Monday, January 20, 2020


Security seems to constantly increase its complexity and scope.
Privacy International Report on “Cloud Extraction” Programs Sheds Light on Far-Reaching Government Surveillance Technology
A new report from Privacy International paints a picture of a largely opaque, unaccountable system of surveillance technology used by government agencies online. So-called “cloud extraction” tools are largely unknown to the public and subject to relatively low levels of oversight, but are used regularly to analyze and extract private data from all of the major cloud services.
This new application of surveillance technology is concerning in its scope, and in terms of issues of consent. A search of a device is no longer a one-time event when these tools are used; the party being searched may now also be having any or all of their cloud accounts accessed, and may be subject to ongoing monitoring and repeated searches.
What is cloud extraction?
Cloud extraction works by lifting authentication tokens off of a mobile device or computer that government agencies have physical access to, for example during a search of a suspect.
Authentication tokens for various cloud services can remain active for weeks at a time, and in some cases are permanent. If the investigating agency can extract these tokens, they do not need to coerce the subject into giving up login information; if they already have login information, they can maintain ongoing access even if the subject later changes their password. This also allows them to circumvent most two-factor authentication (2FA) measures.




Background for my Security students.
NIST Releases Framework for Privacy Risk Management
The National Institute of Standards and Technology (NIST) last week announced version 1.0 of its Privacy Framework, a tool designed to help organizations manage privacy risks.
The NIST Privacy Framework: A Tool for Improving Privacy through Enterprise Risk Management is available in PDF format on NIST’s website.




Have your AI call my AI…” An example of AI ni the wild?
CallJoy Announces Customizable AI Features for Small Businesses
Now small business owners can tweak a virtual agent’s voice and choose what it says to customers who call.
CallJoy is an easy-to-use, affordable phone agent,” he writes. “It is designed to help small businesses save time and improve customer service by automating the phone answering process.”
… “It saves business owners from answering the same questions over the phone multiple times a day,” Summers says. “Common requests like “where are you located?” “do you allow dogs?” “do you take American Express?” “what time do you open” etc. can all now be automated.”
Visit the company’s website to learn more and try CallJoy for free.




Dilbert on AI weapons?



No comments: