Saturday, June 02, 2018

Now we get some details.
… The company offered the first update on the situation Friday, and things aren’t looking great. On a support site, Ticketfly states that it is “investigating a cybersecurity incident” and its website and other services will be inaccessible for the time being. No timeframe has been provided as to when Ticketfly’s operations will return to normal.
This whole unfortunate incident started late Wednesday night when people started to notice some suspicious activity coming from Ticketfly.
… It’s possible for an attacker to vandalize a site without doing any real damage to the behind-the-scenes infrastructure. Unfortunately, in the case of Ticketfly, the breach appears to be far worse than just the digital equivalent of graffiti.
The apparent hacker, going by IsHaKdZ, told Gizmodo via email that he found a vulnerability in the Ticketfly website and attempted to report it to the company. Motherboard reported seeing email conversations purportedly between the hacker and Ticketfly employees. The hacker said he “asked them 1 bitcoin for protection,” and when he didn’t receive it, he exploited the vulnerability.
According to IsHaKdZ, he is in possession of a “complete” database containing sensitive information that he stole from Ticketfly. According to Motherboard, the hacker has several spreadsheet files that appear to contain personal information about thousands of Ticketfly customers and employees of venues that use the service. The database includes names, home addresses, email addresses, and phone numbers.




Too big to fail? My Software Architecture students need to think about this.
Visa Card Payments Failing in UK, Europe, Highlighting Need for Decentralized Options
Visa has said that their card payments are experiencing disruptions across Britain and Europe, the BBC reports today, June 1.
Visa, which handles over 150 mln transactions a day, tweeted about the service disruption, noting that they will keep updating as they resolve the situation:
Visa UK ✔ @VisaUK
We are currently experiencing a service disruption which is preventing some Visa transactions in Europe from being processed. We are investigating the cause and working as quickly as possible to resolve the situation. We will keep you updated.
10:49 AM - Jun 1, 2018


(Related)
Massive Visa Outage Shows the Fragility of Global Payments
… Though some Visa transactions still went through, the failure appeared widespread. The Financial Times even reported that some ATMs in the United Kingdom were already out of cash within a couple of hours of the first outage reports. Some observers saw in the outage a stark reminder of the fragility of payment networks, and the weaknesses in global economic platforms.




Alternatives to self-driving cars. My students are continuing to debate: Who will win, who will lose.
Report: Lyft agrees to buy Ford GoBike, Citi Bike operator Motivate in big bikeshare deal
You've probably never heard of Motivate, but perhaps you've seen these handy Ford GoBike or Citi Bike bicycle docks around your neighborhood? Soon, ride-hailing company Lyft may own these and a handful of Motivate's other docking bicycle networks – helping it challenge Uber and a whole bunch of upstart electric scooter companies when it comes to urban transportation.
The Information reports that Lyft has agreed to purchase Motivate for as much as $250 million, though a deal reportedly hasn't been finalized yet.


(Related)
Denver warns it will sweep scooters off city’s streets
… Denver Public Works ordered Lime and Bird to remove scooters left in the public right of way or they will be confiscated by the city, according to a news release. The notice came with words of caution for the scooters’ riders and a pledge to develop rules to regulate dockless transportation companies.
The city also warned users where and how they could use the scooters.
… Lime rolled out its scooters in Denver just before Memorial Day weekend; Bird introduced its scooters on Friday. Users download the companies’ apps and unlock scooters to use them. The scooters can travel nearly 15 miles per hour and roll for about 20 miles before needing a charge.




Interesting. Does the tail wag the dog at Google or was this project less profitable that they thought?
Google Won't Renew Controversial Pentagon AI Project
The backlash to Google’s work on a US military artificial-intelligence project began inside the tech giant, but in recent weeks, it has spilled into the public. As employees resigned in protest over Google’s work with Project Maven, which uses AI to identify potential drone targets in satellite images, reports revealed top executives fretting over how it will be perceived by the public. On Friday, Google changed course, as Google Cloud CEO Diane Greene announced internally that the company will not renew the contract for Project Maven, according to Gizmodo. The current contract expires in 2019.




This could be big (success or failure)
This is why Microsoft should buy $2 billion startup GitHub and turn it into a weapon against Amazon
On Friday, Business Insider reported that Microsoft has held talks to buy GitHub — a $2 billion startup that claims 24 million software developers as users.
It's not immediately clear what will come of these talks. Microsoft declined to comment, but you can read the full Business Insider report here.
While we wait for further word on the future of GitHub, one thing is very clear: It would make perfect sense for Microsoft to buy the startup. If the stars align, and GitHub is integrated intelligently into Microsoft's products, it could give the company a big edge against Amazon Web Services, the leading player in the fast-growing cloud market.
Just to catch you up: GitHub is an online service that allows developers to host their software projects. From there, anyone from all over the world can download those projects and submit their own improvements. That functionality has made GitHub the center of the open source software development world.




Who knew?
Words Matter: How Lyrics Help Songs Top the Charts
… We found that, on average, the more different a song was from its genre, the more atypical a country song was for country music, the more successful it was on the Billboard chart, the higher ranked it was. Even controlling for things like who sang the song, when it was released, etc., the mere fact that it was different from most other songs in its genre was connected to it being more successful.




Humor? Vegetarian repellent?
A.1. debuts 'meat scents' candles to fill your home with the aroma of steak sauce and beef


Friday, June 01, 2018

When your Prevention fails (and it will) you need Detection before you can attempt Correction.
Ticketfly temporarily shuts down to investigate 'cyber incident'
Ticketfly has temporarily shut down after a "cyber incident" (read: hack) compromised its systems. An intruder defaced the company's website around midnight on May 31st with claims that they had compromised the "backstage" database where festivals, promoters and venues manage their events. Billboard sources didn't believe this included credit card data, but the attacker had posted files supposedly linking to info for Ticketfly "members."




It has always been thus.
Margi Murphy Ben Riley-Smith report:
The European Commission has claimed it is not subject to the strict new data protection law that it has imposed across Europe, following an “embarrassing” leak of personal data on its website.
Officials in Brussels admitted the bureaucracy that designed the rules is not itself compliant with the General Data Protection Regulation (GDPR). A spokesman said the European Commission was “taking and will continue to take all the necessary steps to comply”.
Read more on The Telegraph.




I think the history of technology helps put Computer Security and the other subjects I teach in perspective. Given any technology, someone will use it to cheat.
The crooked timber of humanity
Nearly two centuries ago, France was hit by the world’s first cyber-attack. Tom Standage argues that it holds lessons for us today
… The world’s first national data network was constructed in France during the 1790s. It was a mechanical telegraph system, consisting of chains of towers, each of which had a system of movable wooden arms on top. Different configurations of these arms corresponded to letters, numbers and other characters. Operators in each tower would adjust the arms to match the configuration of an adjacent tower, observed through a telescope, causing sequences of characters to ripple along the line. Messages could now be sent much faster than letters, whizzing from one end of France to the other in minutes. The network was reserved for government use but in 1834 two bankers, François and Joseph Blanc, devised a way to subvert it to their own ends.
The Blanc brothers traded government bonds at the exchange in the city of Bordeaux, where information about market movements took several days to arrive from Paris by mail coach. Accordingly, traders who could get the information more quickly could make money by anticipating these movements. Some tried using messengers and carrier pigeons, but the Blanc brothers found a way to use the telegraph line instead. They bribed the telegraph operator in the city of Tours to introduce deliberate errors into routine government messages being sent over the network.
The telegraph’s encoding system included a “backspace” symbol that instructed the transcriber to ignore the previous character. The addition of a spurious character indicating the direction of the previous day’s market movement, followed by a backspace, meant the text of the message being sent was unaffected when it was written out for delivery at the end of the line. But this extra character could be seen by another accomplice: a former telegraph operator who observed the telegraph tower outside Bordeaux with a telescope, and then passed on the news to the Blancs. The scam was only uncovered in 1836, when the crooked operator in Tours fell ill and revealed all to a friend, who he hoped would take his place. The Blanc brothers were put on trial, though they could not be convicted because there was no law against misuse of data networks. But the Blancs’ pioneering misuse of the French network qualifies as the world’s first cyber-attack.




For all my students to consider.
The Digital Poorhouse
In May 2018, a new data and privacy law will take effect in the European Union. The product of many years of negotiations, the General Data Protection Regulation is designed to give individuals the right to control their own information. The GDPR enshrines a “right to erasure,” also known as the “right to be forgotten,” as well as the right to transfer one’s personal data among social media companies, cloud storage providers, and others.
The European regulation also creates new protections against algorithms, including the “right to an explanation” of decisions made through automated processing. So when a European credit card issuer denies an application, the applicant will be able to learn the reason for the decision and challenge it. Customers can also invoke a right to human intervention. Companies found in violation are subject to fines rising into the billions of dollars.
Regulation has been moving in the opposite direction in the United States, where no federal legislation protects personal data. The American approach is largely the honor system, supplemented by laws that predate the Internet, such as the Fair Credit Reporting Act of 1970. In contrast to Europe’s Data Protection Authorities, the US Federal Trade Commission has only minimal authority to assess civil penalties against companies for privacy violations or data breaches. The Federal Communications Commission (FCC) recently repealed its net neutrality rules, which were among the few protections relating to digital technology.
These divergent approaches, one regulatory, the other deregulatory, follow the same pattern as antitrust enforcement, which faded in Washington and began flourishing in Brussels during the George W. Bush administration. But there is a convincing case that when it comes to overseeing the use and abuse of algorithms, neither the European nor the American approach has much to offer. Automated decision-making has revolutionized many sectors of the economy and it brings real gains to society. It also threatens privacy, autonomy, democratic practice, and ideals of social equality in ways we are only beginning to appreciate.




Something for my Software Architecture class.
The Ad Hoc Government Digital Services Playbook
The Ad Hoc Government Digital Services Playbook compiles what we’ve learned from four years of delivering digital services for government clients. Our playbook builds on and extends the Digital Services Playbook by the United States Digital Service. The USDS playbook is a valuable set of principles, questions, and checklists for government to consider when building digital services. If followed, the plays make it more likely a digital services project will succeed. Today, we’re publishing the opinions we developed and lessons we learned while implementing the original plays of the USDS playbook. We want to share our knowledge in hopes that other teams can continue to build on the progress we and many other organizations are making in improving government digital services. In 2014, we founded Ad Hoc with the same catalyst that created the USDS: the failed launch of HealthCare.gov. Since then, we’ve been using these plays to help government reform the way it serves users, who have come to expect more from the digital products and services they use. Building digital services for government means orienting and aligning around the user experience, for all audiences and abilities, and doing so securely, protecting users’ privacy and data. To the user of digital services, availability and usability are paramount. Slow, confusing interfaces drive them away and erode their trust. This essential user-centrism is at the core of government digital services. It distinguishes them from enterprise software, where users are expected to have substantial training and domain knowledge, or conform to confusing business-processes-as-software. While government had substantial experience building enterprise software systems prior to 2013, when HealthCare.gov launched, it didn’t have comparable experience delivering digital services, such as those users have become accustomed to in the commercial sector. The challenge of the past four years has been introducing to government the practices and processes that set user-centered services up for success. Our playbook contributes additional detail on how to accomplish this task…”




What defines CyberWar? What does not.
The Technicolor Zone of Cyberspace – Part I
The Right Honourable Jeremy Wright’s recent remarks at Chatham House on Cyber and International Law in the 21st Century added a welcome dash of color to the otherwise gray zone of cyberspace. While full-HD resolution may still be in the offing, this all-too-rare official pronouncement of opinio juris reinforces the baseline maxim that existing international law applies to states’ activities in cyberspace and provides some needed clarity on how certain key provisions of international law govern interstate relations at and below the threshold of armed conflict.
… As the recently released Command Vision for US Cyber Command recognizes, the emerging cyber-threat landscape is marked by adversary states engaging in sustained, well-constructed campaigns to challenge and weaken western democracies through actions designed to hover below the threshold of armed conflict while still achieving strategic effect. And as the Cyber Command Vision also makes clear, passive, internal cyber security responses have proved inadequate, ceding strategic initiative and rewarding bad behavior.
The UK’s position on this is point is now clear: Both in peacetime and in conflict, states cannot engage in hostile cyber campaigns free of consequence. “States that are targeted by hostile cyber operations have the right to respond to those operations in accordance with the options lawfully available to them and that in this as in all things, all states are equal before the law.”




It’s Data Management, not Evidence Destruction!
Guide walks you through steps to sort and delete sets of Gmail messages
TechRepublic – Andy Wolber: “You might want to mass delete email from Gmail for many reasons: To remove non-work-related messages from an account, to achieve “inbox zero” as part of a personal productivity effort, or—more mundanely—to reduce the storage space used by attachments. Some people pursue #NoEmail—and start to treat email as an ephemeral communication channel instead of a permanent archive. Before you start to mass delete items from Gmail, I recommend that you export your current email data. To do this, use Google Takeout at https://takeout.google.com. Choose the “Select None” button, then scroll down the page to Mail. Move the slider to the right of Mail to “on.” (You may export just some of your email: Select the down arrow to the left of the slider, then choose one—or more—Gmail labels to select items tagged with those labels to export.)…”




Perspective.
Teens, Social Media & Technology 2018
Until recently, Facebook had dominated the social media landscape among America’s youth – but it is no longer the most popular online platform among teens, according to a new Pew Research Center survey. Today, roughly half (51%) of U.S. teens ages 13 to 17 say they use Facebook, notably lower than the shares who use YouTube, Instagram or Snapchat. This shift in teens’ social media use is just one example of how the technology landscape for young people has evolved since the Center’s last survey of teens and technology use in 2014-2015. Most notably, smartphone ownership has become a nearly ubiquitous element of teen life: 95% of teens now report they have a smartphone or access to one. These mobile connections are in turn fueling more-persistent online activities: 45% of teens now say they are online on a near-constant basis. The survey also finds there is no clear consensus among teens about the effect that social media has on the lives of young people today. Minorities of teens describe that effect as mostly positive (31%) or mostly negative (24%), but the largest share (45%) says that effect has been neither positive nor negative…”




Perspective.
PwC How will the global economic order change by 2050?
The World in 2050 – “This report sets out our latest long-term global growth projections to 2050 for 32 of the largest economies in the world, accounting for around 85% of world GDP. Key results of our analysis (as summarised also in the accompanying video) include:
  • The world economy could more than double in size by 2050, far outstripping population growth, due to continued technology-driven productivity improvements
  • Emerging markets (E7) could grow around twice as fast as advanced economies (G7) on average
  • As a result, six of the seven largest economies in the world are projected to be emerging economies in 2050 led by China (1st), India (2nd) and Indonesia (4th)
  • The US could be down to third place in the global GDP rankings while the EU27’s share of world GDP could fall below 10% by 2050
  • UK could be down to 10th place by 2050, France out of the top 10 and Italy out of the top 20 as they are overtaken by faster growing emerging economies like Mexico, Turkey and Vietnam respectively
  • But emerging economies need to enhance their institutions and their infrastructure significantly if they are to realise their long-term growth potential…”


Thursday, May 31, 2018

Interesting. Every country does this. Are they asking the BND to disclose exactly how and what they are doing and justify it by citing laws?
Operator of World's Top Internet Hub Sues German Spy Agency
The BND foreign intelligence service has long tapped international data flows through the De-Cix exchange based in the German city of Frankfurt.
But the operator argues the agency is breaking the law by also capturing German domestic communications.
"With the lawsuit, we seek judicial clarification and, in particular, legal certainty for our customers and our company," the company said.
Given the mass of daily phone calls, emails, chats, internet searches, streamed videos and other online communications, an effective fire-walling of purely German communications is unrealistic, activists argue.
The De-Cix operator says its Frankfurt hub is the world's biggest Internet Exchange, bundling data flows from as far as China, Russia, the Middle East and Africa, and handles more than 6 terabits per second at peak traffic.
It said the BND, a partner of the US National Security Agency (NSA), has placed so-called Y-piece prisms into its data-carrying fibre optic cables that give it an unfiltered and complete copy of the data flow.




More like ‘Crack.’
Law Firm Data is Catnip for Hackers
Security Boulevard: “Dig into a law firm, and you’ll find secrets. Sometimes these secrets are mundane, like who’s getting divorced, or who’s getting cut out of the will. Sometimes, however, these secrets can shake nations and economies. Huge companies are merging and getting acquired, national leaders are hiding graft in numbered accounts, and you might find all those secrets within the server at a nondescript law firm – which might be possibly the most unsafe place to hide it. Law firms may be extremely discrete when protecting their clients’ identities from judges, the media, and other lawyers, but their track record is less than stellar when it comes to the digital realm. Those who’ve heard of the firm Mossack Fonseca or the Panama Papers (a 2TB data leak that exposed how the wealthy avoid paying taxes) may know that the firm in question was:
  • Running a version of WordPress that was 2 years out of date.
  • Running a version of Drupal that was three years out of date.
  • Running its web server on the same network as its mail server.
  • Running its web server without a firewall.
  • Running an out-of-date plugin known as “Revolution Slider,” which contained a file upload vulnerability that had been documented since 2014.
This multitude of sins collectively led to a scandal that, among other things, brought down the Icelandic Prime Minister. What’s more troubling, however, is that Mossack Fonseca wasn’t a standout among law firms. Many if not most law firms have an equally bad security posture…”




Perhaps North Korea is serious about the summit. One easy way to break it off ‘accidentally’ is to cause a hacking incident. I keep coming back to the question, “What happened to cause this?”
North Korea-Linked Group Stops Targeting U.S.
A threat actor linked to North Korea’s Lazarus Group has stopped targeting organizations in the United States, but remains active in Europe and East Asia.
The group, tracked by industrial cybersecurity firm Dragos as Covellite, has been known to target civilian electric energy organizations in an effort to collect intellectual property and information on industrial operations.




I’m sure I agree with one of these…
Jim Garland and Katharine Goodloe of Covington & Burling write:
Two federal appellate courts are taking sharply different views on whether—and why—government agents must have some amount of suspicion to conduct forensic searches of electronic devices seized at the border.
The Fourth Circuit on May 9, 2018, held that government agents must have reasonable suspicion to conduct forensic searches of cell phones seized at the border. It said that decision was based on the Supreme Court’s recognition in Riley v. California that phones contain information with a “uniquely sensitive nature.” The Fourth Circuit and Ninth Circuit are the only two federal appellate courts to require reasonable suspicion for forensic border searches.
In contrast, the Eleventh Circuit on May 23, 2018, rejected that position—and held that no suspicion is required for forensic border searches of electronic devices.
Read more on Inside Privacy.




Anyone doing anything can be measured. Analyzing the results of that measurement is the tricky part.
Arthur O’Connor writes:
Orwellian technology, capable of monitoring your every message and conversation, may be coming to your office soon.
In keeping with the management adage, “What you can’t measure, you can’t manage,” new employee monitoring methods called talent analytics (or workforce analytics) are hitting the corporate market.
From small startups to global giants such as IBM, tech vendors are offering employers the promise of quantitative, data-driven precision in determining who is a high performer and who is a slacker.
Read more on WhoWhatWhy?




So much easier electronically. Could the emergency rooms pay to lock out the ads?
Digital Ambulance Chasers? Law Firms Send Ads To Patients' Phones Inside ERs
Patients sitting in emergency rooms, at chiropractors' offices and at pain clinics in the Philadelphia area may start noticing on their phones the kind of messages typically seen along highway billboards and public transit: personal injury law firms looking for business by casting mobile online ads at patients.
The potentially creepy part? They're only getting fed the ad because somebody knows they are in an emergency room.
The technology behind the ads, known as geofencing, or placing a digital perimeter around a specific location, has been deployed by retailers for years to offer coupons and special offers to customers as they shop. Bringing it into health care spaces, however, is raising alarm among privacy experts.
"It's really, I think, the closest thing an attorney can do to putting a digital kiosk inside of an emergency room," says digital marketer Bill Kakis, who runs the Long Island, N.Y.-based firm Tell All Digital. Kakis says he recently inked deals with personal injury law firms in the Philadelphia area to target patients.
Law firms and marketing companies from Tennessee to California are also testing out the technology in hospital settings.
… The advertisers identify someone's location by grabbing what is known as "phone ID" from Wi-Fi, cell data or an app using GPS.
Once someone crosses the digital fence, Kakis says, the ads can show up for more than a month — and on multiple devices.




An update, that doesn’t seem like an update.
Full video and transcript: Facebook COO Sheryl Sandberg and CTO Mike Schroepfer at Code 2018
To this day, we still don’t actually know what data Cambridge Analytica had.”
[Video and transcript]




We ain’t afraid of no GDPR!”
Google Emerges as Early Winner From Europe’s New Data Privacy Law
GDPR, the European Union’s new privacy law, is drawing advertising money toward Google’s online-ad services and away from competitors that are straining to show they’re complying with the sweeping regulation.
The reason: the Alphabet Inc. ad giant is gathering individuals’ consent for targeted advertising at far higher rates than many competing online-ad services, early data show.




Perspective. This is a big deal every year.
Mary Meeker just presented 294 slides on the future of the internet — read them here
There's a "privacy paradox" surrounding data collection for profit, and that theme could come to dominate the internet in 2018, according to Mary Meeker.
More than half the world's population is now online, time spent on the internet is higher than many would like, and regulators are starting to question whether buying in is costing users.
In other words, growth means scrutiny.




Think of the ‘goods and services tax’ as a general tariff. Is it wise to keep your citizens from the global marketplace?
Amazon to block Australians from using US store after new GST rules
Amazon will not ship overseas goods to Australian customers after new GST rules that target international retailers come into effect in July.
Amazon’s new rule, announced on Thursday, will prevent Australians from buying from the Amazon US store – or any international Amazon stores – which frequently have cheaper goods and a greater range compared with the Australian Amazon store.
… The move is a response to a new GST policy that will apply 10% tax to all overseas purchases under $1,000 announced by the Turnbull government last year in a bid to “level the playing field” between Australian and overseas retailers.




Perspective. Keep the rankings straight.
Reddit beats out Facebook to become the third-most-popular site on the web
Reddit has now surpassed Facebook and is now the third-most-popular internet destination for users in the United States, according to rankings published by Amazon subsidiary Alexa (no, not that Alexa), a website that tracks and analyzes web traffic. Despite its recent controversial site redesign, this means that Reddit now trails Google and YouTube, but ranks ahead of Facebook and Amazon.




Perspective. The end of an era.
Canon ends film camera sales for good
Canon stopped building film cameras eight years ago, but it had still been selling them from old stock. Now, it has quietly announced that it will end sales of its last film SLR, the EOS-1V, marking an end to an era that started in 1934 with its first camera, the Kwanon.




Good on ya, Red Robin!
Red Robin offering a free meal for teachers
Teachers will be treated to a free meal at any Red Robin restaurant in the United States on June 5.
Teachers and school administrators who display school identification will receive one of Red Robin's five Tavern Double Burgers, with steak fries. The offer is good for take-out and dine-in orders.
… For more information on Red Robin's free meal for teachers, click here.


Wednesday, May 30, 2018

As a taxpayer, this is depressing. As a manager, this in incomprehensible.
Federal Cybersecurity Risk Determination Report and Action Plan
NextGov: “Many federal agencies don’t know how hackers are targeting them, can’t tell when hackers steal large amounts of their data and aren’t efficiently spending the cybersecurity money they have, according to a report and action plan released last week. Roughly three-quarters of federal agencies’ cybersecurity programs are currently “at risk” or “at high risk,” according to the report, which was mandated in a 2017 executive order from President Donald Trump. That order stated that top agency leaders would be held responsible for preventable cyber incidents that happened on their watch. Yet, most agencies, when polled, “did not, or could not, elaborate in detail on leadership engagement above the [chief information officer] level,” this month’s review found…”




Perhaps the Justices do not have to be as “analog” as the Court itself. I want my students to be explainers of technology. That means they have to understand it.
The Supreme Court Is Stubbornly Analog — By Design
The Supreme Court is an openly — even proudly — technophobic institution. Cameras are forbidden, which means there are no images or videos from high-profile cases, and briefs and other legal filings only recently became available at the court’s website. Chief Justice John Roberts argued in 2014 that these Luddite tendencies are just part of the legal system: “The courts will always be prudent whenever it comes to embracing the ‘next big thing.’” The justices — who communicate mostly on paper, rather than via email — can sometimes seem as analog as the institution they serve.
… There are systemic reasons for the court’s reluctant approach to technology — American law is a backward-looking enterprise even outside the highest court. But regardless of why it’s happening, legal scholars say the consequences are clear: When Supreme Court justices lack an understanding of what technology means for the lives of the people affected by their decisions, they will struggle to respond effectively to technological change.




It seems Michael Porter’s barriers to entry are becoming less of a problem.
Why High-Tech Commoditization Is Accelerating
Knowledge embedded within state-of-the-art production and design tools is a powerful force that is leveling the global technology playing field. It democratizes innovation and makes future competition ever more challenging.




Another summary of the GDPR.
Personal Data Protection and the EU GDPR
“Everyone is talking about the European Union‘s (EU) General Data Protection Regulation (GDPR) which takes effect today. Recent news reports about misuse of personal data suggest that rules to protect personal data are essential in today’s interconnected (online) world. But what is the GDPR exactly? And why should you care about an EU law if you live in the United States?…”




“We can, therefore we must?” I have been looking for a good “bad example” and wouldn’t you know it, California has come through in spades!
Digital license plates that change displays and track your car being tested in California
… The Sacramento Bee reports that the city government took delivery last week of 24 Chevrolet Volts equipped with the plates, which are priced at $699 each, but were provided at no cost by the manufacturer, Reviver Auto, for evaluation.
The plates use e-ink screens like e-books, and are equipped with a GPS tracker that can transmit the location of the vehicle. They have a reflective surface, backlighting, weatherproofing and are hardwired to the car.
Reviver Auto says that the technology conforms to the General Data Protection Regulation standards, and that the tracking and display features are controlled by each plate’s owner.
Sacramento Innovation Officer Louis Stewart said that the city is assuring labor representatives that it won’t use them to monitor individual employees.
Reviver Auto VP of Marketing Bobby Penn told Fox News that the telematics data will never be shared with the DMV or law enforcement, and promises that the company will not sell any information to outside companies. No personal data is stored in the device itself.
Users can modify the display with custom messages via an app and electronically update their registration without the need for a sticker or visit to the DMV. They’re being marketed as a fleet management tool for commercial outfits that can double as a promotional platform, as the screens can display company branding and advertisements when the vehicles are parked, while still showing the plate number in a smaller font.
Along with the convenience factor, a pitch to retail customers is that they are the ultimate vanity plate, with the potential to update them on a whim to show support for causes or sports teams, or simply to project a personal message for the day.
Owners can also have the plates display the word “stolen” if their cars go missing, while emergency messages, like amber alerts and flood warnings, can be blasted to all of the devices in an affected area in an effort to reach other motorists.
… A $7 monthly fee is required, with additional costs for the GPS tracking feature.
One retailer, Galpin Motors in Van Nuys, is offering three-year plans priced at $189 and $279, respectively, plus $99 for installation.


(Related)
… The state claims they could save up to $20 million per year on postage, but there’s some pretty huge questions about that, as well as about security, cost, durability and pretty much everything.
… They claim these plates are durable, but compared to a rectangle of stamped metal, they’re not. At all. In fact, the more you think about it, the stupider this gets: You’d be mounting a $700 electronic device on the most vulnerable parts of your car, often right on your bumper. Want to turn a minor parking lot miscalculation into a $700 bill and the inability to legally drive your car around? Then get a Reviver Plate, dummy!
… The company also takes pains to point out that if your car is stolen the plate will say STOLEN or if the car is tagged in an Amber Alert, the plate will give a warning, which is great as long as criminals don’t master the difficult and subtle art known as “removing a license plate.”
… The guy in the video there keeps playing up the aesthetic benefits of the electronic plate, but they don’t seem to acknowledge it’s just black and white.
That’s not even beginning to address the issues surrounding plates being hacked, because, duh, they will—for all manner of purposes and reasons and scams—and then there’s the privacy issues, and that they will eventually wear out and break, and that there will be charging and battery issues and on and on.
This is a classic example of assuming throwing more technology at something will solve a problem, in this case a problem that barely even exists. Also, who would even want one of these? There’s nothing cool or appealing about them.




A strong indication that the world is not ready for self driving cars?
A Tesla sedan running in its autopilot mode crashed into a parked police car in Laguna Beach, California on Tuesday, per the Associated Press, resulting in “minor injuries” to the driver. The officer in charge of the cruiser at the time of the crash was not inside the vehicle and thus avoided being injured.
… Tesla has repeatedly emphasized that the autopilot system is only intended to assist, not replace, an alert human driver, and requires drivers to agree that they understand how to use it before it can be activated.
… In a statement to USA Today, the manufacturer wrote, “When using Autopilot, drivers are continuously reminded of their responsibility to keep their hands on the wheel and maintain control of the vehicle at all times.”




Perspective. I think this is big. Probably not suggesting that Facebook is obsolete, but it may be becoming redundant. For an entire generation, Facebook was how you connected to the Internet.
Mobile Direct Traffic Eclipses Facebook
New data shows that for the first time, mobile direct-to-site traffic has surpassed Facebook. Could this mean that mobile does not equal social after all?
With all of the discussion around the duopoly and the lack of control publishers have over their traffic, we wanted to take a look at our data to observe traffic differences since the Facebook algorithm changes were announced in January. Surprisingly, overall traffic to publisher sites has not declined – instead, it’s remained steady (see chart below). How is this possible?
We know that the majority of readers arrive on a site directly via desktop. However, for as long as we can remember, this behavior has been different on mobile devices; mobile readers = social readers, where someone on mobile most likely found your content from Facebook.
Our latest data shows that’s no longer the case. Now, mobile readers are arriving to a site (website or app) directly to the homepage or section front more often than from attributed social platforms, namely Facebook.
Mobile direct traffic surpassing Facebook traffic to publisher sites is an important milestone. It means consumers may be more loyal to news sites than expected, and publishers may be in a better position vis-a-vis Facebook as well.




Perspective. Jeff Bezos thinks big.
How Amazon Is Using Whole Foods in a Bid for Total Retail Domination
Fortune: The Seattle giant believes selling you groceries is the key to selling you everything else… The very thing that makes grocery delivery hard—that food goes bad—is the reason it’s so desirable to a company like Amazon. Because cheese grows mold and meat goes rancid and milk sours, consumers can’t hoard it in their cupboards or refrigerators indefinitely as they might toilet paper or laundry detergent. As a result, the average family hits the supermarket at minimum once a week; there’s nothing else you purchase or consume so much or so often. For Amazon, getting in on that frequency is critical to further ingraining itself in our routines and behaviors. “Food is the platform for selling you everything else,” says Walter Robb, the former co-CEO of Whole Foods. “It’s an everyday way into your life. There’s nothing else that happens quite that way.” Amazon’s quest is therefore about much more than just food…”




I wonder is Mr. Kissinger feels challenged? Could AI be smarter than he is?
How the Enlightenment Ends
… Aware of my lack of technical competence in this field, I organized a number of informal dialogues on the subject, with the advice and cooperation of acquaintances in technology and the humanities. These discussions have caused my concerns to grow.
Heretofore, the technological advance that most altered the course of modern history was the invention of the printing press in the 15th century, which allowed the search for empirical knowledge to supplant liturgical doctrine, and the Age of Reason to gradually supersede the Age of Religion. Individual insight and scientific knowledge replaced faith as the principal criterion of human consciousness. Information was stored and systematized in expanding libraries. The Age of Reason originated the thoughts and actions that shaped the contemporary world order.
But that order is now in upheaval amid a new, even more sweeping technological revolution whose consequences we have failed to fully reckon with, and whose culmination may be a world relying on machines powered by data and algorithms and ungoverned by ethical or philosophical norms.




This is not why I’m considered ‘agreeable.’ Is it?


Tuesday, May 29, 2018

You should probably hire my students before you are attacked.
The War Few Are Talking About
Just as the world came to recognize IT cyberattacks as a new form of crime, motivated by profit, we must now recognize industrial cyberattacks as tactics in a new form of “economic warfare” being waged between nation-states to gain economic and political advantage without having to pay the price of open combat.
Malicious actors have shown they are quite adept at gaining access to vulnerable ICS networks, as we have seen a dramatic increase in successful penetration of industrial environments over the last 18 months. Though most of these intrusions have not yet resulted in an attack, we must interpret them as steps toward establishing persistence on vulnerable systems as part of a longer-term agenda.
So, why do industrial networks make such attractive targets? Three reasons:
The infrastructure they control is highly valuable.
It is an efficient means to cause tremendous disruption and economic loss to the targeted nation without having to take responsibility for the act.
ICS networks are unmonitored and unprotected.




Expand the Forensics course?
Smart devices in your home have data that may be used by law enforcement
Your Home is Your…Snitch? When your appliances work as police informants – By Daniel Zwerdling – The Marshall Project Justice Lab column examines the science, social science and technology of criminal justice.
“Police records in Bentonville, Arkansas show that James Bates called 911 on Sunday morning just before Thanksgiving 2015, and reported chilling news: he’d just opened his back door and found one of his buddies floating face down in the hot tub, dead. When police showed up, Bates said he had no idea how it happened. He also said they could search his home, according to police. And they found his house and yard were equipped with smart gadgets that might have served as digital eyes and ears. One was a smart utilities meter, which tracks far more details about water consumption than old-fashioned meters do. Another was an Amazon Echo on the kitchen counter—a smart speaker connected to the voice-controlled digital assistant service called Alexa—as in, “Hey Alexa, play me Drake/book a hotel/call an Uber.” As the police looked around, Bates probably had no inkling that he was entering a national debate: When do police have legal access to the trove of personal information that our smart homes collect? Two developments coming soon could affect the answer. The Supreme Court will rule on a case concerning privacy and digital records, and new regulations in Europe will tighten access to people’s digital information there. Back in Bentonville, police went after data from Bates’ smart home with zeal. A manager at the utilities department told them that Bates’ smart meter showed he’d used far more water between 1–3 a.m. than he’d ever used during the same period before. Police surmised that Bates had hosed the back patio to erase signs of a struggle. They charged him with murder. Prosecutors also ordered Amazon to turn over the recordings that Bates’ digital assistant made before and after he said he found the body. Amazon records your vocal commands, and sometimes background talk, and stores the audio on distant servers. Amazon resisted, the prosecutors started fighting the company in court—and Bates gave up the recordings voluntarily. Prosecutors dropped the case late last year, saying they couldn’t prove he was guilty. Apparently, Alexa still awaits her court debut. But the case gave the nation a glimpse of what’s in store as our homes keep getting smarter: law enforcement will treat your appliances as potential witnesses.
It seems new smart gadgets are introduced every week. There are smart TVs, which suggest the programs they think you’ll like. Smart refrigerators are equipped with interior cameras and UPC scanners that keep track of the items you stock in your refrigerator, and then reorder them as they run out. One brand of smart mattress “tracks over 15 factors about your sleep and health, including deep sleep, heart rate and respiratory rate,” according to its website. “From a law enforcement or intelligence perspective, these are very valuable tools that can let them monitor or listen to individuals,” says Dale Watson, the FBI’s former executive assistant director, now a consultant…




Some tips for my Software Architecture students too.
Everyone’s talking about a future in which vehicles are shared rather than owned, autonomous rather than driven, and where car companies make large shares of their profits on digital “mobility services.” But if you are the Ford Motor Company and face the prospect of investing billions in new technology while your century-old business model is overturned, you might first have a few questions. How are consumers going to react to all of this? What do they really want? How can you tell which opportunities are real and which are science fiction?
To help test drive the future, in 2016 Ford paid about $50 million to acquire Chariot, a startup mobility service. Incubated at Y Combinator, the venture was aimed squarely at the most important, most reliable, most consistent mobility need that consumers have every day: getting to and from work. While this seemed like a small bet for a $165 billion company built on the mass production of vehicles, the deal was scouted, in part, by Jim Hackett, then head of Ford Smart Mobility who has since been elevated to CEO.
All this makes the early lessons from the Chariot venture worth heeding as it gains traction in the market. Here are five to learn from Ford thus far, about mobility services in particular, and more broadly, about how to deal with the uncertainty of new business models in new markets by testing and learning one’s way forward.


Monday, May 28, 2018

Should we consider this a “war warning?”
FBI Attribution of 'VPNFilter' Attack Raises Questions
Information shared by the FBI on the massive VPNFilter attack in which more than half a million devices have been compromised raises some interesting questions about the connection between Russia-linked hacker groups.
The malware can intercept data passing through the compromised device, it can monitor the network for communications over the Modbus SCADA protocol, and also has destructive capabilities that can be leveraged to make an infected device unusable.
Many of the hijacked devices are located in Ukraine and a separate command and control (C&C) infrastructure has been set up for devices in this country. Researchers also spotted code similarities to the BlackEnergy malware and pointed out that there are only a few weeks until Ukraine celebrates its Constitution Day, which last year coincided with the destructive NotPetya attack. All this has led experts to believe that VPNFilter may mean Russia is preparing for a new attack on Ukraine.




This will be interesting to watch.
Vermont passes first first law to crack down on data brokers
… Data brokers in Vermont will now have to register as such with the state; they must take standard security measures and notify authorities of security breaches (no, they weren’t before); and using their data for criminal purposes like fraud is now its own actionable offense.
If you’re not familiar with data brokers, well, that’s the idea. These companies don’t really have a consumer-facing side, instead opting to collect information on people from as many sources as possible, buying and selling it amongst themselves like the commodity it has become.
… Vermont’s new law, which took effect late last week, is the nation’s first to address the data broker problem directly.




There is bad legislation and then there is really, relly bad legislation.
EU censorship machines and link tax laws are nearing the finish line
On the topic of copyright, you NOW have the chance to have an influence – a chance that will be long lost in two years, when we’ll all be “suddenly” faced with the challenge of having to implement upload filters and the “link tax” – or running into new limits on what we can do using the web services we rely on.
In stark contrast to the GDPR, experts near-unanimously agree that the copyright reform law, as it stands now, is really bad.
Their latest proposal would still force internet platforms to implement censorship machines – and makes a total mess out of the planned extra copyright for news sites by allowing each member state to implement it differently.
… The German government is standing in the way of an agreement over which kinds of snippets of news content should fall under the “link tax” and thus become subject to a fee when shared: They insist that whether a snippet constitutes an original intellectual creation by its author or not should not be a criteria.
… You don’t need to filter, but we’ll sue you if you don’t
The Bulgarian Presidency agrees with the Commission’s goal to force internet platforms to monitor all user uploads to try and detect copyright infringement, even though that will necessarily lead to takedowns of totally legal acts of expression. But they realise that putting that in plain writing violates existing EU law and the Charter of Fundamental Rights.
Their “solution”: Make platforms directly liable for all copyright infringements by their users, and then offer that they can avoid that unreasonable liability if they can show they’ve done everything in their power to prevent copyrighted content from appearing online – namely, by deploying upload filters (Article 13, paragraph 4). Which remain totally optional, of course! Wink, wink, nudge, nudge.




Tools to protect (or amuse) my Computer Security students.
How to see everything Amazon Echo has recorded on you
… If you're curious what Amazon Echo smart devices have recorded while in your home — as I was — you can use the Alexa app to find out.


(Related)
Amazon’s Alexa May Be Listening — But This Trick Can Stop Her
USA Today reports that a fool-proof way of ensuring your privacy is simply not to set up the feature that allows Echo to make calls. This is an opt-in feature, a similar variation of which is available for Google Home users.




The new Privacy Policy, according to XKCD.




Technology or typo?


Sunday, May 27, 2018

It sure looks like we don’t care. Is it that we don’t appreciate Privacy?
Why Is Your Location Data No Longer Private?
The past month has seen one blockbuster revelation after another about how our mobile phone and broadband providers have been leaking highly sensitive customer information, including real-time location data and customer account details. In the wake of these consumer privacy debacles, many are left wondering who’s responsible for policing these industries? How exactly did we get to this point? What prospects are there for changes to address this national privacy crisis at the legislative and regulatory levels? These are some of the questions we’ll explore in this article.
… When I first saw a Carnegie Mellon University researcher show me last week that he could look up the near-exact location of any mobile number in the United States, I sincerely believed the public would be amazed and horrified at the idea that mobile providers are sharing this real-time data with third party companies, and at the fact that those third parties in turn weren’t doing anything to prevent the abuse of their own systems.
Instead, after a brief round of coverage in several publications, the story fell out of the news cycle. A story this week in Slate.com lamented how little coverage the mainstream press has given to the LocationSmart scandal, and marvels at how much more shocked people were over the Cambridge Analytic scandal with Facebook.




Can I get an “AMEN!”
Jeff Bezos wants to get back to the moon, but he knows space is no place for going solo
Amazon's Jeff Bezos on Friday advocated a return to the moon and said developing infrastructure for humans to live in space should be a collaborative effort among many companies and space agencies.
A long-stated goal of the Amazon CEO and founder of Blue Origin space company has been to see millions of people living and working in space, and he said the first step was to reduce launch costs. His Kent, Wash. company, Blue Origin, is developing a rocket called New Glenn that will have a reusable first-stage booster.
That rocket is intended to provide commercial launch services for satellites by the end of 2020.
Staying on Earth "is not necessarily extinction, but the alternative is stasis," Bezos said during an onstage discussion Friday night with Geekwire journalist Alan Boyle at the National Space Society's International Space Development Conference in Los Angeles.