Thursday, January 30, 2020


Should we assume that Facebook’s lawyers failed to properly estimate the risk or that Facebook’s managers chose to roll the dice?
Facebook may pay Illinois users a couple of hundred dollars each in $550 million privacy settlement
Facebook will pay $550 million to Illinois users to settle allegations that its facial tagging feature violated their privacy rights.
The settlement — which could amount to a couple of hundred dollars for each user who is part of the class-action settlement — stems from a federal lawsuit filed in Illinois  nearly five years ago that alleges the social media giant violated a state law protecting residents’ biometric information. Biometric information can include data from facial, fingerprint and iris scans.
Illinois has one of the strictest biometric privacy laws in the nation. The 2008 law mandates that companies collecting such information obtain prior consent from consumers, detailing how they’ll use it and how long it will be kept. The law also allows private citizens to sue.
… “We are expecting a record number of claims to be filed,” Edelson said. “But even with that, we think that the class members are going to get a good amount of money.”




Security and Architecture.
Why 2020 Will Be the Year Artificial Intelligence Stops Being Optional for Security
Artificial intelligence (AI) isn’t new. What is new is the growing ubiquity of AI in large organizations. In fact, by the end of this year, I believe nearly every type of large organization will find AI-based cybersecurity tools indispensable.
Artificial intelligence is many things to many people. One fairly neutral definition is that it’s a branch of computer science that focuses on intelligent behavior, such as learning and problem solving. Now that cybersecurity AI is mainstream, it’s time to stop treating AI like some kind of magic pixie dust that solves every problem and start understanding its everyday necessity in the new cybersecurity landscape. 2020 is the year large organizations will come to rely on AI for security.
AI isn’t magic, but for many specific use cases, the right tool for the job will increasingly involve AI. Here are six reasons why that’s the case.




Perspective.
Collating Hacked Data Sets
Two Harvard undergraduates completed a project where they went out on the Dark Web and found a bunch of stolen datasets. Then they correlated all the information, and then combined it with additional, publicly available information. No surprise: the result was much more detailed and personal.
"What we were able to do is alarming because we can now find vulnerabilities in people's online presence very quickly," Metropolitansky said. "For instance, if I can aggregate all the leaked credentials associated with you in one place, then I can see the passwords and usernames that you use over and over again."
Of the 96,000 passwords contained in the dataset the students used, only 26,000 were unique.
"We also showed that a cyber criminal doesn't have to have a specific victim in mind. They can now search for victims who meet a certain set of criteria," Metropolitansky said.
For example, in less than 10 seconds she produced a dataset with more than 1,000 people who have high net worth, are married, have children, and also have a username or password on a cheating website. Another query pulled up a list of senior-level politicians, revealing the credit scores, phone numbers, and addresses of three U.S. senators, three U.S. representatives, the mayor of Washington, D.C., and a Cabinet member.
"Hopefully, this serves as a wake-up call that leaks are much more dangerous than we think they are," Metropolitansky said. "We're two college students. If someone really wanted to do some damage, I'm sure they could use these same techniques to do something horrible."
That's about right.
And you can be sure that the world's major intelligence organizations have already done all of this.




Not comprehensive, but it could be useful.
New web service can notify companies when their employees get phished
Starting today, companies across the world have a new free web service at their disposal that will automatically send out email notifications if one of their employees gets phished.
The service is named "I Got Phished " and is managed byAbuse.ch, a non-profit organization known for its malware and cyber-crime tracking operations.
Just like all other Abuse.ch services, I Got Phished will be free to use.
Subscribing for email notifications is done on a domain name basis, and companies don't have to expose a list of their employee email addresses to a third-party service.




Falls in the old “quality is free” category.
Investment in Privacy Pays Cybersecurity Dividends: Cisco
Cisco's 2020 Data Privacy Benchmark Study attempts to quantify an often-repeated claim from cybersecurity experts: investment in privacy improves overall cybersecurity. For example, last year's Cisco privacy study seemed to indicate that improved privacy improves vendors' sales cycle.
"A year ago," Robert Waitman, Cisco director of data valuation and privacy, security and trust, told SecurityWeek, "we found those organizations that were ready for GDPR did a better job when it came to streamlining their sales process. This is particularly so in B2B. With customers being more concerned and asking more questions about privacy, those companies with an effective privacy policy can more rapidly and efficiently answer those questions."
His conclusions from the Cisco Data Privacy Benchmark Study 2020 (PDF ) are clear. "Firstly," he told SecurityWeek, "companies should be honest and transparent about what they do with personal data. Secondly, privacy is a good corporate investment. There's now a lot of evidence suggesting that companies should go beyond the minimum possible to comply with the law, and seriously invest in privacy. Finally, the issue of privacy certifications is important."




We can be bad therefore we can detect bad in others?
Artificial intelligence, geopolitics, and information integrity
The present article explores the intersection of AI and information integrity in the specific context of geopolitics. Before addressing that topic further, it is important to underscore that the geopolitical implications of AI go far beyond information. AI will reshape defense, manufacturing, trade, and many other geopolitically relevant sectors. But information is unique because information flows determine what people know about their own country and the events within it, as well as what they know about events occurring on a global scale. And information flows are also critical inputs to government decisions regarding defense, national security, and the promotion of economic growth. Thus, a full accounting of how AI will influence geopolitics of necessity requires engaging with its application in the information ecosystem.
This article begins with an exploration of some of the key factors that will shape the use of AI in future digital information technologies. It then considers how AI can be applied to both the creation and detection of misinformation. The final section addresses how AI will impact efforts by nation-states to promote–or impede–information integrity.



No comments: