Imagine what a more subtle antagonist could do.
Russia
Isn’t The Only US Foe That’s Learned To Exploit American Social
Media
It’s not the endorsement Facebook, Twitter or
Google wants.
But the U.S.’s geopolitical adversaries appear
to be in agreement: Silicon Valley’s biggest social media companies
provide some of the best tools for spreading propaganda.
After months of attention paid to Russia’s
influence campaign, Facebook revealed Tuesday that Iran has spent
years surreptitiously promoting its interests through inauthentic
accounts and pages.
The effort, which started five years before Donald
Trump was elected president, consisted of three campaigns that masked
Iranian authorities as ordinary citizens, independent news
organizations and civil society groups. Facebook said the fake
Iranian accounts and pages garnered close to 1 million followers.
… “The main takeaway from Facebook’s
announcement is not just that Russia-style meddling is exportable,
but that it’s inevitable,” said Chris Meserole, a fellow in the
Center for Middle East Policy at the Brookings Institution. “If
Moscow authored the playbook, Tehran read it word for word, and they
won’t be the only country to do so. Spreading
disinformation on Facebook is so easy and effective that we need to
assume every foreign adversary will now do it.”
For my Computer Security students.
This week’s news that Microsoft, Facebook,
FireEye, and Google disrupted ongoing Russian and Iranian influence
campaigns should garner significant attention in corporate
boardrooms. The revelation of this fresh round of foreign hacking
highlights important points about the intersection of business,
geopolitics, and hacking that too often go overlooked — points that
are especially important for platform businesses.
Even if geopolitics is the root cause of hacking
attempts, corporations may find themselves on the front lines —
both as victims but also, increasingly, as defenders. The
coordinated
action by Microsoft and the cybersecurity company FireEye,
coupled with similar
action by Facebook and, later,
Google, demonstrates as much. The
role of the U.S. government in pushing back against these
foreign intelligence operations remains
at best uncertain, though we can assume that
classification and secrecy hide some actions from the public.
Nonetheless, as Eric Rosenbach, then a senior cyber policy official
at the Pentagon, testified
in 2015, “The Department of Defense is not here to defend against
all cyberattacks — only that top 2% — the most serious.” Far
more frequently, the government isn’t rushing to the rescue.
Grasping the inevitable?
Melanie Ramey of Covington & Burling writes:
On August 14, Brazilian President Michel Temer signed into law the new General Data Privacy Law (Lei Geral de Proteção de Dados Pessoais or “LGPD”) (English translation), making Brazil the latest country to implement comprehensive data privacy regulation.
The law’s key provisions closely mirror the European Union’s General Data Privacy Regulation (“GDPR”), including significant extraterritorial application and vast fines of up to two percent of the company’s previous year global revenue (the GDPR allows for up to four percent in certain aggravated circumstances).
Read more on InsidePrivacy.
Timely!
Danielle Keats Citron has an article in a
forthcoming issue of Yale Law Journal: Sexual Privacy. U of
Maryland Legal Studies Research Paper No. 2018-25
Abstract
Those who wish to expose, control, and distort the identities of women, minorities, and minors routinely do so by invading their privacy. People are secretly recorded in bedrooms and public bathrooms, and “up their skirts.” Victims are coerced into sharing nude photographs and filming sex acts under the threat of public disclosure. People’s nude images are posted online without permission. Machine-learning technology is used to create digitally manipulated “deep sex fake” videos that swap people’s faces into pornography.
At the heart of these abuses is an invasion of sexual privacy—the specific set of identity-enabling and equality-protecting rules and norms that protect access to and information about our bodies; intimate activities; and gender and sexual identities. Invasions of sexual privacy coerce visibility and invisibility, undermining identity formation, human dignity, and equal opportunity. More often, marginalized and subordinated communities shoulder the abuse.
This Article explores how sexual privacy works, and should work. It shows how the efficacy of traditional privacy law is waning just as digital technologies magnify the scale and scope of the harm. We need a comprehensive approach to sexual privacy that includes legislation and updated privacy tort law. This would allow us to see the structural impact of sexual privacy invasions and prompt us to consider the privacy-enhancing and privacy-invading aspects of market efforts.
You can download the full paper from SSRN.
(Related)
Amy Martyn reports:
While you were watching adult videos on the internet, a hacker who collects Bitcoin was secretly recording a double-screened video, and he’s now preparing to send it to your family and coworkers.
No, not really. But hackers are using stolen passwords to convince strangers online that that’s the case. In emails to unsuspecting victims, the hackers claim that they placed malware on pornography sites to make secret recordings of both the visitor and the site.
The hackers begin the emails by referencing a password linked to one of the recipients’ other accounts in order to convince their victims that they have more information than they really do.
The emails come with a demand for several thousand dollars in Bitcoin, instructions of how to pay, and a threat that the video will be sent to all of the victims’ contacts if they do not pay by a given deadline.
Read more on Consumer
Affairs. This is exactly the kind of scam that I had noted on
this blog two weeks ago with a sample extortion
message.
It’s
important to keep in mind that almost everyone has had their login
credentials to at least one site breached by now, so the scammers
could be able to tell you a password of yours that they had obtained
from an older data dump that is still circulating on leak sites or
forums. The fact that they have what was a legitimate
password of yours, however, does not mean that they infected your
system, got videos of you, etc. etc. Don’t panic if you get one of
the extortion demands. But do report the scammers to the FBI. You
can use their online complaint form at
https://www.ic3.gov/default.aspx.
Interesting read.
Americans’
Privacy at Stake as Second Circuit Hears Hasbajrami FISA Case
… On Monday, the Second Circuit will hear
arguments in one of those cases: United
States v. Hasbajrami. The case provides an opportunity to
push back on two dangerous constitutional myths — along with one
outright factual falsehood — that have begun to take root in
Section 702 jurisprudence. I’ve discussed each of these in other
Just
Security posts,
but collect and elaborate on them here, as the case readies for
argument.
Perspective.
Four Ways
Jobs Will Respond to Automation
… Counter to popular belief, it’s not
necessarily blue-collar or non-college-educated workers who will be
most threatened by automation in the coming decades. Our analysis
suggests that a plumber may see less disruption than a legal
professional. Simply instructing everyone to engage in continuous
education and skill development is remiss. Workers must understand
the four paths of job evolution — and the factors behind each path
— if they hope to adapt.
Perspective. Not a cure for all that ails them,
but perhaps a start?
A majority
of U.S. teens are taking steps to limit smartphone and social media
use
It’s not just parents who are worrying about
their children’s device usage. According to a
new study released by Pew Research Center this week, U.S. teens
are now taking steps to limit themselves from overuse of their phone
and its addictive apps, like social media. A majority, 54% of teens,
said they spend too much time on their phone, and nearly that many –
52% – said they are trying to limit their phone use in various
ways.
In addition, 57% say they’re trying to limit
social media usage and 58% are trying to limit video games.
… Today, tech companies are finally waking up
to the problem. Google and Apple have now both built in screen time
monitoring and control tools into their mobile operating systems, and
even dopamine drug dealers like Facebook,
Instagram
and YouTube
have begun to add screen time reminders and
other “time well spent” features.
But these tools have come too late to prevent U.S.
children from developing bad habits with potentially harmful side
effects.
Amusing. I have students who work there on
occasion.
British
Conspiracy Theorists Are Convinced This Air Force Base Is US Mind
Control HQ
Schriever Air Force Base on the plains east of
Colorado Springs has always been a place of mystery.
Home to the 50th Space Wing, which controls
satellites including the Global Positioning System, Schriever has
been dubbed “Area 52” and “The Place the Air Force Goes When it
Wants to be Alone.”
But according to a fringe group headquartered in
the United Kingdom, Schriever has another distinction: It’s home to
a space-based satellite electronic mind-control and torture system
run by the United States.
Because I have a couple students who are
interested in machine learning.
Machine learning is the hottest thing in computing
right now. It’s easy to see why with the technology being used
everywhere, from self-driving cars to law enforcement, to stock
market prediction.
TensorFlow
is Google’s project based on machine learning and neural networks.
Let’s find out what it is, its uses, and how to learn to use it.
… TensorFlow is Google’s open source neural
network library, developed by the Google
Brain team for a wide range of uses. In essence, TensorFlow
removes the need to create a neural network from scratch. Instead,
you can train TensorFlow with your data-set and use the results
however you wish.
… Machine learning is an incredibly dense
subject. A good grasp of statistics, mathematics, programming and
general data science are all central to understanding. That said,
TensorFlow does make it easy to get hands-on experience even as a
beginner. The official
TensorFlow tutorial takes a step by step approach for setup and
use.
Most TensorFlow projects use the Python
programming language. If you are new to the language, there are a
wealth of great
places to learn Python. If you are already more familiar with
JavaScript, TensorFlow has tutorial videos covering the TensorFlow.js
library.