I’m gathering evidence for my lawyer.” Would that make my cell phone invulnerable?

https://www.pogowasright.org/des-moines-residents-will-shell-out-125000-to-man-whose-phone-was-illegally-seized-by-cops-he-was-recording/

Des Moines Residents Will Shell Out $125,000 To Man Whose Phone Was Illegally Seized By Cops He Was Recording

Tim Cushing reports:

Denying qualified immunity to law enforcement officers who violate rights is a rarity. It doesn’t mean the sued cops lose. It just means they can’t dismiss the lawsuit. In theory, that means officers alleged to have violated rights will now make their case in front of a jury.

But a cop facing a jury is even more rare than an immunity denial.

Read more at TechDirt.

Imagine that, thieves with no honor…

https://www.databreaches.net/paying-the-ransom-in-response-to-a-ransomware-attack-can-sometimes-backfire/

Paying the Ransom in Response to a Ransomware Attack can Sometimes Backfire

Nolan Goldberg and Margaret Ukwu of Proskauer write:

A new study by Hiscox, a privacy and cyber security insurance company, sheds light on additional practical concerns that should be taken into account in that balancing of potential risks and benefits.

Hiscox released its sixth annual Cyber Readiness Report 2022. In it, Hiscox raises a number of interesting findings:

• Ransomware attacks have risen approximately 19%, which is up from 16% from last year.

• Approximately 60% of surveyed companies paid a ransom in response to a successful ransomware attack.

• Of the companies that paid a ransom, approximately half of those ultimately paid ransoms on multiple occasions after suffering additional successful attacks.

• In the United States specifically, the number of ransomware attacks have stayed generally the same from 2021 to 2022, but the amount paid has increased. More victims paid attackers the ransom amount this year than last.

• Only 59% of companies that paid the ransom successfully recovered their data.

• 29% of companies who paid the ransom still had their data leaked.

Read more at Proskauer on Privacy.

I’m thinking of converting to Canva…

https://www.freetech4teachers.com/2022/12/50-canva-tutorials-for-teachers.html

50 Canva Tutorials for Teachers

Other than Google Workspace tools, Canva is the tool that I've published the most tutorials about on my YouTube channel. In fact, with the publication of my latest Canva tutorial video I've now published 50 tutorials about using Canva's many features for making videos, presentations, timelines, posters, greeting cards, worksheets, and many other graphics. All of those videos are available in one playlist that you can find and bookmark right here on my YouTube channel.

You can view my updated Canva tutorials playlist right here. A handful of highlights from the playlist have been embedded below.

Tired of all those Christmas movies?

https://comicbook.com/movies/news/john-wick-how-to-watch-stream-free-chapter-2-chapter-3-pluto-tv/

John Wick Entire Series Available to Stream for Free

You can watch all of the John Wick series for free online this month. That's right, John Wick, John Wick: Chapter 2, and John Wick: Chapter 3 Parabellum are all available to stream on PlutoTV. That site doesn't have any logins or a monthly fee of any kind, so you can hang out with Keanu Reeves on your couch before Holiday movies take up all of the screen time in the house.

It’s where the money is. (Eight will get you ten that the FBI won’t solve this one.)

https://www.databreaches.net/source-fbi-investigating-cyberattack-of-online-sportsbooks/

Source: FBI investigating cyberattack of online sportsbooks

David Purdum reports:

An investigation into an ongoing cyberattack that impacted thousands of betting accounts at the largest online sportsbooks has been escalated to the FBI, an industry source told ESPN.

Some customers, who were compromised and had funds withdrawn out of their personal bank accounts, were struggling to reach DraftKings and FanDuel representatives and had not been reimbursed more than a week after the attack began.

Read more at ESPN.

I like the “three times the value” idea, but it is unlikely to ever be used.

https://www.databreaches.net/australia-will-now-fine-firms-up-to-au50-million-for-data-breaches/

Australia will now fine firms up to AU$50 million for data breaches

Bill Toulas reports:

The Australian parliament has approved a bill to amend the country’s privacy legislation, significantly increasing the maximum penalties to AU$50 million for companies and data controllers who suffered large-scale data breaches.

The financial penalty introduced by the new bill is set to whichever is greater:

• AU$50 million

• Three times the value of any benefit obtained through the misuse of information

• 30% of a company’s adjusted turnover in the relevant period

Read more at BleepingComputer.

A backgrounder for my Computer Security students and Data Users.

https://www.cpomagazine.com/cyber-security/data-owners-vs-data-stewards-vs-data-custodians-the-3-types-of-data-masters-and-why-you-should-employ-them/

Data Owners vs. Data Stewards vs. Data Custodians — The 3 Types of Data Masters and Why You Should Employ Them

Next thing you know the cows will want Nikes…

https://www.theguardian.com/environment/2022/dec/01/scientists-develop-motion-powered-health-monitors-for-cows

Scientists develop smartwatch-like health trackers for cows

If The Economist thinks they are worth reading, they probably are.

https://www.economist.com/culture/2022/11/30/two-new-books-explore-the-upside-of-big-data-and-ai

Two new books explore the upside of big data and AI

They are a refreshing counterbalance to alarmist commentary

The Equality Machine. By Orly Lobel. PublicAffairs; 368 pages; $30 and £25

Escape from Model Land. By Erica Thompson. Basic Books; 256 pages; $30 and £20

Tools & Techniques.

https://www.theverge.com/2022/12/1/23488421/epic-games-realityscan-ios-app-scan-objects-3d-models

Epic’s free app that turns real-life items into 3D models is available now on iOS

The RealityScan app launched in limited beta earlier this year, but now it’s available for everyone on iOS for free.

It should come as no surprise that law enforcement shares data. Does the FBI control access to this data?

https://www.wistv.com/2022/11/30/lawsuit-targets-expansive-surveillance-network-law-enforcement-can-access-track-sc-drivers/

Lawsuit targets ‘expansive surveillance network’ law enforcement can access to track SC drivers

… Law enforcement has access to what is being called an “expansive surveillance network” of cameras, and according to new court filings, there is no oversight into how they use this information.

… “We’ve got about four million automobiles in this state. The database that SLED has is 400 million [captures],” Greenville attorney Jim Carpenter said.

Carpenter is one of the attorneys representing the plaintiffs in the lawsuit filed against SLED and Chief Mark Keel.

According to court filings, law enforcement officers from around 100 state and local agencies can access and search this information as long as they have a “legitimate law enforcement purpose,” per SLED’s policy.

“There’s no requirement of a finding from a judge that says there’s probable cause that a crime has taken place,” Carpenter said.

SLED policy also stipulates officers and analysts must have inquiry certification from the FBI’s National Crime Information Center and be granted a password-protected login from SLED to access the database.

Could be interesting… (Stream to my lawyer’s server?)

https://www.pogowasright.org/federal-court-to-rule-on-passengers-live-streaming-police-during-traffic-stops/

Federal Court to Rule on Passengers Live Streaming Police During Traffic Stops

Erin Marquis reports:

Cars have always been a minefield when it comes to privacy rights verses public safety, and now, two important questions are finally in front of a U.S. circuit court: Is live streaming protected in the same way as recording, and does the passenger in a stopped car have a First Amendment right to record or broadcast a stop?

Read more at Yahoo!

How will this play in the US?

https://www.theregister.com/2022/11/30/office_365_faces_more_gdpr/

Microsoft 365 faces more GDPR headwinds as Germany bans it in schools

Germany's federal and state data protection authorities (DSK) have raised concerns about the compatibility of Microsoft 365 with data protection laws in Germany and the wider European Union.

According to the German watchdog's report [PDF], which was written after two years of negotiations with Microsoft, the body says that the product "remains in breach" of the General Data Protection Regulation (GDPR).

A somewhat biased update on Clearview.

https://www.techdirt.com/2022/11/29/california-court-denies-facial-recognition-pariah-clearviews-anti-slapp-motion-over-its-web-scraping-activities/

California Court Denies Facial Recognition Pariah Clearview’s Anti-SLAPP Motion Over Its Web Scraping Activities

… In response to being sued for violating California law, Clearview decided it was a First Amendment champion. It tried to get this lawsuit dumped under the state’s anti-SLAPP law, which allows defendants a quick exit if they can show the lawsuit is nothing more than an attempt to silence commentary on issues of public interest.

Clearview is partially correct. This lawsuit was an attempt to prevent Clearview from doing what it does: scrape thousands of websites to obtain billions of data points… all without informing scraping victims that they’re being added to a database accessible by government agencies. But the scraping is perhaps protected under the law, even if the rest of what Clearview does isn’t.

This recent California court decision [PDF], highlighted by Daphne Keller on Twitter, says Clearview may be right about some stuff, but not the stuff that matters in anti-SLAPP motions.

I’m not sure you could implant legal reasoning into human students. The Ethics and law checking components would be better if standardized by a third party...

https://www.forbes.com/sites/lanceeliot/2022/12/01/implanting-legal-reasoning-into-ai-could-smartly-attain-human-value-alignment-says-ai-ethics-and-ai-law/?sh=4571e7b16f1b

Implanting Legal Reasoning Into AI Could Smartly Attain Human-Value Alignment Says AI Ethics And AI Law

… Imagine that you are using an AI-powered app that is aiding you while undertaking some kind of significant task. Perhaps the matter is a financial one or could be health-related. The essence is that you are depending upon the AI to do the right thing and perform in a presumed safe and sound manner.

Suppose the AI veers into unethical territory.

You might not realize that the AI is doing so.

… What can you do or what can be done about AI that opts to go down an unethical path?

Besides trying to beforehand construct the AI so that it won’t do this kind of insidious action, I’ve previously detailed too that there is a rising interest in embedding an AI ethics-checking component into the burgeoning morass of otherwise Wild West anything-goes AI systems being tossed into the marketplace.

Perspective.

https://www.economist.com/europe/2022/11/30/what-is-the-war-in-ukraine-teaching-western-armies

What is the war in Ukraine teaching Western armies?

“In battle nothing is ever as good or as bad as the first reports of excited men would have it,” remarked William Slim, a celebrated British field marshal in the second world war. From the moment that Russian troops crossed into Ukraine on February 24th this year, pundits offered sweeping pronouncements about the future of war. The death of the tank was declared on the basis of snatched video footage. Turkish drones were hailed as unstoppable game-changers. Western anti-tank weapons were thrust into an early starring role. Now, nine months into the war, more considered reflections are emerging. There is much that Western armed forces can learn.

On November 30th the Royal United Services Institute (rusi), a think-tank in London, published a detailed report * on the lessons from the first five months of the war, a period when Ukraine was largely on the defensive. The authors—including Mykhaylo Zabrodsky, a Ukrainian lieutenant-general, and a pair of rusi analysts—enjoyed extensive access to Ukrainian military data and decision-making. Their findings paint a more complex picture than the popular notion of a Russian horde coming unstuck in the face of nimble Ukrainians.

(Related)

https://www.defense.gov/News/News-Stories/Article/Article/3230682/china-military-power-report-examines-changes-in-beijings-strategy/

China Military Power Report Examines Changes in Beijing's Strategy

The 2022 China Military Power Report lays out the challenges facing the United States military as it works to manage relations with the emerging superpower.

The report, released today, calls the Peoples' Republic of China "the most consequential and systemic challenge to our national security and to a free and open international system."

Tools & Techniques.

https://www.makeuseof.com/best-employee-monitoring-software/

The 7 Best Employee Monitoring Tools

Employee monitoring software allows you to keep track of your employees' performance and increase productivity. Here are some of the best ones to use!

(Related)

https://www.makeuseof.com/find-someones-username-across-social-platforms/

How to Find Someone's Username Across All Social Platforms

Social Analyzer is a command line tool or web app that feels almost like a super power. Like any super hero, be sure to use your powers for good.

Is there something the Governor knows that she is not sharing?

https://www.bloomberg.com/news/articles/2022-11-29/south-dakota-governor-bans-tiktok-from-state-phones-for-security

South Dakota Bans TikTok From State-Owned Devices Over Security

TikTok is now banned on government employee devices in South Dakota because the governor believes the social media app’s ownership by a Chinese company poses a national security threat.

The state’s employees and contractors are no longer allowed to download the app or access TikTok via the web, according to an executive order signed Tuesday by South Dakota Governor Kristi Noem.

We can, therefore we must? (If it works for trucks, let’s extend it to cars and bicycles and shoes!)

https://reason.com/2022/11/28/the-federal-governments-plan-to-track-truckers-every-movement-is-a-privacy-nightmare/#

The Federal Government's Plan to Track Truckers' Every Movement Is a Privacy Nightmare

The Department of Transportation is considering a disturbing new rule that could force every commercial motor vehicle to install an electronic device that would wirelessly transmit location data and other personal information to police on demand.

By collecting data on each of the 12 million commercial vehicles on the road, the thinking goes, these monitoring devices could help law enforcement focus its inspections on carriers it deems "high risk," allowing lower-risk vehicles to skip unnecessary inspections.

But truckers already undergo roadside inspections and record large amounts of information for regulators. The Department of Transportation offers no reason to believe the warrantless collection of identifying information will make anyone safer. It might make some inspectors' jobs easier, but that is no reason to override the rights of truck owners and operators. One might as well call for putting us all in ankle monitors, just because it might reduce crime if the cops know where everyone is all the time.

… The Supreme Court has ruled that police must get a warrant—regardless of whether the subject of a search has a reasonable expectation of privacy—before they physically install a tracking device. The rule is no different just because the government forces people to purchase and install the tracking device on their own property.

Opportunity? (and not just in law…)

https://www.bespacific.com/why-it-is-time-for-the-legal-sector-to-mind-its-language/

Why It Is Time for the Legal Sector to Mind Its Language

Artificial Lawyer – By Sam Grange, Senior Knowledge Engineer, iManage. “Standards and structure matter a lot. This article is composed of words that combine to form sentences, which can be grouped to form a paragraph. According to widely accepted conventions, these and other linguistic devices provide meaning and clues as to what is being said within or when one thought connects or flows into another. Without that normalisation and the existence of language conventions, comprehension would be significantly reduced or impossible… What if there was a standardised way for law firms to structure, organise and utilise their knowledge? One where the taxonomy is shared between firms so that software solutions don’t have to be tweaked to fit and the learning curve for new hires is minimised. There is a move towards this kind of standardisation. At the moment, it is small, concentrated among just a few larger firms, but the momentum is growing, not least because the firms involved can see real benefits. For such a system to be helpful across the whole sector, it needs not to be owned and developed by any particular practising law firm but rather by an external body which has the technical expertise to build and maintain the taxonomy and the commitment to be in this game for the long haul… Explore the knowledge opportunity in our updated Making Knowledge Work research report.”

A student handout…

https://www.kdnuggets.com/2022/11/complete-data-engineering-study-roadmap.html

The Complete Data Engineering Study Roadmap

Interesting on both sides of the question.

https://www.bespacific.com/redacted-documents-are-not-as-secure-as-you-think/

Redacted Documents Are Not as Secure as You Think

Wired: “Popular redaction tools don’t always work as promised, and new attacks can reveal hidden information, researchers say. For years, if you wanted to protect sensitive text in a document, you could grab a pair of scissors or a scalpel and cut out the information. If this didn’t work, a chunky black marker pen would do the job. Now that most documents are digitized, securely redacting their contents has become harder. The majority of redactions—by government officials and courts—involve placing black boxes over text in PDFs. When this redaction is done incorrectly, people’s safety and national security can be put at risk. New research from a team at the University of Illinois looked at the most popular tools for redacting PDF documents and found many of them wanting. The findings, from researchers Maxwell Bland, Anushya Iyer, and Kirill Levchenko, say two of the most popular tools for redacting documents offer no protection to the underlying text at all, with the text accessible by copying and pasting it. Plus, a new attack method they devised makes it possible to extract secret details from the redacted text.”

Source: Story Beyond the Eye: Glyph Positions Break PDF Text Redaction, Maxwell Bland, Anushya Iyer, and Kirill Levchenko, University of Illinois, Urbana-Champaign, USA. 14 November 2022.

A backgrounder recorded earlier.

https://www.theregister.com/2022/11/29/the_five_cyber_attack_techniques/

The five cyber attack techniques of the apocalypse

Watch SANS experts discuss some of the most devious and dangerous methods employed by hackers in 2022

This year's RSA Conference saw SANS security experts gather to identify and discuss five of the most dangerous cyber attack techniques identified in the first half of the year. If you missed the original debate, don't worry, you have another chance to learn what you should be looking out for.

Sound familiar?

https://www.prio.org/publications/13253

Trends in the Digitalisation of EU Borders: How Experimentations with AI for Border Control Treat Migrants as Test Subjects

Border technologies provide great opportunities for efficiency and accuracy, but also potentials for harm. The EU funds research that involves experimental border control technologies, such as lie detectors for incoming third-country nationals, all while claiming that this is ‘just research’. This policy brief shows why developing artificial intelligence (AI) technology for border control in the EU is a concerning trend. Migrants are treated as justifiable test subjects, and AI can accelerate the illegal practice of migration deterrence.

Twitter’s loss is everyone else’s gain. (What happens if Twitter needs them back?)

https://www.nytimes.com/2022/11/28/technology/twitter-misinformation-experts-hiring.html

Sympathy, and Job Offers, for Twitter’s Misinformation Experts

Seeing false and toxic information as a potentially expensive liability, companies in and outside the tech industry are angling to hire people who can keep it in check.

Tools & Techniques.

https://www.bespacific.com/windows-has-a-new-tool-for-simultaneously-recording-your-screen-and-webcam/

Windows Has a New Tool for Simultaneously Recording Your Screen and Webcam

Lifehacker: “Don’t bother with antiquated screen recording tools like the Xbox game bar or third-party apps. Windows now has a free tool to simultaneously record both your screen and your webcam. Clipchamp video editor is built right in to the latest version of Windows 11 (2o22 update), though anyone running Windows 10 or newer can download it. In fact, you don’t even need to download the tool if you’d rather use the web app. Don’t be intimidated by the fact Clipchamp is a full-blown video editor with templates, effects, transitions, and more. You don’t need to use any of that. Indeed, its actual best feature is somewhat hidden… [h/t The Distant Librarian]

Interesting. I wonder if the volume of devices is typical?

https://www.bespacific.com/a-peek-inside-the-fbis-unprecedented-january-6-geofence-dragnet/

A Peek Inside the FBI’s Unprecedented January 6 Geofence Dragnet

Wired – “The FBI’s biggest-ever investigation included the biggest-ever haul of phones from controversial geofence warrants, court records show. A filing in the case of one of the January 6 suspects, David Rhine, shows that Google initially identified 5,723 devices as being in or near [One block or one mile? Bob] the US Capitol during the riot. Only around 900 people have so far been charged with offenses relating to the siege. The filing suggests that dozens of phones that were in airplane mode during the riot, or otherwise out of cell service, were caught up in the trawl. Nor could users erase their digital trails later. In fact, 37 people who attempted to delete their location data following the attacks were singled out by the FBI for greater scrutiny. Geofence search warrants are intended to locate anyone in a given area using digital services. Because Google’s Location History system is both powerful and widely used, the company is served about 10,000 geofence warrants in the US each year. Location History leverages GPS, Wi-Fi, and Bluetooth signals to pinpoint a phone within a few yards. Although the final location is still subject to some uncertainty, it is usually much more precise than triangulating signals from cell towers. Location History is turned off by default, but around a third of Google users switch it on, enabling services like real-time traffic prediction…”

By over correcting for bias you lose the ability to detect bias?

https://www.pogowasright.org/using-sensitive-data-to-prevent-discrimination-by-artificial-intelligence-does-the-gdpr-need-a-new-exception/

Using sensitive data to prevent discrimination by artificial intelligence: Does the GDPR need a new exception?

There’s a new paper by Marvinvan Bekkum and Frederik Zuiderveen Borgesius: Using sensitive data to prevent discrimination by artificial intelligence: Does the GDPR need a new exception?

Abstract

Organisations can use artificial intelligence to make decisions about people for a variety of reasons, for instance, to select the best candidates from many job applications. However, AI systems can have discriminatory effects when used for decision-making. To illustrate, an AI system could reject applications of people with a certain ethnicity, while the organisation did not plan such ethnicity discrimination. But in Europe, an organisation runs into a problem when it wants to assess whether its AI system accidentally discriminates based on ethnicity: the organisation may not know the applicants’ ethnicity. In principle, the GDPR bans the use of certain ‘special categories of data’ (sometimes called ‘sensitive data’), which include data on ethnicity, religion, and sexual preference. The proposal for an AI Act of the European Commission includes a provision that would enable organisations to use special categories of data for auditing their AI systems. This paper asks whether the GDPR’s rules on special categories of personal data hinder the prevention of AI-driven discrimination. We argue that the GDPR does prohibit such use of special category data in many circumstances. We also map out the arguments for and against creating an exception to the GDPR’s ban on using special categories of personal data, to enable preventing discrimination by AI systems. The paper discusses European law, but the paper can be relevant outside Europe too, as many policymakers in the world grapple with the tension between privacy and non-discrimination policy.

Access the full paper at ScienceDirect or download the pdf (free).

Lend me your ears…

https://www.bespacific.com/listen-notes/

Listen Notes

“Listen Notes is the best podcast search engine™. It’s like Google, but for podcasts. Search the whole Internet’s podcasts. Curate your own podcast playlists. Listen on your favorite podcast player apps. Trusted by 2,000,000+ people every month..”

Search the whole Internet’s podcasts.

• Listeners find ALL podcast episodes interviewing or talking about a person.

• Journalists do research and find information in podcasts.

• Students learn specific topics from podcasts.

• Podcasters find cross-promotion opportunities.

• Developers use Listen API to build podcast apps.

• More use cases of Listen Notes podcast search engine