Saturday, June 13, 2020


Planning for ransomware...
City Pays Ransom Despite Pre-Ransomware Outbreak Hack Alert
Ten days after receiving an alert that hackers were inside its systems, the city was hit by crypto-locking malware, disrupting the city's email systems and leading to an ongoing network outage.
Now the city council has approved plans to pay their attacker nearly $300,000 in cryptocurrency in return for the twin promises of receiving a decryption key and not seeing any city data get leaked, if indeed any got stolen, the Florence-based Times Daily reports.
While the city took a number of measures after receiving the May 26 alert, Price tells Krebs that the IT department was still seeking emergency funding to do a more thorough investigation.
Clearly, the city of Florence story looks like a missed opportunity by officials to react quickly enough.
"It would appear that they had a clear window of opportunity to respond in a robust and timely manner to the initial breach and prevent the ransom phase of the campaign," says incident response expert David Stubley, who heads Edinburgh, Scotland-based security testing firm and consultancy 7 Elements. "Unfortunately, it shows an example of why you need to respond robustly to a breach of a host and understand the capabilities of the actor and the malware."
While the city said that after the tip-off, it had found and isolated the one infected Windows system, that wasn't enough. Stubley said the investigation should have carried on much further.
"Once you understand the capabilities of the actor and the tooling in use, it is vital to assess other assets within the network as actors will look to move laterally and gain access to other systems," he says. "As such, removing just the first compromised device may not prevent sustained access to the network."




Why hackers hack.
Hacker Bypasses GE's Ridiculous Refrigerator DRM
The technique allows you to use 'unauthorized' water filters, which cost a quarter as much as GE's official filters.
Earlier this year, we brought you the sordid tale of the GE refrigerator that won’t dispense filtered water unless consumers pay extra for “official” filters from the company. This sort of digital rights management and artificial, software-enforced monopoly is a scourge on consumer rights. Now, finally, a fed up customer has found a way to bypass GE’s refrigerator DRM, and has posted instructions online.




Depends on how work-at-home is managed.
Risk of Data Loss Surges in the Era of Coronavirus
This is according to a new data trends report by cybersecurity solutions firm Digital Guardian, which revealed that hundreds of terabytes of potentially sensitive corporate data might be at risk due to being stored in employee homes on USB drives.
Among its findings, Digital Guardian showed that employees have been copying company data onto USB drives more than twice as often as they’d done prior to the outbreak of the coronavirus pandemic in March, with a majority of that data being classified. Also noteworthy is that data egress though email, USB, and cloud services were similarly found to have surged during the pandemic, with much of that data also being classified. To top things off, sizeable increases in malicious activity on both corporate networks and servers, and in incident-response investigations, were uncovered by the report.




Tools.
Adobe Photoshop Camera Is Now Available for Free
Adobe has launched Photoshop Camera, a free camera app available on Android and iOS. Photoshop Camera brings some of the magic of Photoshop to your smartphone, allowing you to capture, edit, and share photos, as well as apply a range of fancy filters.
Photoshop Camera comes with a handful of filters (which Adobe calls lenses), but you can find and download new ones in a matter of seconds. The filters range from subtle ones which change the lighting, to ones which replace the background with different effects.
You can see what effect a filter will have on a shot before you click the shutter button. And you can make changes after capturing an image, all while preserving the original shot. You can then share the images on social media, or export them to other Adobe products.
Download: Adobe Photoshop Camera on Android | iOS



Friday, June 12, 2020


How far does “Know thy customer” extend?
Wendy Davis reports:
Maine’s new broadband privacy law is “an extreme outlier,” industry lobbying groups are telling a federal judge.
The law, slated for enforcement in August, requires internet service providers to obtain customers’ opt-in consent before using web-browsing data for ad targeting.
A coalition of broadband lobbying groups sued in February to block the law, arguing that it violates carriers’ First Amendment rights by restricting their ability to use information about customers.
Read more on MediaPost.




This may apply more widely than Covid…
Coronavirus recovery – data protection advice for organisations




As one of the few people in the entire world (my students tell me) who does not own a smartphone, I would pass invisibly through the geofence dragnet.
Google’s Geofence Warrants Face a Major Legal Challenge
Unlike a traditional search order that identifies a particular suspect, geofence warrants require Google to trawl its massive library of location data, commonly known as the “Sensorvault,” to identify people who were in the area when a crime was committed. They are relatively new, and increasingly widespread: Between 2017 and 2018, Google saw a 1,500% surge in the number of requests it received, and from 2018 to 2019, the rate increased over 500%.
But in the process of pinpointing anyone who may have been near the scene of a crime, geofence warrants have also pointed police toward people like Jorge Molina, a warehouse worker in Arizona who was arrested as a murder suspect after police obtained data showing his phone at the crime scene. Molina spent nearly a week in jail before being found innocent. Which is why, as the prevalence of geofence warrants has increased, so has the alarm of defense lawyers, privacy advocates, and civil rights groups, who point to a lack of federal oversight that has left Google to serve as gatekeeper of a legal process they believe, at its core, violates the Constitution.
Geofence warrants like the one in this case are incapable of satisfying the probable cause and particularity requirements, making them unconstitutional general warrants,” the lawyers argued in a motion to suppress evidence. The brief goes on to describe them as “the digital equivalent of searching bags of every person walking along Broadway because of a theft in Times Square.”




Does this indicate a broader change? Let’s hope so!
MIT, guided by open access principles, ends Elsevier negotiations
MIT News: “Standing by its commitment to provide equitable and open access to scholarship, MIT has ended negotiations with Elsevier for a new journals contract. Elsevier was not able to present a proposal that aligned with the principles of the MIT Framework for Publisher Contracts. Developed by the MIT Libraries in collaboration with the Ad Hoc Task Force on Open Access to MIT’s Research and the Committee on the Library System in October 2019, the MIT Framework is grounded in the conviction that openly sharing research and educational materials is key to the Institute’s mission of advancing knowledge and bringing that knowledge to bear on the world’s greatest challenges. It affirms the overarching principle that control of scholarship and its dissemination should reside with scholars and their institutions, and aims to ensure that scholarly research outputs are openly and equitably available to the broadest possible audience, while also providing valued services to the MIT community…More than 100 institutions, ranging from multi-institution consortia to large research universities to liberal arts colleges, decided to endorse the MIT Framework in recognition of its potential to advance open scholarship and the public good…”




Perspective. Can we compare the war on Covid to the ramp up of industries after Pearl Harbor?
Rumors, death, and a tech overhaul: Inside Amazon’s race to hire 175,000 workers during a pandemic
The rollout of virtual hiring and onboarding was at least two years away. Covid-19 changed everything.
In the first quarter of 2020, the e-commerce giant’s net sales increased by 26% over the same period a year earlier. It was panic-buying on a grand scale. Amazon.com search rankings from mid-March awarded top billing to toilet paper, hand sanitizer, and Clorox wipes, but shelter-in-place orders and social distancing meant online shopping was now the way to buy almost anything. Over the next two months, the company determined, it would need to add 175,000 people—a bit less than the entire population of Providence, Rhode Island—to its workforce. But in order to do it, Amazon would need to convert almost completely to virtual hiring and training.



Thursday, June 11, 2020


A change in security priorities is required.
A ‘new normal’ in cyberwar should scare us to action
Israel and Iran appear to be engaged in tit-for-tat cyberattacks on each other’s physical infrastructure. While attacks on information technologies — phishing, denial of service, theft — have become routine, attempts to disable physical infrastructure are a troubling escalation in cyberwarfare, and experts worry that it will soon become the new normal worldwide.
Weapons of mass disruption threaten to be the great leveler in the competition between states. And, as always, the world is woefully ill-prepared for this new reality.




Before you have any constitutional rights, you have to get past Customs and Border Protection.
From EPIC.org:
EPIC has filed an amicus brief that urges the Fifth Circuit to decline to extend the border search exception to the Fourth Amendment warrant requirement to searches of cell phones. The case, Anibowei v. Wolf, is a civil suit brought by a U.S. citizen attorney to challenge the warrantless searches of his cell phones at the Dallas-Fort Worth International Airport. EPIC argued that the court should “follow the reasoning of Riley and Carpenter and decline to extend the border search exception to cell phones.” EPIC filed amicus briefs in the U.S. Supreme Court concerning the privacy interests in cell phone data in both Riley v. California and Carpenter v. United States. The Chief Justice cited EPIC’s brief in his majority opinion in Riley.




Does selective cooperation open a can of worms? Who selects the cases that merit cooperation?
Facebook Helped the FBI Hack a Child Predator
A Facebook spokesperson confirmed to Motherboard that it worked with "security experts" to help the FBI hack Hernandez.
The only acceptable outcome to us was Buster Hernandez facing accountability for his abuse of young girls,” a Facebook spokesperson said. “This was a unique case, because he was using such sophisticated methods to hide his identity, that we took the extraordinary steps of working with security experts to help the FBI bring him to justice.”




Afraid of the backlash?
Amazon BANS police from using their facial recognition software for a year amid the George Floyd protests
Amazon has banned police officers from using its facial recognition software for a year and says it hopes that the moratorium will give Congress enough time to come up with rules for using the technology.
The online retailing and tech giant made the announcement in a blog post on Wednesday as protests against police brutality have continued after the cop-related killing of George Floyd in Minneapolis on Memorial Day.
The only law enforcement agency named as using the software on Amazon's website is the Washington County Sheriff Office in Oregon.
An Amazon spokeswoman declined to comment further when DailyMail.com reached out to ask how many agencies use the software and for their names.


(Related)
Clearview AI still backs facial recognition, despite competitors' concerns
Clearview AI, the maker of a controversial facial recognition app, is confident its technology has beneficial uses, as other Big Tech names either exit the marketplace or suspend their use by law enforcement out of fears of misuse. The moves come amid studies showing the technology has low accuracy rates for women and minorities.


(Related)
EU privacy watchdog thinks that Clearview AI is illegal
Clearview AI’s planned expansion into the EU hit a roadblock yesterday when the bloc’s privacy watchdog said it “doubts” that the service is legal.
The European Data Protection Board (EDPB) said that the use of the service by law enforcement would “likely not be consistent with the EU data protection regime.”
The body added that it “has doubts as to whether any Union or Member State law provides a legal basis for using a service such as the one offered by Clearview AI.”




Perspective. Someone thinks the delivery market will remain after the pandemic.
Just Eat Takeaway to Buy Grubhub for $7.3 Billion to Enter U.S.
Europe’s Just Eat Takeaway.com NV agreed to acquire U.S.-based Grubhub Inc. for $7.3 billion, in a deal that creates one of the world’s largest meal-delivery companies as the coronavirus pandemic drives a surge in orders.
The deal sidelines Uber Technologies Inc., which had been in acquisition talks with Grubhub for months.




Tools for shut-ins.
Canva Now Has a Desktop App for Windows and Mac
Canva is a tool that I use almost daily for everything from creating YouTube thumbnails to designing full presentations like the one that I'm giving this afternoon. And as I wrote earlier this year, there are at least ten good ways to use Canva in your classroom. That's why I was excited this morning when I read the news that Canva now offers a Windows and Mac desktop app. I've already installed it and it's great! You can get the Windows version here and the Mac version here.




A phrase to remember when reading student papers.



Wednesday, June 10, 2020


Misconfiguration is mismanagement.
Misconfigured Public Cloud Databases Attacked Within Hours of Deployment
Misconfigured cloud databases left exposed to the internet are a huge, but largely unquantified problem. New discoveries are found and reported by security researchers on a weekly basis. What hasn't been clear is whether bad actors can find them as easily as the researchers. The answer is Yes.
Databases -- usually in Elasticsearch or AWS S3 buckets, and often containing sensitive data -- are frequently left in public Cloud storage without access controls. The problem is so great that in January 2020, the NSA warned, "misconfiguration of cloud resources remains the most prevalent cloud vulnerability." Such databases can be accessed, downloaded, or manipulated by anyone who finds them.




Here we go again?
This Simple Facial Recognition Search Engine Can Track You Down Across the Internet
a facial recognition website claims you can upload a picture of anyone and the site will find that same person’s images all around the internet.
PimEyes, a Polish facial recognition website, is a free tool that allows anyone to upload a photo of a person’s face and find more images of that person from publicly accessible websites like Tumblr, YouTube, WordPress blogs, and news outlets.
In essence, it’s not so different from the service provided by Clearview AI, which is currently being used by police and law enforcement agencies around the world. PimEyes’ facial recognition engine doesn’t seem as powerful as Clearview AI’s app is supposed to be. And unlike Clearview AI, it does not scrape most social media sites.




Will it translate from the Portuguese?
A Landmark Ruling in Brazil: Paving the Way for Considering Data Protection as an Autonomous Fundamental Right
A historic ruling of the Brazilian Supreme Court from May 07, 2020 describes the right to data protection as an autonomous right stemming from the Brazilian Constitution. By a significant majority, 10 votes to 1, the Court halted the effectiveness of the Presidential Executive Order (MP[1] 954/2020 ) that mandated telecom companies to share subscribers’ data (e.g., name, telephone number, address) of more than 200 hundred million individuals with the Brazilian Institute of Geography and Statistics (IBGE ), the country’s agency responsible for performing census research. More important than the decision itself was its reasoning, which paves the way for recognizing the protection of personal data as a fundamental right, independent of the right to privacy, that already receives such recognition, in a similar fashion to the Charter of Fundamental Rights of the European Union. This article summarizes the main findings of the ruling. First, (1) it will provide background on the role of the Brazilian Supreme Court and the legal effects of the ruling. It will then look into (2) the facts of the case, (3) the main findings of the Court, to conclude with (4) an analysis of what comes next for the Brazilian data protection and privacy law.




Who controls access to data.
Meet GAIA-X: This is Europe's bid to get cloud independence from US and China giants
France and Germany have kicked off the GAIA-X cloud project, their lofty bid to manage dominant US and Chinese cloud giants in a European way, and address potential conflicts between EU privacy laws and the US Cloud Act.
The project is establishing a Belgian non-profit, the GAIX-X Foundation, which would ensure member companies abide by its goals of data sovereignty, data availability, interoperability, portability, transparency and fair participation. It's also published five documents explaining the project's purpose and technical design.
US public cloud companies like Amazon Web Services, Microsoft and Google can apply to join GAIA-X, but they would need to commit to GAIA-X's principles.




Someone is thinking about AI. (Download available.)
Government publishes artificial intelligence procurement guidance
the document seeks to enable public bodies to buy AI systems in a more confident and responsible manner.
It follows a previous guide to using AI in the public sector by the OAI and the Government Digital Service, released in January 2020.




Perspective.
10 common uses for machine learning applications in business
Machine learning applications are unlocking value across business functions. Here are 10 examples of how machine learning applications are being used in business.




Looking for law? Categories include computer law, but not privacy.
2019 Washington and Lee Law Journal Rankings
Released on June 1, 2020, the 2019 Rankings provide citation data and calculated ranks for the top 400 U.S.-published law journals and the top 100 law journals published outside the United States. Journals ranked below these thresholds display “NR” (Not Ranked) for each data category and are listed alphabetically. The survey span of the 2019 ranking is five years (2015-2019). For more information about the new and previous rankings, please see our Methodology page. Send questions or comments to LawJournalRankings@wlu.edu.




Interesting.
Grammarly adds custom style guides for business users
Grammarly, the popular tool that aims to help you avoid grammar and style gaffes, today announced the launch of custom style guides for its paying business users. Like with any style guide, the idea here is to ensure that business communications are consistent. You wouldn’t want one email to say “datacenter” while the other says “data center,” after all.
It’s worth noting that style guides are not available to free Grammarly and paid individual users. You’ll need a paid Grammarly Business account, which starts at $12.50 per month/users, with a minimum of 3 users.




Use all the tools available? What a concept! (Podcast)
Reading, Writing and ... AI Literacy? Conrad Wolfram Wants to ‘Fix’ Math Education
Living through the COVID-19 pandemic requires some serious math literacy. There’s a daily dose of statistics on the number of new cases, and constant talk of “flattening the curve” of infections.
But the education system has done a terrible job preparing us to live in a world where such number crunching is more important than ever, according to Conrad Wolfram, co-founder of Wolfram Research Europe. He has a new book out this week called “The Math Fix: An Education Blueprint for the AI Age.” In it, he proposes a new way for schools and colleges to rethink everything in math education—about what even needs to be taught and why.
For instance, he asked: “Why are we spending ages showing people how to do quadratic equations by hand” when students today need a different kind of algorithmic literacy in order to navigate a world shaped by social media giants like Facebook and Google?
Listen to this week’s episode on Apple Podcasts, Overcast, Spotify, Stitcher, Google Play Music, or wherever you listen to podcasts, or use the player below.




Warning my students.
Employment Scams Are On The Rise. Here’s What To Look Out For
Falling victim to a job scam has never been easier. Scammers are known to create official-looking websites and email accounts to convey a sense of reliability and trust to potential victims. Many of these bogus job vacancies are listed on popular websites, and with remote work in high demand, applicants may have a hard time spotting the scam.
If you are in search of a job or simply browsing for one, here are the top warning signs to look out for:



Tuesday, June 09, 2020


If we wanted an election system that could not be compromised we could probably do it. Each state working alone is probably not the way to go.
Study finds vulnerabilities in online voting tool used by several states




Think of this as a probable point of failure.
What Are the Requirements for CCPA Training?
At Section 1798.135(a)(3), the CCPA requires that businesses “ensure that all individuals responsible for handling consumer inquiries about the business’s privacy practices or the business’s compliance with this title are informed of all requirements in Section 1798.120 and this section and how to direct consumers to exercise their rights under those sections.”
The CCPA’s training requirements specifically mention that all employees responsible for handling consumer inquiries about privacy practices must be informed of the requirements of 1798.120 and 1798.135, which primarily focus on the sale of consumer personal information.




Wow! Why?
IBM will no longer offer, develop, or research facial recognition technology
IBM will no longer offer general purpose facial recognition or analysis software, IBM CEO Arvind Krishna said in a letter to Congress today. The company will also no longer develop or research the technology, IBM tells The Verge.
IBM firmly opposes and will not condone uses of any [facial recognition] technology, including facial recognition technology offered by other vendors, for mass surveillance, racial profiling, violations of basic human rights and freedoms, or any purpose which is not consistent with our values and Principles of Trust and Transparency,” Krishna said in the letter. “We believe now is the time to begin a national dialogue on whether and how facial recognition technology should be employed by domestic law enforcement agencies.”


(Related)
Senator wants to know if police are using Clearview to ID protesters


(Related) Podcast
How AI facial recognition works
InfoWorld senior writer Serdar Yegulalp joins Juliet to discuss the mechanics of AI facial recognition technology, how AI works to analyze your face data, why it's used by law enforcement agencies and privacy concerns.




Another strategic view of AI.
KrattAI: Estonia's National Artificial Intelligence Strategy
In 2019, the Estonian government outlined the current and future usage of Artificial Intelligence (AI) in government and private services. The main challenge was to create the legal and strategic framework for accelerating AI development and making Estonia a trailblazer in this emerging field.
The creation of Estonia's National AI Strategy resulted in a detailed strategic plan for promoting the implementation of AI solutions in both public and private sectors.
Following its successful plan, Estonia has become the world’s most digital society. Artificial Intelligence constitutes a fundamental pillar in instituting digital technologies into government and throughout the Estonian society, which Estonia refers to as e-Governance.




An unbiased look at bias?
French CNIL Publishes Paper on Algorithmic Discrimination
On June 2, 2020, the French Supervisory Authority (“CNIL”) published a paper on algorithmic discrimination prepared by the French independent administrative authority known as “Défenseur des droits”. The paper is divided into two parts: the first part discusses how algorithms can lead to discriminatory outcomes, and the second part includes recommendations on how to identify and minimize algorithmic biases. This paper follows from a 2017 paper published by the CNIL on “Ethical Issues of Algorithms and Artificial Intelligence”.
According to this new paper, each stage of the development and deployment of an algorithmic system is potentially susceptible to bias – indeed, even the maintenance of such a system can be vulnerable to this problem.




Legal and ethical?
An Ethical Framework for Artificial Intelligence
This column is the first of a two-part series on creating an ethical AI policy framework for the implementation of AI supported applications.




One of the better AI articles from Forbes.
Explainable AI Is A Game-Changer For Business Analytics
Founder and Chief Product Officer at Fiddler Labs, an Explainable AI platform that provides trust, visibility and insights into AI
Companies are generating an increasing volume of data at a CAGR of 61%. As a result, enterprises have been transitioning toward a data-driven decision model to build a competitive advantage.
The traditional BI workflow involves producing bespoke summary data views and analyses to drive decision making from vast seas of underlying data stores. These primarily manual efforts do not scale to an increasing velocity of data that needs a way to derive quick insights from large datasets. Furthermore, data approximation obscures insights, data selection adds human bias and insights are not fine-grained.
Artificial intelligence (AI), specifically machine learning (ML), can be used to automatically discover complex relationships in data and accelerate the process of generating insights. Augmented analytics is an emerging paradigm of analytics with integrated ML and AI. This enhances data selection, data analysis, insight generation and prescriptive decisions.
Let’s understand the key types of analyst requests.
1. Descriptive. Describe what happened from past data. For example, store sales dropped in Texas last month.
2. Diagnostic. Explain why it happened. For example, store sales dropped due to ineffective promotion in San Antonio.
3. Predictive. Forecast what will happen next. For example, store sales will continue to drop in Texas.
4. Prescriptive. Recommend a course of action. For example, pause or replace the promotion in San Antonio.




Perspective. (How would they know?) This virus has many variations that would be useful in a bio-weapon. Just saying...
Nearly Half of Coronavirus Spread May Be Traced to People Without Any Symptoms
TIME: “One of the more insidious features of the new coronavirus behind COVID-19 is its ability to settle into unsuspecting hosts who never show signs of being sick but are able to spread the virus to others. In a study published June 3 in the Annals of Internal Medicine, researchers at the Scripps Research Translational Institute reviewed data from 16 different groups of COVID-19 patients from around the world to get a better idea of how many cases of coronavirus can likely be traced to people who spread the virus without ever knowing they were infected. Their conclusion: at minimum, 30%, and more likely 40% to 45%.




For faculty and students.
How to get free AI training and tools
AI courses




Stuff to do in isolation.
How to explore the British Museum from home
See also Google Arts and Culture – Take a virtual gallery tour – explore the museum’s galleries from home – using Google Street View.




Anything to get rid of help my students.
5 Free Resume Apps to Maximize the Chances of Hiring Managers Reading Your CV




I want one!
Facebook’s TransCoder AI converts code from one programming language into another
Facebook’s system — TransCoder, which can translate between C++, Java, and Python — tackles the challenge with an unsupervised learning approach.
The Facebook researchers trained TransCoder on a public GitHub corpus containing over 2.8 million open source repositories, targeting translation at the function level.
Facebook isn’t the only organization developing code-generating AI systems. During Microsoft’s Build conference earlier this year, OpenAI demoed a model trained on GitHub repositories that uses English-language comments to generate entire functions. And two years ago, researchers at Rice University created a system — Bayou — that’s able to write its own software programs by associating “intents” behind publicly available code.