Centennial Man: 2021

Friday, December 31, 2021

Interesting that these documents include checks.

https://www.databreaches.net/vendor-hack-slows-nj-state-agencys-ability-to-print-documents/

Vendor hack slows NJ state agency’s ability to print documents

101.5 reports:

Receiving a printed state document could prove to be a challenge because of an issue with the vendor used by the state.

The state office of Office of Information Technology, which facilitates the service, said vendor R.R. Donnelley & Sons identified a “systems intrusion in its technical environment” and responded by shutting down its servers and systems, began a forensic investigation and hired a cybersecurity expert.

Thursday, December 30, 2021

How does this help? Probably smarter to run like hell…

https://www.databreaches.net/ransomware-gang-coughs-up-decryptor-after-realizing-they-hit-the-police/

Ransomware gang coughs up decryptor after realizing they hit the police

Lawrence Abrams reports:

The AvosLocker ransomware operation provided a free decryptor after learning they encrypted a US government agency.

Last month, a US police department was breached by AvosLocker, who encrypted devices and stole data during the attack.

However, according to a screenshot shared by security researcher pancak3, after learning that the victim was a government agency, they provided a decryptor for free.

Wednesday, December 29, 2021

Ready to start a serious discussion of privacy?

https://iapp.org/news/a/privacy-as-code-a-new-taxonomy-for-privacy/

Privacy as code: A new taxonomy for privacy

“Privacy by design” implies putting privacy into practice in system architectures and software development from the very beginning and throughout the system lifecycle. It is required by the EU General Data Protection Regulation in Article 25. In the U.S., the Federal Trade Commission included an entire section on privacy by design in its 2012 report on recommendations for businesses and policymakers. Privacy by design is also covered by India’s PDP Bill and by Australia’s Privacy Management Framework, to name just a few. Privacy by design has come a long way since its original presentation by Ann Cavoukian, former Canadian privacy commissioner of Ontario, in 2009.

While privacy as design is conceptually simple, its reduction to practice is not. System developers and privacy engineers responsible for it face simple but hard-to-answer questions: Where is the actual data in the organization? What types of information fall under personal data? How does one set up a data deletion process for structured as well as unstructured data?

Three years ago, Cillian Kieran and his team at Ethyca embarked on a quest to develop a unified solution to those questions. Their vision? Nothing less than privacy-as-code – privacy built into the code itself. This revolutionary approach classifies data in such a way that its privacy attributes are obvious within the code structure.

… Last week, Ethyca celebrated an additional $7.5 million in funding and announced the first release of Fides. Fides is named after the Roman god of trust.

Fides is an open-source, human-readable description language based on the data-serialization language YAML. Fides allows one to write code with privacy designed in. It is based on common definitions of types, categories and purposes of personal data. Developers that use this language can easily see where privacy-related information is at any point in the software development. For any given system, engineers shall be able to understand at a glimpse whose data is in the system and what it is being used for.

Perhaps it is not too late.

https://sloanreview.mit.edu/article/catching-up-fast-by-driving-value-from-ai/

Catching Up Fast by Driving Value From AI

Some organizations may feel that acquiring AI capabilities is a race, and if a company starts late, it can never catch up.

That notion is belied by Scotiabank (officially the Bank of Nova Scotia), which has pursued a results-oriented approach to artificial intelligence over the past two years. While some of its resources are devoted to exploring how new technologies — including blockchain and quantum computing — might drive fresh business models and products, the great majority of its data and AI work is focused on improving operations today rather than incubating for the future.

As a result, Scotiabank — one of the Big Five banks based in Canada — has caught up to competitors in some crucial areas. It has done so by more closely integrating its data and analytics work; taking a pragmatic approach to AI; and focusing on reusable data sets, which help with both speed and return on investment.

Questions yes, answers not so much.

https://www.fedscoop.com/questions-around-federal-ai-oversight/

2021 in review: Oversight questions loom over federal AI efforts

The Biden administration established several artificial intelligence bodies in 2021 likely to impact how agencies use the technology moving forward, but oversight mechanisms are lacking, experts say.

Bills mandating greater accountability around AI haven’t gained traction because the U.S. lacks comprehensive privacy legislation, like the European Union’s General Data Protection Regulation, which would serve as a foundation for regulating algorithmic systems, according to an Open Technology Institute brief published in November.

… “Right now most advocates and experts in the space are really looking to the EU as the place that’s laying the groundwork for these kinds of issues,” Spandana Singh, policy analyst at OTI, told FedScoop. “And the U.S. is kind of lagging behind because it hasn’t been able to identify a more consolidated approach.”

Instead lawmakers propose myriad bills addressing aspects of privacy, transparency, impact assessments, intermediary liability, or a combination in a fragmented approach year after year. The EU has only the Digital Services Act, requiring transparency around algorithmic content curation, and the AI Act, providing a risk-based framework for determining if a particular AI system is “high risk.”

Tuesday, December 28, 2021

My concern: AI may convince either side that it can win the conflict if given the freedom to act now!

https://thediplomat.com/2021/12/how-does-china-aim-to-use-ai-in-warfare/

How Does China Aim to Use AI in Warfare?

… Chinese military thinkers believe that under conditions of informatized warfare, dominating a system of systems confrontation rather than the large-scale attrition of enemy forces is the key factor in winning. Therefore, the PLA’s main strategy to defeat an adversary on the battleground is by creating disruption or paralysis on the enemy side through a system of systems operations. AI is believed to play a central role in intelligentized warfare to target and crash key elements of opponent operational systems. A PLA Senior Colonel Li Minghai pointed out that algorithms, unmanned platforms and extreme domains are emerging factors contributing to the form of intelligentized warfare.

Papers, citizen.

https://www.pogowasright.org/idea-of-national-patient-ids-revives-privacy-fight/

Idea of national patient IDs revives privacy fight

Ben Leonard reports:

Advocates of unique IDs to match patients to their health records may be close to lifting a decadeslong congressional ban on using federal funds to develop the system.

The effort, long mired in broader debates over patient privacy, gained steam this fall when the Senate for the first time left the ban out of a fiscal 2022 spending package. But its ultimate fate is still tied to uncertainties surrounding the appropriations process and an overdue report on the benefits and risks from the Department of Health and Human Services’ health information technology office that could influence the system’s design.

Monday, December 27, 2021

What harms will the law address? (You must have harm or there is no reason for law?)

https://www.cpomagazine.com/data-privacy/big-tech-isnt-breaking-any-privacy-rules-if-there-arent-rules-to-break/

Big Tech Isn’t Breaking Any Privacy Rules if There Aren’t Rules to Break

… Here’s something to think about. There are digital warehouses of information about you, and their inventory expands every time you use a popular social media app or web browser. These warehouses store and make accessible all kinds of details about you, big and small. Consider tidbits such as your address, phone number, aliases, relatives, political affiliation, resting heart rate, and preference for plant-based over cow’s milk.

All this data is for sale to anyone offering the right price. Some merchants buy your data to get you to try their new line of sneakers, and some use it to convince you to vote a certain way. Whatever their conversion goal, none of them are particularly transparent about where they’re collecting your information from and how they’re using it.

Simple and useful.

https://www.infoworld.com/article/3645789/how-digital-twins-improve-physical-systems.html

How digital twins improve physical systems

There is a long lineage of technologies and tools used to model the physical world, including drawings, diagrams, and CAD models. There are also many ways to use technology to model real-world systems and make predictions, including financial trading simulators, weather predictors, and traffic pattern models.

When you put these two capabilities together—combining a digital representation of a physical-world system and a model that simulates output conditions based on inputs drawn from the physical environment—you get a digital twin. A digital twin allows you to validate the system against a wide array of real-world situations.

Some truth?

https://www.wsj.com/articles/congress-breaking-up-silicon-valley-tech-is-a-gift-to-china-tencent-baidu-bytedance-quantum-11640525284

Breaking Up Tech Is a Gift to China

Few issues unite both sides of the political divide more than anger at U.S. tech companies, whether for censorship of conservative viewpoints or for failing to counter misinformation online. In response to these concerns, legislation introduced in Congress would weaken the U.S. tech industry, ostensibly in the name of breaking up monopolies. Unfortunately, the various bills would hurt the U.S. and strengthen the hand of our greatest geopolitical rival, the People’s Republic of China.

(Related) If you track everything do you know everything about everything?

https://www.wsj.com/articles/chinas-growing-access-to-global-shipping-data-worries-u-s-11640001601?mod=djemalertNEWS

China’s Growing Access to Global Shipping Data Worries U.S.

China’s expanding grip on data about the world’s cargo flows is sparking concern in Washington and among industry officials that Beijing could exploit its logistics information for commercial or strategic advantage.

Even cargo that never touches Chinese shores often still passes through Beijing’s globe-spanning logistics networks, including through sophisticated data systems that track shipments transiting ports located far from China. Control over the flow of goods and information about them gives Beijing privileged insight into world commerce and potentially the means to influence it, say cargo-industry officials.

With ports clogged globally and shortages plaguing many industries, shipping data has become an enormously valuable commodity.

Interesting. Puts Russia in perspective.

https://www.visualcapitalist.com/visualizing-the-94-trillion-world-economy-in-one-chart/

Visualizing the $94 Trillion World Economy in One Chart

Sunday, December 26, 2021

A number of papers my lawyers friends should consider…

https://papers.ssrn.com/sol3/papers.cfm?abstract_id=3989327

Lawyer-Client Conflict Of Interest When AI Is The Attorney On Both Sides

As a sacrosanct part of the lawyer-client relationship, conflicts of interest by an attorney are to be made apparent and normally eliminated or mitigated in one fashion or another. This raises an interesting question about the future as to the advent of AI in the law and the possibility of AI-based attorneys that could equally embody conflicts of interest toward their clients.

AI Anticipated Impacts On The Sixth Amendment Effective Counsel Provision

The U.S. Constitution mandates the assistance of legal counsel for criminal defendants. Meanwhile, relevant Supreme Court decisions have clarified that such legal counsel must be effective and that when legal counsel is ineffective there are opportunities to overturn case results. Consider how the question of effectiveness might be altered in an era of AI-based legal reasoning systems.

(For others, see here:)

https://papers.ssrn.com/sol3/cf_dev/AbsByAuth.cfm?per_id=4190984

Other than identification...

https://researchportal.vub.be/en/publications/person-identification-human-rights-and-ethical-principles-rethink

Person identification, human rights and ethical principles: Rethinking biometrics in the era of artificial intelligence

As the use of biometrics becomes commonplace in the era of artificial intelligence (AI), this study aims to identify the impact on fundamental rights of current and upcoming developments, and to put forward relevant policy options at European Union (EU) level. Taking as a starting point the proposal for a regulation of the European Parliament and of the Council laying down harmonised rules on AI, presented by the European Commission in April 2021, the study reviews key controversies surrounding what the proposal addresses through the notions of 'remote biometric identification' (which most notably includes live facial recognition), 'biometric categorisation' and so-called 'emotion recognition'. Identifying gaps in the proposed approaches to all these issues, the study puts them in the context of broader regulatory discussions. More generally, the study stresses that the scope of the current legal approach to biometric data in EU law, centred on the use of such data for identification purposes, leaves out numerous current and expected developments that are not centred on the identification of individuals, but nevertheless have a serious impact on their fundamental rights and democracy.

Perspective.

https://www.villagelivingonline.com/news/garrison-named-one-of-washingtons-most-powerful-women/

Garrison named one of ‘Washington’s Most Powerful Women’: Mountain Brook resident attracts attention for role with tech firm Clearview AI

Clearview AI in New York City is a company that provides what it says is the world’s largest facial recognition network.

… One of the leaders in the effort to sell the benefits of the company’s technology is Jessica Medeiros Garrison, a Mountain Brook resident since 2011 who lives in Crestline.

Garrison has worked for Clearview AI since 2019 and currently serves in Washington, D.C., as the company’s vice president of government affairs.

She takes pride in the company’s technology.

“We are now recognized as the most accurate algorithm in the Western world,” Garrison said.

Letter from Africa: Why Kenya's taxman is eyeing social media

… But in Kenya there is now another hidden follower, tracking every step you make, every photo you post, every meal you eat, every car you flaunt, every house you show off.

This loyal follower is the taxman.

… "This may in some instances involve viewing the social media profiles of targeted individuals," a KRA spokesperson admits to me.

"Isn't this an infringement on people's privacy?" I ask.

"No," says the authority: "The KRA does not infringe on anyone's right of privacy as what they post is for public viewing and in public social media."

Saturday, December 25, 2021

Mele Kalikimaka

I expect this to change as AI gets better at pretending to be human.

https://www.bespacific.com/should-i-email-text-or-call-researchers-have-discovered-the-answer-to-an-age-old-question/

Should I email, text, or call? Researchers have discovered the answer to an age-old question

Fast Company: “Whatever you do, don’t email. Or text. That is, if you want someone to actually help you. A new research paper finds that in-person communication is the most successful way to get the assistance you need. Should that not be an option, a phone call or video call are second best. “In-person requests were 67% more effective than audio and video calls in one study,” Cornell University associate professor Vanessa Bohns, who wrote the paper with Ryerson University assistant professor M. Mahdi Roghanizad, explains in an email to Fast Company. “In another study, video and audio requests were 86% more effective than email requests.” In their write-up, they also explain that the participants in their studies underestimate the effectiveness of in-person communication. “We didn’t compare in-person to email in that paper, but did in an earlier paper with requests made of strangers (rather than friends, as in this study),” Bohns added. “In that study, we found in-person requests were 34 times more effective than email requests.” Participants in the new study asked 1,490 respondents for help proofreading a half-page of text. The research was published in the November issue of the journal Social Psychological and Personality Science…”

For my musical geeks?

https://analyticsindiamag.com/a-guide-to-omnizart-a-general-toolbox-for-automatic-music-transcription/

A Guide to Omnizart: A General Toolbox for Automatic Music Transcription

The activity of notating, reproducing, or otherwise memorizing existing pieces of music is known as music transcription. Music transcription includes melodies, chords, basslines, entire orchestral arrangements, and other aspects. In this post, we will take a look at Yu-Te Wu et al’s recently published Python-based toolbox, which transcribes a given audio music file into the various modes stated above.

Friday, December 24, 2021

and that’s just in one state…

https://www.databreaches.net/washington-state-data-breaches-in-2021-analysis/

Washington State Data Breaches in 2021 – Analysis

The Washington State Attorney General report on data breaches reported to their office in 2021 shows a significant increase over previous years. No surprise there, right From the Executive Summary:

2021 set a new record for the highest number of data breach notices sent to Washingtonians (6.3 million).
- This represents approximately an 80% increase on the previous record of 3.5 million (2018).
- Moreover, this is a nearly 500% increase over last year.
Businesses, agencies and other entities 280 reported to our office — also a new record.
- This represents about a 260% increase over the previous record of 78 (2017), and nearly five times last year’s total of 60 breaches.
Cyberattacks and ransomware attacks spiked in 2021.
- Cyberattacks caused 87.5% of all reported data breaches — up from 63% in 2020.
- 150 notices cited ransomware in 2021 — more than the last 5 years combined. A significant proportion of these refer to the ransomware breach of Blackbaud
- Ransomware attacks accounted for 61% of all cyberattacks (150 of 245) and more than half of all breaches (150 of 280).
2021 saw the first recorded mega breach since 2018.
- The cyberattack targeted Accellion, a company that specializes in file sharing technology, resulting in the exposure of files in the possession of the Washington State Auditor’s Office. These files contained the personal information of approximately 1.3 million Washingtonians, including residents’ names, Social Security numbers, dates of birth, bank account and routing numbers, addresses, and email.
- This is the third reported mega breach since 2016.

Read the report.

Racing ahead?

https://www.insideprivacy.com/artificial-intelligence/u-s-ai-and-iot-legislative-update-year-end-2021-4/

U.S. AI and IoT Legislative Update – Year-End 2021

As 2021 comes to a close, we will be sharing the key legislative and regulatory updates for artificial intelligence (“AI”), the Internet of Things (“IoT”), connected and automated vehicles (“CAVs”), and privacy this month. Lawmakers introduced a range of proposals to regulate AI, IoT, CAVs, and privacy as well as appropriate funds to study developments in these emerging spaces. In addition, from developing a consumer labeling program for IoT devices to requiring the manufacturers and operators of CAVs to report crashes, federal agencies have promulgated new rules and issued guidance to promote consumer awareness and safety. We are providing this year-end round up in four parts. In this post, we detail IoT updates in Congress, the states, and federal agencies.

For the military history buff (and the autonomous AI in training)

https://www.freetech4teachers.com/2021/12/4000-maps-of-military-battles-and.html

4,000+ Maps of Military Battles and Campaigns

The Library of Congress housed hundreds of thousands of maps covering a huge array of topics from maps used by fire insurance companies to population density to maps of military battles and campaigns.

The LOC's collection of maps of military battles and campaigns contains more than 4,000 maps that are free to view, download, and reuse. The vast majority of the maps are from the 18th and 19th centuries although there are about 600 maps covering World War I and II.

You can browse through the collection according to date, location, subject, and language (most of the maps are in English or French). Once you've found a map that seems interesting, click on it to view more information about the cartographer and a little backstory on the map. Most of the maps can be downloaded as images and some can be downloaded as PDFs.

Thursday, December 23, 2021

Choices, choices all of them bad.

https://www.databreaches.net/if-your-disclosure-of-a-data-breach-was-late-you-may-have-to-litigate/

If Your Disclosure of a Data Breach Was “Late,” You May Have to Litigate

Jean E. Tomasco of Robinson & Cole writes about a breach involving an accounting firm that is a business associate to a number of covered entities. This month, the firm, Bansley & Kierner, issued a notice and started notifying individuals and HHS. But the time frame for discovery and notification has resulted in a potential class action lawsuit.

On December 17, 2021, a lawsuit was filed against Bansley & Kierner, LLP, which offers payroll and benefit services to businesses, by an employee of one of its clients, seeking damages on behalf of himself and others. According to the allegations of the complaint, Bansley failed to properly secure and safeguard a wide range of payroll and benefit plan participants’ PII, including names, dates of birth, Social Security numbers, drivers’ license and passport numbers, financial account numbers, and personal health information. Bansley apparently discovered in mid-December 2020 that its network had fallen victim to a ransomware attack by an “unauthorized person.” The complaint asserts that Bansley elected not to notify participants and clients of the incident at that time, instead choosing to address the incident on its own by making upgrades to some aspects of its computer security, restoring the impacted systems from backups, and then resuming normal business operations.

In May 2021, Bansley allegedly learned that PII had been exfiltrated from its network, and only then retained a cybersecurity company to investigate.

But even then, notifications were not immediately forthcoming, with the firm making required notifications in November and this month, almost a year after the incident.

Centennial Man

Friday, December 31, 2021

Thursday, December 30, 2021

Wednesday, December 29, 2021

Tuesday, December 28, 2021

Monday, December 27, 2021

Sunday, December 26, 2021

Saturday, December 25, 2021

Friday, December 24, 2021

Thursday, December 23, 2021

Search This Blog

Followers

Blog Archive

Links

About Me