Saturday, June 06, 2020


It is management’s job to ensure they are getting the services they pay for and that all security protocols are operating correctly.
Fitness Depot hit by data breach after ISP fails to 'activate the antivirus'
Canadian retailer Fitness Depot announced customers that their personal and financial information was stolen following a breach that affected the company's e-commerce platform last month.
Based on the info in the breach notification letter the company sent to all potentially impacted individuals, the attack has all the signs of a textbook Magecart attack where the threat actors were able to compromise Fitness Depot's online store and inject a malicious form designed to harvest and exfiltrate customer information.
Fitness Depot blames its internet service provider (ISP) for the data breach saying that "[b]ased on our preliminary findings it appears our Internet Service Provider [ISP] neglected to activate the anti-virus software on our account."
It is not yet known what Canadian fitness retailer refers to since it's not an ISP's job to protect its customers' e-commerce platforms with anti-malware solutions.




Another flimsy excuse not to encrypt has been eliminated.
IBM Releases Open Source Toolkits for Processing Data While Encrypted
IBM this week announced the availability of open source toolkits that allow for data to be processed while it’s still encrypted.
The toolkits implement fully homomorphic encryption (FHE), which enables the processing of encrypted data without providing access to the actual data. The toolkits are currently available for macOS and iOS, but IBM is also working on versions for Android and Linux.
For example, what if all the health care providers on the planet could pool fully encrypted patient records to allow analytics on patient data without divulging anything about the individuals involved. Think of the progress that could be made with regards to treating certain kinds of diseases!” IBM’s Eli Dow explained in a blog post.
Dow added, “As you might appreciate, the concept generalizes to analytics and cloud storage for regulated industries in general. Basically most scenarios where information-sharing collides with the paradox of ‘need-to-know’ vs. ‘need to share’ would benefit from FHE.”
The FHE toolkits are available on GitHub for macOS and iOS.




Toward the automation of lawyers?
The Wisdom of Using AI for Middle Value Arbitration Disputes
Although arbitration prides itself on eschewing the type of scorched-earth discovery considered common-place in U.S. litigation, it is hard to get around the fact that disputes today involve more data. There is likely to be a significant volume of data that parties and their counsel need to wade through to even begin to assess whether they have a case. We are already using AI technology to categorize, process and evaluate such data, but more complex tasks are possible. For example, predictive coding (also known as technology assisted review or TAR) uses AI to learn and make better decisions while significantly expediting the document review process. Predictive coding starts by training software with a sample set of data and then using continuous active learning builds on that data set with the help of computer-driven algorithms. The value of predictive coding has already been endorsed in U.S. courts, including by then-U.S. Magistrate Judge Andrew Peck in Da Silva Moore v. Public Group (where the court held that predictive coding helps secure the just, speedy, and inexpensive determination of lawsuits).




Learning for shut-ins.
Library continues Artificial Intelligence series
The Ridgefield Library continues its new series called The Future is Now: Artificial Intelligence in 2020, on Thursday, June 18, at 6 p.m., via a live online webinar with Dr. Laxmi Parida who will discuss AI in the Life Sciences.
To register visit http://www.ridgefieldlibrary.org to receive a Zoom invitation to this event.



Friday, June 05, 2020


Just in case we have reached that tipping point.
CHINESE DEBATES ON THE MILITARY UTILITY OF ARTIFICIAL INTELLIGENCE
The Chinese military believes it is losing a high-stakes competition with the United States and Russia to lead the world in artificial intelligence (AI). In articles like, “The Quiet Rise of an Artificial Intelligence Arms Race” (人工智能军备竞赛正在悄然兴起), Chinese military authors point to a quote from Russian President Vladimir Putin, that whoever leads in AI will “rule the world.” As evidence of the U.S. military’s ambition to dominate in this field, they cite findings about AI in future warfare from the U.S. National Security Commission on Artificial Intelligence, calls for the United States to ally with other nations against Chinese AI development, the Department of Defense AI strategy, and the establishment of the Pentagon’s Joint Artificial Intelligence Center. In 2017, China was among the first nations to advance a national-level AI development strategy that broadly addressed AI’s role in economic development.
The Chinese military, however, has been opaque about its AI strategy and intentions. Undoubtedly, Chinese military officials understand they must compete with the United States by adapting quickly to changes in warfare brought about by AI and autonomous systems. An examination of the ongoing debate within the ranks of China’s People’s Liberation Army (PLA) about the transformation of warfare by AI — what they call “intelligentized warfare” (智能化作战) — reveals that this new form of warfare is an extension of existing Chinese strategy and operational concepts.
The English-language version of China’s 2019 Defense White Paper observes a change in modern warfare: “War is evolving in form towards informationized warfare, and intelligent warfare is on the horizon.” A translation of the Chinese-language version, however, reveals that the change is not about moving toward informationized warfare, it is about an evolution in informationized warfare




Protest tech.
Why Citizen has become the unofficial social network for protests
One of the most popular ways to keep track of protests has nothing to do with Facebook or Twitter.
Instead, it’s an app called Citizen, which has become an instant hit amid nationwide protests against police brutality and racial injustice. On Citizen, users can see a map of exactly where people are gathering, view raw video of demonstrations in progress, look for signs of rioting and looting, and air out their feelings in comments sections.




A different privacy perspective.
New Research: "Privacy Threats in Intimate Relationships"
I just published a new paper with Karen Levy of Cornell: "Privacy Threats in Intimate Relationships."
Abstract: This article provides an overview of intimate threats: a class of privacy threats that can arise within our families, romantic partnerships, close friendships, and caregiving relationships. Many common assumptions about privacy are upended in the context of these relationships, and many otherwise effective protective measures fail when applied to intimate threats. Those closest to us know the answers to our secret questions, have access to our devices, and can exercise coercive power over us. We survey a range of intimate relationships and describe their common features. Based on these features, we explore implications for both technical privacy design and policy, and offer design recommendations for ameliorating intimate privacy risks.
This is an important issue that has gotten much too little attention in the cybersecurity community.




Why would anyone turn down a one third reduction in accidents?
Study: Autonomous vehicles won’t make roads completely safe
Auto safety experts say humans cause about 94% of U.S. crashes, but the Insurance Institute for Highway Safety study says computer-controlled robocars will only stop about one-third of them.



Thursday, June 04, 2020


Always a question: How far can you push before someone (everyone?) pushes back harder?
Europe nears tipping point on Russian hacking
The European Union is getting ready to slap sanctions on a group of Russian hackers, according to three diplomats involved — a move that would mark a turning point in the bloc's efforts to address foreign hacking.
The sanctions, expected later this year, come after the German government announced it "had evidence" tying members of a Russian hacking group to the cyberattack on the Bundestag in 2015.
European countries have weighed sanctioning foreign nationals and entities involved in hacking for months, but talks were mired in secrecy as governments weighed their options. That changed when Chancellor Angela Merkel — previously reluctant to chide Russia over hacking — said last month that Berlin could not "simply ignore" an "outrageous" attack, and her government called for an EU response.
Capitals "may want to use this occasion to demonstrate that similar attacks against any member state are significant enough to merit sanctions," said Patryk Pawlak, executive officer at the EU Institute for Security Studies, the in-house think tank of the Council of the European Union.




Another tipping point?
Cyber Insurance Becoming a Necessity, No Longer a Luxury for Prepared Companies




An overview.
Cybercriminals exposed 5 billion records in 2019, costing U.S. organizations over $1.2 trillion
Cybercriminals exposed over 5 billion records in 2019, costing over $1.2 trillion to U.S. organizations, according to ForgeRock.
Healthcare emerged as the most targeted industry in 2019, accounting for 382 breaches and costing over $2.45B, an increase from 164 incidents costing over $633 million in 2018.
Based on Q1 2020 data, 2020 is set to outpace 2019 in terms of records breached, despite the fact the number of breaches tracks down by 57%. There have been 92 data breaches affecting 1.6 billion records in Q1 2020 alone, 9% more records than Q1 2019.




Do we implement all privacy regulations for all customers or create a unique process for each law?
Privacy Compliance Budget Increasing as Regulatory Landscape Continues to Evolve, Report Reveals
While organizations of all kinds are beginning to understand the importance of expanding their approaches to privacy compliance in order to meet the demands of expanding laws around the world, more than one-third of organizations are concerned about compliance budget structuring in light of regulatory uncertainty.
This is according to a new study by FTI Consulting, which explored privacy compliance spending and the challenges it faces, especially in light of evolving data privacy laws around the globe. According to its findings, legal and compliance budget spending are heavily dependent on the broader regulatory landscape, further suggesting a crucial role for governments in ensuring that personal information remains protected by organizations.
A movement that took the international stage with the enactment of the General Data Protection Regulation (GDPR) in 2018—and gained momentum with the passage of the California Consumer Privacy Act (CCPA) and Brazil’s General Data Protection Law (LGPD)—is building into a tidal wave of anticipated regulations worldwide,” the researchers wrote.




Apparently, it ain’t easy.
Endgame Issues: New Brookings Report on Paths to Federal Privacy Legislation
This afternoon, The Brookings Institution released a new report, Bridging the gaps: A path forward to federal privacy legislation, a comprehensive analysis of the most challenging obstacles to Congress passing a comprehensive federal privacy law. The report includes a detailed range of practical recommendations and options for legislative text, the result of work with a range of stakeholders to attempt to draft a consensus-driven model privacy bill that would bridge the gaps between sharply divided stakeholders (read the full legislative text of that effort here ).




Is over-reliance likely if we use a flawed technology?
Thermal Imaging as Pandemic Exit Strategy: Limitations, Use Cases and Privacy Implications
Around the world, governments, companies, and other entities are either using or planning to rely on thermal imaging as an integral part of their strategy to reopen economies. The announced purpose of using this technology is to detect potential cases of COVID-19 and filter out individuals in public spaces who are suspected of suffering from the virus. Experts agree that the technology cannot directly identify COVID-19. Instead, it detects heightened temperature that may be due to a fever, one of the most common symptoms of the disease. Heightened temperature can also indicate a fever resulting from a non-COVID-19 illness or non-viral causes such as pregnancy, menopause, or inflammation. Not all COVID-19 patients experience heightened temperature, and individuals routinely reduce their temperatures through the use of common medication.
In this post, we (1) map out the leading technologies and products used for thermal imaging, (2) provide an overview of the use cases currently being considered for the use of thermal imaging, (3) review the key technical limitations of thermal scanning as described in scientific literature, (4) summarize the chief concerns articulated by privacy and civil rights advocates, and finally, (5) provide an in depth overview of regulatory guidance from the US, Europe and Singapore regarding thermal imaging and temperature measurement as part of the deconfinement responses, before reaching (6) conclusions.


(Related)
How Digital Contact Tracing for COVID-19 Could Worsen Inequality
Amid protests against racism and police brutality in Minneapolis, Minnesota Public Safety Commissioner John Harrington likened police investigations of arrested protesters and their associates to contact tracing for COVID-19. This reckless analogy stokes fear that governments will seize on the pandemic to introduce intrusive surveillance in the guise of measures for the public’s health.
We are particularly concerned that the normalization of digital contact tracing would be a double blow for communities in the United States and abroad that have suffered longstanding human rights abuses. First, experiments with unproven technology could displace funds for basic measures that are known to be effective in protecting those most vulnerable in the pandemic. Secondly, such tracking could open a dangerous new front in the surveillance and repression of marginalized groups.




Overreaction?
Section 230 and the Executive Order on Preventing Online Censorship
CRS Legal Sidebar via LC – Section 230 and the Executive Order on Preventing Online Censorship – June 3, 2020: “On May 28, 2020, President Trump issued the Executive Order on Preventing Online Censorship (EO), expressing the executive branch’s views on Section 230 of the federal Communications Decency Act. As discussed in this Legal Sidebar, Section 230, under certain circumstances, immunizes online content providers from liability for merely hosting others’ content. The EO stakes out a position in existing interpretive disputes about the law’s meaning and instructs federal agencies, including the Department of Commerce, the Federal Communications Commission (FCC), the Federal Trade Commission (FTC), and the Department of Justice, to take certain actions to implement this understanding. This Legal Sidebar explores the legal implications of the EO. It first briefly describes how courts have interpreted Section 230 before explaining what the EO says. Next, the Sidebar discusses the FCC and FTC’s authority to enforce Section 230, focusing on the EO’s instructions to these agencies, before concluding with a discussion of how international trade obligations affect the United States’ ability to modify Section 230…”




Getting out while staying in.
101+ Virtual Tours of Popular Tourist Attractions Around the World [2020]
Upgraded Points: “Do canceled travel plans have you stuck at home wishing you were anywhere else? We all know how that feels, but luckily, we have a solution. You can still satisfy your wanderlust by exploring famous sights — from your couch! We’ve put together a list of 101 virtual tours from over 35 countries around the world so that you can explore without having to catch a flight or spend a dime! We’ve organized this gigantic list by country so you can easily navigate to your country of choice… or simply work your way down the list and digitally travel all over the globe…”


(Related) Birding through a window.
Try Your Hand at Bird Identification With the Audubon Bird App
The Audubon Bird Guide app is very helpful in identifying the birds that you see but don't know the names of. When you open the app tap on "identify bird" and you'll be taken to a screen where you then make a few selections to narrow down the list of birds that are possibly in your area. Those selections include your location, the month of the year, the relative size of the bird, the color(s) of the bird, and activity of the bird. After making those selections you'll see a list of birds with pictures. My favorite part of the app is that you can listen to recordings of bird songs/ calls to further help you identify the bird that you saw.




Trump’s people?



Wednesday, June 03, 2020


Result of CCPA?
Google faces $5 billion lawsuit in U.S. for tracking ‘private’ internet use
Reuters: “Google was sued on Tuesday in a proposed class action accusing the internet search company of illegally invading the privacy of millions of users by pervasively tracking their internet use through browsers set in “private” mode. The lawsuit seeks at least $5 billion, accusing the Alphabet Inc unit of surreptitiously collecting information about what people view online and where they browse, despite their using what Google calls Incognito mode. According to the complaint filed in the federal court in San Jose, California, Google gathers data through Google Analytics, Google Ad Manager and other applications and website plug-ins, including smartphone apps, regardless of whether users click on Google-supported ads. This helps Google learn about users’ friends, hobbies, favorite foods, shopping habits, and even the “most intimate and potentially embarrassing things” they search for online, the complaint said. Google “cannot continue to engage in the covert and unauthorized data collection from virtually every American with a computer or phone,” the complaint said…”
    • Brown et al v Google LLC et al, U.S. District Court, Northern District of California, No. 20-03664.




Not exactly a coordinated strategy.
YouTube Censorship Case Turns on Internet Law Trump Scorns
In a censorship case filed against YouTube by LGBTQ content creators, the U.S. Justice Department is defending the law that protects internet companies from lawsuits – the same statute President Donald Trump has threatened to revoke.
Trump targeted the 1996 law in an executive order last week as he escalated a fight with Twitter after it tagged two of his tweets as potentially misleading. But three weeks earlier, the Justice Department weighed into the YouTube case and urged a federal judge not to declare the law unconstitutional after the content creators said it allows the Google video-sharing site to violate their free-speech rights.


(Related) I’m surprised it took so long!
Lawsuit Says Trump’s Social Media Crackdown Violates Free Speech
The nonprofit Center for Democracy and Technology says in the suit that Mr. Trump’s attempt to unwind a federal law that grants social media companies discretion over the content they allow on their platforms was retaliatory and would have a chilling effect on the companies.
The lawsuit — filed in U.S. District Court for the District of Columbia — is indicative of the pushback that the president is likely to face as he escalates his fight with social media companies, which he has accused of bias against conservative voices. It asks the court to invalidate the executive order.




Why DEA? Drugs? No. Authorization to investigate non-drug crimes.
DEA Has Permission To Investigate People Protesting George Floyd’s Death
The Drug Enforcement Administration has been granted sweeping new authority to “conduct covert surveillance” and collect intelligence on people participating in protests over the police killing of George Floyd, according to a two-page memorandum obtained by BuzzFeed News. Floyd’s death “has spawned widespread protests across the nation, which, in some instances, have included violence and looting,” the DEA memo says. “Police agencies in certain areas of the country have struggled to maintain and/or restore order.” The memo requests the extraordinary powers on a temporary basis, and on Sunday afternoon a senior Justice Department official signed off. Attorney General William Barr issued a statement Saturday following a night of widespread and at times violent protests in which he blamed, without providing evidence, “anarchistic and far left extremists, using Antifa-like tactics,” for the unrest. He said the FBI, DEA, US Marshals, and the Bureau of Alcohol, Tobacco, Firearms and Explosives would be “deployed to support local efforts to enforce federal law.”…




Act quick, because we’re slow!
California AG Submits CCPA Regulations for Approval – Requests Expedited Review Ahead of July 1 Enforcement Deadline
The final text is unchanged from the most recent draft published on March 11, which we previously summarized. The final text also is accompanied by a revised Statement of Reasons that explains the basis for the regulations and outlines textual changes from the initial draft regulations published on October 11, 2019.




There’s something strange about how this company is managed.
Zoom won’t encrypt free calls because it wants to comply with law enforcement
If you’re a free Zoom user, and waiting for the company to roll out end-to-end encryption for better protection of your calls, you’re out of luck. Free calls won’t be encrypted, and law enforcement will be able to access your information in case of ‘misuse’ of the platform.
Zoom CEO Eric Yuan today said that the video conferencing app’s upcoming end-to-end encryption feature will be available to only paid users. After announcing the company’s financial results for Q1 2020, Yuan said the firm wants to keep this feature away from free users to work with law enforcement in case of the app’s misuse:




Interesting points.
Data Privacy and Cybersecurity Collides with the World of Intellectual Property in the New Decade
The past ten years brought with them a seemingly never-ending array of data intensive and increasingly “intelligent” technologies. While data security and privacy remain paramount, an increasingly data-intensive technological, economic, and social landscape will mean that the ownership and control of data will become increasingly important and likely oft-contested. It is here that the worlds of data privacy, security, and protection collide with the world of intellectual property. This is a trend we can expect to grow in the decade ahead, as data intensive technologies like artificial intelligence (“AI”), blockchain, and the Internet of Things (“IoT”) and the Cloud continue to break new ground, altering the legal and security landscape in the process.




For those, “Oops! I didn’t mean that!” moments.
You Can Now Delete Your Old Facebook Posts in Bulk




Food for thought.
In late March, Attorney General William Barr announced that “decision time” was looming for America’s leading tech firms. By early summer, Barr expects the Department of Justice to reach preliminary conclusions about possible antitrust violations by Silicon Valley’s largest companies. The DOJ’s investigation is just one of several probes scrutinizing potential abuses by Facebook, Google, Amazon, Apple, and Microsoft. While concerns over consumer protections, anti-competitive practices, and industry concentration have fueled these antitrust investigations, their results will almost certainly have national-security ramifications.
Secretary of Defense Mark Esper has argued that artificial intelligence is likely to shape the future of warfare, and the national-security community has largely backed that conclusion. The most recent National Defense Strategy, released in 2018, highlights AI’s importance, noting that the Pentagon will seek to harness “rapid application[s] of commercial breakthroughs…to gain competitive military advantages.” With defense officials arguing that U.S. military superiority may hinge on artificial intelligence capabilities, antitrust action aimed at America’s largest tech companies—and leading AI innovators—could affect the United States’ technological edge.




Because: Bored!
The 6 Best Sites to Download Karaoke Music Without Words
If you want to download these videos from YouTube so that you can play them locally without an internet connection, check out our guide on free ways to download any video.
Rather than downloading existing karaoke tracks, it’s also quite easy to make your own using music that you already own. For this, you need to download free music software Audacity.



Tuesday, June 02, 2020


Thinking about the inevitable?
What the COVID-19 pandemic teaches us about cybersecurity – and how to prepare for the inevitable global cyberattack
COVID-19 is not the only risk with the ability to quickly and exponentially disrupt the way we live. The crisis shows that the world is far more prone to disturbance by pandemics, cyberattacks or environmental tipping points than history indicates.
Our "new normal" isn’t COVID-19 itself – it's COVID-like incidents.
And a cyber pandemic is probably as inevitable as a future disease pandemic. The time to start thinking about the response is – as always – yesterday.
To start that process, it’s important to examine the lessons of the COVID-19 pandemic – and use them to prepare for a future global cyberattack.
Lesson #1: A cyberattack with characteristics similar to the coronavirus would spread faster and further than any biological virus.
Lesson #2: The economic impact of a widespread digital shutdown would be of the same magnitude – or greater – than what we’re currently seeing.
Lesson #3: Recovery from the widespread destruction of digital systems would be extremely challenging.




Is automating facial recognition truly different from noticing a face on a social media platform that matches your ‘suspect?’
Tim Cushing writes:
Clearview is currently being sued by the attorney general of Vermont for violating the privacy rights of the state’s residents. As the AG’s office pointed out in its lawsuit, users of social media services agree to many things when signing up, but the use of their photos and personal information as fodder for facial recognition software sold to government agencies and a variety of private companies isn’t one of them.
[T]he term “publicly available” does not have any meaning in the manner used by Clearview, as even though a photograph is being displayed on a certain social media website, it is being displayed subject to all of the rights and agreements associated with the website, the law, and reasonable expectations. One of those expectations was not that someone would amass an enormous facial-recognition-fueled surveillance database, as the idea that this would be, permitted in the United States was, until recently, unthinkable.
Read more on TechDirt.


(Related)
David Gershgorn writes:
Historically, federal agencies like the FBI and Department of Homeland Security have had to rely on their own data to run facial recognition or automated fingerprint searches. For example, the DHS has access to photos of people who have crossed the U.S. border; the FBI has a database of mugshots.
But now federal agencies are working to greatly expand access to each others’ facial recognition databases, according to a privacy assessment released by the Department of Homeland Security earlier this month. The move would allow DHS to more easily search the enormous databases of passport or visa holders, as well as many who have been in contact with the criminal justice system.
Read more on OneZero.


(Related)
Mapped: The State of Facial Recognition Around the World
In its most benign form, facial recognition technology is a convenient way to unlock your smartphone. At the state level though, facial recognition is a key component of mass surveillance, and it already touches half the global population on a regular basis.
Today’s visualizations from SurfShark classify 194 countries and regions based on the extent of surveillance.




It’s going to take some time for me to wrap my brain around this.
Internet Users of All Kinds Should Be Concerned by a New Copyright Office Report
Last week, the president issued an order taking on one legal foundation for online expression: Section 230. This week, the Senate is focusing on another: Section 512 of the Digital Millennium Copyright Act (DMCA).
The stage for this week’s hearing was set by a massive report from the Copyright Office that’s been five years in the making.


(Related)
Publishers File Suit Against Internet Archive for Systematic Mass Scanning and Distribution of Literary Works
Association of American Publishers: “Today, member companies of the Association of American Publishers (AAP) filed a copyright infringement lawsuit against Internet Archive (“IA”) in the United States District Court for the Southern District of New York. The suit asks the Court to enjoin IA’s mass scanning, public display, and distribution of entire literary works [Internet Archive Blog Posting ], which it offers to the public at large through global-facing businesses coined “Open Library” and “National Emergency Library,” accessible at both openlibrary.org and archive.org. IA has brazenly reproduced some 1.3 million bootleg scans of print books, including recent works, commercial fiction and non-fiction, thrillers, and children’s books. The plaintiffs—Hachette Book Group, HarperCollins Publishers, John Wiley & Sons and Penguin Random House—publish many of the world’s preeminent authors, including winners of the Pulitzer Prize, National Book Award, Newbery Medal, Man Booker Prize, Caldecott Medal and Nobel Prize.
    Despite the self-serving library branding of its operations, IA’s conduct bears little resemblance to the trusted role that thousands of American libraries play within their communities and as participants in the lawful copyright marketplace. IA scans books from cover to cover, posts complete digital files to its website, and solicits users to access them for free by signing up for Internet Archive Accounts. The sheer scale of IA’s infringement described in the complaint—and its stated objective to enlarge its illegal trove with abandon—appear to make it one of the largest known book pirate sites in the world. IA publicly reports millions of dollars in revenue each year, including financial schemes that support its infringement design…”