Saturday, April 06, 2019

This shakes my (not very substantial) faith in government security. Multiple break ins, physical devices installed on computers, massive data copying after hours and NO ONE NOTICED?
Luke Rosiak reports:
A former IT aide to New Hampshire Democratic Sen. Maggie Hassan mounted an “extraordinarily extensive data-theft scheme” against the office, the culprit’s plea agreement states.
The plot included the installation of tiny “keylogging” devices that picked up every keystroke. Between July and October 2018, former IT aide Jackson Cosko worked with an unnamed accomplice, a then-current Hassan employee, who repeatedly lent him a key that he used to enter the office at night and who allegedly tried to destroy evidence for him.
Read more on The Daily Caller .
[From the article:
The theft occurred after Cosko was fired from Hassan’s office in May 2018 for undisclosed reasons, then hired by Democratic Texas Rep. Sheila Jackson Lee, giving him access to the House computer network.




I suspect many accounts had to be redirected. The process for confirming their authenticity might need a bit of work.
Karl Etters reports:
Almost half a million dollars was diverted out of the city of Tallahassee’s employee payroll Wednesday after a suspected foreign cyber-attack of its human resources management application.
Hackers attempt every day to breach the city’s security, officials say, but this week’s operation netted about $498,000.
Read more on Tallahassee Democrat .
[From the article:
The out-of-state, third-party vendor that hosts the city's payroll services was hacked and as a result the direct deposit paychecks were redirected. Employees throughout the city’s workforce were affected.




Attention Computer Security students: Poor security is a factor in deceptive trade practices.
Anne Bolamperti and Patrick X. Fowler of Snell & Wilmer write:
The Federal Trade Commission (“FTC”) has described itself as “Your cop on the privacy beat” and a top federal regulator of consumer-facing data security practices. An example of how the FTC asserts itself when it comes to data security and privacy associated with Internet of Things (“IoT”) devices can be found in the case of Federal Trade Commission v. D-Link Systems Inc., currently pending in federal court in California.
FTC Stance: Poor IoT Security +/or Misleading Ads = Deceptive/Unfair Trade Practice
The D-Link case stems from the FTC’s January 5, 2017 complaint against Taiwanese IoT hardware device manufacturer D-Link Corporation and its U.S. subsidiary D-Link Systems Inc. The FTC seeks to stop D-Link from engaging in allegedly unfair or deceptive acts in violation of Section 5(a) of the Federal Trade Commission Act (“FTC Act”). The FTC claims that the defendants failed to reasonably secure IoT network routers and Internet-accessible cameras that they sold in the U.S. and made deceptive statements about the degree of data security of those products.
Read more on Cybersecurity & Data Law Privacy Blog There was a recent settlement conference in this case, but it doesn’t seem like there was any settlement and the case is still scheduled to go to trial in June, it seems.




Interesting because inevitable? I can get a body cam on Amazon, would the hospital even suspect? Perhaps a bit of geofencing for honest manufacturers?
Emily Berris of SmithAmundsen LLC writes:
Imagine a police officer escorting a drunk driver through the emergency room with his body camera still on—not only is the officer recording the driver, the officer is simultaneously recording every individual and every patient that officer comes into contact with. In an era of attempted police reform, where law enforcement is ramping up their use of body cameras, hospitals must be increasingly aware of violations to the Health Insurance Portability and Accountability Act of 1996 (HIPAA) and the implications of police body cameras within the confines of its medical center.
Read more on JDSupra




Insurance companies could use this (like their “safe-driving” plug-ins) to deny coverage for bad behavior.
Joseph J. Lazzarotti, Mary T. Costigan and Ashley Solowan of JacksonLewis write:
As wearable and analytics technology continues to explode, professional sports leagues, such as the NFL, have aggressively pushed into this field. (See Bloomberg ). NFL teams insert tiny chips into players shoulder pads to track different metrics of their game. During the 2018-2019 NFL season, data was released that Ezekiel Elliot ran 21.27 miles per hour for a 44-yard run, his fastest of the season. The Dallas Cowboys are not alone as all 32 teams throughout the league can access this chip data which is collected via RFID tracking devices. Sports statistics geeks don’t stand a chance as this technology will track completion rates, double-team percentages, catches over expectation, and a myriad of other data points.




I’m sure these are all good ideas, but we probably need an independent AI Ethics organization. Anyone want to start one? (Let’s ask Siri, Alexa, etc.)
Hey Google, sorry you lost your ethics council, so we made one for you
… How did things go so wrong? And can Google put them right? We got a dozen experts in AI, technology, and ethics to tell us where the company lost its way and what it might do next. If these people had been on ATEAC, the story might have had a different outcome.


No comments: