“In hackers we
trust?” Part of a larger management problem at the time.
Uber to pay
record $148 million over 2016 data breach
Uber will pay $148 million to settle an investigation into a 2016 data breach that the company was accused of intentionally concealing.
The settlement with attorneys general for all 50
states and Washington, DC, will be split among the states. It's the
largest ever multi-state data breach settlement, according to the New
York attorney general.
The investigation was called to look into
allegations that the ride-share company violated state-level
notification laws by intentionally withholding that hackers stole the
personal information of 57 million users in 2016.
The breach wasn't disclosed until late 2017, when
Uber revealed that it paid the hackers $100,000 to destroy the data.
In April, Uber settled a case with the Federal Trade Commission,
which was investigating claims that Uber deceived customers over this
breach.
As part of the settlement, Uber has agreed to
develop and implement a corporate integrity program for employees to
report unethical behavior. It also agreed to adopt model data breach
notification and data security practices, as well as hire an
independent third party to assess its data security practices.
… The settlement comes as Uber attempts to
clean up its practices. In July, for example, Uber
finally hired a chief privacy officer: Ruby
Zefo, became Uber's top executive focused on privacy. Matt Olsen
also joined as chief trust and security officer.
Coming soon to a precinct near you!
The Crisis
of Election Security
… when Jenkins met E.A.C. officials and the
executive director of the National Association of Secretaries of
State for a brief discussion before the scheduled call, what was
supposed to be a half-hour meeting bled into four hours, as he and
his staff got a crash course in election administration. Internet
voting, they learned, was the least of their concerns; the real
problems were the machines used to cast and tally votes and the
voter-registration databases the Russians had already shown interest
in hacking. The entire system — a
Rube Goldberg mix of poorly designed machinery, from
websites and databases that registered and tracked voters, to
electronic poll books that verified their eligibility, to the various
black-box systems that recorded, tallied and reported results — was
vulnerable.
… Two
years later, as the 2018 elections approach, the American
intelligence community is issuing increasingly dire warnings about
potential interference from Russia and other countries, but the
voting infrastructure remains largely unchanged.
I wonder if they offered him a scholarship? (Or
if Apple is paying his tuition…)
Apple
hacking teenager avoids jail time for 'Hacky hack hack'
He pleaded
guilty to accessing Apple's systems multiple times over a period
of two years, but today an Australia teenager (who cannot be named
for legal reasons) escaped conviction and will not serve time in
prison for hacking
Apple.
The boy accessed Apple's mainframe from his
Melbourne home, reportedly because he
was a fan of the company and wanted to work there in the future.
He was 16 years old when he first gained access.
He downloaded 90GB of data and stored them in a
folder on a family computer called "Hacky hack hack".
"Your offending is serious, sustained and
sophisticated," the magistrate said, as
reported by The Age. "You knew what you were doing was
wrong."
The teenager pleaded guilty back in August, but
was sentenced Thursday, Sept. 27. No conviction will be recorded,
but an eight month probation order will be put in place.
The
teenager has since been accepted into university to
study criminology and cyber safety.
Probably not a good way to test your upgrades.
H-E-B
stores across Texas briefly shut down because of software problem
H-E-B stores across Texas were briefly closed late
this morning because of software glitch.
… H-E-B officials said that all stores were
open by early Wednesday afternoon.
… The H-E-B store on Weber Avenue closed and
all customers were forced to leave the facility for a few minutes
shortly after the glitch was discovered.
… Many people tweeted that H-E-B employees
were passing out treats and cookies to keep customers calm while they
waited. It wasn’t a surprise, Campos told the Express-News.
… Some customers mentioned on Twitter that
some products were ringing
up free at checkout.
RTFM! Read The Freaking Manual!
The
Always-On Police Camera
Last summer, the Baltimore police officer Richard
Pinheiro submitted
body-camera footage as evidence in a drug bust. In Pinheiro’s
video, filmed on an Axon Body 2 camera, he wanders through a junky
backyard for a few moments before spotting, among the detritus, a
discarded soup can. He picks it up and pulls out a small baggie of
white pills that he and two other officers would later claim belonged
to the suspect. Pinheiro and the other officers arrested the man,
then submitted the evidence against him—the baggie, their
testimony, and the video—to the Baltimore Police Department.
What Pinheiro and the other officers didn’t seem
to realize was that the Axon Body 2 camera has a “fail-safe”
feature. The camera is
always on and always saves the 30 seconds of footage prior to the
officer activating the record button. Those 30 seconds
told an entirely different story. In footage Pinheiro was unaware
anyone—let alone a jury—would ever see, he pulls a baggie of
drugs from his pocket. In full view of the two other officers, he
places the baggie in the soup can and drops it on the ground.
Pinheiro then presses record and, with the cameras rolling,
serendipitously “discovers” the soup can.
A sneaky test? Are they that concerned about a
negative precedent?
Test Case
Probes Jurisdictional Reach of GDPR
Given
the potential size of GDPR fines, it has always been likely that
there would be GDPR appeals. While business needs to know how the
regulators will enforce the regulation, the regulators need to know
how the courts will react to appeals. It has always been likely that
the regulators would test the water quietly before embarking on any
major action against a major company.
It
should be no surprise that this has already happened. The UK's
Information Commissioner's Office (ICO) quietly delivered a GDPR
enforcement notice on the Canadian firm AggregateIQ Data Services Ltd
(AIQ) back on July 6, 2018. The ICO did not publish the notice on
its 'enforcement action' page as it usually does (including, for
example, details of the £500,000 fine it imposed
on Equifax, dated September 20, 2018).
Instead,
the AIQ notice was published as an addendum to a report entitled
'Investigation into the use of data analytics in political
campaigns'. Here it remained unnoticed until found and highlighted
by law firm Mishcon de Reya LLP last week.
Equally
unnoticed is that AIQ has unsurprisingly appealed the notice. Since
appeals are not handled by the ICO, there is no mention of it on the
ICO website. Appeals against ICO notices are handled by the General
Regulatory Chamber (GRC) of HM Courts & Tribunals Service. This
site lists that an AggregateIQ Data Services Ltd ("AIQ")
appeal against an unreferenced ICO decision notice was received on 30
July 2018 – which brings it perilously close to the allowed 28-day
appeal period.
No
further details are given, and no hearing date is listed.
SecurityWeek
has requested a copy of the appeal (reference EA/2018/0153); which
may or may not be allowable under the Freedom of Information Act.
… In
effect, this is a test case to see how the courts view the extension
of European regulations (in this instance, specifically the UK
implementation of GDPR) beyond the borders of the European Union.
AIQ is a Canadian firm, and Canada is a softer target than the United
States. Nevertheless, the case is likely to provide important
information to European regulators before they take on any of the big
U.S. tech companies. Smaller U.S. firms should still monitor the
outcome to gauge their own exposure to GDPR.
Perspective.
See
how new data-science tools are determining who gets hired, in this
episode of Moving Upstream: “Hiring is undergoing a profound
revolution. Nearly all Fortune 500 companies now use some form of
automation — from robot avatars interviewing job candidates to
computers weeding out potential employees by scanning keywords in
resumes. And more and more companies are using artificial
intelligence and machine learning tools to assess possible employees.
DeepSense, based in San Francisco and India, helps
hiring managers scan people’s social media accounts to
surface underlying personality traits. The company says it uses a
scientifically based personality test, and it can
be done with or without a potential candidate’s knowledge.
The practice is part of a general trend of some hiring companies to
move away from assessing
candidates based on their resumes and skills, towards making hiring
decisions based on people’s personalities…”
(Related)
Tech Giants
Launch New AI Tools as Worries Mount About Explainability
Concerns about
transparency and ethics in artificial intelligence are mounting,
prompting cloud services companies to launch new tools that explain
the decision-making behind their AI
algorithms.
Executives in
regulated industries such as accounting and finance say it’s
crucial that both data scientists and non-technical business managers
understand the processes behind an algorithmic decision. That
knowledge could have far-reaching impacts in guarding against
potential ethical and regulatory breaches, especially as
enterprise-level AI algorithms become widespread.
… About 60%
of 5,000 executives polled in a recent study by IBM’s Institute of
Business Value said they were concerned about being able to explain
how AI is using data and making decisions in order to meet regulatory
and compliance standards. That’s up from 29% in 2016.
(Related) ...and it’s not just AI.
How
computer software can make policy, explained by family separation at
the border
I
was listening to the New
York Times daily podcast a few weeks ago when a segment caught my
attention.
… The podcast detailed how border agents
process people coming across the border. They use a computer program
that allows them to categorize people in one of three ways: as an
“unaccompanied minor,” an “individual adult,” or an “adult
with children,” which refers to the whole family unit. Each case
gets assigned an identification number, and families (”adults with
children”) shared one ID number.
This seemed to work fine,
until the Trump administration ordered these agents to separate these
same families. In order to do that, border agents reprocessed
members of families as either individual adults or unaccompanied
minors, and gave everyone new identification numbers, thus losing the
one piece of data that connected the members of the family in the
system. So, when the court ordered that agents reunite families,
those same processing center records no longer reflected which
children belonged to which parents.
This is (probably) not fake news!
Tech and ad
giants sign up to Europe’s first weak bite at ‘fake news’
The European
Union’s executive body has signed up tech platforms and ad
industry players to a voluntary Code
of Practice aimed at trying to do something about the spread of
disinformation online.
Something, just
not anything too specifically quantifiable.
According to the Commission, Facebook,
Google, Twitter, Mozilla, some additional members of the EDIMA
trade association, plus unnamed advertising groups are among those
that have signed up to the self-regulatory code, which will apply in
a month’s time.
Perspective. How many is too many?
Detroit's
Bird, Lime rental scooter craze hits an obstacle
The rental scooter trend has collided with its
first major obstacle in Detroit: a city government-imposed cap on the
number of scooters.
The two companies that dropped off handfuls of
scooters in Detroit this summer — Bird Rides and Lime — have
quickly expanded and recently hit the city's per-company limit of 300
scooters.
So, for now, the total number of electric scooters
available in Detroit will stay at or below 600.
This restriction could frustrate some weekend
sightseers as well as downtown-area residents and workers who have
come to rely on finding nearby Birds and Limes for their rush-hour
work commutes and just getting around. But non-riders who consider
the scooter craze annoying may appreciate the cap.
For my geeks.
Google
Curriculum, College Credit
Inside HigherEd – Tech
giant gets hands-on with its new online IT certificate, as a growing
number of community colleges and Northeastern University create
credit pathways with the curriculum.
“Google made its first substantial foray into
postsecondary education in January, with the creation of a new online
certificate
program aimed at people who are interested in working
in entry-level IT support roles. Necessity was a key motivator for
the technology giant, which like most has struggled to find enough IT
hires and also is seeking to diversify its work force. And many
observers say the move by such a powerful player in the economy is an
intriguing sign of what could happen if big employers in high-demand
industries increasingly take a hands-on role in postsecondary
education and training. In its first five months, more than 40,000
learners enrolled in the Google certificate program, with 1,200
completing. “It’s a whole new marketplace, and it’s driven by
the employers and the students,” said Ray Schroeder, associate vice
chancellor for online learning at the University of Illinois at
Springfield. “These companies for the most part don’t want to
get into education. They’re going to do it because it needs to be
done.” Instead of the typical approach of designing credential
programs to meet employer demand, a growing number of colleges are
following Google’s lead and creating college credit-bearing and
accredited versions of the new certificate. So far more than 25
community colleges and Northeastern University have signed on to
offer credit for the certificate program. Company officials say its
content can be tweaked easily by college faculty members to create a
customized certificate or stackable pathway to a degree. “We built
the curriculum to be modularized,” said Natalie Van Kleef Conley, a
senior product manager for Grow With Google. “It’s very flexible
for them to use it as they see fit.” Finding qualified candidates
for IT support jobs has long been a problem for Google and its parent
company, Alphabet, which employs 85,000 people. “We were
struggling to find hires. And we knew we couldn’t be the only
company,” Conley said, adding that “we realized that being
qualified didn’t mean having a four-year degree.” IT support is
a hot occupation, currently accounting for 150,000 open positions in
the U.S., according to Burning Glass Technologies, which analyzes the
employment market. These are typically middle-class jobs, with
federal data showing an average starting salary of $52,000…”
Worth browsing?
Einstein's
Archives Online
More than 80,000 of Albert Einstein's documents
and drawings are now available to view for free at Einstein
Archives Online. The archives include not only his scientific
work but also his images and documents from his travels and thoughts
on the world in general.
Are you sure Scott Adams isn’t talking about the
White House?
No comments:
Post a Comment