“Hey! It’s the law!” I can see we need to discuss procedure…
Black Hat:
GDPR privacy law exploited to reveal personal data
About one in four companies revealed personal
information to a woman's partner, who had made a bogus demand for the
data by citing an EU privacy law.
The security expert contacted dozens of UK and
US-based firms to test how they would handle a "right of access"
request made in someone else's name.
In each case, he
asked for all the data that they held on his fiancee.
In one case, the response included the results of
a criminal activity check.
Other replies included credit card information,
travel details, account logins and passwords, and the target's full
US social security number
… "Generally if it was an extremely large
company - especially tech ones - they tended to do really well,"
he told the BBC.
"Small companies tended to ignore me.
… Mr Pavur has, however, named some of the
companies that he said had performed well.
He said they included:
- the supermarket Tesco, which had demanded a photo ID
- the domestic retail chain Bed Bath and Beyond, which had insisted on a telephone interview
- American Airlines, which had spotted that he had uploaded a blank image to the passport field of its online form
It added that
he could provide additional identity documents via a "secure
online portal" if required. This was a deliberate deception
since he believed many businesses lacked such a facility and would
not have time to create one.
… The
idea, he said, was to replicate the kind of attack that could be
carried out by someone starting with just the details found on a
basic LinkedIn page or other online public profile.
(Related) Or,
you could buy a canned procedure. There is probably a lot of money
waiting for anyone who can make all this privacy stuff work.
Securiti.ai
Raises $31 Million Series A To Help Companies Comply With California
Consumer Privacy Act
As companies
scramble to meet the data transparency requirements mandated by the
California Consumer Privacy Act (CCPA) or face hefty fines, a San
Jose-based company has put forth a solution that’s at the
intersection of security and regulatory operations. Newly launched
Securiti.ai
… Under
CCPA, consumers can request all personal information stored by a
company, have their data deleted, learn how their information was
used and opt-out of having their information shared with third
parties. The law, which goes into effect on January 1, 2020, applies
to California-based companies and those that serve California
consumers.
Manually
complying with an influx of consumer requests can be impractical if
not impossible, and that’s if companies know all the places their
consumer’s data lives . That’s where Securiti.ai comes in, Jalil
says.
“The first
thing we had to crack was to not only discover the data that belongs
to a particular consumer but find the owner of the data,” Jalil
says. Securiti.ai’s platform uses an artificial
intelligence-enabled chatbot to retrieve consumer data.
… “CCPA
in California is the very first regulation, but there 15 others
coming in North America alone and there are 30-plus globally,”
Jalil said. “Privacy ops will allow companies to comply with one
assessment.”
(Related)
German
court decides on the scope of GDPR right of access
In
a previous post, this blog reported on German
guidance on
the scope of the right of access under Art. 15 of the GDPR and in
particular on the right to receive a copy. The Supervisory Authority
of Hesse region stated that the term “copy” in Art 15 GDPR should
not be understood literally but rather in the sense of a “summary”.
This
somewhat relaxed interpretation appears to conflict with an earlier
decision of the Labor
Appeals Court of Stuttgart which
ordered an employer to provide actual copies of all information held
by the company regarding an employee’s performance and behavior to
that employee.
More
recently, the Appeal
Court of Cologne held
that the customer of an insurance company is entitled to access all
personal data pertaining to him and processed by the company,
including any internal notes regarding conversations between company
employees and the customer. The company argued that it was
impracticable to compile the information due to the large amounts of
customer information processed by it. The
court was unimpressed, stating that the company was compelled to
adapt its IT systems to the requirements of the GDPR
… These
first court decisions on Art. 15 of the GDPR confirm that the right
of access is becoming a powerful tool in litigation. Germany’s
code of civil procedure does not provide for a general right to
discovery. The right of access could make up for this
and significantly affect outcomes in civil and labor law cases.
Should
we trust vendor promises?
Exclusive:
Critical U.S. Election Systems Have Been Left Exposed Online Despite
Official Denials
The
top voting machine company in the country insists that its election
systems are never connected to the internet. But researchers found
35 of the systems have been connected to the internet for months and
possibly years, including in some swing states.
… “We
... discovered that at least some
jurisdictions were not aware that their systems were online,”
said Kevin Skoglund, an independent security consultant who conducted
the research with nine others, all of them long-time security
professionals and academics with expertise in election security.
My
AI says she can do it in three years.
A 20-Year
Community Roadmap for AI Research in the US is Released
“The
Computing
Community Consortium (CCC)
is pleased to release the completed Artificial Intelligence (AI)
Roadmap, titled A
20-Year Community Roadmap for AI Research in the US –
An HTML version is available here.
This roadmap is the result of a year long effort by the CCC and over
100 members of the research community, led by Yolanda
Gil (University
of Southern California and President of AAAI
)
and Bart
Selman (Cornell
University and President Elect of AAAI). Comments on a draft report
of this roadmap were requested in May 2019. Thank you to everyone in
the community who participated in workshops, helped write the report,
submitted comments, and edited drafts. Your input and expertise
helped make this roadmap extremely comprehensive. From
the Roadmap – Major Findings:
I – Enabled by strong algorithmic foundations and propelled by the
data and computational resources that have become available over the
past decade, AI is poised to have profound positive impacts on
society and the economy.
II – To realize the potential benefits of AI advances will require
audacious AI research, along with new strategies, research models,
and types of organizations for catalyzing and supporting it.
III – The needs and roles of academia and industry, and their
interactions, have critically important implications for the future
of AI.
IV – Talent and workforce issues are undergoing a sea change in AI,
raising significant challenges for developing the talent pool and for
ensuring adequate diversity in it.
V – The rapid deployment if AI-enabled systems is raising serious
questions and societal challenges encompassing a broad range of
capabilities and issues.
VI – Significant strategic investments in AI by the United States
will catalyze major scientific, technological, societal, and economic
progress…”
For a discussion of Big Data and analysis. If
Zillow notes an undervalued house in an area where prices are rising,
why not jump on it?
Zillow Is
Buying And Selling Lots Of Homes And It’s Almost Half Its Business
Now
BuzzFeedNews
– Zillow
made more than 40% of its revenue last quarter from selling homes:
“Zillow, the real estate search and advertising platform,
has gotten into the house-flipping business in a big way. That means
the company earned about 41.5% of its revenue from selling homes in
the three months ending June 30, according to its most recent
earnings report. Zillow made $599.6 million in revenue last quarter,
$248.9 million of which came from its Homes segment, which refers to
the “buying and selling of homes directly through the Zillow
Offers service,”
which it kicked off in 2018. Zillow is now buying thousands of
properties, investing in minor repairs, and then selling them —
essentially flipping houses — in 15 markets around the country,
with plans to be in 26 markets by mid-2020. It collects a fee from
the seller with each of these transactions. The company sold 786
homes and bought 1,535 homes from April to June…”
Reminding my students that “big” does not
equal “profitable.”
Uber
lost over $5 billion in one quarter, but don’t worry, it gets worse
… Lyft,
which reported
its earnings Wednesday,
fared better but still posted a loss of $644 million during the
quarter.
For
my geeks…
IBM
Research launches explainable AI toolkit
IBM
Research today introduced AI
Explainability 360,
an open source collection of state-of-the-art algorithms that use a
range of techniques to explain AI model decision-making.
The
launch follows IBM’s release a year ago of AI
Fairness 360 for
the detection and mitigation of bias in AI models.
No comments:
Post a Comment