Thursday, November 05, 2020

If you have an interest in Privacy, you will want to listen to this!

https://www.law.du.edu/privacy-foundation

The Privacy Foundation at the University of Denver Sturm College of Law

Friday, October 30, 2020 12:00 - 1:00 pm Via Zoom

Facial Recognition & Privacy Session Recording

(This session recording is password protected. Please contact Vincent Gonzales vgonzales@law.du.edu for the password)





I’m shocked! Shocked I tell you!

https://www.databreaches.net/don-t-pay-ransom-on-the-promise-your-data-will-be-deleted-because-it-wont-be-coveware/

Don ‘t pay ransom on the promise your data will be deleted, because it won’t be — Coveware

    In Coveware’s Q3 2020 report, there’s a section on criminals not keeping their word about deleting data if you’ll just pay them their extortion demands (imagine criminals not keeping their word — oh, the shock):

    PAYING A RANSOM MAY NOT STOP RANSOMWARE GROUPS FROM LEAKING THE EXFILTRATED DATA
    Coveware feels that we have reached a tipping point with the data exfiltration tactic. Despite some companies opting to pay threat actors to not release exfiltrated data, Coveware has seen a fraying of promises of the cybercriminals (if that is a thing) to delete the data. The below list includes ransomware groups whom we have observed publicly DOX victims after payment, or have demanded a second extortion payment from a company that had previously paid to have the data deleted / no leaked:
    • Sodinokibi: Victims that paid were re-extorted weeks later with threats to post the same data set.

    • Maze / Sekhmet / Egregor (related groups): Data posted on a leak site accidentally or willfully before the client understood there was data taken.

    • Netwalker: Data posted of companies that had paid for it not to be leaked

    • Mespinoza: Data posted of companies that had paid for it not to be leaked

    • Conti: Fake files are shown as proof of deletion

    Although victims may decide there are valid reasons to pay to prevent the public sharing of stolen data, Coveware’s policy is to advise victims of data exfiltration extortion to expect the following if they opt to pay:
  • The data will not be credibly deleted. Victims should assume it will be traded to other threat actors, sold, or held for a second/future extortion attempt
  • Stolen data custody was held by multiple parties and not secured. Even if the threat actor deletes a volume of data following a payment, other parties that had access to it may have made copies so that they can extort the victim in the future
  • The data may get posted anyway by mistake or on purpose before a victim can even respond to an extortion attempt
    They present a powerful case for not paying that second extortion. But can victims get the decryption key without paying the second part of the ransom? Won’t threat actors just increase the ransom for the decryption key if they learn that their victims will NOT pay them to delete data or promise not to publish it?
    In a way, I think it’s a shame that Coveware and other experts haven’t publicly and immediately pointed out when criminals have broken their word. Maybe if they had/did, other victims wouldn’t have paid the ransom when criminals assured them that their word was good because if they lied, no one would ever believe them again.

Read Coveware’s full report on their site.





New law.

https://fpf.org/2020/11/04/californias-prop-24-the-california-privacy-rights-act-passed-whats-next/

California’s Prop 24, the “California Privacy Rights Act,” Passed. What’s Next?

California voters approved Proposition 24 (the California Privacy Rights Act) (CPRA) (full text here ). Garnering 56.1% of the vote so far, the initiative will almost certainly meet the majority threshold to become the new law of the land in California.



(Related)

Portland, Maine Votes to Add Teeth to Ban on Facial Recognition

From EPIC.org:

Voters in Portland, Maine passed a ballot initiative that strengthens the city’s ban on the use of facial recognition by law enforcement and city agencies. The City Council previously passed an order banning face surveillance, but the initiative strengthens the ban with a private right of action and penalties for violations of the law. A growing list of cities have banned facial recognition technology, including Boston, Oakland, San Francisco, and Portland, Oregon. EPIC has launched a campaign to Ban Face Surveillance and through the Public Voice coalition gathered the support of over 100 organizations and many leading experts across 30 plus countries. Earlier this year, an EPIC-led coalition called on the Privacy and Civil Liberties Oversight Board to recommend the suspension of face surveillance systems across the federal government.



(Related)

Michigan Passes Warrant Requirement for Electronic Data Searches

Alex Ebert reports:

Michigan voters approved a state constitutional amendment that will require state and local law enforcement officers to get a warrant before searching through suspects’ electronic data.

Read more on Bloomberg Law.





Getting closer to eliminating lawyers?

https://thenextweb.com/offers/2020/11/05/with-docpro-you-can-create-all-your-own-legal-documents-for-your-business-in-minutes/?utm_source=feedburner&utm_medium=feed&utm_campaign=Feed%3A+TheNextWeb+%28The+Next+Web+All+Stories%29

With DocPro, you can create all your own legal documents for your business in minutes

TLDR: With DocPro, you get access to over 1,500 templates for legal documents of every kind, all fully customizable for all your business and personal needs.





At least they are thinking about it. Let’s hope corporate Boards are doing the same.

Military AI Is Bigger Than Just The Kill Chain: JAIC Chief

The military must not get so fixated on using artificial intelligence to find targets that it neglects its wider applications from deployment planning to escalation control, warns the new director of the Pentagon’s Joint AI Center.

In recent field tests, an experimental Army AI was able to find targets in satellite imagery and relay target coordinates to artillery in under 20 seconds. Accelerating the “kill chain” from detection to destruction this way is a powerful but narrow application of artificial intelligence, said Lt. Gen. Michael Groen, a Marine Corps intelligence officer who took over JAIC on Oct. 1st.

Misapplication of AI raises the potential for “rapid escalation and strategic instability,” Groen told an NDIA conference last week. “That’s really where we have to…go back to ethical principles.

The principles for military AI promulgated in February, Groen noted, require artificial intelligence to be “governable.” To quote that policy (the emphasis is ours): “The Department will design and engineer AI capabilities to fulfill their intended functions while possessing the ability to detect and avoid unintended consequences, and the ability to disengage or deactivate deployed systems that demonstrate unintended behavior.”





Learning is never done.

https://www.cnbc.com/2020/11/04/valuable-skills-to-learn-before-2021-and-where-to-find-free-online-courses-according-to-futurist.html

These are the top 5 skills to learn right now, says futurist—and where to find free online courses

As a futurist who has helped more than 1,000 companies adapt to change and uncertainty, I’ve found that, while hard skills remain important, there are five forward-thinking — and often ignored — soft skills you need in order to remain valuable and relevant in a rapidly-changing workforce.

Here are the skills to master before 2021, along with the best free online courses to help you build upon them:

1. Futuristic thinking skills

2. Courageous leadership skills

3. Emotional intelligence skills

4. Interpersonal communication skills

5. Cognitive flexibility



No comments: