Perhaps I could volunteer my students to help?
https://www.denverpost.com/2019/08/27/regis-university-cyber-attack-3/
Day 6 of Regis University’s IT nightmare: Computer recovery begins
On day six of Regis University running without access to information technology services like phone lines, email, internet and online course programs, some employee computers are beginning recovery mode.
IT services on campus started visiting faculty and staff offices Tuesday to scan computers, install safeguards and begin monitoring each computer. The treated computers were not able to go online or get back up and running, but it was the start of a recovery process. Employees don’t need to be there for the IT experts to do their work, according regisupdates.com, a web page the university created to communicate to students, staff and faculty in the absence of their usual platform.
“Employees are instructed to not use or turn on their Regis-configured computers until cleared by ITS,” a post said. “To minimize risk, employees also are advised to not use Office365 and OneDrive until further notice. In the interim, employees may bring personal computers and hotspots for connectivity to work. [I can’t remember ever having seen anything like this. Bob]
… A “malicious threat” likely from outside the country caused the private, religious institution to pull down its information technology services Thursday, during the rush of finals for summer courses and start of the fall semester.
University officials declined to say whether the situation at Regis was a ransomeware attack, saying the matter is still under investigation.
(Related) A cold assessment. I suspect it’s a money thing.
https://www.propublica.org/article/the-extortion-economy-how-insurance-companies-are-fueling-a-rise-in-ransomware-attacks
The Extortion Economy: How Insurance Companies Are Fueling a Rise in Ransomware Attacks
Even
when public agencies and companies hit by ransomware could recover
their files on their own, insurers prefer to pay the ransom. Why?
The attacks are good for business.
… “Paying
the ransom was a lot cheaper for the insurer,” he said. “Cyber
insurance is what’s keeping ransomware alive today. It’s a
perverted relationship. They
will pay anything, as long as it is cheaper than the loss of revenue
they have to cover otherwise.”
… One cybersecurity company executive said his firm has been told by the FBI that hackers are specifically extorting American companies that they know have cyber insurance. After one small insurer highlighted the names of some of its cyber policyholders on its website, three of them were attacked by ransomware, Wosar said. Hackers could also identify insured targets from public filings; the Securities and Exchange Commission suggests that public companies consider reporting “insurance coverage relating to cybersecurity incidents.”
Is the best we can do: “Facebook approves this ad?”
https://www.washingtonpost.com/technology/2019/08/28/facebook-require-political-campaigns-say-who-paid-their-ads-new-transparency-push/?arc404=true
Facebook to require buyers of political ads to provide more information about who paid for them
Facebook
on Wednesday announced it would tighten some of its rules around
political advertising ahead of the 2020 presidential election,
requiring those who purchase ads touting candidates or promoting
hot-button issues to provide more information about who actually paid
for them.
The
changes seek to address a number of well-documented incidents where
users placed misleading or inaccurate disclaimers on ads, effectively
undermining
a system for election transparency that
the tech giant built after Russian agents spread disinformation on
the site during the 2016 race.
Facebook
already requires that political advertisers verify
their identities.
Starting in September, though, the company will require buyers of
so-called issue ads or advocates of a political candidate to include
information about who is funding the ads. To satisfy Facebook’s
new requirements, a business can submit their tax-identification
number, or campaigns can share their own registration data from the
Federal Election Commission, and Facebook
will label them as a “confirmed organization” in its archive.
New tool for my students.
https://www.techradar.com/news/move-over-vpn-sdp-has-arrived
Move over VPN, SDP has arrived
… The power of the Software Defined Perimeter (SDP) is that it is designed to address the way we use the Internet and the technologies it enables. It does away with the encrypted tunnel and replaces it with dynamic, one-to-one, micro-segmented network connections between users and the resources they have authority to access. This provides security that supports the way businesses need to operate today.
SDP supports a Zero Trust model, which means that each time a user – be they human, IoT device, or AI programme – attempts to access a resource they will have to be authenticated and authorised, using multiple checks, before gaining network access. All other resources that users haven’t been authorised to access will remain invisible to them. This is in stark contrast to traditional VPNs where once someone has access to one part of the network they can see and gain access to everything, regardless of whether it’s relevant to them.
Still trying to figure it out. (Education by bad example.)
https://www.cpomagazine.com/data-protection/terms-conditions-and-considerations-under-the-gdpr/
Terms, Conditions and Considerations Under the GDPR
In recent months European regulators have found fault with tech giants Facebook and Google’s terms and conditions, causing DPOs at smaller companies to be understandably worried.
… The main challenge for DPOs is to ensure terms and conditions and privacy notices do not become mixed up explained Nymity Strategic Research Director, Paul Breitbarth. “Under the GDPR, they really need to be separate documents. Still too often, terms and conditions contain information about an organization’s data processing practices, which read more like liability waivers intended for lawyers. A privacy notice on the contrary needs to be concise and in clear and plain language, that the average person should be able to understand. So no legal speak (or worse: Eurospeak), no lengthy sentences with tons of exceptions, but just describing to the point what it is you intend to do with data,” he said.
In the Facebook case, the European Commission announced on April 9 that it had ordered the company to change its terms of service to explain clearly how the company makes money by selling user data. The new terms of service must state what data Facebook sells to third parties, including data brokers or ad exchanges, how it will respond to misuse of data by third parties, and under what conditions it can unilaterally change its terms.
(Related)
Insights on Video Surveillance and Data Protection
From Fox Rothschild:
Shortly after the recent video surveillance guidance from the EDPB, the Information Commissioner of the Isle of Man published an updated CCTV data protection guidance.
Key takeaways for controllers:
General Considerations and Governance:
CCTV images identify living individuals and are, therefore, personal data. This means that the use of CCTV will be covered by data protection law, regardless of the size of the system or organization.
There must be a lawful reason for considering the use of CCTV, such as crime prevention and detection, health and safety of workers or the public, property security.
“You can read that! You can’t even look at it!”
https://techcrunch.com/2019/08/27/border-deny-entry-united-states-social-media/
US border officials are increasingly denying entry to travelers over others’ social media
… It’s a bizarre set of circumstances that has seen countless number of foreign nationals rejected from the U.S. after friends, family or even strangers send messages, images or videos over social media sites like Facebook and Twitter, and encrypted messaging apps like WhatsApp, which are then downloaded to the traveler’s phone.
… The United States border is a bizarre space where U.S. law exists largely to benefit the immigration officials who decide whether or not to admit or deny entry to travelers, and few protect the travelers themselves. Both U.S. citizens and foreign nationals alike are subject to unwarranted searches and few rights to free speech, and many have limited access to legal counsel.
… CBP also claims to have what critics say is broadly unconstitutional powers to search travelers’ phones — including those of U.S. citizens — at the border without needing a warrant. Last year, CBP searched 30,000 travelers’ devices — a four-times increase since 2015 — without any need for reasonable suspicion.
Now I can find out what “double secret probation” actually means!
https://www.bespacific.com/research-guides-in-focus-how-to-find-free-case-law-online/
Research Guides In Focus – How to Find Free Case Law Online
In Custodia Legis – The following is a guest post by Anna Price, a legal reference librarian at the Law Library of Congress. We are back again to focus on the Law Library’s Research Guides. This time we are discussing another popular guide, How to Find Free Case Law Online. Until a few years ago, case law generally was not freely-available online. Researchers had to find an accessible law library and then either learn how to search a subscription database or study the library’s print collection of reporters and digests. Recently, however, various organizations have been working to make state and federal court opinions, as well as associated case materials, available electronically without charge. This guide offers clear direction on using those resources.
The guide walks users through some popular online databases, with a focus on Google Scholar, CourtListener, FindLaw, Justia, and the Public Library of Law. Each section instructs users on navigating the resource and lists its tools, coverage, and unique features that may be helpful for various researcher needs. For example, did you know that CourtListener maintains the RECAP Archive, which includes selected case and docket information from federal appellate, district, and bankruptcy courts? Or what about FindLaw’s collection of Supreme Court briefs?…”
No comments:
Post a Comment