definitional ambiguity hampers the possibility of conversation about this urgent topic of public concern. Legal and regulatory interventions require agreed-upon definitions, but consensus around a definition of AI has been elusive, especially in policy conversations. With an eye towards practical working definitions and a broader understanding of positions on these issues, we survey experts and review published policy documents to examine researcher and policy-maker conceptions of AI. We find that while AI researchers favor definitions of AI that emphasize technical functionality, policy-makers instead use definitions that compare systems to human thinking and behavior. We point out that definitions adhering closely to the functionality of AI systems are more inclusive of technologies in use today, whereas definitions that emphasize human-like capabilities are most applicable to hypothetical future technologies. As a result of this gap, ethical and regulatory efforts may overemphasize concern about future technologies at the expense of pressing issues with existing deployed technologies.

This article seems to suggest that there is nothing special (nor especially risky) about AI. Just keep using the same checklist. I’ll have to think about that a bit,
HIPAA Compliance and AI Solutions
… Part of the issue with securing data is the amount of data that is collected from users on a daily basis. The healthcare industry is adopting new technologies while forgetting about the security measures that need to be in place. When implementing new technology healthcare organizations must consider HIPAA compliance.

FAMGA spent a decade acquiring AI companies
As I wrote last Monday, AI has made 10 years of steady gains...and each member of FAMGA (Facebook, Apple, Microsoft, Google, Amazon) is now an AI company.

Prosecuting the Terminator?
Models of Criminal Liability of Artificial Intelligence: From Science Fiction to Prospect for Criminal Law and Policy in Vietnam
The Industrial Revolution 4.0 (4IR) reflects combination of technologies in physics, digitalisation and biology, shaping a modern world of information technology where virtual and real systems are integrated through worldwide internet connection networks. Intelligence (AI) and decision making process have seen profound changes. The relevant question is whether criminal liability is applicable to AI entities in the near future given criminal law in many jurisdictions including Vietnam has provided for criminal liability of legal persons as “abstract entities”. On this basis, from the criminal law and science fiction approach, the paper initially assumes AI entities as subjects of crimes to explore possible models of criminal liability applicable to AI entities and prospect for changes of criminal law and policy in Vietnam in the future, making recommendations on improvement of legal framework, contributing to crime prevention and protection of human rights in the industrial revolution 4.0.

Intellectual Property Law and Post-Scarcity Society
Rapid technological progress has shifted discussion of the possibility of "post-scarcity society" from science fiction novels and utopian manifestoes to the pages of our newspapers and now to our law reviews. Commentators imagine a world in which three-dimensional printing, advanced robotics, synthetic biology, and artificial intelligence will enable the low-cost at-home manufacture of nearly all commodities and provision of nearly all services. This lecture considers the implications of postscarcity society for law and specifically for intellectual property law. It focuses on the likely social role of intellectual property law in a post-scarcity society and on the ways in which intellectual property law will likely work to undermine the socially progressive promise of post-scarcity.