“No
need to test that. These aren’t the ‘droids we’re looking
for.”
Samsung:
Anyone's thumbprint can unlock Galaxy S10 phone
A
flaw that means any fingerprint can unlock a Galaxy S10 phone has
been acknowledged by Samsung.
It
promised a software patch that would fix the problem.
The
issue was spotted by a British woman whose husband was able to unlock
her phone with his thumbprint just by adding a cheap screen
protector.
When
the S10 was launched, in March, Samsung described the fingerprint
authentication system as "revolutionary".
Will
this result in an increased volume of attacks? “You can pay,
you’ve got insurance!”
Baltimore
to Buy $20M in Cyber Insurance Months After Attack
…
The
move comes after hackers in May demanded about $76,000 in ransom
after freezing
key computer systems.
Online payments, billing systems and email were down, and property
transactions came to a stop, exasperating home sellers and real
estate professionals.
… The
policies have a $1 million deductible.
“Everything
is very simple in war, but the simplest thing is difficult.” Carl
von Clausewitz Sounds like that applies to law too.
UK
‘porn block’: Government drops plan to stop children watching sex
videos online
Controversial
plans for a “porn
block” to
stop children viewing adult material online have been dropped, the
government has announced.
The
long-delayed measure – first promised in 2015 and first due to come
into effect last year – “will not be commencing” after running
into trouble and after
repeated delays.
… The
government was also forced to exempt large social media sites from
the ban over fears that it would result in the likes of Twitter and
Reddit being blocked for adult content.
The
evolution of personal.
California
Amends Breach Notification Law
On
October 11, 2019, California Governor Gavin Newsom signed into law AB
1130. which
expands the types of personal information covered by California’s
breach notification law to include, when compromised in combination
with an individual’s name: (1) additional government identifiers,
such as tax identification number, passport number, military
identification number, or other unique identification number issued
on a government document commonly used to verify the identity of a
specific individual; and (2) biometric data generated from
measurements or technical analysis of human body characteristics
(e.g.,
fingerprint, retina, or iris image) used to authenticate a specific
individual. Biometric data does not include a physical or digital
photograph unless used or stored for facial recognition purposes.
A
security perspective.
Jack
Ma Reveals Alibaba Is the Target of 300 Million Cyber Attacks Each
Day
…
During
his 45-minute conversation
with
Forbes
editor-in-chief
Steve Forbes, the billionaire business magnate disclosed that his
company suffers unrelenting hacking attempts — “but we deal
[with] it,” Ma said. “We don’t have even one problem.”
The
very definition of a hacker target. Everything you ever wanted to
steal, all in one place.
Angelica
Mari reports:
The Brazilian government will create a
single citizen database that will contain a wide range of personal
information about the country’s population of over 200 million
people, to be fully shared across departments.
According to the decree signed by
Brazilian president Jair Bolsonaro, the objectives of the database
include the improvement in public policy, as well as simplifying data
sharing between government departments.
The
information “will be shared as widely as possible,”
according to the decree, taking into account any legal restrictions,
requirements around information and communications security, as well
as Brazil’s
General Data Protection Act, which will be enforced in August 2020.
Privacy
lawyers are probably underpaid.
There
were a slew of sessions on the California Consumer Privacy Act (CCPA)
at the Privacy+Security Forum in Washington, D.C. this week. I need
to find time to read up more on the law and the regulations that have
been introduced as CCPA is shaking things up big time. As one
example, one law firm has identified almost two dozen significant
impacts they see in the draft regulations. Daniel Felz of Alston &
Bird writes
that their advisory covers a number of topics, including
Why
posting a CCPA privacy policy on your website may not be enough to
satisfy your CCPA notice obligations – instead you
may need additional “just in time” notices at every specific
point where you collect data (or lose the right to
collect it);
Why
you may hear discussions about a potential return of Do Not Track
in the online context, this time as a “Do Not Sell My Info”
request;
Why
brick-and-mortar interactions with consumers may require companies
to faciliatate “offline” CCPA rights requests; and
Why
companies that take a position as vendor or service provider may
need to examine any aspect of their business that involves pooling
customer data for regulatory risk.
Read
their full advisory here.
Thou
shalt make for yourself a person overseeing privacy compliance in
thine corporation.
Thou
shalt map thy data so thou knowest what it is, wherefrom it cometh
and where it is shared.
Thou
shalt keep thy service providers close and thy third parties closer
and revise thine own agreements with them.
A
twist on state privacy legislation.
Karl
Bode reports:
Oregon Senator Ron Wyden has unveiled
updated privacy legislation he says will finally bring accountability
to corporations that play fast and loose with your private data.
Dubbed the Mind
Your Own Business Act, the bill promises consumers the
ability to opt out of data collection and sale with a single click.
It also demands that corporations be transparent as to how consumer
data is collected, used, and who it’s sold to, while imposing harsh
fines and prison sentences
upon corporations and executives that misuse consumer data and lie
about it.
Read
more on Vice.
I
haven’t found the full text of the bill yet, but will add a link to
it when it’s available or I can find it.
Could
this translate to facial recognition?
A
Fourth Amendment Framework for Voiceprint Database Searches
From
prisons to banks, the mass recording and collection of voices has
become increasingly common. This practice can be useful—voiceprint
technology (also
known as voice recognition technology) helps banks
and
prisons
verify
the identity of a caller and prevent fraud. But, used for other
purposes, this technology can reveal a considerable amount of
personal information about the speaker and those they associate with.
To address these privacy concerns, voiceprint technology should be
subject to a new Fourth Amendment framework that treats each query of
a voice database to verify an individual’s identity – a
voiceprint verification – as a unique “search.” Drawing on the
Supreme Court’s recent technology-related decisions and the
insights of Fourth Amendment experts, we articulate the rationale for
and specifics of this framework below.
If
the AI suggests I have “reallyrare-itis” what happens if the
doctors ignore that diagnosis and I later die from it? Can my heirs
sue the AI?
Explainable
AI In Health Care: Gaining Context Behind A Diagnosis
Most
of the available health care diagnostics that use artificial
intelligence (AI) function as black boxes—meaning that results do
not include any explanation of why the machine thinks a patient has a
certain disease or disorder. While AI technologies are
extraordinarily powerful, adoption of these algorithms in health care
has been slow because doctors and regulators cannot verify their
results. However, a new type of algorithm called “explainable AI”
(XAI) can be easily understood by humans. As a result, all signs
point to XAI being rapidly adopted across health care, making it
likely that providers will actually use the associated diagnostics.
… for
fields such as health care, where mistakes can have catastrophic
effects, the black box aspect of AI makes it difficult for doctors
and regulators to trust it—perhaps with good reason. Doctors are
trained primarily to identify the outliers, or the strange cases that
don’t require standard treatments. If an AI algorithm isn’t
trained properly with the appropriate data, and we can’t understand
how it makes its choices, we can’t be sure it will identify those
outliers or otherwise properly diagnose patients, for instance.
… For
example, in its latest draft guidance released on Sept. 28, the FDA
continues to require doctors to be able to independently verify the
basis for the software’s recommendations in order to avoid
triggering higher scrutiny as a medical “device.” Thus, software
is lightly regulated where doctors can validate the algorithms’
answers. Consider the case of a medical image, where doctors can
double-check suspicious masses highlighted by the algorithm. With
algorithms such as deep learning, however, the challenge for
physicians is that they have no context for why a diagnosis was
chosen.
(Related)
What if the legal AI misses relevant data? Can a legal ‘black
box’ be allowed? (Cute image.)
Artificial
Intelligence Is on the Case in the Legal Profession
My
brain conjures up an image of C-3PO in a three-piece suit…
… Artificial
intelligence (AI) is, in fact, becoming a mainstay component of the
legal profession. In some circumstances, this analytics-crunching
technology is using algorithms and machine learning to do work that
was previously done by entry-level lawyers. (What does that say
about entry-level lawyers?)
… “AI’s
present capability meets a sizable need in the legal space by
automating a number of high-volume, recurring tasks that otherwise
take lawyers’ focus away from more meaningful work,” Lillquist
said. “Beyond this, the role of the lawyer is still vital to
conducting quality legal work.”
Over
the next five years, Lillquist predicts the role of AI in the legal
space will continue to be accomplishing narrow and specific tasks,
such as finding terms in a set of documents or filling out certain
forms.
… “Deep
legal expertise is required to create technology that successfully
operates in the legal space, and that knowledge resides in humans,”
he added.
(Related)
I note that this article was not written by an AI.
Artificial
Intelligence, Legal Change, and Separation of Powers
Michaels,
Andrew C., Artificial Intelligence, Legal Change, and Separation of
Powers (September 24, 2019). 88 University of Cincinnati Law Review _
(2020, Forthcoming). Available at SSRN:
https://ssrn.com/abstract=3459069
“A
number of prominent contemporary legal scholars have recently argued
in favor of replacing human legal decision-making with Artificial
Intelligence, assuming that AI technology improves to a level they
deem appropriate. I disagree, particularly as regards Article III
judges, for four main reasons. First,
human judges must strike a delicate balance between respect for
precedent (the past), and adapting the law to unforeseen
circumstances (the present/future), thus playing an important role in
shaping the law that those arguing for robot judges do not adequately
account for. Second,
arguments for AI judges often seem inherently formalist in stating
that robot judges would make fewer errors, overlooking the teachings
of legal realism that not all cases have a clear right answer.
Third,
the loss of human judges would lead to a loss or diminishment of the
human legal community, such that fewer people would be paying
attention to the law, leaving the law more susceptible to being
co-opted. Fourth,
Article III judges play an important role as a check on the other two
branches, a role which AI seems ill-equipped to replace and those
arguing for AI judges do not account for. In short, proposals to
automate the judiciary both under-appreciate and undervalue the human
aspects of law, and the degree to which a human legal system
contributes to the sense that we as a society govern ourselves. The
potential benefits of an automated judiciary are better achieved in
other ways, and do not justify the risks.”
Useful?
Artificial
intelligence: Cheat sheet