Tuesday, December 22, 2020

and by extension, my students need to explain these to the CISO

https://www.csoonline.com/article/3601001/6-board-of-directors-security-concerns-every-ciso-should-be-prepared-to-address.html?upd=1608642841748

6 board of directors security concerns every CISO should be prepared to address

The COVID pandemic and spike in cybercriminal activity has raised interest in security among corporate boards. These are the concerns and questions CISOs say they are now hearing from them.





I think we need an “Underwriter’s Lab” for software.

https://www.bespacific.com/how-u-s-agencies-trust-in-untested-software-opened-the-door-to-hackers/

How U.S. agencies’ trust in untested software opened the door to hackers

Politico – The government doesn’t do much to verify the security of software from private contractors. And that’s how suspected Russian hackers got in: “The massive monthslong hack of agencies across the U.S. government succeeded, in part, because no one was looking in the right place. The federal government conducts only cursory security inspections of the software it buys from private companies for a wide range of activities, from managing databases to operating internal chat applications. That created the blind spot that suspected Russian hackers exploited to breach the Treasury Department, the Department of Homeland Security, the National Institutes of Health and other agencies. After embedding code in widely used network management software made by a Texas company called SolarWinds, all they had to do was wait for the agencies to download routine software updates from the trusted supplier…





Dystopian ethics.

https://dilbert.com/strip/2020-12-22





Perhaps not as ‘figured out’ as we’d like.

https://www.bbc.com/news/technology-55399509

Facebook child abuse detection hit by new EU rules

Facebook has switched off some of its child abuse detection tools in Europe in response to new rules from the EU.

The company said it has had no choice but to do so, since the new privacy directive bans automatic scanning of private messages.

The change only applies to messaging services rather than all content uploaded to Facebook.

However, there is no change in the UK, where measures are "consistent with applicable laws", Facebook said.

The problem has emerged despite warnings from child protection advocates that the new privacy rules effectively ban automated systems scanning for child sexual abuse images and other illegal content.





Papers, Citizen!

https://www.technologyreview.com/2020/12/21/1015353/covid-vaccine-passport-digital-immunity-record/

Will you have to carry a vaccine passport on your phone?

You may have heard about using “vaccine certification” or “immunity passports,” analog or digital tools to prove you’re vaccinated. Some experts champion them as a way to get back to normal life, while others warn about privacy risks and the potential for discrimination and abuse.

These debates are mostly speculative, but underlying issues of privacy, verification, and ethical use aren’t unique to the vaccine. Governments and businesses already use covid-related records every day to make decisions about who can do what. Here’s what we know.





For the implementers…

https://www.cpomagazine.com/data-protection/ccpa-vs-gdpr-spot-the-difference/

CCPA vs GDPR – Spot the Difference

For more than two years, the GDPR has been one of the most pressing pieces of data protection legislation that organisations handling data on EU residents had to get to grips with. Its strict regulations meant that companies compliant with the GDPR would also be likely to comply with the data protection standards in any territory outside of the EU as well. The status quo changed in July however, when the California Consumer Protection Act (CCPA) began to be enforced.

While there are many similarities between CCPA and the GDPR, there are some subtle yet significant differences many of those planning to do business in California need to be aware of.



(Related)

https://fpf.org/blog/a-deep-dive-into-new-zealands-new-privacy-law-extraterritorial-effect-cross-border-data-transfers-restrictions-and-new-powers-of-the-privacy-commissioner/

A DEEP DIVE INTO NEW ZEALAND’S NEW PRIVACY LAW: EXTRATERRITORIAL EFFECT, CROSS-BORDER DATA TRANSFERS RESTRICTIONS AND NEW POWERS OF THE PRIVACY COMMISSIONER

Last week, on December 1st, the newly amended Privacy Act 2020 (Act) of New Zealand came into force. The act was passed by the New Zealand Parliament on June 20, 2020 and made significant changes to the 1993 law, Privacy Act 1993. The amendments cover a broad range of topics including the extraterritorial scope of the law, new mandatory data breach notification requirements, changes to “compliance notices” as a key enforcement tool of the Office of the Privacy Commissioner, to data subject access requests, restrictions on cross-border transfers of personal information, and the enforcement regime overall.





Futile?

https://www.bespacific.com/civil-rights-groups-move-to-block-expansion-of-facial-recognition-in-airports/

Civil rights groups move to block expansion of facial recognition in airports

The Verge: “A coalition of civil rights groups led by the American Civil Liberties Union have filed an objection to the proposed expansion of Customs and Border Protections facial recognition at land and sea ports. The National Immigration Law Center, Fight for the Future, and the Electronic Frontier Foundation are also participating in the motion, alongside twelve others. Filed in November, CBP’s proposed rule would expand the biometric exit system, authorizing the collection of facial images from any non-citizen entering the country. But in a filing on Monday, the final day of the comment period, the coalition argued that those measures are too extreme.

CBP’s proposed use of face surveillance at airports, sea ports, and the land border would put the United States on an extraordinarily dangerous path toward the normalization of this surveillance,” said Ashley Gorski, senior staff attorney with the ACLU’s National Security Project, in a statement to reporters. “The deployment of this society-changing technology is unnecessary and unjustified.”…





Explaining why you need to explain Explainable AI

https://www.zdnet.com/article/explaining-explainable-ai/

Explaining explainable AI

… AI systems making inexplicable decisions are your governance, regulatory, and compliance colleagues' worst nightmare. But aside from this, there are other compelling reasons for shining a light into the inner workings of AI. For one, as more and more companies adopt AI, they find that the business stakeholders who will rely on AI for their workflows won't trust decisions if they don't have at least a general understanding of how they were made. Also, opaque AI obfuscates the "second-order insights," such as nonintuitive correlations that emerge from the inner workings of a machine-learning model.

To understand the business and technology trends critical to 2021, download Forrester's complimentary 2021 Predictions Guide here.





Perspective.

https://insidebigdata.com/2020/12/21/big-data-industry-predictions-for-2021/

Big Data Industry Predictions for 2021

2020 has been year for the ages, with so many domestic and global challenges. But the big data industry has significant inertia moving into 2021. In order to give our valued readers a pulse on important new trends leading into next year, we here at insideBIGDATA heard from all our friends across the vendor ecosystem to get their insights, reflections and predictions for what may be coming. We were very encouraged to hear such exciting perspectives. Even if only half actually come true, Big Data in the next year is destined to be quite an exciting ride.



No comments: