Saturday, April 18, 2020


Another virus impact.
Hacking against corporations surges as workers take computers home
Hacking activity against corporations in the United States and other countries more than doubled by some measures last month as digital thieves took advantage of security weakened by pandemic work-from-home policies, researchers said.




Unsure of their process?
ICO Confirms Second Deferral For BA And Marriott’s GDPR Fines
The fines, issued two days apart in July last year, will be deferred until later in 2020 “pending further investigations”.
It is the second time a deferral has been announced, following the first in January 2020.
Given the fines were the ICO’s first flex of its newly strengthened GDPR muscle – and the fact that, to negotiate a deferral it has to seek agreement from the entities being penalised Under Schedule 16 of the Data Protection Act 2018 – it’s a less than ideal situation for the a regulator to be in.




Perspective.
Investor Mary Meeker says Covid-19 crisis is separating businesses with strong online strategies from laggards
Mary Meeker, the former tech investment banker who has spent the past decade in venture capital, is out with a new 29-page report on how the coronavirus is shaping economic activity, consumer behavior and technology.
The report, which Axios published on Friday, says businesses that are doing the best in the current crisis use cloud technologies, sell products that are always needed, can easily be found online, make other businesses more efficient and have a good social media presence.


(Related)
Shopify Surges After CTO Touts ‘Black Friday Level Traffic’
Shopify Inc. shares are on track for a record high after an executive said the e-commerce company was experiencing traffic similar to peak holiday levels and predicted even more growth.
Shopify gained as much as 11% on Friday, after rising 5.9% on Thursday. During the course of its current seven-day winning streak the stock has gained 50%, adding $23 billion in market value.




These might be useful in normal times.
5 Job Boards to Find Work From Home Gigs and Remote Jobs



Friday, April 17, 2020


Value other than money?
FBI official says foreign hackers have targeted COVID-19 research
A senior cybersecurity official with the Federal Bureau of Investigation said on Thursday that foreign government hackers have broken into companies conducting research into treatments for COVID-19, the respiratory illness caused by the coronavirus.
… “We certainly have seen reconnaissance activity, and some intrusions, into some of those institutions, especially those that have publicly identified themselves as working on COVID-related research,” she said.
Ugoretz said it made sense for institutions working on promising treatments or a potential vaccine to tout their work publicly. However, she said, “The sad flipside is that it kind of makes them a mark for other nation-states that are interested in gleaning details about what exactly they’re doing and maybe even stealing proprietary information that those institutions have.”




A topic in Computer Security / Disaster Recovery. Computers are cheaper than most weapons of war.
Cyberwar: How It Could Unfold and How We Can Defend Against It
What will a cyberwar look like?
Will it be a blitzkrieg-like invasion where a nation’s critical energy and water systems are suddenly destroyed, plunging society into chaos and panic? Or will it consist of a series of persistent guerilla attacks that aggravate the populace, weaken institutions and erode everyone’s confidence in their daily systems?
Or will it revolve around employing falsified data to control the “decision space,” which Vincent R. Stewart, USMC, calls “fifth generation warfare”? In this situation, hackers inject erroneous data into the system to coax last line of defense operators and engineers toward hazards like energizing an area in the midst of extreme wildfire danger. Even getting individuals to doubt their data is a victory.
Or will it be a shadow war, similar to the espionage during the Cold War, where security analysts will need to spend considerable time following up leads to determine whether an incident was a real attack or just a mindless bot? Significantly, more effort is needed to support criminal investigation of opportunistic mercenaries as well as geopolitical smoke screens.
As a pragmatist, I believe it will likely be, and already is, all of the above.




Creating a “this person is healthy” passport looks more and more likely. You may need to present your ‘papers’ to fly, join any gathering, visit a government office...
Is the Roberts Court Going to Let Coronavirus Kill Us?
It is looking increasingly as though a nationwide program of testing, and hopefully vaccination, may be the only way to stop the spread of the novel coronavirus and bring back the U.S. economy. Unfortunately, the U.S. Supreme Court’s 2012 Obamacare decision may actually stand in the way of effective congressional action just when it is most needed.
In the Obamacare case, NFIB v. Sebelius, Chief Justice John Roberts declared that Congress could not constitutionally require people to obtain health insurance, relying on a novel distinction between activity and inactivity. “Construing the Commerce Clause to permit Congress to regulate individuals precisely because they are doing nothing would open a new and potentially vast domain to congressional authority (emphasis in original).”




Is ‘stay at home’ legal?
Freedom of Association in the Wake of Coronavirus
CRS Legal Sidebar – Freedom of Association in the Wake of Coronavirus, April 16, 2020: “…At least 42 U.S. states have issued emergency orders directing residents to “stay at home,”with many states prohibiting gatherings of various sizes to control the spread of Coronavirus Disease 2019 (COVID-19).
This post discusses the legal standards that those courts applied as well as background First Amendment principles that are likely to continue to inform judicial review of free speech–related challenges to gathering bans. Religious exercise principles are discussed separately in this posting…”


(Related)
COVID-19, Digital Surveillance, and Privacy: Fourth Amendment Considerations
CRS Legal Sidebar – COVID-19, Digital Surveillance, and Privacy: Fourth Amendment Considerations, April 16, 2020: “As COVID-19 has spread across the globe, countries like South Korea and Israel have employed digital surveillance measures using cell phone location data, among other things, in an effort to track and limit the virus’s transmission. In the United States, the federal government and some state and local governments have reportedly begun to gather geolocation data voluntarily provided by the mobile advertising industry to assess how people are continuing to move and congregate during the pandemic. Technology companies such as Google and Facebook have also discussed leveraging some of their aggregated and anonymized location data for similar purposes. Moreover, the recently passed CARES Act provides, as part of new funding for the Department of Health and Human Services’ Centers for Disease Control and Prevention (CDC), that the CDC must report to Congress within 30 days on “the development of a public health surveillance and data collection system for coronavirus.” In light of these developments, some commentators have speculated about the potential in the United States for more invasive, obligatory data collection and tracking practices emulating the measures taken in some other parts of the world. Actions by the federal or state governments to surveil U.S. citizens in response to the COVID-19 pandemic could raise a host of legal issues, but as one commentator recently recognized, the Fourth Amendment to the U.S. Constitution may “determine the outer bounds of permissible surveillance at the federal and state levels” in this context. This Sidebar accordingly provides an overview of the Fourth Amendment and certain relevant doctrines and exceptions before discussing how the relevant legal frameworks could apply to coronavirus-related government surveillance…”




Concern: Will pent up demand crash the Internet?
Amazon, Flipkart and other e-commerce firms in India to resume sales of non-essential items from April 20 – TechCrunch
Flipkart, Amazon, Snapdeal and other online shopping firms will resume selling “non-essential” items to customers in India starting April 20, weeks after New Delhi imposed a lockdown in the country that has cost e-commerce companies more than a billion dollars in sales.
New Delhi said on Thursday that e-commerce companies can resume accepting customers orders for non-essential items including smartphones and laptops starting next Tuesday. Spokespeople of Flipkart, Amazon, Snapdeal, and Paytm Mall confirmed to TechCrunch that they will be complying with the new direction.




For those working on AI at home.
AI and Analytics: Coming to a Process Near You
Accelerating speed to insight from data is critical to nearly all types of organizations, especially as managers seek to develop strategies for responding to unexpected and rapidly changing circumstances such as the global coronavirus outbreak. TDWI's recently published Best Practices Report, Faster Insights from Faster Data, takes an in-depth look at practice and technology issues that matter most in reducing delays in data life cycles and putting well-prepared and relevant data in the hands of users sooner.




I’m shocked. Shocked I tell you!”
Study – Students often do not question online information
PHYS.org: “The Internet and social media are among the most frequently used sources of information today. Students, too, often prefer online information rather than traditional teaching materials provided by universities. According to a study conducted by Johannes Gutenberg University Mainz (JGU) and Goethe University Frankfurt, students struggle to critically assess information from the Internet and are often influenced by unreliable sources. In this study, students from various disciplines such as medicine and economics took part in an online test, the Critical Online Reasoning Assessment (CORA). “Unfortunately, it is becoming evident that a large proportion of students are tempted to use irrelevant and unreliable information from the Internet when solving the CORA tasks,” reported Professor Olga Zlatkin-Troitschanskaia from JGU. The study was carried out as part of the Rhine-Main Universities (RMU) alliance…”




As long as you have extra time on your hands…
Harvard offering access to 64 different courses online for free



Thursday, April 16, 2020


No surprise.
Guidance on the North Korean Cyber Threat
The U.S. Departments of State, the Treasury, and Homeland Security, and the Federal Bureau of Investigation are issuing this advisory as a comprehensive resource on the North Korean cyber threat for the international community, network defenders, and the public. The advisory highlights the cyber threat posed by North Korea – formally known as the Democratic People’s Republic of Korea (DPRK) – and provides recommended steps to mitigate the threat. In particular, Annex 1 lists U.S. government resources related to DPRK cyber threats and Annex 2 includes a link to the UN 1718 Sanctions Committee (DPRK) Panel of Experts reports.
The DPRK’s malicious cyber activities threaten the United States and the broader international community and, in particular, pose a significant threat to the integrity and stability of the international financial system. Under the pressure of robust U.S. and UN sanctions, the DPRK has increasingly relied on illicit activities – including cybercrime – to generate revenue for its weapons of mass destruction and ballistic missile programs.




Coming at it from an old ‘new direction!’
Alaina Lancaster reports:
In a case over Facebook’s alleged use of plug-ins to catalog users’ browsing histories in order to sell that data, the U.S. Court of Appeals for the Ninth Circuit ruled that plaintiffs have standing to sue over an alleged infringement of privacy rights covered in the Wiretap Act, Stored Communications Act and the California Invasion of Privacy Act.
But what might be more interesting is the court finding the plaintiffs also have standing to sue the tech giant for unjust enrichment. Bernard Chao, a law professor at University of Denver Sturm College of Law, said he’s noticed lawyers often drop their unjust enrichment argument shortly after raising it. That could change after this decision.
Read more on Law.com.
[From the article:
Here, we have this theory that says unjust enrichment doesn’t focus on the injury that plaintiffs suffer—in fact, there might be some cases plaintiffs suffer no injury—what we suffer is on how much gain a defendant made by violating their duty. What’s interesting about privacy laws is there are all sorts of situations where companies are doing things that we think are harmful to privacy or cybersecurity, and it’s hard for the consumer to prove that they’ve been injured. But we can show pretty easily that the companies made money. If that’s the case, and we recognize that for standing purposes, a lot more consumers will be able to have their day in court.




Retaliation?
Amazon to close French warehouses until next week after court order
Amazon will close its warehouses in France until at least early next week after a court ordered it to limit deliveries to essential goods such as food and medical supplies.
… “The company is forced to suspend all production activities in all of its distribution centers in order to assess the inherent risks in the COVID-19 epidemic and take the necessary measures to ensure the safety of its employees (during that period),” Amazon said in the document seen by Reuters.
During the suspension, Amazon will tap a state partial unemployment scheme to pay its employees, the group said in the internal document.
With most shops in France shuttered as the government tries to contain the pandemic, the closure of the warehouses will likely disrupt deliveries across the country.
In a ruling on Tuesday, a French court said Amazon had to carry out a more thorough assessment of the risk of coronavirus contagion at its warehouses and should restrict its deliveries in the meantime, or face a fine.
We’re puzzled by the court ruling given the hard evidence brought forward regarding security measures put in place to protect our employees”, Amazon said in a statement.
Our interpretation suggests that we may be forced to suspend the activity of our distribution centres in France,” the group said, adding it would appeal the decision.




I guess musicians get bored too.
Watch these virtual concert livestreams during your social distancing
Digital Trends – “Even if we can’t go see our favorite artists play in person right now, almost every musician out there is playing online concerts for their fans to keep people entertained while we all stay at home. There’s no shortage of musical acts performing online every day, so we’ve compiled a list of all the upcoming livestream concerts scheduled throughout the rest of this month. Check back on this story, as we’ll be continuously updating it…”



Wednesday, April 15, 2020


The impact continues...
Equifax settles Indiana case over massive data breach for $19.5 million
Nate Raymond reports:
Equifax Inc will pay Indiana $19.5 million to resolve claims it failed to protect residents whose personal information was exposed in a data breach that affected 147 million people, the state’s attorney general said on Monday.
Read more on Reuters.




Aside from antibodies, what other requirements might there be for a “passport?” Would we ever stop using them?
The US government is in talks with UK AI startup Onfido to roll out immunity passports for people who recover from COVID-19
On Friday, Dr Anthony Fauci said the federal government was considering issuing Americans with immunity certificates.
In documents seen by Business Insider, Onfido said its immunity passport would “include test results tied to a person’s identity”, and claimed it could rapidly scale up to nationwide distribution.


(Related)
Harvard Researchers Say Some Social Distancing May Be Needed Into 2022
Bloomberg: “People around the world might need to practice some level of social distancing intermittently through 2022 to stop Covid-19 from surging anew and overwhelming hospital systems, a group of Harvard disease researchers said Tuesday. Lifting social-distancing measures all at once could risk simply delaying the epidemic’s peak and potentially making it more severe, the scientists warned in an article published Tuesday in the journal Science. The course of the pandemic will depend on questions not yet answered: Will the virus’s spread change with the seasons? What immunity will people have after they’re infected? And does exposure to coronaviruses that cause mild illnesses confer any protection against the pathogen that causes Covid-19?…”




For my students.
How to Tell Your Story on LinkedIn




Wish I had thought of this first!
A 93-year-old woman got a massive Coors Light delivery after a viral plea for more beer
Thanks to Coors Light, Olive Veronesi now has 150 ice-cold beers -- and she doesn't have to pass them around to anybody.
The 93-year-old went viral last week after CNN Pittsburgh affiliate KDKA shared her photo with a Coors Light in hand and a plea written on a white board: "I NEED MORE BEER!!"
The photo, taken by one of Veronesi's family members, was shared more than 5 million times.



Tuesday, April 14, 2020


This is an industry I could do very well in. Shame it’s not legal.
Cybercrime May Be the World's Third-Largest Economy by 2021
As organizations go digital, so does crime. Today, cybercrime is a massive business in its own right, and criminals everywhere are clamoring to get a piece of the action as companies and consumers invest trillions to stake their claim in the digital universe.
That's why the World Economic Forum's (WEF) "Global Risks Report 2020 states that cybercrime will be the second most-concerning risk for global commerce over the next decade until 2030. It's also the seventh most-likely risk to occur, and eighth most impactful. And the stakes have never been higher. Revenue, profits, and the brand reputations of enterprises are on the line; mission-critical infrastructure is being exposed to threats; and nation-states are engaging in cyber warfare and cyber espionage with each other.




A complex solution to a complex problem.
GDPR, CCPA and beyond: How synthetic data can reduce the scope of stringent regulations
As many organizations are still discovering, compliance is complicated. Stringent regulations, like the GDPR and the CCPA, require multiple steps from numerous departments within an enterprise in order to achieve and maintain compliance. From understanding the regulations, implementing technologies that satisfy legal requirements, hiring qualified staff and training, to documentation updating and reporting – ongoing compliance can be costly and time intensive.
If an organization can identify all of its personal data, take it out of the data security and compliance equation completely – rending it useless to hackers, insider threats, and regulation scope – it can eliminate a huge amount of risk, and drastically the reduce the cost of compliance.
Synthetic data makes this possible by removing identifiable characteristics of the institution, customer and transaction to create what is called a synthetic data set. Personally identifiable information is rendered unrecognizable by a one-way hash process that cannot be reversed. A cutting-edge data engine makes minor and random field changes to the original data, keeping the consumer identity and transaction associated with that consumer completely protected.
Once the data is synthetized, it’s impossible for a hacker or malicious insider to reverse-engineer the data.




Hasn’t this been the goal and the fear since the start?
Artificial intelligence is evolving all by itself
Artificial intelligence (AI) is evolving—literally. Researchers have created software that borrows concepts from Darwinian evolution, including “survival of the fittest,” to build AI programs that improve generation after generation without human input. The program replicated decades of AI research in a matter of days, and its designers think that one day, it could discover new approaches to AI.
In a preprint paper published last month on arXiv, the researchers show the approach can stumble on a number of classic machine learning techniques, including neural networks. The solutions are simple compared with today’s most advanced algorithms, admits Le, but he says the work is a proof of principle and he’s optimistic it can be scaled up to create much more complex AIs.




I imagine this would be irritating. Is it also negligent?
Ransomware attacks lock 2 Manitoba law firms out of computer systems
Sean Kavanagh reports:
Work at two Manitoba law firms is at a virtual standstill after cyber attacks left staff without access to their computer systems, locking out digital files, emails and data backups.
Read more on CBC.ca.


(Related) Recovery is possible, exposure is certain.
Backup or Disaster Recovery for Protection Against Ransomware?
To pay, or not to pay? Is it better to suffer the pain and outage of ransomware – or pay up, and by doing so, end it?
Like all such questions, there is no easy or simple answer. Can the affected organization afford a loss of operation? Does it have SLAs that will cause legal problems if they are broken? Does it have the support of a larger organization – government or insurance – that can either force its hand or support the cost of disruption? Is it in thrall to shareholders?
The best solution to difficult questions is to avoid the question. For ransomware, that either means prevention or simple, low-cost recovery. Since it is currently impossible to guarantee prevention, the onus is on low-cost recovery to avoid the choice between downtime and paying up.
Here the choice is between data backup and disaster recovery. The question now becomes, is backup alone enough, or is full disaster recovery required to mitigate the effect of ransomware? By ‘disaster recovery’, we mean the full gamut of backing up data, recovering that data, and business restitution without loss of business continuity.
In September 2016, the Barnstable, Massachusetts, police department became a victim of ransomware. Just two months earlier, however, Barnstable’s CIO Craig Hurwitz had deployed a backup and back-dating DR capability from Reduxio. The logs showed exactly when the infection occurred. Hurwitz requested that Reduxio back date his systems to just two minutes prior to the infection. This was achieved in just 35 minutes, with Barnstable PD operational without ransomware and without paying a ransom.




Could this continue after the pandemic?
SCOTUS to Break Tradition Hold Oral Arguments by Teleconference
The Court will hear oral arguments by telephone conference on May 4, 5, 6, 11, 12 and 13 in a limited number of previously postponed cases. The following cases will be assigned argument dates after the Clerk’s Office has confirmed the availability of counsel:
18-9526, McGirt v. Oklahoma
19-46
, United States Patent and Trademark Office v. Booking.com B.V.
19-177,
Agency for International Development v. Alliance for Open Society International, Inc.
19-267,
Our Lady of Guadalupe School v. Morrissey-Berru, and 19-348, St. James School v. Biel
19-431,
Little Sisters of the Poor Saints Peter and Paul Home v. Pennsylvania, and 19-454, Trump v. Pennsylvania
19-465,
Chiafalo v. Washington
19-518,
Colorado Department of State v. Baca
19-631,
Barr v. American Association of Political Consultants, Inc.
19-635,
Trump v. Vance
19-715,
Trump v. Mazars USA, LLP, and 19-760, Trump v. Deutsche Bank AG
In keeping with public health guidance in response to COVID-19, the Justices and counsel will all participate remotely. The Court anticipates providing a live audio feed of these arguments to news media. Details will be shared as they become available. The Court Building remains open for official business, but most Court personnel are teleworking. The Court Building remains closed to the public until further notice.”




Perspective.
Amazon to Expand Shipments of Nonessential Items, Continue Adding Staff
Tech giant’s planned hiring of 175,000 workers to help it handle surge in orders during pandemic




The Pandemic business?
Harvard Business Review COVID Coverage
HBR – “We’ve made our coronavirus coverage free for all readers. To get all of HBR’s content delivered to your inbox, sign up for the Daily Alert newsletter.”




Entertaining myself.
5 Musical Skills You Can Learn Online for Free, With or Without Instruments


(Ditto)
The BIG List of the Easiest Music Learning Websites Today



Monday, April 13, 2020


Surveillance by any other name…
Contact Tracing in the Real World
There have recently been several proposals for pseudonymous contact tracing, including from Apple and Google. To both cryptographers and privacy advocates, this might seem the obvious way to protect public health and privacy at the same time. Meanwhile other cryptographers have been pointing out some of the flaws.
There are also real systems being built by governments. Singapore has already deployed and open-sourced one that uses contact tracing based on bluetooth beacons. Most of the academic and tech industry proposals follow this strategy, as the “obvious” way to tell who’s been within a few metres of you and for how long. The UK’s National Health Service is working on one too, and I’m one of a group of people being consulted on the privacy and security.
But contact tracing in the real world is not quite as many of the academic and industry proposals assume.
First, it isn’t anonymous.


(Related) It’s not just the doing, it’s the undoing.
J.D. Tuccille writes:
From cellphone tracking to drone eyes in the sky, perused health records, and GPS ankle bracelets, an epidemic of surveillance-state measures is spreading across the world. It’s all done in the name of battling the spread of COVID-19, of course, since every crisis is used to justify incursions into our liberty. But long after the virus has done its worst and moved on, we’re likely to be stuck with these invasions of our privacy—unless we push back, hard.
The rationales for surveillance are easy to understand, within certain limits. Public health authorities battling the pandemic want to know who is spreading the virus, which people they may have infected, and the movements of those potentially carrying the bug.
Read more on Reason.




Just a peek...
Law Enforcement Facial Recognition Use Case Catalogue
IJIS Inst. & Int’l Ass’n of Chiefs of Police, Law Enforcement Facial Recognition Use Case Catalogue (March 2019) (25-page PDF): “…This Law Enforcement Facial Recognition Use Case Catalog is a joint effort by a Task Force comprised of I JIS Institute and the International Association of Chiefs of Police. The document includes a brief description of how facial recognition works, followed by a short explanation of typical system use parameters. The main body of the catalog contains descriptions and examples of known law enforcement facial recognition use cases. A conclusion section completes this catalog, including four recommended actions for law enforcement leaders..”




Sharing resources.
Wolters Kluwer launched free searchable COVID-19 federal and state laws
  • Comprehensive Coverage: View federal and state laws, regulations, executive orders, and more; organized topically across Banking & Finance, Labor & Employment/HR & Benefits, Health & Infectious Disease, Tax, Securities and others.
  • Complimentary Access: No log in required, whether you’re in-house counsel, a law firm associate, a health law expert, or any other interested professional.
  • Sharable Content: Easily export, email, and print content to keep clients, customers, and colleagues informed…”