Saturday, May 09, 2020


Coming soon to a law firm near you!
Celebrity Data Stolen in Ransomware Attack on NYC Law Firm
A New York City law firm that serves some of the world's biggest stars of stage and screen appears to have fallen victim to a REvil ransomware attack.
Perpetrators of the attack are threatening to expose nearly 1TB of celebrities' private data unless Grubman Shire Meiselas & Sacks pays a ransom in Bitcoin.
With a client list that reads like a celebrity who's who, the entertainment and media law firm handles the private legal affairs of John Mellencamp, Elton John, David Letterman, Robert DeNiro, Christina Aguilera, Barbra Streisand, and Madonna.
Companies Facebook, Activision, iHeartMedia, IMAX, Sony, HBO, and Vice Media and sporting stars LeBron James, Carmelo Anthony, Sloane Stephens, and Colin Kaepernick are also clients of Grubman Shire Meiselas & Sacks.
Cyber-thieves claim to have used REvil ransomware (also known as Sodinokobi) to steal 756GB of data that includes contracts, telephone numbers, email addresses, personal correspondence, and non-disclosure agreements.
The attackers are threatening to publish the data in nine staggered releases unless they are paid an undisclosed sum. Grubman Shire Meiselas & Sacks is yet to confirm or comment publicly on the alleged ransomware attack.




Establishing a baseline. (I wonder who else is doing this?)
WeChat is Surveilling International User Files to Strengthen China’s National Censorship Model
Chinese social media giant WeChat is screening documents and images shared by overseas users, according to researchers from the Citizen Lab of the University of Toronto.
As of late 2019, the messaging app is said to have had more than 1 billion active users on a monthly basis, sending around 45 billion messages daily.
According to the study, the company has been silently surveilling and analyzing millions of files shared by international WeChat users via a remote server hosted by Chinese Internet provider Tencent.
Like any other Internet platform operating in China, WeChat is expected to follow rules and regulations from Chinese authorities around prohibited content,” the researchers said. Later adding that, “companies are expected to invest in human resources and technologies to moderate content and comply with government regulations on content controls. Companies which do not undertake such moderation and compliance activities can be fined or have their business licenses revoked”.
In the most recent report, entitled ‘We Chat, They Watch,’ Citizen Lab observed that the app’s remote server scans for “politically sensitive” content, adding a digital signature (MD5 hash) that assures no Chinese users can see the shared files.




Okay, let’s assume they’re guilty. Now what do we do?
EU looks for evidence to rein in U.S. tech giants
U.S. tech giants such as Facebook and Amazon could face tougher rules as European Union regulators seek evidence to curb their role as gatekeepers to the internet and access to people, information and services, according to an EU tender seen by Reuters.
The outcome could force Facebook, Google, Amazon and Apple to separate their competing businesses, provide rivals access to their data and open up their standards to them.
The European Commission, which in February said it was considering legislation against large online platforms acting as gatekeepers, has put out a 600,000-euro ($649,800) tender for a study to gather evidence of such gatekeeping power.
The study should look into self-preferencing practices and the possibility of forcing dominant companies to separate their businesses, the tender said, citing Amazon which is both a retailer and a market place operator, and app developer and App Store operator Apple.




Now this could be a useful tool.
To understand Trump, an AI bot had to be de-programmed from using English grammar. It uses 11 million words from Trump's remarks to tell when he's angry or lying
Whenever it seems like it's too hard to keep track of everything President Donald Trump is saying, now there's a bot for that.
Margaret, named after the meticulous West Wing character, catalogues all of Trump's spoken words, tweets and other utterances to compile in its database — more than 11 million of the president's words dating back to 1976.
A new Los Angeles Times profile of its creator, Bill Frischling, traces the history of the bot, which is used by Amazon for help with Trump-related queries on its Alexa devices.
The AI network is also available online for users to search through.
The bot can predict whether Trump is lying, if he's mad, and how stressed he is whenever speaking on camera.




Handy, as I go through the last few books I bought by the bag full at a library sale.
5 Fuss-Free Websites to Find What Book to Read Next



Friday, May 08, 2020


An attempt to avoid the backlash to their facial recognition app? Will other locations still match to faces uploaded by Illinois residents?
Clearview AI to stop selling controversial facial recognition app to private companies
Controversial facial recognition provider Clearview AI says it will no longer sell its app to private companies and non-law enforcement entities, according to a legal filing first reported on Thursday by BuzzFeed News. It will also be terminating all contracts, regardless of whether the contracts are for law enforcement purposes or not, in the state of Illinois.




A CPO’s work is never done…
You NEED to Act Even If Your Company Is Compliant With EU GDPR
There is a common perception amongst privacy and business leaders that they do not need to take any action (for India’s PDPB) if they have already taken actions for compliance with EU GDPR. While the amount of work may not be as much, companies still need to take specific actions for PDPB. This article talks about what actions companies compliant with GDPR shall need to take to become compliant with PDPB.




Harsh.
India is forcing people to use its covid app, unlike any other democracy
Millions of Indians have no choice but to download the country’s tracking technology if they want to keep their jobs or avoid reprisals.




Complicated.
National Security Warning Labels May Be Coming Soon to Apps
Jim Banks, the Republican Party’s Indiana representative, is pushing forward a piece of legislation that would see consumers being slapped with warning labels before downloading apps that originate from countries considered to be U.S. national security risks.
If passed, the bill would mandate that app developers and app stores go to new lengths in their warning labels to lay out which companies own the app, as well as to which country’s laws the app is subject.




The world after Covid?
Zillow bets new normal for real estate is virtual tours, digital processes, machine learning




A tool for those who still write cursive?
Google Lens can now copy and paste handwritten notes to your computer
Google has added a very useful feature to Google Lens, its multipurpose object recognition tool. You can now copy and paste handwritten notes from your phone to your computer with Lens, though it only works if your handwriting is neat enough.
In order to use the new feature, you need to have the latest version of Google Chrome as well as the standalone Google Lens app on Android or the Google app on iOS (where Lens can be accessed through a button next to the search bar). You’ll also need to be logged in to the same Google account on both devices.
That done, simply point your camera at any handwritten text, highlight it on-screen, and select copy. You can then go to any document in Google Docs, hit Edit, and then Paste to paste the text. And voila — or, viola, depending on your handwriting.
In addition to the new copy-and-paste feature, Google is also rolling out a pronunciation tool. Just highlight a word in Lens, and tap “Listen” to hear how it’s pronounced. (This is available in Android now and coming to iOS soon.) You can also now look up concepts with Lens, searching for phrases like “gravitational waves” to get in-line Google search results. That’s potentially very handy if you’re doing schoolwork or helping your children with theirs.



Thursday, May 07, 2020


I thought this was clearly understood. Silly me.
No cookie consent walls — and no, scrolling isn’t consent, says EU data protection body – TechCrunch
You can’t make access to your website’s content dependent on a visitor agreeing that you can process their data — aka a ‘consent cookie wall’. Not if you need to be compliant with European data protection law.
That’s the unambiguous message from the European Data Protection Board (EDPB), which has published updated guidelines on the rules around online consent to process people’s data.
Under pan-EU law, consent is one of six lawful bases that data controllers can use when processing people’s personal data.
But in order for consent to be legally valid under Europe’s General Data Protection Regulation (GDPR) there are specific standards to meet: It must be clear and informed, specific and freely given.




Some interesting conclusions…
Some Observations on the Clearview AI Facial Recognition System – From Someone Who Has Actually Used It …
Clearview is a facial recognition search engine licensed to law enforcement agencies by Clearview AI, Inc. that permits an investigating officer to upload a photo of an individual of interest (a possible suspect, witness or victim) and search a database compiled by Clearview of over 3 billion publicly available images posted by individuals and organizations on the web. According to the company Clearview employs state of the art facial recognition technology to try to match the image uploaded by law enforcement to Clearview’s database to try to find a match, and if a likely match is found the program displays the publicly available image located along with its associated public link. Clearview refers to its system as being like a ‘Google search for faces.’
The Clearview interface is very simple in structure and operation. Once a police officer logs into Clearview an initial ‘splash screen’ is displayed. This initial screen describes how Clearview works advising the officer to upload the best photo s/he has (faces facing forward both eyes showing not wearing glasses), that the search may be saved (or not) if the officer so chooses, that all users are reminded to follow the law and only use Clearview for authorized purposes, and that matches cannot be used as evidence in court.




"Quod erat demonstrandum"
Global health crises are also information crises: A call to action
Xie B, He D, Mercer T,et al. Global health crises are also information crises: A call to action. J Assoc Inf Sci Technol.2020;1–5. https://doi.org/10.1002/asi.24357: “In this opinion paper, we argue that global health crises are also information crises. Using as an example the coronavirus disease 2019 (COVID‐19) epidemic, we (a) examine challenges associated with what we term “global information crises”; (b) recommend changes needed for the field of information science to play a leading role in such crises; and (c) propose actionable items for short‐ and long‐term research, education, and practice in information science.”




It’s a start.
How Microsoft, OpenAI, and OECD are putting AI ethics principles into practice
Microsoft’s AI ethics committee helped craft internal Department of Defense contract policy, and G20 member nations wouldn’t have passed AI ethics principles if it weren’t for Japanese leadership. That’s according to a case study examining projects at Microsoft, OpenAI, and OECD out this week.
Published Tuesday, the UC Berkeley Center for Long-Term Cybersecurity (CLTC) case study examines how organizations are putting AI ethics principles into practice. Ethics principles are often vaguely phrased rules that can be challenging to translate into the daily practices of an engineer or other frontline worker. CLTC research fellow Jessica Cussins Newman told VentureBeat that many AI ethics and governance debates have focused more on what is needed, but less on the practices and policies necessary to implement goals enshrined in principles.




Probably some possiblility this is true.
Work From Home Is Here to Stay
Vanity Fair – The future of jobs after the pandemic is a blurry mix of work, life, pajamas, and Zoom. “…. While working remotely confers some mental-health and other benefits, the “job” as we know it might never be the same. Conferences, in-person meetings, and even handshakes might be deemed not worth the risk of infection. What might emerge is a future in which results-oriented introverts prevail while those who thrive on face-to-face interactions and office politics fumble. In the post-pandemic workplace, nerds may get their revenge…”




A research tool.
New Search Engine for State Legislation
BillTrack50 offers both a free and a paid service. Our genuinely free service allows citizens to search by keyword or bill number to discover and review an unlimited number of state and federal bills. Unlimited free access to bill data is fundamental to the working of our sharing tools and is fundamental to our mission. It won’t be going away. BillTrack50 does not sell your data to third parties or accept paid advertising. We make our money from our subscription services…”




Solace or enhanced depression? Probably not bedtime reading for children.
Finding Solace, and Connection, in Classic Books
The New York Times Coronavirus Notebook: “…In this time of crisis, we are reminded that literature provides historical empathy and perspective, breaking through the isolation we feel hunkered down in our homes to connect us, across time zones and centuries, with others who once lived through not dissimilar events. It conjures our worst nightmares (Poe’s “The Masque of the Red Death,” Katherine Anne Porter’s “Pale Horse, Pale Rider”). And it highlights what we have in common with people in distant cultures and eras, prompting us to remember that others have not only grappled with traumatic events that slammed home the precariousness of life, but have also experienced some of the same things we are dealing with today. Writers, chronicling the plagues that repeatedly afflicted London in the 17th century, remarked on the silence that descended upon the city (Pepys noted in a letter that “little noise” was to be heard “day or night but tolling of bells” for burials); the shuttering of businesses, theater and sport events; and nervous efforts to use weekly death counts to try to ascertain whether the disease curve was flattening or ascending…”




Dilbert on “big data.”



Wednesday, May 06, 2020


A very scary perspective.
Enterprises throw money at cybersecurity but half of attacks are still a success
On Tuesday, FireEye's Mandiant released its annual Security Effectiveness Report. Based on enterprise contributions, penetration tests, and the analysis of 100 enterprise-level production environments across 11 industries, the report concludes that while organizations are significantly increasing cybersecurity budgets, the reality is that many attacks are still successfully infiltrating enterprise environments.
In total, 53% of attacks performed were successful and infiltration without detection was achieved. 26% of attacks were successful but were detected, while 33% of attacks were prevented by security solutions. However, only 9% of attacks led to an alert being generated.




If your oil industry was the only one left functioning, what would you charge for a barrel of oil?
Troubled Oil and Gas Industry Under Siege From Spyware; Novel Spear Phishing Attacks Thought to Be Espionage-Driven
The global oil and gas industry would have had a tough year even if the coronavirus had never surfaced; overproduction by the United States and a price war between Russia and Saudi Arabia might well have driven prices to record lows in 2020 anyway. But with the added complication of a halt to the majority of travel due to a pandemic, a barrel of oil briefly had a negative value in April as supply overwhelmed storage capacity. Oil price fluctuations continue but as we have seen with other industries, hackers don’t give anyone a break during hard times and pounce on whatever opportunities are available. The oil and gas industry is currently fending off a major spyware campaign, notable for its use of highly targeted spear phishing attacks, during one of the toughest periods in its history.
The use of novel tools and the type of information that is being sought also indicates that sophisticated advanced persistent threat (APT) groups backed by a nation-state are the culprits, and that espionage is behind the sudden interest in this vertical. The hackers seem to want to know in advance what countries in the OPEC alliance and the Group of 20 nations are planning.




Once upon a time, only a few visionaries were thinking about Privacy. Now people are starting to realize there is money to be made!
The Rise of the PrivacyTechs
It is very difficult to imagine any sector of the economy that is not impacted by technology, disruptions, startups and questions like “Why should it be like this?” are more and more frequent. The digital revolution is everywhere, from the countryside to industries, banks, schools, government, transportation, insurance. The moment we are living in is unique. Time has come for privacy and more and more countries and companies are seeing the need to protect privacy as an important asset. In order to support companies in this journey of adaptation, the so-called “PrivacyTech” began to emerge between 2016 and 2017, aiming at a promising market for companies that need solutions for privacy protection and personal data management.


(Related) ...and apparently there is much education still to be done.
How Americans see digital privacy issues amid the COVID-19 outbreak
The ongoing coronavirus outbreak has brought privacy and surveillance concerns to the forefront – from hacked video conferencing sessions to proposed government tracking of people’s cellphones as a measure to limit and prevent the spread of the virus. Over the past year, Pew Research Center has surveyed Americans on their views related to privacy, personal data and digital surveillance.
Here are 10 key findings that stand out.




How could Apple’s (or anyone’s) lawyers made this work?
Apple’s Copyright Lawsuit Has Created a ‘Chilling Effect’ on Security Research
Security researchers are scared to buy, use, or even talk about the controversial iPhone emulation software Corellium, whose makers are in a legal battle with Apple.
Last year, Apple accused a cybersecurity startup based in Florida of infringing its copyright by developing and selling software that allows customers to create virtual iPhone replicas. Critics have called the Apple's lawsuit against the company, called Corellium, “dangerous” as it may shape how security researchers and software makers can tinker with Apple’s products and code.
I don’t know if they intended it but when they name individuals at companies that have spoken in favor [of Corellium], I definitely believe retribution is possible,” the researcher added, referring to Apple’s subpoena to the spanish finance giant Santander Bank, which named an employee who had Tweeted about Corellium.




It seems to depend on who you ask.
6 key benefits of AI for business
The Global AI Survey from McKinsey & Co., released in November 2019, found that 63% of responding executives reported revenue increases thanks to AI, while 44% cited reduced costs as a result of the technology.
Not all reports, to be sure, have found the benefits of AI for business to be as immediate. For example, a study released in October 2019 from MIT Sloan Management Review and Boston Consulting Group, titled "Winning With AI," found that although 90% of respondents believe AI represents a business opportunity for their companies, the vast majority (70%) have seen minimal or no impact from AI so far.




This is interesting and certainly reflects what I found when trying to implement change.
Your Business Is Too Complex to Be Digital
Business leaders are starting to rethink their strategies to take advantage of digital technologies. They envision omnichannel customer interfaces, ecosystems of tightly connected partners, and novel customer solutions leveraging newly accessible data.
This is smart. Digital technologies are already shifting industry boundaries and competitive landscapes (think of relatively new industry types: information dissemination, entertainment streaming, personal mobility). Ongoing industry disruption means that business leaders absolutely must articulate strategies that are inspired by the capabilities of digital technologies.
An inspired digital strategy, however, is barely enough to get started.
For most established companies, it is more likely that operational deficiencies, rather than lack of strategic thinking, will stymie their ability to compete digitally. Those operational deficiencies will not be easily resolved. They result from layers of variability — years of new operational and commercial processes built next to (and on top of) legacy systems and ways of working. This kind of non-value-adding variability has made many companies too complex to deliver digital solutions. To compete digitally, business leaders must attack that complexity.




Probably should have consulted a professional (before posting his boasting)
Trump's Would-Be New Spy Chief Tried to Delete His Internet History and It Went About How You'd Expect
President Trump’s pick to lead U.S. intelligence, Rep. John Ratcliffe, appears to have scrubbed some of his most controversial boasts about his national security background from two websites around the time Trump nominated him to the post for a second time last winter.
If he does get the job as America’s spymaster, Rep. Ratcliffe may want to consult U.S. intel experts about something called the “Wayback Machine” — which allows anyone with an internet connection to see how websites used to look, even after you’ve deleted the embarrassing stuff.




New? Catch up, legal guys.
New Industry Available on Legal Radar: Follow Internet & Social Media
Follow Internet & Social Media for the latest news and litigation updates involving e-commerce websites, social networking hubs, online publishers, travel sites, delivery apps, dating sites and other internet-enabled companies.




Perspective. A nation of pedalphiles?
People Are Panic-Buying Meat, Toilet Paper … and Pelotons?
With gyms closed and nowhere to go, more people are shelling out $2,245 for the workout bike.




Perspective.
For the first time, India has more rural net users than urban
The latest report by the Internet & Mobile Association of India (IAMAI) and Nielsen showed rural India had 227 million active internet users, 10% more than urban India’s about 205 million, as of November 2019.
The numbers were boosted by the cheapest internet connections in the world.
In addition, there are around 71 million kids, aged 5-11 years, who go online using devices of family members. With this, India surpassed another milestone of having 504 million active internet users who are 5 years old or above — 53 million more than 451 million in March 2019. Active internet users are defined as those who use the internet at least once a month.
At 40%, India lags behind US, China in internet penetration



Tuesday, May 05, 2020


Failure to plan is planning to fail.
Students, experts call for explanation after York University suffers 'extremely serious' cyber attack
Students and digital security experts say York University must release more information about what the school calls an "extremely serious" cyber attack last week.
York says the Friday evening attack corrupted a number of its servers and workstations, though it has not yet said if any sensitive information was stolen.
York has advised that everyone at the university will need to reset their passwords as a result of the attack.
But the York Federation of Students (YFS) has voiced concerns over what it says is a lack of communication following the hack. The student union says the university did not directly inform students about the situation, relying instead on statements posted to its website and social media.




Are they worried about something?
Connor Hoffman reports:
In a surprise unannounced change, the New York State Education Department amended its website to explain the department is not currently approving Smart Schools Bond Act project applications that utilize facial recognition technology.
The Union-Sun & Journal noticed the change last week.
The Review Board is not currently approving plans that include facial recognition technology or other similar self-learning analytic software,” the website says.
It is unclear when exactly the change was made or whether it’s permanent.
Read more on Lockport Journal.
While this is good news, it’s also a bit confusing news until we find out more about why the decision was made. It would be nice if the state had suddenly gained insight into how dystopian some of these technologies are, but I’m a bit skeptical that that’s the explanation.




Because CCPA isn’t enough?
Hunton Andrews Kurth writes:
On May 4, 2020, Californians for Consumer Privacy (the group behind the ballot initiative that inspired the California Consumer Privacy Act of 2018 (“CCPA”)) announced that it had collected over 900,000 signatures to qualify the California Privacy Rights Act (“CPRA”) for the November 2020 ballot. The group announced that it was taking steps to submit the CPRA for inclusion on the November ballot in counties across California. The CPRA would amend the CCPA to create new and additional privacy rights and obligations in California, including the following:




Of course they’re going to keep the data. What government wouldn’t?
Gareth Corfield reports:
Britons will not be able to ask NHS admins to delete their COVID-19 contact-tracking data from government servers, digital arm NHSX’s chief exec Matthew Gould admitted to MPs this afternoon.
Gould also told Parliament’s Human Rights Committee that data harvested from Britons through NHSX’s COVID-19 contact tracing app would be “pseudonymised” – and appeared to leave the door open for that data to be sold on for “research”.
Read more on The Register.




Pay for articles in search results?
Google is like a poster in the newsagent's window for publishers, tech giant says
Google Australia responds to government’s move to force it to pay for content by arguing it provides publishers with free advertising
The local arm of Google was responding to the government’s assertion that Australian news content is “lucrative for the tech titans”, and Google and Facebook should be paying publishers millions of dollars annually for using it.
In the offline print world, publishers have long paid retailers, newsstands and kiosks to distribute their newspapers and magazines – acknowledging the value of acquiring audiences to a publishers’ content and the advertising publishers sell alongside it,” Google Australia’s managing director, Mel Silva, said in a lengthy riposte to the government’s instruction to the competition watchdog to develop a mandatory code to force the digital platforms to pay for using news content.




Keep learning.
Microsoft: Our new free Python programming language courses are for novice AI developers
Microsoft has released two more Python series for beginners in the form of two three-hour courses on YouTube, which add to the 44-part Python for Beginners series it released last fall.
The new More Python for Beginners series consists of 20 videos that run between two minutes and 15 minutes each. It covers working with files, lambdas or 'anonymous functions', and object-oriented programming, and each tutorial is followed by a short demo video.
The second of the two new series, called Even More Python for Beginners: Data Tools, follows the same format and consists of 31 videos.