Friday, November 17, 2017

No surprise. They do, we do, everybody do.
China May Delay Vulnerability Disclosures For Use in Attacks
The NSA and CIA exploit leaks have thrown the spotlight on US government stockpiles of 0-day exploits -- and possibly led to this week's government declassification of the Vulnerabilities Equities Policy (VEP) process used to decide whether to disclose or retain the exploits it discovers.
There is no doubt that other nations also hold stockpiles of exploits; but there has been little public information on this. While not being a stockpile per se, Recorded Future has today published research suggesting that China delays disclosure of known critical vulnerabilities, sometimes to enable their immediate use by APT groups with probable Chinese government affiliation.
[Yesterday’s Whitehouse announcement:




I think it’s much as you would expect. You don’t need to be a security expert, you can hire all the expertise you need.
The Board’s Role in Managing Cybersecurity Risks
… Corporate boards of directors are expected to ensure cybersecurity, despite the fact that most boards are unprepared for this role. A 2017-2018 survey by the National Association of Corporate Directors (NACD) found that 58% of corporate board member respondents at public companies believe that cyber-related risk is the most challenging risk they are expected to oversee. The ability of companies to manage this risk has far-reaching implications for stock prices, company reputations, and the professional reputations of directors themselves.




Privacy ain’t easy? About time you figured that out.
Beyond GDPR: The Challenge of Global Privacy Compliance
TechPrivacy – Daniel Solove: “For multinational organizations in an increasingly global economy, privacy law compliance can be bewildering these days. There is a tangle of international privacy laws of all shapes and sizes, with strict new laws popping up at a staggering speed. Federal US law continues to fade in its influence, with laws and regulators from abroad taking the lead role in guiding the practices of multinational organizations. These days, it is the new General Data Protection Regulation (GDPR) from the EU that has been the focus of privacy professionals’ days and nights …and even dreams. As formidable as the GDPR is, only aiming to comply with the GDPR will be insufficient for a worldwide privacy compliance strategy. True, the GDPR is one of the strictest privacy laws in the world, but countries around the world have other very strict laws. The bottom line is that international privacy compliance is incredibly hard. This is what Lothar Determann focuses on. For nearly 20 years, Determann has combined scholarship and legal practice. In addition to being a partner at Baker & McKenzie, Lothar has taught data privacy law at many schools including Freie Universität Berlin, UC Berkeley School of Law, Hastings College of the Law, Stanford Law School, and University of San Francisco School of Law. He has written more than 100 articles and 5 books, including a treatise about California Privacy Law. Hot off the press is the new third edition of Lothar Determann’s terrific guide, Determann’s Field Guide to Data Privacy Law: International Corporate Compliance. Determann has produced an incredibly useful synthesis of privacy law from around the globe. Covering so many divergent international privacy laws could take thousands of pages, but Determann’s guide is remarkably concise and practical. With great command of the laws and decades of seasoned experience, Determann finds the common ground and the wisest approaches to compliance. This is definitely an essential reference for anyone who must navigate privacy challenges in the global economy…”




Where President Trump goes the other way and creates a more outrageous tweet for journalists to spend their time commenting on…
China is perfecting a new method for suppressing dissent on the internet
The art of suppressing dissent has been perfected over the years by authoritarian governments. For most of human history, the solution was simple: force. Punish people severely enough when they step out of line and you deter potential protesters.
But in the age of the internet and “fake news,” there are easier ways to tame dissent.
A new study by Gary King of Harvard University, Jennifer Pan of Stanford University, and Margaret Roberts of the University of California San Diego suggests that China is the leading innovator on this front. Their paper, titled “How the Chinese Government Fabricates Social Media Posts for Strategic Distraction, Not Engaged Argument,” shows how Beijing, with the help of a massive army of government-backed internet commentators, floods the web in China with pro-regime propaganda.
What’s different about China’s approach is the content of the propaganda. The government doesn’t refute critics or defend policies; instead, it overwhelms the population with positive news (what the researchers call “cheerleading” content) in order to eclipse bad news and divert attention away from actual problems.




Better artificial than none at all?
How Artificial Intelligence Will Affect the Practice of Law
Alarie, Benjamin and Niblett, Anthony and Yoon, Albert, How Artificial Intelligence Will Affect the Practice of Law (November 7, 2017). Available at SSRN: https://ssrn.com/abstract=3066816
“Artificial intelligence is exerting an influence on all professions and industries. We have autonomous vehicles, instantaneous translation among the world’s leading languages, and search engines that rapidly locate information anywhere on the web in a way that is tailored to a user’s interests and past search history. Law is not immune from disruption by new technology. Software tools are beginning to affect various aspects of lawyers’ work, including those tasks that historically relied upon expert human judgment, such as predicting court outcomes. These new software tools present new challenges and new opportunities. In the short run, we can expect greater legal transparency, more efficient dispute resolution, improved access to justice, and new challenges to the traditional organization of private law firms delivering legal services on a billable hour basis through a leveraged partner-associate model. With new technology, lawyers will be empowered to work more efficiently, deepen and broaden their areas of expertise, and provide more value to clients. These developments will predictably transform both how lawyers do legal work and resolve disputes on behalf of their clients. In the longer term, it is difficult to predict the impact of artificially intelligent tools will be, as lawyers incorporate them into their practice and expand their range of services on behalf of clients”




Looking for a complete toolkit?


No comments: