Saturday, April 08, 2017

Imagining the downside of a terrorist attack?  (Upgrading their Mickey Mouse security?) 
How much privacy intrusion will you tolerate to take your kid on a ride or for a stay at a Disney property?
Joe Cadillic writes:
Imagine going through a metal detector before you check into your hotel room, imagine being patted down and searched before you get inside your hotel.  Imagine Disney using facial biometrics to spy on everyone in your family.
Well imagine no more, it’s already happening.
According to an article in the Orlando Sentinel, Disney World has made going to your hotel and amusement park a virtual trip to a TSA checkpoint.  Disney World has installed metal detectors and bag searches at all of their hotel entrances and park entrances.
Read more on MassPrivateI.


I wonder who reviewed this request before it was issued? 
Twitter pulls lawsuit after feds back down
Twitter has withdrawn a lawsuit against the U.S. government after the Customs and Border Protection backed down on a demand that the social media outlet reveal details about a user account critical of the agency.
The lawsuit, filed Thursday, contended that the customs agency was abusing its investigative power.  The customs agency has the ability to get private user data from Twitter when investigating cases in areas such as illegal imports, but this case was far from that.
The target of the request was the @alt_uscis account, one of a number of "alt" accounts that have sprung up on Twitter since the inauguration of President Donald Trump.  The accounts are critical of the new administration and most claim to be run by current or former staff members of government agencies.


An indication of how the EU sees Trumps rhetoric?
MEPs want Commission to toughen up Privacy Shield under Trump
The European Parliament wants the European Commission to ‘Trump-proof’ the Privacy Shield data sharing agreement between the EU and the United States after the new US administration threatened to roll back some privacy safeguards.
A slender majority of MEPs approved a resolution today (6 April) asking the Commission to force the Trump administration to guarantee privacy safeguards and give the European Parliament access to documents detailing how the Privacy Shield agreement has been enforced by US authorities during a legal review in September.  The resolution passed with 306 votes in favour and 240 against.


Perspective.  The business of Big Data.
Otonomo raises $25M to help automakers make money from connected cars
It’s no secret that data is the hot new revenue source for automakers, who are seeing additional profit opportunities bloom as vehicles become more connected and they can retrieve a ton of useful data that’s incredibly valuable when deployed correctly.  Israeli startup otonomo has been on top of that trend since its founding in 2015, with nine automakers worldwide using its platform to feed a marketplace that connects car makers and drivers with service providers, optimizing the monetization of that data.
   “There are more and more connected cars out there, and those connected cars are sending a lot of data in the background all the time to big databases the car manufacturers have built,” Volkow explained.  “They send the data between every minute to every three or four minutes depending on the model, and also when you start the car, when you park the car or when you have an event.”
All this data is valuable to car makers, for their own use in developing new vehicles, services and technologies.  But it’s also an additional cost load to bear.
“It costs a lot of money for the OEs; putting the modem in the car is like $100, then you have to pay AT&T about $5 per month to get the data out, then it’s about $1 to store the data,” Volkow said.
   Otonomo’s platform is a cloud solution, with nothing additional required in the car, that connects on one side to the databases of the car manufacturers, and on the other to different services and applications that want this data.  This group of customers including insurance companies, smart cities, workshops, dealerships, developers, and even hedge funds – “everybody wants car data,” as Volkow puts it.


Just because, “Those who cannot remember the past are condemned to repeat it.” Santayana

Friday, April 07, 2017

Interesting in that it is so comprehensive. 
How Hackers Hijacked a Bank’s Entire Online Operation
…   Researchers at the security firm Kaspersky on Tuesday described an unprecedented case of wholesale bank fraud, one that essentially hijacked a bank’s entire internet footprint.  At 1 pm on October 22 of last year, the researchers say, hackers changed the Domain Name System registrations of all 36 of the bank’s online properties, commandeering the bank’s desktop and mobile website domains to take users to phishing sites.  In practice, that meant the hackers could steal login credentials at sites hosted at the bank’s legitimate web addresses.  Kaspersky researchers believe the hackers may have even simultaneously redirected all transactions at ATMs or point-of-sale systems to their own servers, collecting the credit card details of anyone who used their card that Saturday afternoon.
…   Kaspersky believes the attackers compromised the bank’s account at Registro.br.  That’s the domain registration service of NIC.br, the registrar for sites ending in the Brazilian .br top-level domain, which they say also managed the DNS for the bank.  With that access, the researchers believe, the attackers were able to change the registration simultaneously for all of the bank’s domains, redirecting them to servers the attackers had set up on Google’s Cloud Platform.2
With that domain hijacking in place, anyone visiting the bank’s website URLs were redirected to lookalike sites.  And those sites even had valid HTTPS certificates issued in the name of the bank, so that visitors’ browsers would show a green lock and the bank’s name, just as they would with the real sites.  Kaspersky found that the certificates had been issued six months earlier by Let’s Encrypt, the non-profit certificate authority that’s made obtaining an HTTPS certificate easier in the hopes of increasing HTTPS adoption.  
…   Ultimately, the hijack was so complete that the bank wasn’t even able to send email.  “They couldn’t even communicate with customers to send them an alert,” Bestuzhev says.  “If your DNS is under the control of cybercriminals, you’re basically screwed.”


They record the IP address of anyone who clicks on their video.  If someone had spammed that link as “cute puppies,” could they tell?  
Joseph Cox reports:
Last year, Motherboard found Australian authorities had unmasked Tor users in the US as part of a child pornography investigation.  Judging by court documents, Australian authorities sent targets a hyperlink to a video that, when clicked, would give their real IP address to investigators.
Now, it has emerged the hacking operation was broader in scope, with authorities placing a booby-trapped video not only in messages to individual targets, but on a more widely accessible forum, allowing investigators to identify hundreds of suspects around the world.  The case highlights the growing trend of law enforcement agencies using hacking tools and malware to identify criminals located outside of their immediate jurisdiction.
Read more on Motherboard.
[From the Motherboard article: 
…   investigators would have had no way of knowing where the people clicking the video would have been located; that is the very problem authorities face when dealing with suspects on the dark web.  However, that also means law enforcement agencies may be searching computers across international borders and beyond their legal remit.  Task Force Argos has repeatedly declined to answer questions from Motherboard on whether the unit obtained a warrant to unmask suspects in this operation.  


This won’t succeed, will it?
The government is demanding to know who this Trump critic is. Twitter is suing to keep it a secret.
Twitter filed a lawsuit Thursday to block an order from the Department of Homeland Security that seeks to reveal the user of an account who has been critical of the Trump administration's immigration policies.
Tweets from the account -- @ALT_uscis -- indicate that it is run by someone who is an employee of the U.S. Citizenship and Immigration Services division of Homeland Security.
Free speech advocates said the DHS order appeared to be the first time the government has attempted to use its powers to expose an anonymous critic -- a development that, if successful, would have a "grave chilling effect on the speech of that account" as well as other accounts critical of the U.S. government, Twitter said.
…   the Homeland Security case struck free speech advocates as more remarkable because the information request was about the identity of a government critic, rather than public safety.
"Twitter has a pretty strong argument," said Andrew Crocker, a staff attorney for the Electronic Frontier Foundation.  "It does look and smell like the government is going after a critic.  There's nothing in the summons that CBP [Customs and Border Protection] sent to Twitter that authorizes this request under the power that they have."
…   As of the time of the court filing, the account had been active for two months and amassed more than 32,000 followers.  By 8:15 p.m., that figure had grown to more than 86,000.  [A bit of a Streisand Effect there…  Bob]


Since I have no social media accounts, I must be invisible. 
Companies want to sell, and they want to sell to you.  The best way for them to turn you into a loyal customer is to gather as much information as possible about who you are, where you go, and what you like.
Enter your social media profiles.
Even just your basic information — such as your gender, name, and age — is ideal for targeted advertising.  Add a few public images, some geo-linked Instagram posts, and an opinionated Twitter feed, and companies hit a goldmine of opportunity.


Do I copyright my data?  How can I protect my data if I share it? 
Data Clash Heats Up Between Banks and New York Stock Exchange -- Update
Several of the biggest firms on Wall Street are balking at a contract that the New York Stock Exchange is requiring them to sign to keep trading on its markets, people familiar with the dispute said.
…   The behind-the-scenes spat over the contract, called the NYSE Master User Agreement, is the latest flashpoint in a long-running battle over the market data that exchanges sell to their customers.
Such data are crucial for banks and other financial heavyweights that use computerized trading strategies.  It has been a growing source of revenue for stock exchanges in recent years, prompting complaints from Wall Street firms that they are being overcharged.  
At the heart of the dispute is legal language about who owns the data that brokers submit to the exchange when they buy and sell stocks.  The contract implies that NYSE owns the data.  Brokers and big trading firms say the data are rightfully theirs.
The agreement, a seven-page document available on NYSE's website, differs from similar contracts from the Big Board's competitors, lawyers say.


Of course it could happen here. 
So, Bad News: Now Militants Are Using Drones as Projectiles


Background.
The Four Flavors of Automated License Plate Reader Technology
by Sabrina I. Pacifici on Apr 6, 2017
EFF – “Automated License Plate Readers (ALPRs) may be the most common mass surveillance technology in use by local law enforcement around the country—but they’re not always used in the same way.  Typically, ALPR systems are comprised of high-speed cameras connected to computers that photograph every license plate that passes.  The photo is converted to letters and numbers, which are attached to a time and location stamp, then uploaded to a central server.  This allows police to identify and record the locations of vehicles in real time and also identify where those vehicles have been in the past.  Using this information, police could establish driving patterns for individual cars.  The type of data ALPRs collect, analyze, and access often depends on what kind of systems they use and how they combine the data.  Whether you’re a policymaker, journalist, or a citizen watchdog, it is important to note the specifics about how these technologies are used…”


Spinning the story for her next run?
Hillary Clinton Says Russia Used Hacking ‘to Great Effect’ in Her Defeat
Hillary Clinton left no doubt on Thursday that she believes Russia contributed to her defeat by interfering in the election, condemning what she called Moscow’s “weaponization of information.”
“I didn’t fully understand how impactful that was,” Mrs. Clinton said at a women’s conference in New York.


I wonder if this would help you learn a language if you found someone (in Japan for example) that wanted to learn English?
Skype’s real-time voice translation tool now works in Japanese
Microsoft is expanding its real-time Skype translation tool for spoken word into Japanese, its tenth language.
The software giant first introduced Skype Translator in English and Spanish back in 2014, and it has since expanded into a number of additional languages, including Mandarin, Italian, Russian, and Arabic.

Thursday, April 06, 2017

Working at a school does not make you well educated. 
Michael Konopasek reports:
A computer hacking scam has made $40,000 of direct deposit money for Denver Public Schools employees disappear.  Internet thieves are suspected of stealing the funds that were intended to pay the school district staff
Read more on Fox31.  Sadly, it appears that despite the district’s training/awareness efforts, at least 30 employees fell for a phishing attack that gave the attackers access to the district’s payroll system.


Privacy equals good banking?
John Revill reports:
Switzerland’s highest court has rejected a French request for help in investigating a married couple for tax offences, ruling that data stolen from HSBC’s Geneva private bank was inadmissible.
The ruling comes amid the latest scandal to hit Credit Suisse after an anonymous tipster alerted Dutch authorities to thousands of suspect accounts that triggered police raids last week.
Read more on Reuters.


But they did, didn’t they? 
We are not substituting stock-picking machines for humans, says BlackRock's Larry Fink
BlackRock Chairman and CEO Larry Fink told CNBC on Thursday it is not substituting stock-picking computers for humans.
Right now, machines do not outperform human analysts, Fink said.
   "We are reorienting some of the humans' jobs in terms of doing more data science and data analysis," Fink said.  "We'll have the same amount of employees in our equity division a year from now than we do today."
The move to incorporate more computing power into investment decisions is a recognition that there are so many sources of information that need to be analyzed quickly, Fink said.
"Very fast computers [can] analyze blogs, analyze all the feeds of the internet to come up with different nuances, different fields of information," he said.  "It requires model analysis and deep-data analysis."


Customer service down under?
Apple forbids consumers from taking their iPhones to third parties for repair, and sometimes even bricks phones as punishment.  But Australia has said that’s not cool and is suing the tech behemoth.  
Australia’s consumer watchdog agency, the Competition and Consumer Commission, announced early this morning that it’s suing Apple for refusing to service iPhones and iPads that have been bricked by software updates.  Bricking a device means that it’s been rendered completely unusable—about as good for making things like telephone calls and Snappy Chats™ and Twitter Tweets™ as a brick.
   Apple refused to restore the phones after bricking them, which appears to be in direct violation of Australian consumer laws.
According to Apple’s terms of service, if you get something like a broken screen repaired by anyone but Apple, the company doesn’t have to honor warranties, including the extended warranties of AppleCare.  But Australia says that it doesn’t matter what Apple says—Australian law supercedes Apple’s bullshit policies.


Apparently, there is much more going on in this market than I get from the article. 
Taser stuns law enforcement world, offers free body cameras to all US police
Taser, the company whose electronic stun guns have become a household name, is now offering a groundbreaking deal to all American law enforcement: free body cameras and a year’s worth of access to the company’s cloud storage service, Evidence.com.
In addition, on Wednesday, the company also announced that it would be changing its name to “Axon” to reflect the company’s flagship body camera product.
Right now, Axon is the single largest vendor of body cameras in America.
   If the move is successful, Axon could quickly crowd out its rivals entirely.
   “Only 20 percent [of cops] have a camera,” Rick Smith, the company’s CEO, told Ars.  “Eighty percent are going out with a gun and no camera.  We only need 20- to 30-percent conversion to make it profitable,” he added.  “We expect 80 percent to become customers.”
   In the last two years, police largely have warmed to the idea of cameras.  They believe they can protect themselves against false accusations of wrongdoing and can highlight professionalism.  In a recent Pew poll, two-thirds of officers favored their use.
“Our belief is that a body camera is to a cop what a smartphone is to a civilian,” Smith said.  “Cops spend about two-thirds of their time doing paperwork.  We believe, within 10 years, we can automate police reporting.  We can effectively triple the world’s police force.”


Is this enough to motivate my gamers?
The MASSive Mass Effect: Andromeda writing contest
   as part of the review process, Electronic Arts and BioWare not only provided Ars with an expiring review copy of the game, but also an Origin code good for one standard edition of Mass Effect: Andromeda—and a remote-controlled Nomad vehicle, too!  Since we already bought our own retail copies of Andromeda, and since we don't keep expensive promotional items, we figured the best thing to do with these goodies would be to set up a simple contest to give them away to you fine folks!
Here's the dealy-o, faithful readers: if you'd like this copy of Mass Effect: Andromeda and this RC Nomad to be yours, we're going to make you work for it.  Specifically, you need to write a short story (500 words max) set somewhere and sometime in the Mass Effect universe.  Where and when is up to you
   To enter, you'll need to enter your details and your story in the form below.

Wednesday, April 05, 2017

Because everyone knows your phone contacts and social media persona will easily identify you as a terrorist. 
Trump administration considers 'extreme vetting' of foreign visitors
Foreigners who want to visit the U.S., even for a short trip, could be forced to disclose contacts on their mobile phones, social-media passwords and financial records, and to answer probing questions about their ideology, according to Trump administration officials conducting a review of vetting procedures.  

(Related).  Well, maybe not everyone knows…
New Bill Would Outlaw Warrantless Phone Searches At The Border
Senators Ron Wyden and Rand Paul as well as Representatives Jared Polis and Blake Farenthold have introduced legislation that would require law enforcement to first obtain a warrant before they can search our phones when we enter the US.
   In a letter to Homeland Security in February, Sen. Wyden asked the agency's chief, Secretary John Kelly, to reveal how many times Customs and Border Protection personnel had asked for or demanded US citizens disclose their phone, computer, email, and social media passwords in the past several years.  Sen. Wyden also asked Secretary Kelly to explain what legal authority allows the CBP to demand those passwords and how such demands are consistent with the Constitution and federal law.
The Senator asked Secretary Kelly to respond by March 20.  But according to Sen Wyden's office, Homeland Security has not written back.


Why I’m not a lawyer: A New York court has no jurisdiction over a New York DA?  Facebook can’t challenge warrants for any reason unless they are the target?  Targets of warrants must wait until the warrant becomes public to challenge it? 
New York's top court rejects Facebook search warrant challenge
New York state's highest court on Tuesday rejected Facebook Inc's challenge to 381 search warrants to uncover suspected widespread Social Security disability fraud by its customers.
By a 5-1 vote, the Court of Appeals said it lacked jurisdiction to hear Facebook's appeal over warrants obtained by the office of Manhattan District Attorney Cyrus Vance Jr.
   Prosecutors had in July 2013 obtained the warrants ordering Facebook to turn over account information belonging to people suspected of criminal fraud.
   Facebook argued that the warrants were overbroad, and that Vance went too far by prohibiting the Menlo Park, California-based company from telling users that the warrants existed.
   Writing for the appeals court, Judge Leslie Stein said it was up to targets of the warrants, not third parties such as Facebook, to challenge the warrants' validity.


Just in time.  My Spreadsheet class starts today.


My Computer Security class starts on Friday.


An interesting article.
Digital Maturity, Not Digital Transformation
People throw around the term “digital transformation” these days, but there’s not much agreement on what that term means.  Originally, the value in the term was that it conveyed the need to engage in a fundamental shift in the way we think, work, and manage our organizations in response to digital trends in the competitive environment.  While the need for fundamental change remains, the overuse and misuse of this term in recent years has weakened its potency.
   The best understanding of digital transformation is adopting business processes and practices to help the organization compete effectively in an increasingly digital world.
   If managers shift their thinking from a focus on digital transformation to a focus on digital maturity, they may find a number of benefits for organizations seeking to adapt to an increasingly digital competitive environment.  


Perspective.  Being early is not an automatic win.
Ford, GM ranked ahead of Tesla, Waymo, Uber on self-driving tech
Tesla on Monday overtook Ford in market value, but a new independent research report ranks Detroit's big automakers ahead of Silicon Valley upstarts in self-driving technologies.
Navigant ranked Ford, GM, Renault-Nissan Alliance and Daimler at the top of its annual ranking, with Alphabet's Waymo unit and Tesla in the second tier of "contenders."
Uber is ranked in a third tier of so-called "challengers" among the 18 companies studied by Navigant.


Perspective.  (Lit, as in excellent?) 
Google Sponsored Study Finds Kids Think Google Is Lit, Go Figure
If you're not sure whether or not you'd be classified as "cool", a quick way to find out is to open up that wallet and fund your own study.  That's just what Google did with a study titled: "It's Lit: A Guide To What Teens Think Is Cool".  The result were not too surprising.
With the help of a scatter chart highlighting results from Gen-Z kids (post-millennial), we can easily see which brands reign supreme, and which ones fall flat on their faces.  Because "10" is too even a number, Google decided to cap "Most Cool" at 9, with YouTube coming closest to that high mark.  Right behind it: Google, and Netflix.  Again, not too surprising.
   You can view a much larger version of this scatter chart in Google's official PDF (25MB, right-click, save as).


Our favorite con man completely innocent victim of FBI harassment has a new idea.
Kim Dotcom announces Bitcontent, a new Bitcoin venture for content uploaders to earn money
Controversial New Zealand-based internet mogul Kim Dotcom plans to launch a Bitcoin payments system for users to sell files and video streaming as he fights extradition to the United States for criminal copyright charges.
   “You can create a payment for any content that you put on the internet…you can share that with your customers, with the interest community and, boom, you are basically in business and can sell your content,” Dotcom said in the video.
He added that Bitcontent would eventually allow businesses, such as news organizations, to earn money from their entire websites.  He did not provide a launch date.
   A New Zealand court ruled in February that Dotcom could be extradited to the United States to face charges relating to his Megaupload website, which was shutdown in 2012 following an FBI-ordered raid on his Auckland mansion, a decision he was appealing.

Tuesday, April 04, 2017

Something for my Ethical Hacking students.  “Let’s put on a show!”  Mickey Rooney 
How Tech Companies Stake Out Hackathons for Future Stars
Tech companies face a harsh reality: You're only as good as your latest product.  The scramble to identify and lure the best talent has taken recruiters to unusual places.  This week, Bloomberg Technology's Lizette Chapman visits a recent hackathon, where high school and college students code through the night.  All the while, corporate representatives and investors are watching, eying the kids who will become future stars.

(Related).  Perhaps my Computer Forensics students would rather build a lab?
CSI: Walmart
A highly secured digital-forensics laboratory sits tucked inside an enormous complex of low, boxy buildings in Bentonville, Arkansas.  To get in, analysts have to scan their hands and enter a unique password.  Inside, they comb through video-surveillance records and spirit data out of devices that have seen better days, like a hard drive that had been crushed with a hammer and dropped from a third-story window.
Despite the sensitive nature of their jobs, these investigators aren’t high-level FBI agents or foreign spies.  They’re Walmart employees.
Walmart is one of six companies in the United States that run digital-forensics laboratories accredited by the American Society of Crime Laboratory Directors.  American Express has an accredited lab; Target has two of them.
   In-house forensics allows companies to work faster, cheaper, and potentially better than law enforcement.  Labs at large companies are more likely than police labs to have high-tech tools and the latest forensics software, said Seigfried-Spellar.  Forensics equipment is expensive, and is quickly and constantly surpassed by new technology.  Methods for extracting data from mobile devices, for example, have to be rethought every time a new smartphone with improved security protocols is released.


This will have to change.
The customer is always wrong: Tesla lets out self-driving car data – when it suits
Luxury car maker Tesla is throwing some drivers’ privacy under the wheels following accidents in order to defend its hi-tech self-driving car technology.
And while the company has handed data to media following crashes, it won’t provide its customers’ data logs to the drivers themselves, according to interviews conducted by the Guardian.
   The Guardian could not find a single case in which Tesla had sought the permission of a customer who had been involved in an accident before sharing detailed information from the customer’s car with the press when its self-driving software was called into question.


The value of intelligence. 
The rise of reading analytics and emerging calculus of reader privacy in digital world
by Sabrina I. Pacifici on Apr 3, 2017
First Monday – The rise of reading analytics and the emerging calculus of reader privacy in the digital world
 “This paper studies emerging technologies for tracking reading behaviors (“reading analytics”) and their implications for reader privacy, attempting to place them in a historical context.  It discusses what data is being collected, to whom it is available, and how it might be used by various interested parties.  The paper includes two case studies — mass-market e-books and scholarly journals — and illustrates a shift from government to commercial surveillance.”


It’s the hypodemic nerdle that keeps me from getting chipped. 
Swedish employees agree to free microchip implants designed for office work
A Swedish firm in Stockholm — Epicenter — has offered to inject its staff with microchips for free, and around 150 of the company's young workforce have so far taken up the offer.
The RFID (radio-frequency identification) chips are roughly the size of a grain of rice, and are implanted using a syringe into the fleshy part of the recipient's hand.
At the moment the chip gives Epicenter's workers access to doors and photocopiers, but with the promise that further down the track it will include the ability to pay in the cafe.


Perspective.  Phones vs. Computers.  Follow-up to Android being the most installed Operating System.
Report: Android overtakes Windows as the internet’s most used operating system
Mobile is today as important, if not more important, than desktops when it comes to the internet and apps.  A clear reminder of that comes with news of a report claiming that Google’s Android has overtaken Windows as the internet’s most used operating system.
Research from web analytics company StatCounter found Android now accounts for a larger share of internet usage than Windows for the first time.  During March 2017, Android users represented 37.93 percent of activity on StatCounter’s network versus 37.91 percent for the Microsoft operating system.  It’s a small gap for sure — and it refers to usage not necessary users — but it marks a notable tipping point that has been inevitable for the past couple of years.


Perspective.  This may explain why the ‘traditional’ car companies are scrambling to adopt new technologies.
Tesla zooms past Ford's market value
Shares of Tesla stock surged to about $292 on Monday — a roughly 5 percent increase — bringing the electric car company’s market capitalization to $47.08 billion.  Ford’s current market cap is $44.91 billion.
   Tesla’s “book value,” or value after its total liabilities are subtracted from its assets, is $5 billion.  Ford’s is almost $30 billion.  And while Tesla generated $7 billion in revenue in 2016, Ford generated $15 billion.
The electric carmaker also has yet to turn a profit in its 14-year history.


“Mmmm!  Beer!” 
PicoBrew meets Kickstarter goal for smaller brewing device in just 7 hours
Seattle company PicoBrew launched its fourth Kickstarter campaign Monday, this time to make a smaller, less expensive home brewing machine called the Pico C.  In just seven hours, the campaign had topped its $350,000 goal with more than 1,100 backers.  

Monday, April 03, 2017

How timely!  My Computer Security class starts this week.
Leaked records up 566 percent to 4 billion in 2016: IBM Security
In 2016, more than 4 billion records were leaked worldwide, exceeding the combined total from the two previous years, according to a report from IBM Security.
In its IBM X-Force Threat Intelligence Index 2017, Big Blue explained the leaked documents comprised the usual credit cards, passwords, and personal health information, but also noted a shift in cybercriminal strategies, finding a number of significant breaches were related to unstructured data such as email archives, business documents, intellectual property, and source code.
   "While the volume of records compromised last year reached historic highs, we see this shift to unstructured data as a seminal moment. The value of structured data to cybercriminals is beginning to wane as the supply outstrips the demand. Unstructured data is big-game hunting for hackers and we expect to see them monetise it this year in new ways."


Turn off ‘surveillance by default.’  
   Right-click on the Start Button and open Device Manager.
In the Device Manager window, expand the Audio inputs and outputs section and you will see your Microphone listed there as one of the interfaces.  Right click on Microphone and select Disable.


Paper – Encryption Workarounds
by Sabrina I. Pacifici on Apr 2, 2017
Kerr, Orin S. and Schneier, Bruce, Encryption Workarounds (March 20, 2017).  Available at SSRN: https://ssrn.com/abstract=2938033 or http://dx.doi.org/10.2139/ssrn.2938033
“The widespread use of encryption has triggered a new step in many criminal investigations: the encryption workaround.  We define an encryption workaround as any lawful government effort to reveal an unencrypted version of a target’s data that has been concealed by encryption.  This essay provides an overview of encryption workarounds.  It begins with a taxonomy of the different ways investigators might try to bypass encryption schemes.  We classify six kinds of workarounds: find the key, guess the key, compel the key, exploit a flaw in the encryption software, access plaintext while the device is in use, and locate another plaintext copy.  For each approach, we consider the practical, technological, and legal hurdles raised by its use.  The remainder of the essay develops lessons about encryption workarounds and the broader public debate about encryption in criminal investigations.  First, encryption workarounds are inherently probabilistic.  None work every time, and none can be categorically ruled out every time.  Second, the different resources required for different workarounds will have significant distributional effects on law enforcement.  Some techniques are inexpensive and can be used often by many law enforcement agencies; some are sophisticated or expensive and likely to be used rarely and only by a few.  Third, the scope of legal authority to compel third-party assistance will be a continuing challenge.  And fourth, the law governing encryption workarounds remains uncertain and underdeveloped.  Whether encryption will be a game-changer or a speed bump depends on both technological change and the resolution of important legal questions that currently remain unanswered.” 


Now we need to consider how to make hacking defensible. 
New Report Aims to Help Criminal Defense Attorneys Challenge Secretive Government Hacking
by Sabrina I. Pacifici on Apr 2, 2017
Lawyers at EFF, the ACLU, and the National Association of Criminal Defense Lawyers released a report today outlining strategies for challenging law enforcement hacking, a technique of secretly and remotely spying on computer users to gather evidence.  Federal agents are increasingly using this surveillance technique, and the report will help those targeted by government malware—and importantly their attorneys—fight to keep illegally-obtained evidence out of court.  A recent change in little-known federal criminal court procedures, which was quietly pushed by the Justice Department, has enabled federal agents to use a single warrant to remotely search hundreds or thousands of computers without having to specify whose information is being captured or where they are.  We expect these changes to result in much greater use of the technique, and the guide will arm attorneys with information necessary to defend their clients and ensure that law enforcement hacking complies with the Constitution and other laws…” 


Basing an insurance rate on the manufacturer’s programming skills?  
Self-Driving Cars Raise Questions About Who Carries Insurance
   Billionaire investor Warren Buffett, whose company, Berkshire Hathaway, owns the insurance giant Geico, told CNBC in a February interview: "If the day comes when a significant portion of the cars on the road are autonomous, it will hurt Geico's business very significantly."
That would seem to make sense.  If humans aren't driving the cars, who needs a car insurance policy?
   Right now, insurance rates are calculated mostly based on attributes of drivers — their claims histories, driving records and such.  Increasingly, some insurers also use apps or devices that allow them to track speeding and other behaviors.  Insurers can then offer discounts as rewards for safe driving.
A driverless car changes that model, shifting the insurance toward automakers, and away from drivers or car owners.
   Right now, Smith says, one of the biggest obstacles for insurers is a lack of data.
"Insurance is a data-based effort to really predict the future based on the past, and when you have dramatically different technologies and new applications for automated driving, it makes predicting the future much harder because you don't have those reliable data about the past and present," he says.


Juliet:  "What's in a name? That which we call a rose by any other name would smell as sweet."  Romeo and Juliet (II, ii, 1-2)
“If we don’t talk about it, it will go away.”  DOE
“No, it won’t!”  Al Gore
Energy Department climate office bans use of phrase ‘climate change’
by Sabrina I. Pacifici on Apr 2, 2017
Politico, Eric Wolff – “The Office of International Climate and Clean Energy is the only office at DOE with the words ‘climate’ in its name, and it may be endangered as Trump looks to reorganize government agencies.  A supervisor at the Energy Department’s international climate office told staff this week not to use the phrases “climate change,” “emissions reduction” or “Paris Agreement” in written memos, briefings or other written communication, sources have told POLITICO.  Employees of DOE’s Office of International Climate and Clean Energy learned of the ban at a meeting Tuesday [March 28, 2017], the same day President Donald Trump signed an executive order [Presidential Executive Order on Promoting Energy Independence] at EPA headquarters to reverse most of former President Barack Obama’s climate regulatory initiatives.  Officials at the State Department and in other DOE offices said they had not been given a banned words list, but they had started avoiding climate-related terms in their memos and briefings given the new administration’s direction on climate change…”