Tuesday, February 04, 2020


The first failure of the 2020 election shows what is to follow.
App Used to Tabulate Votes Is Said to Have Been Inadequately Tested
The app that the Iowa Democratic Party commissioned to tabulate and report results from the caucuses on Monday was not properly tested at a statewide scale, said people who were briefed on the app by the state party.
It was quickly put together in just the past two months, said the people, some of whom asked to remain anonymous because they were not authorized to speak publicly.
And the party decided to use the app only after another proposal for reporting votes — which entailed having caucus participants call in their votes over the phone — was abandoned, on the advice of Democratic National Committee officials, according to David Jefferson, a board member of Verified Voting, a nonpartisan election integrity organization.
… A spokeswoman for the state party issued a statement late Monday denying that the delays were the result of the new app’s failure.
“We found inconsistencies in the reporting of three sets of results,” said Mandy McClure, the spokeswoman. She added that this was “simply a reporting issue, the app did not go down and this is not a hack or an intrusion.”
… Matt Blaze, a professor of computer science and law at Georgetown, said that introducing apps in the midst of an election posed many problems. Any type of app or program that relies on using a cellphone network to deliver results is vulnerable to problems both on the app and on the phones being used to run it, he said.
… Jerry Depew, the Democratic county chairman from Pocahontas County, said that the report line and the help line were the same phone number.
“I had not expected it to be busy at 8 p.m.,” he said, when he tried to call in results from his precinct. “But if caucus chairs were calling for help at the same time that easy caucuses were trying to report results, the phones could have been overloaded.”


(Related) Here’s a suggestion: Any voting related software or hardware should be independently certified.
DoD to Require Cybersecurity Certification From Defense Contractors
The United States Department of Defense (DoD) announced that defense contractors will have to meet a basic level of cybersecurity standards when replying to a government acquisition program's request for proposals by 2026.
The Cybersecurity Maturity Model Certification (CMMC) framework version 1.0 was released on January 31 and it is "a unified cybersecurity standard for future DoD acquisitions."




If this had not been so horribly mismanaged, it would have been resolved years ago.
Andy reports:
The New Zealand Supreme Court has declined Kim Dotcom’s appeal in his bid to access private communications captured illegally by the country’s spy agency. Dotcom will still be entitled to damages for the unlawful intrusion into his private life but he says this matter is not about money. Instead, he seeks to hold the GCSB agency accountable for its illegal behavior, for the benefit of all New Zealanders.
In the weeks and months leading up to and beyond the 2012 raid on Kim Dotcom and his former associates, the Megaupload founder was being spied on by the authorities in New Zealand.
Between December 2011 and March 2012, the highly secretive Government Communications Security Bureau (GCSB) spy agency listened in on the private communications of Kim and former wife Mona Dotcom, plus Megaupload co-defendant Bram van der Kolk.
Read more on Torrent Freak.




Since the impact is more immediate, I hope we take action sooner.
Outgoing NSA legal chief warns hacking threats from Russia, China, and Iran are as dangerous to the US as climate change
Gerstell predicted mounting hacking threats against the US in an interview with The Washington Post published Monday, comparing the challenge to that posed by climate change.
"The challenges presented by the digital revolution … are of such a magnitude and coming at us with such a rapidity that there's a danger we will treat it conventionally and underestimate its significance," Gerstell said.




The GDPR is finding its stride.
GDPR Fines Top $126 Million With Over 160,000 Data Breaches Reported
This information comes from the recently published GDPR Data Breach Survey conducted major multinational law firm DLA Piper.


(Related) Many, but not yet very large.
Guess what? GDPR enforcement is on fire!
While fines are not always particularly high, our analysis shows that, in terms of volume, data protection authorities (DPAs) are rapidly increasing their GDPR enforcement activities. Some interesting trends are also emerging:
DPAs have levied 190 fines and penalties to date.
Failures of data governance -- not security -- trigger the most fines and penalties
Breaches get the enforcement ball rolling but are just a starting point.
Compromised data from a single customer can be expensive.
Failure to respect individuals' rights will lead to the next wave of fines and penalties
Third-party risk management is the next big thing in the privacy arena.




Still working through GDPR. If I called my opponent an idiot in order to win election, would I be in violation? Perhaps I would have a Facebook-like “Politicians are allowed to lie” exemption?
Odia Kagan of Fox Rothschild writes:
Are opinions about someone personal data?
Key takeaways:
    • An opinion can include personal data.
    • If the opinion is not recorded — GDPR does not apply.
    • If made or recorded for someone’s “purely personal or household” activities, with no connection to a professional or commercial activity, GDPR doesn’t apply.
Read more about where it might apply on Privacy Compliance & Data Security,




What are the law firm’s responsibilities here? They have already lost client data.
Maze Ransomware Hits Law Firms and French Giant Bouygues
… The Maze group has a dedicated website where it first names victim organizations and then releases stolen data if they refuse to pay the ransom.
… “It's the equivalent of a kidnapper sending a pinky finger. If the organization still doesn’t pay, the remaining data is published, sometimes on a staggered basis.”
That’s potentially bad news for the latest firms to fall victim to Maze ransomware. At present, only two of the law firms have had sensitive customer data published but, ominously for the other victims, the group promises that the “proofs” are coming soon.
… It’s not unusual for the group to charge its victims twice, $1m for the decryption key and a further $1m for ‘deletion’ of the stolen data. There’s the added jeopardy that, if they’re not paid, stolen data will be leaked onto Russian hacker forums, as has happened in the past.




Can you have too much information? Lots of slides to steal…
Every single stat you need to know about the internet
TheNextWeb – “Our new Digital 2020 reports – published in partnership with We Are Social and Hootsuite show that digital, mobile, and social media have become an indispensable part of everyday life for people all over the world. More than 4.5 billion people now use the internet, while social media users have passed the 3.8 billion mark. Nearly 60 percent of the world’s population is already online, and the latest trends suggest that more than half of the world’s total population will use social media by the middle of this year. Some important challenges remain, however, and there’s still work to do to ensure that everyone around the world has fair and equal access to life-changing digital connectivity. You’ll find the full Digital 2020 Global Overview Report in the SlideShare embed below, but read on to find our summary of this year’s key headlines, numbers, and trends…”




Is there enough detail to suggest ways to reduce the number of shootings?
Tracking Police Shootings in the United States
Washington Post – 950 people have been shot and killed by police in the past year – “In 2015, The Washington Post began to log every fatal shooting by an on-duty police officer in the United States. In that time there have been nearly 5,000 such shootings recorded by The Post. After Michael Brown, an unarmed black man, was killed in 2014 by police in Ferguson, Mo., a Post investigation found that the FBI undercounted fatal police shootings by more than half. This is because reporting by police departments is voluntary and many departments fail to do so. The Post’s data relies primarily on news accounts, social media postings and police reports. Analysis of more than five years of data reveals that the number and circumstances of fatal shootings and the overall demographics of the victims have remained relatively constant… Although half of the people shot and killed by police are white, black Americans are shot at a disproportionate rate. They account for less than 13 percent of the U.S. population, but are killed by police at more than twice the rate of white Americans. Hispanic Americans are also killed by police at a disproportionate rate…”




I think I have it figured out. Russia is afraid I’ll run for President and defeat Trump. (Last week)





No comments: