Saturday, November 14, 2020

A strategic consideration. Enough here to get you thinking...

https://www.makeuseof.com/cloud-storage-vs-local-backups/

Forget Cloud Storage: Here's Why You Should Switch to Local Backups

If you're considering switching to local backup, here's everything you need to know.





A new and elegant approach? Will the average computer user take the time to consider each request? Or will they rely on a “click here to give me access’ button I provide?

https://www.schneier.com/blog/archives/2020/11/inrupts-solid-announcement.html

Inrupt’s Solid Announcement

Earlier this year, I announced that I had joined Inrupt, the company commercializing Tim Berners-Lee’s Solid specification:

The idea behind Solid is both simple and extraordinarily powerful. Your data lives in a pod that is controlled by you. Data generated by your things — your computer, your phone, your IoT whatever — is written to your pod. You authorize granular access to that pod to whoever you want for whatever reason you want. Your data is no longer in a bazillion places on the Internet, controlled by you-have-no-idea-who. It’s yours. If you want your insurance company to have access to your fitness data, you grant it through your pod. If you want your friends to have access to your vacation photos, you grant it through your pod. If you want your thermostat to share data with your air conditioner, you give both of them access through your pod.

This week, Inrupt announced the availability of the commercial-grade Enterprise Solid Server, along with a small but impressive list of initial customers of the product and the specification (like the UK National Health Service ). This is a significant step forward to realizing Tim’s vision:





Never was?

https://sneak.berlin/20201112/your-computer-isnt-yours/

Your Computer Isn't Yours

I’m speaking, of course, of the world that Richard Stallman predicted in 1997, The one Cory Doctorow also warned us about,

On modern versions of macOS, you simply can’t power on your computer, launch a text editor or eBook reader, and write or read, without a log of your activity being transmitted and stored.

It turns out that in the current version of the macOS, the OS sends to Apple a hash (unique identifier) of each and every program you run, when you run it. Lots of people didn’t realize this, because it’s silent and invisible and it fails instantly and gracefully when you’re offline, but today the server got really slow and it didn’t hit the fail-fast code path, and everyone’s apps failed to open if they were connected to the internet.

Because it does this using the internet, the server sees your IP, of course, and knows what time the request came in. An IP address allows for coarse, city-level and ISP-level geolocation, and allows for a table that has the following headings:

Date, Time, Computer, ISP, City, State, Application Hash

This means that Apple knows when you’re at home. When you’re at work. What apps you open there, and how often. They know when you open Premiere over at a friend’s house on their Wi-Fi, and they know when you open Tor Browser in a hotel on a trip to another city.

Well, it’s not just Apple. This information doesn’t stay with them:





Know how that AI thinks!

https://www.semanticscholar.org/paper/Pursuing-Open-Source-Development-of-Predictive-The-Waggoner-Macmillen/93d65a4447804dc3116169f15f6618a82e137d21

Pursuing Open-Source Development of Predictive Algorithms: The Case of Criminal Sentencing Algorithms

Currently, there is uncertainty surrounding the merits of open-source versus proprietary algorithm development. Though justification in favor of each exists, we argue that open-source algorithm development should be the standard in highly consequential contexts that affect people’s lives for reasons of transparency and collaboration, which contribute to greater predictive accuracy and enjoy the additional advantage of cost-effectiveness. To make this case, we focus on criminal sentencing algorithms, as criminal sentencing is highly consequential, and impacts society and individual people. Further, the popularity of this topic has surged in the wake of recent studies uncovering racial bias in proprietary sentencing algorithms among other issues of over-fitting and model complexity. We suggest these issues are exacerbated by the proprietary and expensive nature of virtually all widely used criminal sentencing algorithms. Upon replicating a major algorithm using real criminal profiles, we fit three penalized regressions and demonstrate an increase in predictive power of these open-source and relatively computationally inexpensive options. The result is a data-driven suggestion that if judges who are making sentencing decisions want to craft appropriate sentences based on a high degree of accuracy and at low costs, then they should be pursuing open-source options.





Perspective.

https://thenextweb.com/shift/2020/11/14/we-currently-have-no-smart-cities-by-2025-therell-be-26-syndication/

We currently have no smart cities — by 2025 there’ll be 26

Spending on smart city technology is expected to reach US$327 billion by 2025, up from US$96 billion in 2019, according to a new forecast from Frost & Sullivan.

The analyst company said an uncertain post-pandemic situation will compel cities to focus on developing collaborative, data-driven infrastructure for use in healthcare, public security services and more.

Cities have already invested in contact-tracing wearables and apps, open data platforms, autonomous drones and crowd analytics to fight COVID-19, according to the report, and smart grids, intelligent traffic management, autonomous vehicles, smart lighting and e-governance services are expected to gain traction when the pandemic passes.





Have we crossed from defiant to delusional? (That’s a rhetorical question.)

https://www.msn.com/en-us/news/politics/trump-loses-string-of-election-results-lawsuits/ar-BB1b07iS

Trump Loses String of Election Results Lawsuits

In quick succession, Mr. Trump was handed defeats in Pennsylvania, Arizona and Michigan, where a state judge in Detroit rejected an unusual Republican attempt to halt the certification of the vote in Wayne County pending an audit of the count.



Friday, November 13, 2020

...and yet I can’t prove that my vote was recorded correctly, or at all. Funny that.

https://www.bespacific.com/the-november-3rd-election-was-the-most-secure-in-american-history/

The November 3rd election was the most secure in American history





Wider jurisdiction and wider scope of defamation?

https://techcrunch.com/2020/11/12/facebook-loses-final-appeal-in-defamation-takedown-case-must-remove-same-and-similar-hate-posts-globally/

Facebook loses final appeal in defamation takedown case, must remove same and similar hate posts globally

Austria’s Supreme Court has dismissed Facebook’s appeal in a long running speech takedown case — ruling it must remove references to defamatory comments made about a local politician worldwide for as long as the injunction lasts. [Does it then have to put them back? Bob]

Questions were referred up to the EU’s Court of Justice. And in a key judgement last year the CJEU decided platforms can be instructed to hunt for and remove illegal speech worldwide without falling foul of European rules that preclude platforms from being saddled with a “general content monitoring obligation”. Today’s Austrian Supreme Court ruling flows naturally from that.

Austrian newspaper Der Standard reports that the court confirmed the injunction applies worldwide, both to identical postings or those that carry the same essential meaning as the original defamatory posting. [So, would this article have to be suppressed? How about if I posted it in place of the original? Bob]





Also more work from home. What will that tracking show?

https://onezero.medium.com/welcome-back-to-the-office-please-wear-this-tracking-device-98747a66750f

Welcome Back to the Office. Please Wear This Tracking Device

A boom in contact tracing devices could herald a new era of worker surveillance





I doubt anyone has THE answer, yet. Keep trying.

https://www.wsj.com/articles/washington-state-could-be-the-2021-battleground-for-internet-privacy-11605177001

Washington State Could Be the 2021 Battleground for Internet Privacy

A senior lawmaker in Washington believes the state can be the next hub for consumer privacy legislation in the U.S., following California’s lead. But he faces continued opposition from within his own party over how it should be enforced.

State Sen. Reuven Carlyle, a Democrat who chairs the Washington state Senate’s Environment, Energy & Technology Committee, said he is evaluating the recently approved California Privacy Rights Act with an eye toward updating the Washington Privacy Act in the coming weeks in preparation for the next legislative session beginning in January.

Similar to data protections in the CPRA, Mr. Carlyle’s draft 2021 bill would give residents the right to request companies to delete or correct their personal data. The proposal would also allow consumers to opt out of data processing for certain purposes, such as targeted advertising, and require businesses to conduct data-protection assessments.

The key sticking point is enforcement, state officials say, namely whether to create a private right of action that would allow individuals to sue companies for alleged violations.

I do not support that position in any way,” Mr. Carlyle said, warning of frivolous lawsuits and citing opposition from the business community. “I strongly believe state-level [attorney general] enforcement is the way you can most effectively enforce the bill.”

Some other state officials, including Attorney General Bob Ferguson, argue that such a private right of action is crucial.

Last year’s data privacy bill was unenforceable,” Mr. Ferguson, a Democrat, said in a statement. “The bill prohibited individuals from going to court to protect their rights, and failed to give my office the tools we need to ensure compliance.”



(Related) If not an answer, a strong suggestion.

https://www.huntonprivacyblog.com/2020/11/12/european-commission-publishes-draft-of-new-standard-contractual-clauses/

European Commission Publishes Draft of New Standard Contractual Clauses

On November 12, 2020, the European Commission published a draft implementing decision on standard contractual clauses for the transfer of personal data to third countries pursuant to the EU General Data Protection Regulation (“GDPR”) along with its draft set of new standard contractual clauses (the “New SCCs”).





Should be informative.

https://www.eff.org/deeplinks/2020/11/introducing-how-fix-internet-new-podcast-eff

Introducing “How to Fix the Internet,” a New Podcast from EFF

Today EFF is launching How to Fix the Internet, a new podcast mini-series to examine potential solutions to six ills facing the modern digital landscape.

We are launching the podcast with two episodes: The Secret Court Approving Secret Surveillance, featuring the Cato Institute’s specialist in surveillance legal policy Julian Sanchez; and Why Does My Internet Suck?, featuring Gigi Sohn, one of the nation’s leading advocates for open, affordable, and democratic communications networks. Future episodes will be released on Tuesdays.

We’ve also created a hub page for How to Fix the Internet. This page includes links to all of our episodes, ways to subscribe, and detailed show notes. In the show notes, we’ve included all the books mentioned in each podcast, as well as substantial legal resources—including key opinions in the cases we talk about, briefs filed by EFF, bios of our guests, and a full transcript of every episode.

You can subscribe to How to Fix the Internet via RSS. Stitcher, TuneIn, Apple Podcasts, Google Podcasts, and Spotify and through any of the other podcast places.





If the music companies can do it, the ISPs must also.

https://www.natlawreview.com/article/internet-service-provider-isp-cox-communications-found-liable-to-tune-1-billion

Internet Service Provider (ISP) Cox Communications Found Liable to the Tune of $1 Billion For Allowing Users to Illegally Share Music Files on Peer-to-Peer Networks

Recently, the Eastern District of Virginia upheld a music piracy jury verdict against the internet service provider Cox Communications. See Sony Music Ent. v. Cox Commc’ns, Case No. 1:18-cv-950-LO-JFA, 2020 U.S. Dist. LEXIS 105071 (E.D. Va. June 2, 2020). The jury returned a $1 billion damage award against Cox Communications who was accused of knowingly allowing subscribers to share and download infringing songs via peer-to-peer sharing platforms such as BitTorrent. Holding an internet service provider liable for the infringing acts of its users, this case sets the stage for a closely watched appeal.

… The jury found Cox failed to address the copyright infringement despite receiving information from the copyright owners about the time, place, and IP addresses responsible for illegally distributing and reproducing music files over Cox’s network. The court agreed there was enough evidence to find the technology used to detect the infringement was reliable, Cox had the right and ability to supervise the infringement committed by its subscribers, and Cox gained a financial benefit from the infringement. There was sufficient basis for the jury to find Cox liable for vicarious copyright infringement, and because Cox failed to address the specific notices of infringement, for contributory infringement as well.





Perspective. I suspect the President’s insistence that ‘employees’ “do what I want, ignore the facts” will inform most of the post-presidential investigations of his business dealings. By the way, Krebs was fired.

https://www.reuters.com/article/us-usa-cyber-officials-exclusive-idUSKBN27S2YI

Exclusive: Top official on U.S. election cybersecurity tells associates he expects to be fired

Top U.S. cybersecurity official Christopher Krebs, who worked on protecting the election from hackers but drew the ire of the Trump White House over efforts to debunk disinformation, has told associates he expects to be fired, three sources familiar with the matter told Reuters.



Thursday, November 12, 2020

Another change in strategic Computer Security thinking.

https://www.zdnet.com/article/microsoft-urges-users-to-stop-using-phone-based-multi-factor-authentication/

Microsoft urges users to stop using phone-based multi-factor authentication

The Microsoft exec cites several known security issues, not with MFA, but with the state of the telephone networks today.

Weinert says that both SMS and voice calls are transmitted in cleartext and can be easily intercepted by determined attackers, using techniques and tools like software-defined-radios, FEMTO cells, or SS7 intercept services.





Too much disclosure to catch on? Perhaps California could add this to their next Privacy law update…

https://www.schneier.com/blog/archives/2020/11/privacy-nutrition-labels-in-apples-app-store.html

Privacy Nutrition Labels” in Apple’s App Store

Apple will start requiring standardized privacy labels for apps in its app store, starting in December:

Apple allows data disclosure to be optional if all of the following conditions apply: if it’s not used for tracking, advertising or marketing; if it’s not shared with a data broker; if collection is infrequent, unrelated to the app’s primary function, and optional; and if the user chooses to provide the data in conjunction with clear disclosure, the user’s name or account name is prominently displayed with the submission.
Otherwise, the privacy labeling is mandatory and requires a fair amount of detail. Developers must disclose the use of contact information, health and financial data, location data, user content, browsing history, search history, identifiers, usage data, diagnostics, and more. If a software maker is collecting the user’s data to display first or third-party adverts, this has to be disclosed.
These disclosures then get translated to a card-style interface displayed with app product pages in the platform-appropriate App Store.

The concept of a privacy nutrition label isn’t new, and has been well-explored at CyLab at Carnegie Mellon University.





Settle yes, but what should you settle for?

The FTC Zoom Case: Does the FTC Need a New Approach?

As I mentioned yesterday on DataBreaches.net in noting the FTC settlement with Zoom, two commissioners dissented from the settlement — and they dissented because they felt that the settlement didn’t do enough to protect or serve consumers.

Prominent privacy scholars Daniel Solove and Woody (Woodrow) Hartzog have written about their dissents and the settlement in a new piece, The FTC Zoom Case: Does the FTC Need a New Approach?

As scholars who have been supportive of the FTC’s approach in the past, they continue to support the use of settlements as opposed to costly and protracted litigation, but they do agree with the dissenting commissioners that certain recommendations should be implemented.

Read their commentary on LinkedIn.





A very interesting perspective.

JAIC Chief Asks: Can AI Prevent Another 1914?

What does the three-star director of the Pentagon’s Joint Artificial Intelligence Center worry about? “Let me start in 1914,” said Lt. Gen. Michael Groen.

Yes, 1914 – I see the look on your face,” Groen told the moderator of an online forum Friday at the Center for Strategic and International Studies (CSIS).

1914 was the last time great powers went to war after decades of relative peace, using radically new technology they didn’t really understand. Back then, Groen said, the result was infantry with bayonets and cavalry with lances trying to charge machine gun nests, futilely pitting muscle power against mechanical power. In the 21st century, he fears, “the Information Age equivalent of… lancers riding into machine guns” is using traditional command, control, and planning processes against an adversary using artificial intelligence, pitting human brainpower against machine speed.



(Related)

https://www.militaryaerospace.com/sensors/article/14187088/radar-jet-fighter-artificial-intelligence

Britain's Tempest sixth-generation jet fighter will have high-speed radar, artificial intelligence (AI)

The companies building the United Kingdom's Tempest sixth-generation fighter aircraft have revealed some of the enabling technologies that be part of the new plane, including a radar system designed to handle as much data per second as a city.

The Military & Aerospace Electronics take:

11 Nov. 2020 – Under development for the Royal Air Force (RAF), the Tempest will be one of the first sixth-generation jet fighter aircraft. It's designed to complement current combat craft like the F-35 Lightning II and the Typhoon fighters starting in the mid-2030s until the older warplanes are retired in the 2040s.

The stealth fighter will be able to carry hypersonic missiles and control drone swarms, and produce large amounts of electricity so it can power laser weapons.

Along with this, the twin-engine, delta-wing Tempest will have reconfigurable artificial intelligence (AI) and cyber-hardened communications that enable it to act as a flying command and control center, where the pilot acts more as a supervisor than as a dog fighter.





Because gold is boring?

https://www.bespacific.com/retail-might-be-struggling-but-the-rich-are-buying-rare-books/

Retail Might Be Struggling, But the Rich Are Buying Rare Books

Bloomberg via MSN: “Even as independent bookstores struggle to survive, rare books and manuscripts have proven a rare bright spot in the industry. “It’s almost like two businesses,” says Kenneth Gloss, the owner of Brattle Book Shop in Boston. “As far as the general used-book business, it’s been off.” His third floor of rare and antiquarian books, though, is doing nearly as well as it ever has. “People are at home, the stock market is doing well, so people with spare funds are sitting home, bored and buying a lot of books,” Gloss says. The same phenomenon has occurred in categories as disparate as jewelry and classic cars. Rich people are still rich, and they’re still spending serious amounts of money on things that bring them joy—and perhaps, a return on investment later. The market for extremely rare books has been healthy for years, dealers say, but quantifying its ups and downs is difficult, because “if you’re talking about a book with many comparables over time, you’ve missed the top of the market,” says Darren Sutherland, a specialist in Bonham’s rare books department in New York.”



Wednesday, November 11, 2020

Because GDPR was not enough?

https://www.techdirt.com/articles/20201106/03572745657/surprise-latest-draft-eus-next-big-privacy-law-includes-some-improvements.shtml

Surprise: Latest Draft Of The EU's Next Big Privacy Law Includes Some Improvements

The EU's new ePrivacy regulation is a strange beast. It's important, designed to complement the EU's GDPR. Where the GDPR is concerned with personal data "at rest" -- how it is stored and processed -- the ePrivacy Regulation can be thought of as dealing with personal data in motion. Despite that importance, it is largely unknown, except to people working in this area. That low profile is particularly strange given the fierce fighting that is taking place over what exactly it should allow or forbid. Businesses naturally want as much freedom as possible to use personal data as they wish, while privacy activists want the new regulation to strengthen the protection already provided by the GDPR.

A new draft version of the ePrivacy regulation has appeared from the Presidency of the EU Council, currently held by Germany. It is a nearly illegible mess of deletions and additions, but it contains some welcome improvements from the previous version (pdf), which was released in March 2020. One relates to the protection of the "end-users' terminal equipment" -- a legalistic way of saying the device used by the user.

But the most significant change from the previous version concerns the controversial issue of "legitimate interests". This was perhaps the biggest loophole in the previous draft

The concept of "legitimate interests" was so vague that it essentially allowed companies to do pretty much whatever they wanted with sensitive personal information they gathered. The latest draft from the German Presidency deletes this section completely. That's good news for users of online services, but predictably, telecoms companies are unhappy.





Other priorities? The political value was not as great as they thought?

https://www.cnbc.com/2020/11/10/what-happened-to-tiktok-deal-trump-administration-silent.html

TikTok hasn’t heard from the Trump administration in weeks, prompting latest CFIUS petition





Is this how AIs will make us trust them?

https://www.psychologytoday.com/us/blog/all-we-need-is-love/202011/do-you-trust-artificial-intelligence

Do You Trust Artificial Intelligence?

Can we make people trust AI more using attachment security?

… what happens when people are being introduced to a new AI technology? How likely are they to trust the new technology?

With an interdisciplinary team of researchers from the University of Kansas, we set to find out. The results are published in a new paper in the journal Computers in Human Behavior. We found that people’s trust in AI is tied to their relationship or attachment style. Our research shows that people who are anxious about their relationships with humans tend to be less trusting when it comes to AI. Importantly, the research also suggests trust in artificial intelligence can be increased by reminding people of their secure relationships with other humans.





I wonder how many thought wearing a mask was unnecessary? (Suggesting there was some mental impairment before infection.)

https://www.bespacific.com/one-in-five-covid-19-patients-develop-mental-illness-within-90-days/

One in five COVID-19 patients develop mental illness within 90 days

Reuters – “Many COVID-19 survivors are likely to be at greater risk of developing mental illness, psychiatrists said on Monday, after a large study found 20% of those infected with the coronavirus are diagnosed with a psychiatric disorder within 90 days. Anxiety, depression and insomnia were most common among recovered COVID-19 patients in the study who developed mental health problems. The researchers from Britain’s Oxford University also found significantly higher risks of dementia, a brain impairment condition. “People have been worried that COVID-19 survivors will be at greater risk of mental health problems, and our findings … show this to be likely,” said Paul Harrison, a professor of psychiatry at Oxford. Doctors and scientists around the world urgently need to investigate the causes and identify new treatments for mental illness after COVID-19, Harrison said. “(Health) services need to be ready to provide care, especially since our results are likely to be underestimates (of the number of psychiatric patients),” he added.

The study, published in The Lancet Psychiatry journal, analysed electronic health records of 69 million people in the United States, including more than 62,000 cases of COVID-19. The findings are likely to be the same for those afflicted by COVID-19 worldwide, the esearchers said..”





Perspective. Not you can watch your house burn down from anywhere!

https://www.makeuseof.com/ring-smart-doorbells-recalled-after-fire/

Ring Smart Doorbells Are Being Recalled After Some Caught Fire

The recall affects over 350,000 2nd generation Ring doorbells, which suffer from a battery fault.



Tuesday, November 10, 2020

Any experienced hacker looks at all the simple/obvious failures as a matter of course. I suspect Russia, China, North Korea and Iran knew about this almost as soon as it went into use. It’s the kind of job you assign to your trainee hackers.

https://www.zdnet.com/article/bug-hunter-wins-researcher-of-the-month-award-for-dod-account-takeover-bug/#ftag=RSSbaffb68

Bug hunter wins 'Researcher of the Month' award for DOD account takeover bug

The US Department of Defense has fixed a severe vulnerability impacting its internal network that would have allowed threat actors to hijack DOD accounts just by modifying a few parameters in web requests sent to DOD servers.

The issue received a severity rating of "Critical (9 ~ 10)" because the bug required minimal technical skills to exploit and hijack any DOD account of the attacker's choosing.

While some details about the bug have been disclosed earlier today, a full report won't be fully available; to protect the security of the DOD network.

According to this summary report, the bug was categorized as an Insecure Direct Object References (IDOR ) vulnerability, a bug where security checks are missing from an application, allowing hackers to modify a few parameters without any additional identity checks.

In the DOD's case, the bug would have allowed an attacker to take a legitimate web request sent to a DOD website, modify the user ID and username parameters, and the DOD site would have allowed the attacker to change any user's DOD account password — which would have allowed hackers to hijack accounts and later breach the DOD's network.





I told you these guys are good…

https://www.theregister.com/2020/11/09/gchq_hacks_russia_vaccine_disinfo/

Somebody's Russian to meddle with UK coronavirus vaccine efforts, but GCHQ won't take it lying down

British eavesdropping agency GCHQ is actively hacking Russian attempts to undermine coronavirus vaccine efforts, according to The Times.

Tactics deployed against the Russia-backed actors are said to include "encrypting" the operators' data, mildly suggestive of ransomware – albeit without the ransom.





Comes with a major loophole…

https://www.technologyreview.com/2020/11/09/1011837/europe-is-adopting-stricter-rules-on-surveillance-tech/

Europe is adopting stricter rules on surveillance tech

The goal is to make sales of technologies like spyware and facial recognition more transparent in Europe first, and then worldwide.

The European Union has agreed to stricter rules on the sale and export of cyber-surveillance technologies like facial recognition and spyware. After years of negotiations, the new regulation will be announced today in Brussels. Details of the plan were reported in Politico last month.

The regulation requires companies to get a government license to sell technology with military applications; calls for more due diligence on such sales to assess the possible human rights risks; and requires governments to publicly share details of the licenses they grant. These sales are typically cloaked in secrecy, meaning that multibillion-dollar technology is bought and sold with little public scrutiny.

The main thing the new regulation achieves, according to its backers, is more transparency. Governments must either disclose the destination, items, value, and licensing decisions for cyber-surveillance exports or make public the decision not to disclose those details.





Why I don’t like teaching online, volume 2. Are all online students criminals?

https://www.vice.com/en/article/88anxg/students-have-to-jump-through-absurd-hoops-to-use-exam-monitoring-software

Students Have To Jump Through Absurd Hoops To Use Exam Monitoring Software

Using hand mirrors and making 3D room scans are among the bizarre instructions students must follow while using software like ProctorU and Respondus.





Many views always beat one view.

https://www.huntonprivacyblog.com/2020/11/09/webinar-on-the-california-privacy-rights-act/

Webinar on the California Privacy Rights Act

On November 19, 2020, Hunton Andrews Kurth will host a webinar examining the recently approved California Privacy Rights Act (“CPRA”) and how it revises the California Consumer Privacy Act of 2018 (“CCPA”).





The consulting world changes…

https://www.databreaches.net/cyber-consulting-firms-get-tied-up-in-post-breach-lawsuits/

Cyber Consulting Firms Get Tied Up in Post-Breach Lawsuits

Jake Holland and Andrea Vittorio report:

Cybersecurity consultants could be on the hook for data breaches at companies they contract with after two recent court rulings in consumer class actions.
Accenture Plc’s U.S. unit in October failed to escape claims made against the consultant in a consumer lawsuit over a hack of Marriott International Inc.’s hotel reservations database. The decision came after Capital One Financial Corp. was forced to turn over cybersecurity firm Mandiant’s report on a cloud hack in another case.
The cases raise questions about whether a consultant’s work should be considered fair game for class action lawyers gathering evidence on a cyber incident to try to hold the consulting firms responsible for fallout from breaches.

Read more on Bloomberg Law.





A problem common to all industries with record keeping regulations. Can you imagine asking any head of state for a copy of a phone conversation transcript? “Why yes, the President promised to sell us Hawaii for $24.”

https://www.bespacific.com/biden-may-have-trouble-unearthing-trumps-national-security-secrets/

Biden may have trouble unearthing Trump’s national security secrets

Politico: “From tearing up documents and hiding transcripts of calls with foreign leaders to using encrypted messaging apps and personal email accounts for government business, the Trump White House’s skirting of records preservation rules could limit the incoming Biden administration’s visibility into highly sensitive foreign policy and national security secrets… The Presidential Records Act, which requires a sitting president to preserve and ultimately make public all records relating to the performance of their official duties, was passed 42 years ago in response to President Richard Nixon’s attempts to hide the White House tapes that led to his downfall. The law makes presidential records available to the public via the Freedom of Information Act beginning five years after the end of an administration. But it has no real enforcement mechanism and relies on the president’s good faith compliance, said Kel McClanahan, the executive director of the law firm National Security Counselors.

Out of respect for the institution and the separation of powers, when Congress passed the PRA, they gave the White House the right to decide what constitutes a presidential record,” McClanahan said. “They never envisioned a president who would come in and just start shredding stuff.”…





There were no headlines like this for the Apple II. Perhaps there should have been.

https://www.cnet.com/news/apple-new-macs-could-change-computers-as-we-know-them-one-more-thing-event-new-chips/

Apple's new Macs could change computers as we know them

Apple's expected to announce the first computers powered using chips that are more like an iPhone than a typical PC. That alone is exciting to the techies, but it's also a sign of what's possible to come, whether you buy a Mac or not. The iPhone maker's said it's going to change the brains of its computers over the next couple years. Starting with the computers it's expected to announce Tuesday, Apple's going to throw its weight behind its own self-made chips.

By combining all its devices under the same chips and common code, Apple will be able to offer an experience that truly spans its desktops, laptops, phones and watches. Apple's already said app developers will be able to create one app and send it to all devices, with adjustments for keyboard and mouse vs finger touch and gestures.

What's likely to change more than anything is on the outside of the laptop and desktop. Apple's iPhones and iPads don't have fans to keep their chips cool. Analysts are betting that if Apple can pull off that same trick with its computers, the fans that take up space and force the laptop to be thicker might disappear.



(Related)

https://www.makeuseof.com/samsung-passes-apple-number-one-smartphone-brand-us/

Samsung Passes Apple as Number One Smartphone Brand in the US

According to market researcher Strategy Analytics (h/t the Korea Herald ), Samsung has slid its way into the number one spot for most smartphones sold in the US for the third quarter of 2020.

During the July-September period, Samsung accounted for 33.7 percent in the US smartphone market. That's an impressive 6.7 percent increase over the same period in 2019.

While Apple may not be number one anymore, the company still moved plenty of smartphones, accounting for 30.2 percent of the market.





Free learning for shut-ins.

https://www.techrepublic.com/article/free-ibm-developer-conference-on-ai-and-data-science-includes-300-in-credits-for-coursera-class/

Free IBM developer conference on AI and data science includes Coursera certification

Developers and business leaders can learn about the latest trends in artificial intelligence (AI) at IBM's free Data & AI digital conference on Nov. 10 starting at 2 pm GMT. The sessions will focus on operations, ethics, and cloud computing. IBM is running the conference again on Nov. 24 for India and the Asia Pacific region.

People who register for the conference get $300 in credits to spend on any services in the IBM Cloud Catalog. Attendees who completes the course in Track 3 earn an AI and Data Essentials badge. Participants also can get select Coursera specializations and certifications for free, including:

Most of the sessions will be pre-recorded and available as soon as the conference opens.