Saturday, April 04, 2020

What would Russia target?
Nation-State DDoS Attacks May Be the “New Normal”; Leaked Documents Reveal Russia’s FSB Is Seeking to Build a Massive IoT Botnet
Documents obtained from the Russian military by a hacking group indicate that the country’s Federal Security Service (FSB) is actively working on building a giant Internet of Things (IoT) botnet. The documents specifically reference the infamous Mirai botnet as a source of inspiration, indicating that the country is seeking the ability to direct crippling distributed denial of service (DDoS) attacks against rivals.

Mission creep’ is inevitable. Some people notice but most of those who should be informed won’t get the word.
Joe Cadillic frames an app somewhat differently than law enforcement does, no doubt. He writes:
How do you encourage people to turn against each other during the COVID-19 pandemic?
The answer is not that complicated, especially if you live in the City of Bellevue, Washington.
Four years ago, when the city created the MyBellvue app, it was touted as being a quick and easy way to report things like downed street signs, potholes, street light issues and noise complaints. Fast forward to 2020 and public fears of COVID-19 have encouraged law enforcement to turn neighbors into government snitches.
Read more on MassPrivateI.

This privacy stuff is spreading as fast as the Corona virus.
Hogan Lovells Asia Pacific Data Protection and Cyber Security Guide 2020
What do you need to be doing to prepare your organization for the future? Our Asia Pacific Data Protection and Cyber Security Guide 2020 takes you through the developments and key initiatives of APAC countries and discuss the implications of an ever-shifting landscape.
Please click here to download the full version of the Asia Pacific Data Protection and Cyber Security Guide 2020.

Would stockholders expect anything less?
How Tech’s Lobbyists Are Using the Pandemic to Make Gains
Last month, lobbying groups representing advertising giants like Google and Facebook asked California’s attorney general to wait to enforce the state’s new online privacy rules given the coronavirus ripping around the world.
In Washington, lobbyists representing cloud computing giants like Amazon pushed for more money to help federal employees work remotely.
And Uber began reframing a longtime campaign to avoid classifying its drivers as full-time employees through the urgency of a mounting public health crisis.
The coronavirus has created an opportunity for tech companies and their lobbying operations to quietly push for long-held goals in the frantic political and economic environment created by the outbreak.

Hoping to addict a few more subscribers?
You Can Now Watch HBO Shows for Free
Starting from April 3, you can watch some HBO shows, movies, and documentaries for free through HBO NOW or HBO GO. In all, HBO is giving away almost 500 hours of programming “for a limited time,” but at least until the end of April.
You’ll be able to stream this content without an HBO subscription on or, or by downloading the HBO NOW or HBO GO apps. It will also be made available via “participating distribution partners’ platforms” in the coming days.

Friday, April 03, 2020

No ‘time out’ for privacy.
The CCPA Ripple Effect in the Enterprise: How to Prepare
The CCPA states that a consumer has the right to sue if their data is leaked during a breach and it is found that the company did not “implement and maintain reasonable security procedures and practices appropriate to the nature of the information.” This means that a data breach will not only result in a loss of consumer trust, it will come with heavy financial consequences. As it stands, the typical costs of a cyberattack (which includes IT response, forensics and recovery, insurance and notification) already averages around $1.67 million. Now companies need to be prepared for the additional financial burden of litigation and settlement payouts.
The biggest mistake companies can make at this juncture would be to assume there is a lot of time before regulations like CCPA affect the enterprise realm. The advent of CCPA is an indication of a shift in the tide of government regulation as a whole. When GDPR was created, one of the key objectives was to fix the fragmented regulation landscape caused by different national laws in the EU, in order to provide legal clarity for both individuals and businesses. Similarly, the US will soon find its way to a regulation that is unified and absolute across all industries. This may, in fact, happen sooner than expected as state-level laws are already being called into question for effectiveness and enforceability.

Coronavirus: The role of AI in the ‘war’ against epidemics and pandemics
In a 2015 TED Talk titled The next outbreak? We’re not ready. Bill Gates used computer models to predict that a pathogen as virulent as the 1918 Spanish flu would kill 33 million people worldwide in just nine months. Gates laments that governments regularly conduct war simulations to test their preparedness, “war games”, but not pandemic simulations, “germ games”.

Perspective. We should have seen this coming.
Consumers spent record $23.4 billion on apps in Q1 2020, thanks to being stuck indoors
Time spent in mobile apps has been surging, as people stuck at home due to the coronavirus outbreak have been turning to apps to do their shopping, manage their finances, find new exercises, work from home and stay entertained. According to new data from App Annie, released today, Q1 2020 was the largest-ever quarter in terms of consumer spend on apps. In addition, the average weekly time spent in apps and games worldwide was up 20% year-over-year in the quarter, based on an analysis of Android devices.

Thursday, April 02, 2020

Pandemic math:
Corona 19 = the 1st bottle in the 4th six-pack

It’s not surveillance, it’s medicine. It won’t be surveillance until the pandemic is over.
European experts ready smartphone technology to help stop coronavirus
A group of European experts said on Wednesday they would soon launch technology for smartphones to help trace people who had come into contact with those infected with coronavirus, helping the health authorities act swiftly to halt its spread.
The initiative proposes keeping a record of when a smartphone comes in close range with another, so that should an individual test positive for the virus, others at risk of infection can be quickly identified.
The ability to track down those at risk of infection more accurately could make it possible to ease country-wide lockdowns that have brought economic activity in many countries to a near halt.
The European initiative, called Pan-European Privacy Preserving Proximity Tracing (PEPP-PT ), follows the successful use of smartphones in some Asian countries to track the spread of the virus and enforce quarantine orders, although their methods would violate strict European data protection rules.

Time for some serious technical reading?
Open Access to ACM Digital Library During Coronavirus Pandemic
March 30, 2020 – “Dear ACM Members: As the coronavirus/COVID-19 pandemic continues, we at ACM would like to do what we can to help support the computing community. Many computing researchers and practitioners are now working remotely. In addition, teaching and learning have also moved online as more and more campuses close. We believe that ACM can help support research, discovery and learning during this time of crisis by opening the ACM Digital Library to all. For the next three months, there will be no fees assessed for accessing or downloading work published by ACM. We hope this will help researchers, practitioners and students maintain access to our publications as well as increasing visibility and awareness of ACM’s journals, proceedings and magazines. Please be sure to inform your colleagues that the ACM DL is now open, and will continue that way through June 30, 2020.

Another perspective.
Free PDF download: Managing AI and ML in the enterprise 2020
As artificial intelligence (AI) and machine learning (ML) initiatives reshape critical sectors, CXOs need to understand the ethical issues of using AI and ML at their operations. ZDNet and TechRepublic published a PDF ebook: Managing AI and ML in the enterprise 2020, which examines how companies manage, benefit from, and make ethical decisions regarding their AI and ML usage.

Perhaps they should hire a lawyer?
Shanghai judicial courts start to replace clerks with AI assistants
That initiative started on Wednesday under a pilot programme in Shanghai, where 10 courts replaced clerks with AI assistants to transcribe case notes, pull out files and present digitised evidence, according to a report by Legal Daily.
Replacing manual records with recordings and automated transcribing, using voice recognition [technology], will greatly improve efficiency in courtrooms,” said Wang Jian, the presiding judge of the Xuhui District People’s Court of Shanghai, in the report. “It also helps reflect statements made in court in a more accurate and comprehensive manner.”

A little magic?
The first Harry Potter audiobook voiced by Stephen Fry is now free to stream
Harry Potter and the Philosopher’s Stone, which was released as Harry Potter and the Sorcerer’s Stone in the US, is now free to stream on Audible. It’s part of a series of initiatives launched by JK Rowling and friends to keep everyone entertained while they’re cooped up at home. Better yet, it’s the version narrated by Stephen Fry, which has previously been difficult to legally access in the US.
Meanwhile, if you’d like to listen to the audiobook, then you can do so over at Unfortunately the offer is streaming only (with no option to download), so you’ll need to make sure you’ve got a somewhat stable connection to the internet during its nine and a half hour runtime.

Why not?
International Treasure Dolly Parton Will Now Read Us Bedtime Stories
Nashville Scene – The superstar’s Goodnight With Dolly video series is exactly what we need right now – “It’s no small thing to find comfort and solace in a time of widespread panic. Most of us have never experienced a global pandemic of this scale in our lifetimes. As we responsibly limit our interactions with others by sheltering in place, it’s easy to feel isolated, lonely and afraid. Dolly Parton isn’t giving up on us. The Tennessean who gave us “Jolene,” who gave us “I Will Always Love You,” who is one-third of the glorious feminist comedy 9 to 5, who sends books to 850,000 children per month — the heroic angel Dolly Parton will read us bedtime stories when we need them most. The legend will kick off a 10-book video series at 6 p.m. on Thursday, April 2, with The Little Engine That Could, and will continue weekly with other titles from Dolly Parton’s Imagination Library...

Wednesday, April 01, 2020

Just saying…
Threats to Democracy Spread with the Virus, We Must Keep Both in Check
As the coronavirus pandemic has spread to all regions of the world, we have begun to see governments respond predictably to the threat by agitating for increased authority. The worst of these, the Hungarian proposal, was easily enacted into law yesterday, setting a terrible precedent for other countries, in the West and around the world. At a time when democracy and rule of law are already weakened, these assertions of power should raise serious concerns, as leaders seek greater power in the short term without pausing to consider possible effects in the long term.
The pandemic has already been compared to 9/11 in terms of the havoc it will wreak on our lives, but the comparison should extend to the havoc it will wreak on democracy if we hand governments broad power without regard for individual rights and the need for oversight. Of course, it’s natural for a government to seek additional authorities in an emergency situation, especially a public health emergency like this one, which requires dramatic restrictions on daily life to stop the spread of the virus. But even during emergencies, certain rights can never be curtailed, such as the right against torture or inhuman treatment, according to international human rights law.

(Related) Looking the other way.
Microsoft president calls Washington state’s new facial recognition law ‘a significant breakthrough’
Microsoft President Brad Smith took a break from responding to the COVID-19 outbreak Tuesday to praise Washington state’s landmark facial recognition regulations. Washington Gov. Jay Inslee signed a bill Tuesday that establishes rules specifically governing facial recognition software.
Smith called the law an “early and important model” and “a significant breakthrough” in a blog post published Tuesday. Some cities have enacted their own facial recognition rules, but Washington is the first to establish statewide regulations.

The Privacy world is constantly changing.
Update of Japan’s Privacy Law Approved by Cabinet
… The reported goals of the bill include, for example: (i) broadening data subjects’ powers to exercise control over their data; and (ii) to establish a system to facilitate corporation’s internal use of “big data.”

Tuesday, March 31, 2020

Have I got your attention now?
Virgin Media faces £4.5BILLION compensation payout after data breach left personal details of 900,000 customers online for 10 months, lawyers say
Your Lawyers, a firm based in Chesterfield, Derbyshire, has offered to help people who had their full names and contact details released get up to £5,000 each.
Earlier this month Virgin Media said the breach occurred because its database was incorrectly configured, allowing unauthorised access to one third-party.
The information was accessible from April 2019 until February 28, 2020.

How would you secure your data to avoid another massive fine?
Marriott data breach exposes personal data of 5.2 million guests
Contacts details, loyalty account information, company, gender, birthday, partnerships and affiliations and room preferences were among guests’ details accessed between mid-January and February 2020.
Marriott said this unexpected amount of information was accessed using the login credential of two employees with an application built to provide guest services.
This is the second major data breach involving the hotel chain after the company was fined £99 million for an incident involving 339 million guests.

Why we teach Forensics…
Digital Investigations Remain a Major Challenge for Law Enforcement
Conducting digital investigations remains a major challenge for most law enforcement agencies around the world, a new report by Israeli mobile phone data company Cellebrite has found.
Their study, entitled the 2020 Digital Intelligence Benchmark Report, collected data from over 2,000 law enforcement officers in more than 110 countries.
[From the study:
  • 6 out of 10 devices that reach the lab are locked.
  • 90% of cases involve smartphones as the main evidence source.
  • Locked devices and extracting data from encrypted apps are the two biggest challenges facing examiners.

If you don’t think it is worth backing up, why do you keep it?
45% of Indians do not back up their data, files: Survey
Nearly half of Indians do not back up because they think their data or files are not important enough and most of those who back up their data, do it once a month, a survey said on Monday.

I’ll ask again. Is there a baby in that bath water?
The surveillance profiteers of COVID-19 are here
Our worlds are so upside-down and backwards right now that Wired claims Surveillance Could Save Lives Amid a Public Health Crisis, and privacy activist Maciej Cegłowski flat-out stated We Need A Massive Surveillance Program.
These normally privacy-forward sources are saying this in response to the pandemic, obviously. But it's also because companies that track, target, identify and surveil individuals are pitching their technologies to ID and trace the infected — in shady backroom discussions with the White House.

Not complete, but it’s a start. I recommend Calibre ( to hold and organize the ebooks you download.
Bored and on a budget? Here’s how to read for free while social distancing
In the past week, publishers and audio entertainment companies have offered a deluge of free e-books and audiobooks to keep readers of all ages engaged while they're hunkered down at home.
For audiobook fans, Penguin Random House Audio is among those offering free listens for families, including "The Wonderful Wizard of Oz" by L. Frank Baum.
Here's a roundup of where you can find free books and listens from home in the weeks ahead.

(Related) Some background music while you read?
Here Are All the Live Streams & Virtual Concerts to Watch During Coronavirus Crisis (Updating)

Monday, March 30, 2020

If it’s in the news, phishers will design an email around it.
Phishing Attacks Increase 350 Percent Amid COVID-19 Quarantine
The world is in quarantine, and everything is in disarray. The COVID-19 outbreak has greatly increased our usage and reliance on the internet, giving hackers more opportunities to scam people with malware and phishing attacks.
According to a report from Google, these nefarious actors are proving to be very successful. Google found there were 149,195 active phishing websites in January. That number rose by 50 percent in February to 293,235 websites. Now, in March, there are 522,495—a 350 percent increase since the beginning of the year.

Think about his now. We’ll see if the court agrees with you. (I used to follow the capabilities of satellite surveillance, now it seems drones or even smartphones are taking the lead.)
Jennifer Lynch of EFF writes:
Should the fact that your neighbors can see the outside of your house mean the police can use a camera to record everything that happens there for more than five months? We don’t think so either. That’s why we joined ACLU, ACLU of Massachusetts, and the Center for Democracy & Technology in filing an amicus brief last week in the Massachusetts Supreme Judicial Court arguing the Fourth Amendment and Massachusetts’s state equivalent protect us from warrantless video surveillance of our homes.
In Commonwealth v. Mora, Massachusetts State Police secretly installed several cameras high up on utility poles in front of Nelson Mora and Randy Suarez’s homes. These “pole cameras” allowed officers to watch video feeds of the two homes (and by extension everyone going in and out of the homes) in real time, remotely control angle and zoom functions, and zoom in close enough to read license plates. Officers recorded the footage over a period of several months, which allowed them to go back, search through, and review footage at their convenience. They never got a warrant to install the cameras, and the extended surveillance was not subject to any court oversight.
Mora and Suarez moved to suppress the video surveillance, arguing the use of the cameras violated the Fourth Amendment and article 14 of Massachusetts’s Declaration of Rights, which prohibit unreasonable searches.
In our amicus brief, we asked the court to recognize, as the Supreme Court did in U.S. v Carpenter, that, just as collecting cell phone location data over time reveals sensitive information about people, using stationary video surveillance to record all activity in front of a person’s home for months implicitly reveals so much more private, sensitive, and intimate information than the public sees merely walking by the house from time to time. Using this invasive surveillance, the police could learn or infer private relationships, medical information, and political or religious beliefs. And, as with the collection of location data, technological advances make video surveillance cheap and easy for law enforcement to implement, removing the practical privacy protections that existed when the police had to rely on physical surveillance such as covertly positioning actual officers in front of a house (and paying those officers their full salaries).
Our brief also informed the court about recent advances in camera technology and digital storage and search. Cameras can now hone in on small details with startling accuracy. For example, one company has released a camera small enough to fit on a drone that can identify a face from 1,000 feet and read serial numbers on appliances from 100 feet. Casinos are using cameras that can read text messages off phones. And Logan Airport has a camera that can see any object a centimeter and a half wide from a distance of more than one and a half football fields. Digital storage and search capabilities also now make it possible for police departments to hold on to surveillance footage for a long time and to search through footage easily using keyword searches for categories like gender, age, and “appearance similarity.” Even though the cameras that focused on Mora and Suarez’s homes did not have all of these capabilities, the U.S. Supreme Court has instructed that courts should take into consideration technology that is currently in use or in development in conducting their Fourth Amendment analysis.
Finally, we noted that secret video surveillance like this disproportionately impacts minority and poorer communities. The prosecutors in this case argued that Mora and Suarez did nothing to hide their homes from public view, so they couldn’t expect privacy from government surveillance that would in essence “see” the same thing that a worker on the top of a utility pole could see. However, utility poles commonly rise 20-40 feet in the air. Only the very wealthy can live in communities where their properties are either set back so far from these poles as to be hidden from view or the utilities are buried underground. Without the financial resources to live in neighborhoods and homes like this, under the government’s arguments, those with less means would face forced diminishment of their privacy expectations and disproportionate surveillance in direct proportion to their income level.
The Massachusetts Supreme Judicial Court planned to hear this case on April 7, 2020, but that date has been extended, given the current COVID 19 crisis. We will update this post when the court issues its opinion.

Another version…
Greek Data Protection Authority Issues Guidelines on Data Protection and Coronavirus

Let the ranting begin!
Public Officials Can’t Block Critics from Official Social Media Accounts
Last week, the U.S. Court of Appeals for the Second Circuit denied the Trump administration’s request for full court review of last year’s decision holding that the president violates the First Amendment when he blocks critics from his @realDonaldTrump Twitter account. The denial leaves the original panel’s decision in place, with important implications for the public’s right to access and interact with public officials’ social media accounts. The Second Circuit’s action is especially welcome now, at a moment when many Americans are especially reliant on public officials’ social media accounts—and on other official social media accounts—for information about the COVID-19 pandemic and about the government’s response to it.

Something for my nephew, the history major. (Writing a paper comparing Corona to the Spanish Flu)
C-SPAN Classroom Offers New Lessons on the Economic Impact of COVID-19
C-SPAN Classroom is a free resource that anyone who teaches U.S. History or civics should have bookmarked. I've written about many of their great resources and programs over the years including their annual student video contest and annual summer workshops for teachers.
C-SPAN Classroom recently published a new lesson plan that includes a set of resources for helping students explore and learn about the current and possible future economic impact of the COVID-19 pandemic. The resources include eight video clips, an analysis template, and a brainstorming activity for students to complete individually or in online groups.

(Related) So, nothing is really new…
The Public Health” in 1840
A pamphlet published in 1840 advocates a four-pronged approach to public healthcare that sounds remarkably like our own.

Sunday, March 29, 2020

Something for my Computer Security students to play with in their spare time.
Safely Explore The Dark Web With This FREE Guide
To learn the tricks, tips, and secrets of the deep and dark web, click here to download The Deep and Dark Web Guide from TradePub. You will have to complete a short form to access the ebook, but it’s well worth it!

Tuning up my lectures.
Towards an Insightful Computer Security Seminar
In this paper we describe our experience in designing and evaluating our graduate level computer security seminar course. In particular, our seminar is designed with two goals in mind. First, to instill critical thinking by teaching graduate students how to read, review and present scientific literature. Second, to learn about the state-of-the-art in computer security and privacy research by reviewing proceedings from one of the top four security and privacy conferences including IEEE Symposium on Security and Privacy (Oakland S&P), USENIX Security, Network and Distributed System Security Symposium (NDSS) and ACM Conference on Computer and Communications Security (CCS). The course entails each student to i) choose a specific technical session from the most recent conference, ii) review and present three papers from the chosen session and iii) analyze the relationship between the chosen papers from the session. To evaluate the course, we designed a set of questions to understand the motivation and decisions behind the students’ choices as well as to evaluate and improve the quality of the course. Our key insights from the evaluation are the following: The three most popular topics of interest were Privacy, Web Security and Authentication, ii) 33% of the students chose the sessions based on the title of papers and iii) when providing an encouraging environment, students enjoy and engage in discussions.

What the pros are thinking.
Data Protection and Privacy Officer Priorities 2020 Report
A survey of 471 data protection and privacy officers provides valuable insights into their challenges and priorities for 2020

Will we follow China’s lead?
The State and Digital Society in China: Big Brother Xi is Watching You!
There is no question that China is ahead of many developed countries in the digitalization of both its society and surveillance systems. It is also clear that the new technologies made possible by this digitalization — the widespread use of smart ID cards, the Great Firewall, the accumulation of Big Data, the social credit system (SCS) and facial recognition — have enhanced the capacity of the Chinese Communist Party (CCP) to rule China, maintain control over society and stay in power indefinitely. While these are not the only systems in place to manage and control Chinese citizens and this is not their sole purpose, these developments have been rightly seen as part of an ambitious Orwellian project to micromanage and microcontrol every aspect of Chinese society. To better comprehend the significance of this new phenomenon, this paper employs Michel Foucault’s “Panopticon” metaphor, the perfect mean of surveillance and discipline as well as an “apparatus of power.” Yet, these new technologies have their own limits. In real life there is no perfect Panopticon as no society, even the most controlled one, is a sealed prison. Censorship on the Web is erratic and the full implementation of the SCS is likely to be postponed beyond 2020 for both technical and political reasons, as more Chinese citizens have raised concerns about unchecked data collection and privacy breaches. As a result, China is probably heading toward a somewhat fragmented digitalized society and surveillance system that is more repressive in some localities and more flexible in others, as is the case with the Chinese bureaucracy in general.

China and Huawei propose reinvention of the internet
China has suggested a radical change in the way the Internet works for the UN, in a proposal that claims to allow cutting-edge technologies such as holograms and autonomous cars, but which critics say will also drive authoritarianism in the architecture that underpins the web.
the proposal  has raised concerns among western countries, including the United Kingdom, Sweden and the United States, who believe the system would divide the global internet and give state-run Internet service providers granular control over the use of the Internet by citizens. It has won the support of Russia, and potentially of Saudi Arabia, according to Western ITU representatives.

Software architecture? If my design specification leads to unintended consequences, is the AI to blame?
Law and software agents: Are they “Agents” by the way?
Using intelligent software agents in the world of e-commerce may give rise to many difficulties especially with regard to the validity of agent-based contracts and the attribution of liability for the actions of such agents. This paper thus critically examines the main approaches that have been advanced to deal with software agents, and proposes the gradual approach as a way of overcoming the difficulties of such agents by adopting different standards of responsibility depending whether the action is done autonomously by an unattended software, or whether it is done automatically by an attended software. Throughout this paper, it is argued that the introduction of “one size” regulation without sufficient consideration of the nature of software agents or the environments in which they communicate might lead to a divorce between the legal theory and technological practice. It is also concluded that it is incorrect to deal with software agents as if they were either legal persons or nothing without in any way accounting for the fact that there are various kinds of such agents endowed with different levels of autonomy, mobility, intelligence, and sophistication. However, this paper is not intended to provide the final answer to all problematic questions posed by the emergence of intelligent software agents, but is designed to provide some kind of temporary relief until such agents reach a more reliable and autonomous level whereby law begins to regard them, rather than their users, as the source of the relevant action.

Anything to get rid of my students.
Essential Tips for a Winning Resume
This cheat sheet is available as a downloadable PDF from our distribution partner, TradePub. You will have to complete a short form to access it for the first time only. Download Essential Tips for a Winning Resume.