Centennial Man: 2021-04-11

Saturday, April 17, 2021

To paraphrase Willie Sutton, ‘That’s where the data’s at!’

https://www.pogowasright.org/microsoft-received-almost-25000-requests-for-consumer-data-from-law-enforcement-over-the-past-six-months/

Microsoft received almost 25,000 requests for consumer data from law enforcement over the past six months

Richard Speed reports:

Microsoft has had a busy six months if its latest biannual digital trust report is anything to go by as law enforcement agencies crept closer to making 25,000 legal requests.

Requests for consumer data reached 24,798 during the second half of 2020, up from 24,093 during the previous six-month period, and quite a jump from the 21,781 for the same period in 2019.

“Non-content data” requests, which require a subpoena (or local equivalent), accounted for just over half of disclosures and were slightly down on the same period in 2019. Microsoft rejected 25.81 per cent of requests in the last six months of 2020, up on the 20.14 per cent of the same period in 2019.

Friday, April 16, 2021

Can’t wait to review the results… If they release them.

https://www.wsj.com/articles/nato-wargame-examines-cyber-risk-to-financial-system-11618479000?mod=djemalertNEWS

NATO Wargame Examines Cyber Risk to Financial System

One of the world’s largest cyber wargames is, for the first time, specifically exploring how banks and other financial institutions might respond to a widespread physical and cyber conflict.

The North Atlantic Treaty Organization is running its annual Locked Shields exercise from April 13 to April 16 through its Estonia-based Cooperative Cyber Defence Centre of Excellence. The wargame includes scenarios exploring how widespread attacks on a fictional nation’s infrastructure might strike at activities critical to keeping the global financial system functioning, such as payments and settlement operations.

U.S. lawmakers and government officials have long worried about catastrophic risks to the financial services industry posed by cyberattacks, given the degree to which companies are connected to each other and every critical infrastructure sector. For instance, the Federal Reserve Bank of New York last June published research showing that a cyberattack affecting any of the top five U.S. banks would on average likely impair over a third of the U.S. payments network.

Let’s see if the argument that “the data was already public” has any traction.

https://techcrunch.com/2021/04/16/facebook-faces-mass-action-lawsuit-in-europe-over-2019-breach/

Facebook faces ‘mass action’ lawsuit in Europe over 2019 breach

Facebook is to be sued in Europe over the major leak of user data that dates back to 2019 but which only came to light recently after information on 533M+ accounts was found posted for free download on a hacker forum.

Today Digital Rights Ireland (DRI) announced it’s commencing a “mass action” to sue Facebook, citing the right to monetary compensation for breaches of personal data that’s set out in the European Union’s General Data Protection Regulation (GDPR).

Article 82 of the GDPR provides for a ‘right to compensation and liability’ for those affected by violations of the law.

Probably not the one.

https://www.pogowasright.org/new-federal-data-privacy-legislation-proposed/

New Federal Data Privacy Legislation Proposed

Christopher Burgess reports:

In late March 2021, Representative Susan DelBene (D-WA 01) introduced legislation to the 116^th Congress to protect consumer privacy and put control of consumers’ data in their own hands.

DelBene noted that states are surging ahead [thrashing about? Bob] of the federal government in creating privacy laws, each with their own flavor and each serving the needs of a particular constituency/demographic. DelBene argued that having a federal policy will stem consumer confusion and put the United States back into the conversation on global privacy policies. The EU, for example, is pushing their General Data Protection Regulation (GDPR) as the global standard.

Thursday, April 15, 2021

Do you really believe that this is their first time? Since when has the FBI had the computer power to do this? What if they cause harm?

https://gizmodo.com/the-fbi-just-snuck-into-computers-all-over-the-country-1846679332

The FBI Just Snuck Into Computers All Over the Country to Stop a Hacking Campaign

In what may be [but isn’t. Careful language reveals all! Bob] a first-of-its-kind operation, the FBI recently accessed private servers across the United States, ostensibly to delete malware that had previously been installed by foreign hackers.

The FBI targeted this unique digital clean-up at servers running the vulnerability-ridden email product Microsoft Exchange. The U.S. Justice Department said Tuesday that the purpose of the bureau’s operation was to digitally erase traces of web shells that, had they remained, “could have been used to maintain and escalate persistent, unauthorized access to U.S. networks.”

… The operation seems to have been strictly targeted at this one particular campaign, as the feds did not “search for or remove any additional malware or hacking tools that hacking groups may have placed on victim networks by exploiting the web shells,” the release says.

This may be the first time that the FBI has conducted an operation like this, TechCrunch reports. For years, the bureau has sought greater powers and authority when it comes to conducting digital investigations inside the U.S., though critics and civil liberties defenders have consistently fought against such encroachments into private servers.

The FBI Is Now Securing Networks Without Their Owners’ Permission

In January, we learned about a Chinese espionage campaign that exploited four zero-days in Microsoft Exchange. One of the characteristics of the campaign, in the later days when the Chinese probably realized that the vulnerabilities would soon be fixed, was to install a web shell in compromised networks that would give them subsequent remote access. Even if the vulnerabilities were patched, the shell would remain until the network operators removed it.

Now, months later, many of those shells are still in place. And they’re being used by criminal hackers as well.

On Tuesday, the FBI announced that it successfully received a court order to remove “hundreds” of these web shells from networks in the US.

This is nothing short of extraordinary, and I can think of no real-world parallel. It’s kind of like if a criminal organization infiltrated a door-lock company and surreptitiously added a master passkey feature, and then customers bought and installed those locks. And then if the FBI got a court order to fix all the locks to remove the master passkey capability. And it’s kind of not like that. In any case, it’s not what we normally think of when we think of a warrant. The links above have details, but I would like a legal scholar to weigh in on the implications of this.

Not exactly stopping the barbarians at the gate. More like, “We won’t let your tailor make us a suit!”

https://www.nbcnews.com/news/world/u-s-sanction-russia-alleged-election-interference-solarwinds-hack-n1264142

U.S. sanctions Russia for 2020 election interference, SolarWinds hack

The United States is hitting Russia with fresh sanctions for interference in the 2020 presidential election, a sweeping cyberattack against American government and corporate networks and other activities.

President Joe Biden signed an executive order Thursday morning to strengthen his administration's response to Russia, the White House said. Under the order, the Treasury Department has blacklisted six Russian technology companies that provide support to the cyber program run by Russia's intelligence services.

Would you rather have this data in the hands of unknown persons?

https://www.bespacific.com/opinion-data-brokers-are-a-threat-to-democracy/

Wired – “Unless the federal government steps up, the unchecked middlemen of surveillance capitalism will continue to harm our civil rights and national security… Enter the data brokerage industry, the multibillion dollar economy of selling consumers’ and citizens’ intimate details. Much of the privacy discourse has rightly pointed fingers at Facebook, Twitter, YouTube, and TikTok, which collect users’ information directly. But a far broader ecosystem of buying up, licensing, selling, and sharing data exists around those platforms. Data brokerage firms are middlemen of surveillance capitalism—purchasing, aggregating, and repackaging data from a variety of other companies, all with the aim of selling or further distributing it. Data brokerage is a threat to democracy. Without robust national privacy safeguards, entire databases of citizen information are ready for purchase, whether to predatory loan companies, law enforcement agencies, or even malicious foreign actors. Federal privacy bills that don’t give sufficient attention to data brokerage will therefore fail to tackle an enormous portion of the data surveillance economy, and will leave civil rights, national security, and public-private boundaries vulnerable in the process. Large data brokers—like Acxiom, CoreLogic, and Epsilon—tout the detail of their data on millions or even billions of people. CoreLogic, for instance, advertises its real estate and property information on 99.9 percent of the US population. Acxiom promotes 11,000-plus “data attributes,” from auto loan information to travel preferences, on 2.5 billion people (all to help brands connect with people “ethically,” it adds). This level of data collection and aggregation enables remarkably specific profiling…”

After GDPR?

https://www.bbc.com/news/technology-56745730

Europe seeks to limit use of AI in society

The use of facial recognition for surveillance, or algorithms that manipulate human behaviour, will be banned under proposed EU regulations on artificial intelligence.

The wide-ranging proposals, which were leaked ahead of their official publication, also promised tough new rules for what they deem high-risk AI.

That includes algorithms used by the police and in recruitment.

Experts said the rules were vague and contained loopholes.

The use of AI in the military is exempt, as are systems used by authorities in order to safeguard public security.

The suggested list of banned AI systems includes:

those designed or used in a manner that manipulates human behaviour, opinions or decisions ...causing a person to behave, form an opinion or take a decision to their detriment [Behavioral advertising? Bob]
AI systems used for indiscriminate surveillance applied in a generalised manner
AI systems used for social scoring
those that exploit information or predictions and a person or group of persons in order to target their vulnerabilities

An HBR podcast.

https://hbr.org/podcast/2021/04/mapping-ais-societal-impact

Mapping AI’s Societal Impact

AI is not just code and algorithms. It’s an industry built on a global network of resource extraction, human labor, and data collection. Kate Crawford, senior principal researcher at Microsoft Research and research professor of communication and science and technology studies at USC Annenberg, joins Azeem Azhar to explore the far-reaching impacts of AI and to consider the urgent case for proper governance and regulation of the industry.

They also discuss:

Why we need to observe hardware supply chains to understand AI’s impact.
Why the AI industry, like aviation and pharma, should be subject to strict regulation.
Why tech leaders should take a much greater responsibility for the social and environmental effects of technical systems.

Sentient, but not human. “Where will you find a jury of my peers,” my AI asks?

https://hai.stanford.edu/news/when-artificial-agents-lie-defame-and-defraud-who-blame

When Artificial Agents Lie, Defame, and Defraud, Who Is to Blame?

The movie Robot and Frank imagines a near future in which robots can be purchased to act as in-home caregivers and companions. Frank’s son buys him a robot, and Frank quickly realizes he can enlist its help in committing cat burglaries. The robot begins to show creativity and initiative in these criminal acts, and Frank is suffering from dementia. Who is ultimately responsible for these violations of the law?

Experts in robotics and artificial intelligence will have to suspend belief in order to enjoy Robot and Frank – the robot has capabilities that will continue to be purely science fiction for some time. But continuing advances in the field of artificial intelligence make it worth considering a provocative question that may become more practically relevant in the future: How would we, as individuals and as a society, react to an artificial agent that participated in the commission of some civil or criminal offense? The artificial agents of today would not make good cat burglars, but they have the gift of gab, and so it is only a matter of time before they are accused of committing offenses involving language in some way: libel, slander, defamation, bribery, coercion, and so forth.

Tools for my students.

https://www.freetech4teachers.com/2021/04/bibcitations-new-chrome-extension-makes.html?utm_source=feedburner&utm_medium=feed&utm_campaign=Feed:+freetech4teachers/cGEY+(Free+Technology+for+Teachers)

Bibcitation's New Chrome Extension Makes It Easy to Create Citations

A few weeks ago I published an overview of seven free tools that help students create bibliographies. Bibcitation was one of the tools in that list. This week Bibcitation introduced a new Chrome extension that makes it easier than ever for students to cite webpages and build bibliographies.

Bibcitation's Chrome extension will generate a citation for any webpage that a student needs to include in his or her bibliography. To do that students simply have to click on the Bibcitation extension while viewing a webpage and select the citation style that they want to use. Students can then copy the text for the citation with just one click and paste it wherever they need to use it. Students can also click the "Add to Bibcitation.com" button within the extension to send the citation directly to the bibliographies they're working on.

… Bibcitation doesn't require students to register in order to use it. Completed Bibliographies can be downloaded as a document, as a BibTex file, or as HTML.

Wednesday, April 14, 2021

So that’s how they did it!

https://www.washingtonpost.com/technology/2021/04/14/azimuth-san-bernardino-apple-iphone-fbi/

The FBI wanted to unlock the San Bernardino shooter’s iPhone. It turned to a little-known Australian firm.

Azimuth unlocked the iPhone at the center of an epic legal battle between the FBI and Apple. Now, Apple is suing the company co-founded by one of the hackers behind the unlock.

Is it more important for governments to read our correspondence than it is for us to protect it?

https://www.cpomagazine.com/data-privacy/uk-seeks-to-discourage-facebook-rollout-of-end-to-end-encryption-citing-risks-to-the-safety-of-children/

UK Seeks To Discourage Facebook Rollout of End-to-End Encryption, Citing Risks to the Safety of Children

Since 2019, Facebook has been talking about adding end-to-end encryption to all its messaging services. It appears that the government of the United Kingdom would prefer that these plans go no further. The Home Office, the agency responsible for most of the police work done in England and Wales, is slated to deliver a keynote speech on April 19 that will call on the government to increase regulation of the technology. The speech will be accompanied by a report that takes social media and tech companies to task for not doing enough to protect children.

What would make it less creepy?

https://gothamist.com/news/nypd-deploys-alarming-robot-dog-manhattan-public-housing-complex

NYPD Deploys "Creepy" New Robot Dog In Manhattan Public Housing Complex

The NYPD's robot dog is once again stirring privacy concerns and cyberpunk prophesies of some New Yorkers, after the four-legged machine was spotted inside of a Manhattan public housing complex on Monday.

A video shared on Twitter shows the robot trotting out of a building on East 28th Street in front of two NYPD officers, then slowly descending the stairs as bystanders look on in shock. "I've never seen nothing like this before in my life," one woman can be heard saying.

… Since October, the NYPD has dispatched the robot to a handful of crime scenes and hostage situations, raising fears of unwanted surveillance and questions about the department's use of public dollars. The mobile dog, which comes equipped with automated sensors, lights, and cameras capable of collecting "limitless data," is sold at a starting price of $74,000.

At the least, it’s bad policing.

https://www.technologyreview.com/2021/04/14/1022676/robert-williams-facial-recognition-lawsuit-aclu-detroit-police/

The new lawsuit that shows facial recognition is officially a civil rights issue

On January 9, 2020, Detroit police drove to the suburb of Farmington Hill and arrested Robert Williams in his driveway while his wife and young daughters looked on. Williams, a Black man, was accused of stealing watches from a luxury store. He was held overnight in jail.

… On Tuesday, the ACLU and the University of Michigan Law School’s Civil Rights Litigation Initiative filed a lawsuit on behalf of Williams, alleging that the arrest violated his Fourth Amendment rights and was in defiance of Michigan’s civil rights law.

The suit requests compensation, greater transparency about the use of facial recognition, and an end to the Detroit Police Department’s use of facial recognition technology, whether direct or indirect.

Probably has more general application.

https://knowledge.wharton.upenn.edu/article/can-financial-institutions-prepare-ai-risks/

How Can Financial Institutions Prepare for AI Risks?

Artificial intelligence (AI) technologies hold big promise for the financial services industry, but they also bring risks that must be addressed with the right governance approaches, according to a white paper by a group of academics and executives from the financial services and technology industries, published by Wharton AI for Business.

An interesting experiment.

https://warontherocks.com/2021/04/strategy-in-the-artificial-age-observations-from-teaching-an-ai-to-write-a-u-s-national-security-strategy/

STRATEGY IN THE ARTIFICIAL AGE: OBSERVATIONS FROM TEACHING AN AI TO WRITE A U.S. NATIONAL SECURITY STRATEGY

… Analysts are gifted at identifying the departures from precedent that appear in each new U.S. National Security Strategy.

This article attempts to do the opposite. Instead of asking what has changed across each iteration of this document, this article seeks to understand what has remained the same. To this end, I used machine learning to create the “bernardcodie” program. Bernardcodie is an artificial recurrent neural network trained on the entirety of the U.S. National Security Strategy corpus. Leveraging the natural ability of deep learning networks for pattern identification, this article complements human insight with artificial analysis. So, what patterns are revealed when we teach an artificial neural network the canon of U.S. national security strategies and ask it to write its own strategy?

My AI continues to ask, “Can a corporation (also not a living person) own a patent?”

https://www.thedrum.com/opinion/2021/04/14/can-ai-own-patent-new-legal-drama-will-decide

Can an AI own a patent? A new legal drama will decide

Perspective.

https://www.bespacific.com/annual-threat-assessment-of-the-us-intelligence-community/

Annual Threat Assessment of the US Intelligence Community

Office of the Director of National Intelligence: “This annual report, April 2021 of worldwide threats to the national security of the United States responds to Section 617 of the FY21 Intelligence Authorization Act (P.L. 116-260). This report reflects the collective insights of the Intelligence Community (IC), which is committed every day to providing the nuanced, independent, and unvarnished intelligence that policymakers, warfighters, and domestic law enforcement personnel need to protect American lives and America’s interests anywhere in the world. This assessment focuses on the most direct, serious threats to the United States during the next year.

Perspective. Imagine a future where AI Einstein teaches physics and other AIs teach whatever the are experts in.

https://nerdist.com/article/ai-albert-einstein-bot-can-answer-your-questions/

Have a Chat with an A.I. Version of Einstein

For years, sci-fi movies and shows have been showing us a future where someone uses technology to bring back Albert Einstein. On Star Trek: The Next Generation, Lt. Barclay brings him back on the holodeck to help solve a puzzle. In Steven Spielberg’s film A.I., Einstein’s a library computer program called “Dr. Know.” Well, we are officially living in the future now. Because someone has created a virtual Einstein who answers questions from users. To interact with the Digital Einstein Experience yourself, be sure to click here.

Tuesday, April 13, 2021

Public can still be private?

https://www.databreaches.net/this-was-not-a-breach-how-big-tech-gaslights-the-world-on-data-leaks/

‘This was not a breach’: How Big Tech gaslights the world on data leaks

Vincent Manancourt and Laurens Cerulus report:

First Facebook. Then LinkedIn. Now Clubhouse.

After data on a combined billion Facebook and LinkedIn users appeared online last week, reports surfaced over the weekend that upstart social network Clubhouse had also leaked reams of user information.

But if you think any of the above is a problem, Big Tech has a message for you:

You’re the crazy one.

Read more on Politico.eu.

“Breach.”

“Leak.”

“Scrape of public info.”

If you don’t know what the terms mean, read the article. If you do know what the terms mean, then don’t let big companies try to convince you that scraped data is not a data security or privacy issue.

For my Computer Security lectures.

https://www.csoonline.com/article/3614588/6-tips-for-receiving-and-responding-to-third-party-security-disclosures.html#tk.rss_all

6 tips for receiving and responding to third-party security disclosures

Your first notification of your next breach or significant threat might come from outside your organization. Have these preparations in place to effectively and quickly respond to inbound security intelligence.

7 new social engineering tactics threat actors are using now

Old tactics in new packages lead the list of current social engineering attacks. Experts provide real-world examples.

Don’t you love a good argument? My AI does.

https://www.hollywoodreporter.com/thr-esq/will-r2-d2-and-wall-e-help-define-intellectual-property-for-robots

Will R2-D2 and WALL-E Help Define Intellectual Property for Robots?

Now that the Supreme Court has dealt with copyright issues concerning computer code (well, sorta ), perhaps the justices will eventually get around to the humanoids who may one day compete for planetary dominance. We're talking about robots powered by artificial intelligence. What's the possibility that the future of androids will partly turn on a federal judge's view of C-3PO, R2-D2, WALL-E and other famous robots appearing in movies? Believe it or not, greater than zero.

In Pennsylvania federal court, an American company is currently suing a Chinese company over interactive robots alleged to be intellectual property violations. Specifically, Digital Dream Labs LLC is pursuing Living Technology LTD. over an "EMO toy robot" and construction vehicle-style robots that supposedly copy the three-dimensional sculpture of its own AI-assisted robot plus graphics, animations and sounds emitted from the robot's head potentially covered in copyright registrations. Plus, there are also trademark and trade dress claims asserted given the potential for consumer confusion.

… "This is a case about robots," states a memorandum from the Chinese defendant in support of a motion to dismiss. "Specifically, toy robots powered by artificial intelligence. Whether it is C-3PO, Johnny 5 or WALL-E, robots are familiar, and consumers have become accustomed, through popular culture, to the idea of interacting with robots that can perform a variety of tasks. These robots often exhibit human characteristics, including movements, gestures and physical traits, and even approximate human emotions."

The memorandum (which is adorned with lots of pictures ) continues, "Indeed, human physical traits, such as eyes, are depicted on these robots by everything from various mechanical components, to graphics on a screen, like BURN-E’s 'blue eyes.' The robots at issue in this case, just like their robot movie star counterparts, also have human-like traits and are powered by artificial intelligence to perform various functions and otherwise engage with a user."

In other words, Living Technology is ridiculing how the Americans are asserting ownership claims over what it sees as commonplace and functional elements while hunting for valid IP claims to fit the protection they seek. The dismissal motion asserts that "claims fail because the discrete items claimed are not copyrightable as a matter of law" and "because even if such discrete items were capable of being independently asserted as a basis of infringement, they are not substantially similar, as a matter of law."

Artificial Intelligence teaching artificial empathy?

https://www.ft.com/content/758e0a2f-3507-4b66-990a-73310d8f588b

It’s creepy that AI is teaching workers to be more human

Empathy is one of those precious human qualities that we don’t think artificial intelligence will ever supplant. It is argued that jobs requiring empathy will be relatively untouched (and perhaps even elevated) by the rise of smart machines. But in the call centre industry, a more complicated story is beginning to play out.

Companies such as Cogito promise to “deliver empathy on an enterprise scale” by using artificial intelligence to “coach” call centre workers in real time. Cogito monitors the words, tone and pitch of customer calls. If the customer starts to sound irritated or upset, it will send an “empathy cue” that reminds the worker to think about how the customer is feeling and try to relate. The purpose is to “help make individuals better versions of themselves”, as Cogito’s marketing material puts it.

Pretty snarky, but with a grain of truth.

https://www.technologyreview.com/2021/04/13/1022568/big-tech-ai-ethics-guide/

Big Tech’s guide to talking about AI ethics

50-ish words you can use to show that you care without incriminating yourself.

AI researchers often say good machine learning is really more art than science. The same could be said for effective public relations. Selecting the right words to strike a positive tone or reframe the conversation about AI is a delicate task: done well, it can strengthen one’s brand image, but done poorly, it can trigger an even greater backlash.

The tech giants would know. Over the last few years, they’ve had to learn this art quickly as they’ve faced increasing public distrust of their actions and intensifying criticism about their AI research and technologies.

Now they’ve developed a new vocabulary to use when they want to assure the public that they care deeply about developing AI responsibly—but want to make sure they don’t invite too much scrutiny. Here’s an insider’s guide to decoding their language and challenging the assumptions and values baked in.

Perspective. Talk is cheap?

https://www.theverge.com/2021/4/12/22379414/microsoft-buys-nuance-ai-speech-tech

Microsoft buys AI speech tech company Nuance for $19.7 billion

Microsoft is buying AI speech tech firm Nuance for $19.7 billion, bolstering the Redmond, Washington-based tech giant’s prowess in voice recognition and giving it further leverage in the health care market, where Nuance sells many products.

… Nuance is best known for its Dragon software, which uses deep learning to transcribe speech and improves its accuracy over time by adapting to a user’s voice. Nuance has licensed this tech for many services and applications, including, most famously, Apple’s digital assistant Siri.

Tools

https://www.freetech4teachers.com/2021/04/19-canva-tutorials-for-teachers-and.html?utm_source=feedburner&utm_medium=feed&utm_campaign=Feed:+freetech4teachers/cGEY+(Free+Technology+for+Teachers)

19 Canva Tutorials for Teachers and Students - Certificates, Comics, and More!

I've been using Canva to make all kinds of graphics and presentations almost since the day it was first available to the public. Over the years I've used to make greeting cards, videos, infographics, presentations, posters, timelines, comics, and many other graphics. And, at one point or another in the last five years, I've made videos about how to make all of those graphics. In not particular order, here's my complete list of Canva tutorials for teachers and students.

More stuff for shut-ins.

https://www.makeuseof.com/ways-to-discover-podcasts-worth-listening-to/

5 Uncommon Ways to Discover Podcasts Worth Listening To

Centennial Man

Saturday, April 17, 2021

Friday, April 16, 2021

Thursday, April 15, 2021

Wednesday, April 14, 2021

Tuesday, April 13, 2021

Search This Blog

Followers

Blog Archive

Links

About Me