Should
we assume that Facebook’s lawyers failed to properly estimate the
risk or that Facebook’s managers chose to roll the dice?
Facebook
may pay Illinois users a couple of hundred dollars each in $550
million privacy settlement
Facebook
will pay $550 million to Illinois users to settle allegations that
its facial tagging feature violated their privacy rights.
The
settlement — which could amount to a couple of hundred dollars for
each user who is part of the class-action settlement — stems from a
federal lawsuit filed in Illinois nearly
five years ago that alleges the social media giant violated a state
law protecting residents’ biometric information. Biometric
information can include data from facial, fingerprint and iris scans.
Illinois
has one of the strictest biometric privacy laws in the nation. The
2008 law mandates that companies collecting such information obtain
prior consent from consumers, detailing how they’ll use it and how
long it will be kept. The law also allows private citizens to sue.
… “We
are expecting a record number of claims to be filed,” Edelson said.
“But even with that, we think that the class members are going to
get a good amount of money.”
Security
and Architecture.
Why
2020 Will Be the Year Artificial Intelligence Stops Being Optional
for Security
Artificial
intelligence (AI) isn’t new. What is new is the growing ubiquity
of AI in large organizations. In fact, by the end of this year, I
believe nearly every type of large organization will find AI-based
cybersecurity tools indispensable.
Artificial
intelligence is many
things to many people.
One fairly neutral definition is that it’s a branch of computer
science that focuses on intelligent behavior, such as learning and
problem solving. Now that cybersecurity AI is mainstream, it’s
time to stop treating AI like some kind of magic pixie dust that
solves every problem and start understanding its everyday necessity
in the new cybersecurity landscape. 2020 is the year large
organizations will come to rely on AI
for security.
AI
isn’t magic, but for many specific use cases, the right tool for
the job will increasingly involve AI. Here
are six reasons why that’s the case.
Perspective.
Collating
Hacked Data Sets
Two
Harvard undergraduates completed a project where they went out on the
Dark Web and found a bunch of stolen datasets. Then they correlated
all the information,
and then combined it with additional, publicly available information.
No surprise: the result was much more detailed and personal.
"What we were able to do is alarming because we can now find vulnerabilities in people's online presence very quickly," Metropolitansky said. "For instance, if I can aggregate all the leaked credentials associated with you in one place, then I can see the passwords and usernames that you use over and over again."
Of the 96,000 passwords contained in the dataset the students used, only 26,000 were unique.
"We also showed that a cyber criminal doesn't have to have a specific victim in mind. They can now search for victims who meet a certain set of criteria," Metropolitansky said.
For example, in less than 10 seconds she produced a dataset with more than 1,000 people who have high net worth, are married, have children, and also have a username or password on a cheating website. Another query pulled up a list of senior-level politicians, revealing the credit scores, phone numbers, and addresses of three U.S. senators, three U.S. representatives, the mayor of Washington, D.C., and a Cabinet member.
"Hopefully, this serves as a wake-up call that leaks are much more dangerous than we think they are," Metropolitansky said. "We're two college students. If someone really wanted to do some damage, I'm sure they could use these same techniques to do something horrible."
That's
about right.
And
you can be sure that the
world's major intelligence organizations have already done all of
this.
Not
comprehensive, but it could be useful.
https://www.zdnet.com/article/new-web-service-can-notify-companies-when-their-employees-get-phished/
New
web service can notify companies when their employees get phished
Starting
today, companies across the world have a new free web service at
their disposal that will automatically send out email notifications
if one of their employees gets phished.
The
service is named "I
Got Phished "
and is managed byAbuse.ch,
a non-profit organization known for its malware and cyber-crime
tracking operations.
Just
like all other Abuse.ch services, I Got Phished will be free to use.
… Subscribing
for email notifications is done on a domain name basis, and companies
don't have to expose a list of their employee email addresses to a
third-party service.
Falls
in the old “quality is free” category.
Investment
in Privacy Pays Cybersecurity Dividends: Cisco
Cisco's
2020 Data Privacy Benchmark Study attempts to quantify an
often-repeated claim from cybersecurity experts: investment in
privacy improves overall cybersecurity. For example, last year's
Cisco privacy study seemed to indicate that improved privacy improves
vendors' sales cycle.
"A
year ago," Robert Waitman, Cisco director of data valuation and
privacy, security and trust, told SecurityWeek,
"we found those
organizations that were ready for GDPR did
a better job when
it came to streamlining their sales process.
This is particularly so in B2B. With customers being more concerned
and asking more questions about privacy, those companies with an
effective privacy policy can more rapidly and efficiently answer
those questions."
… His
conclusions from the Cisco Data Privacy Benchmark Study 2020 (PDF
)
are clear. "Firstly," he told SecurityWeek,
"companies should be honest and transparent about what they do
with personal data. Secondly, privacy is a good corporate
investment. There's now a lot of evidence suggesting that companies
should go beyond the minimum possible to comply with the law, and
seriously invest in privacy. Finally, the issue of privacy
certifications is important."
We
can be bad therefore we can detect bad in others?
Artificial
intelligence, geopolitics, and information integrity
… The
present article explores the intersection of AI and information
integrity in the specific context of geopolitics. Before addressing
that topic further, it is important to underscore that the
geopolitical implications of AI go far beyond information. AI will
reshape defense, manufacturing, trade, and many other geopolitically
relevant sectors. But information is unique because information
flows determine what people know about their own country and the
events within it, as well as what they know about events occurring on
a global scale. And information flows are also critical inputs to
government decisions regarding defense, national security, and the
promotion of economic growth. Thus, a full accounting of how AI will
influence geopolitics of necessity requires engaging with its
application in the information ecosystem.
This
article begins with an exploration of some of the key factors that
will shape the use of AI in future digital information technologies.
It then considers how AI can be applied to both the creation and
detection of misinformation. The final section addresses how AI will
impact efforts by nation-states to promote–or impede–information
integrity.
No comments:
Post a Comment