What should the procedure for
changing money transfers be? Certainly not just an email!
Another
victim of attackers who convinced the victim that a contractor’s
bank account had been changed. This is the same type of fraud that a
school
district in Kentucky recently
reported might have cost them $3.7 million. Now WKYC reports:
BRUNSWICK, Ohio — Leaders at St. Ambrose Catholic Parish in Brunswick say hackers stole $1.75 million from the church that was earmarked for renovations.
In a letter to the parish, Fr. Bob Stec says last week he was contacted by the contractor asking why they hadn’t been paid for the past two months. Stec says the church believed they had been prompt with the payments and were shocked to learn the payments had not been received.
After investigating, the FBI and Brunswick police discovered hackers had infiltrated the parish email system and deceived church leaders into believing the contractor had changed their bank and wire transfer instructions to send the money to a fraudulent account.
A new (to me)
term: scranks. Someone from the National Enquirer got bored one day?
Federal
Reserve warns against Internet ‘scranks’
Sometimes,
it’s hard to tell an Internet scam from something that is merely a
prank. This is one of those times.
But whatever
this is, it has the Federal Reserve baffled and worried.
I’ll start
from the beginning of this “scrank” — a
combination of the words scam and prank.
Some time ago,
someone using the name “Harvey Dent” — which seems to also be
the name of a Batman villain — posted a YouTube video telling
people that they can use their Social Security numbers to pay any of
their bills, such as phone, cable, mortgage and electric, through the
Federal Reserve and the International Monetary Fund.
“Dent”
claimed that every American had a secret bank account at the Fed that
could be tapped for these purposes.
Apparently,
people did try to pay the “Dent” way and, of course, were
unsuccessful because there are no such secret bank accounts. And
when the payments started piling up at the Federal Reserve’s
regional banks — whose routing numbers were given out by Dent —
the Fed got concerned.
Did
anyone think it did?
GDPR
Conformance Does Not Excuse Companies from Vicarious Liability
The
UK supermarket chain Morrisons' legal battle with 5,500 of its own
employees over vicarious liability introduces a new threat element to
the already complex and confusing demands of the EU's General Data
Protection Regulation (GDPR).
In
2014, a Morrisons internal audit employee, Andrew Skelton, stole and
disclosed personal information (including names, addresses, bank
account, salary and national insurance details) on almost 100,000
Morrisons employees. The difference between this and most 'insider'
threats is that Skelton had
legitimate and trusted access to the data.
… Morrisons
has always denied corporate responsibility. It claims the action was
that of a rogue employee targeting it, rather than the employees, and
that it has sufficient data
protection controls to satisfy data protection regulations.
To a degree, this is confirmed by the UK data protection regulator,
the ICO, deciding not to take regulatory action against Morrisons
over the breach.
…
If
the Supreme Court does reject the appeal, then companies will need to
reconsider their existing GDPR controls.
… In
any case, it's always best to prepare as if you'll certainly be
liable – why wouldn't you err on the side of caution? Companies
need to take responsibility for their data and do whatever they can
to keep it safe. That's the bottom line, whether they're liable or
not – they should be intentional about their cybersecurity at every
level."
What
is “proof” that I know a password?
Split
Over Compelled Decryption Deepens With Massachusetts Case
Encryption
is as omnipresent
as
computers, tablets, and smartphones. Yet the Supreme Court has not
provided guidance on the constitutional implications of compelling a
suspect to decrypt a digital device (for example, by unlocking a cell
phone). The Court has recently
and
repeatedly
recognized
that cell phones demand Fourth Amendment privacy protections due to
the immense volume and nature of the personal data they contain. But
it has been silent so far on compelled decryption, which implicates
the Fifth Amendment right against self-incrimination. As a result,
lower courts have created a patchwork of different legal frameworks
for viewing the compelled decryption problem.
Recently,
in Commonwealth
v. Jones,
Massachusetts held that compelled decryption does not violate the
Fifth Amendment, provided that the government can prove the owner has
knowledge of the passcode beyond a reasonable doubt. So, at least in
Massachusetts, if the government can show you know the passcode to
your phone, then you can be forced to decrypt it. In such
circumstances, the court reasoned, doing so would not disclose to the
government anything it did not already know; any incriminating facts
that would be conveyed by the act of decryption are a “foregone
conclusion.”
The
problem with this test, of course, is that it is really no test at
all — people
tend to know the passcodes to their own phones.
An alternative view, endorsed by the Eleventh
and
Third
Circuit Courts
of Appeals, applies the Fifth Amendment more broadly than does
Massachusetts. As outlined in a new
primer from
the National Association of Criminal Defense Lawyers’ Fourth
Amendment Center (where
I work), the realities of modern technology require such rethinking
of old doctrines to adequately safeguard constitutional rights into
the future.
(Related)
Another way to gather evidence.
Rape
victims among those to be asked to hand phones to police
Victims
of crimes, including those alleging rape, are to be asked to hand
their phones over to police - or
risk prosecutions not going ahead.
Consent
forms asking for permission to access information including emails,
messages and photographs have been rolled out in England and Wales.
It
comes after a number of rape and serious sexual assault cases
collapsed when crucial evidence emerged.
Victim
Support said the move could stop victims coming forward.
But
police and prosecutors say the forms can plug a gap in the law which
says complainants and witnesses cannot be forced to disclose relevant
content from phones, laptops, tablets or smart watches.
I
don’t suppose Russian social media efforts extend to other
democracies? It wouldn’t be hard to sell a message like: “Our
government isn’t working as well as it could be.”
Many
Across the Globe Are Dissatisfied With How Democracy Is Working
“Discontent
is tied to concerns about the economy, individual rights and
out-of-touch elites. Anger at political elites, economic
dissatisfaction and anxiety about rapid social changes have fueled
political upheaval in regions around the world in recent years.
Anti-establishment leaders, parties and movements have emerged on
both the right and left of the political spectrum, in some cases
challenging fundamental norms and institutions of liberal democracy.
Organizations from Freedom
House to
the Economist
Intelligence Unit to
V-Dem
have
documented global declines in the health of democracy. As previous
Pew Research Center surveys
have
illustrated, ideas at the core of liberal democracy remain popular
among global publics, but commitment to democracy can nonetheless be
weak. Multiple factors contribute to this lack of commitment,
including perceptions about how well democracy is functioning. And
as findings from a
new Pew Research Center survey show,
views about the performance of democratic systems are decidedly
negative in many nations. Across 27 countries polled, a median of
51% are dissatisfied with how democracy is working in their country;
just 45% are satisfied. Assessments of how well democracy is working
vary considerably across nations. In Europe, for example, more than
six-in-ten Swedes and Dutch are satisfied with the current state of
democracy, while large majorities in Italy, Spain and Greece are
dissatisfied…”
(Related)
Defending
Democracies Against Information Attacks
To
better understand influence attacks, we proposed
an approach that
models democracy itself as an information system and explains how
democracies are vulnerable to certain forms of information attacks
that autocracies naturally resist. Our model combines ideas from
both international security and computer security, avoiding the
limitations of both in explaining how influence attacks may damage
democracy as a whole.
(Related)
Speaking of Russian influence… Will researchers be able to
determine which posts are from real people and which are from Russian
clones?
Facebook
to Fund Research on Social Media Impact on Elections
Facebook
announced Monday its first research grants to academics studying the
impact of social media on elections, part of an effort to prevent
manipulation of social platforms.
The leading
social network said some 60 researchers from 30 academic institutions
across 11 countries were selected under a review process by the
Social Science Research Council and the independent group Social
Science One.
… The
researchers will be granted access to Facebook's internal data
through a "first-of-its-kind data sharing infrastructure to
provide researchers access to Facebook data in
a secure manner that protects people's privacy,"
Schrage and Nayak wrote.
"Some of
these steps include building a process to remove
personally identifiable information from the data set and
only allowing researcher access to the data set through a secure
portal."
Some
AI should be understood before implementation. Figuring out
why a drone launched a missile after the boom isn’t going to help
the target.
AI
researchers want to study AI the same way social scientists study
humans
Much
ink has been spilled on the black-box nature of AI systems—and how
it makes us uncomfortable that we often can’t understand why they
reach the decisions they do. As algorithms have come to mediate
everything from our social and cultural to economic and political
interactions, computer scientists have attempted to respond to rising
demands for their explainability by developing technical methods to
understand their behaviors.
But
a group of researchers from academia and industry are now arguing
that we don’t need to penetrate these black boxes in order to
understand, and thus control, their effect on our lives. After all,
these are not the first inscrutable black boxes we’ve come across.
“We've
developed scientific methods to study black boxes for hundreds of
years now, but these methods have primarily been applied to [living
beings] up to this point,” says Nick Obradovich, an MIT Media Lab
researcher and co-author of a new
paper published last week in Nature.
“We can leverage many of the same tools to study the new black box
AI systems.”
(Related)
Would a reboot be AI abuse?
Universities
across the world are conducting major research on artificial
intelligence, as are organizations such as the Allen Institute, and
tech companies including Google and Facebook. A likely result is
that we will soon have AI approximately as cognitively sophisticated
as mice or dogs. Now is the time to start thinking about whether,
and under what conditions, these AIs might deserve the ethical
protections we typically give to animals.
Discussions
of “AI rights” or “robot rights” have so far been dominated
by questions of what ethical obligations
we
would have to an AI of humanlike or superior intelligence–such as
the android Data from Star
Trek
or
Dolores from Westworld.
But
to think this way is to start in the wrong place, and it could have
grave moral consequences. Before we create an AI with humanlike
sophistication deserving humanlike ethical consideration, we will
very likely create an AI with less-than-human sophistication,
deserving some less-than-human ethical consideration.
I
thought you had to argue in C++
https://www.bespacific.com/how-to-argue-with-an-algorithm-lessons-from-the-compas-propublica-debate/
How
to Argue with an Algorithm: Lessons from the COMPAS ProPublica Debate
Washington,
Anne, How to Argue with an Algorithm: Lessons from the COMPAS
ProPublica Debate (February 4, 2019). Accepted for publication. The
Colorado
Technology Law Journal.
Volume 17 Issue 1 http://ctlj.colorado.edu. Available at SSRN:
https://ssrn.com/abstract=3357874
“The
United States optimizes the efficiency of its growing criminal
justice system with algorithms however, legal scholars have
overlooked how to frame courtroom debates about algorithmic
predictions. In State v Loomis, the defense argued that the court’s
consideration of risk assessments during sentencing was a violation
of due process because the accuracy of the algorithmic prediction
could not be verified. The Wisconsin Supreme Court upheld the
consideration of predictive risk at sentencing because the assessment
was disclosed and the defendant could challenge the prediction by
verifying the accuracy of data fed into the algorithm. Was the court
correct about how to argue with an algorithm?
The Loomis
court ignored the computational procedures that processed the data
within the algorithm. How
algorithms calculate data is equally as important as the quality of
the data calculated.
The arguments in Loomis revealed a need for new forms of reasoning
to justify the logic of evidence-based tools. A “data science
reasoning” could provide ways to dispute the integrity of
predictive algorithms with arguments grounded in how the technology
works.
This article’s
contribution is a series of arguments that could support due process
claims concerning predictive algorithms, specifically the
Correctional Offender Management Profiling for Alternative Sanctions
(“COMPAS”) risk assessment. As a comprehensive treatment, this
article outlines the due process arguments in Loomis, analyzes
arguments in an ongoing academic debate about COMPAS, and proposes
alternative arguments based on the algorithm’s organizational
context…”
A different kind of comedy in the Ukraine.
Ukraine's
next president is already getting tough with Vladimir Putin
… Putin
declined to send congratulations to Zelensky after his landslide
election victory earlier this month. But the Kremlin leader did
throw down a challenge. Last week, he signed a decree simplifying
Russian citizenship for
Ukrainians living in the breakaway Donetsk and Luhansk regions of
Ukraine.
… "I would not advise the Russian
authorities to waste time trying to tempt citizens of Ukraine with
Russian passports," he said in a Facebook post late Saturday.
"The difference for Ukraine, in particular,
lies in the fact that we, Ukrainians, have freedom of speech, free
media and the Internet in our country. Therefore, we know perfectly
well what a Russian passport actually provides. This is the right to
be arrested for peaceful protest. It is the right not to have free
and competitive elections. This is the right to forget about the
existence of natural rights and freedoms."
Better than blogging?
Paid Email
Newsletters Are Proving Themselves As A Meaningful Revenue Generator
For Writers
… “The
size of the audience you need to make it work is orders of magnitude
smaller,” Substack cofounder and CEO Chris Best told BuzzFeed News,
comparing newsletters to ad-supported models. “If you charge $10 a
month or $5 a month, or $50 a year — if you can get 1,000 or 2,000
people to pay for that, you’ve suddenly got enough to go as an
individual.”
No comments:
Post a Comment