Security seems to constantly increase its complexity and scope.
Privacy
International Report on “Cloud Extraction” Programs Sheds Light
on Far-Reaching Government Surveillance Technology
A new report from Privacy International paints a
picture of a largely opaque, unaccountable system of surveillance
technology used by government agencies online. So-called “cloud
extraction” tools are largely unknown to the public and subject to
relatively low levels of oversight, but are used regularly to analyze
and extract private data from all of the major cloud services.
This new application of surveillance technology is
concerning in its scope, and in terms of issues of consent. A search
of a device is no longer a one-time event when these tools are used;
the party being searched may now also be having any or all of their
cloud accounts accessed, and may be subject to ongoing monitoring and
repeated searches.
What is cloud extraction?
Cloud extraction works by lifting authentication
tokens off of a mobile device or computer that government agencies
have physical access to, for example during a search of a suspect.
Authentication tokens for various cloud services
can remain active for weeks at a time, and in some cases are
permanent. If the investigating agency can extract these tokens,
they do not need to coerce the subject into giving up login
information; if they already have login information, they can
maintain ongoing access even if the subject later changes their
password. This also allows them to circumvent most two-factor
authentication (2FA) measures.
Background for my Security students.
NIST
Releases Framework for Privacy Risk Management
The National Institute of Standards and Technology
(NIST) last week announced version 1.0 of its Privacy Framework, a
tool designed to help organizations manage privacy risks.
… The
NIST Privacy Framework: A Tool for Improving Privacy through
Enterprise Risk Management is available in PDF
format on
NIST’s website.
“Have
your AI call my AI…” An example of AI ni the wild?
CallJoy
Announces Customizable AI Features for Small Businesses
Now
small business owners can tweak a virtual
agent’s voice
and choose what it says to customers who call.
“CallJoy
is an easy-to-use, affordable phone agent,” he writes. “It is
designed to help small businesses save time and improve
customer service by
automating the phone answering process.”
… “It
saves business owners from answering the same questions over the
phone multiple times a day,” Summers says. “Common requests like
“where are you located?” “do you allow dogs?” “do you take
American Express?” “what time do you open” etc. can all now be
automated.”
Dilbert on AI weapons?
No comments:
Post a Comment