Saturday, June 27, 2020


Poor precedent. Perhaps it will lead to better backups going forward?
California University Paid $1.14 Million After Ransomware Attack
The University of California, San Francisco paid criminal hackers $1.14 million this month to resolve a ransomware attack.
The hackers encrypted data on servers inside the school of medicine, the university said Friday. While researchers at UCSF are among those leading coronavirus-related antibody testing, the attack didn’t impede its Covid-19 work, it said. The university is working with a team of cybersecurity contractors to restore the hampered servers “soon.”
The data that was encrypted is important to some of the academic work we pursue as a university serving the public good,” it said in the statement. “We therefore made the difficult decision to pay some portion of the ransom.”




Are all predictions evil? There must be some value to knowing where police will be needed. Have we tossed the baby out with the bath water?
California city bans predictive policing in U.S. first
As officials mull steps to tackle police brutality and racism, California’s Santa Cruz has become the first U.S. city to ban predictive policing, which digital rights experts said could spark similar moves across the country.
Understanding how predictive policing and facial recognition can be disportionately biased against people of color, we officially banned the use of these technologies in the city of Santa Cruz,” Mayor Justin Cummings said on Wednesday.




Can’t hurt?
AI gatekeepers are taking baby steps toward raising ethical standards
The Annual Conference on Neural Information Processing Systems will require a “broader impact statement” addressing the effect a piece of research might have on society. The Conference on Empirical Methods in Natural Language Processing will begin rejecting papers on ethical grounds. Others have emphasized their voluntary guidelines.
The new standards follow the publication of several ethically dubious papers. Microsoft collaborated with researchers at Beihang University to algorithmically generate fake comments on news stories. Harrisburg University researchers developed a tool to predict the likelihood someone will commit a crime based on their face. Researchers clashed on Twitter over the wisdom of publishing these and other papers.




Podcast.
Global competition for AI talent grows each day
You may have heard the United States is in a worldwide competition for talent in artificial intelligence. So it makes sense to understand the career motivations of these people. That’s what Remco Zwetsloot, a research fellow, and Catherine Aiken, a research survey specialist, have done. They are both from Georgetown University’s Center for Security and Emerging Technology, and joined Federal Drive with Tom Temin to talk more.
We have about 58% of them who are actually US citizens who studied here for their Ph.D. and 43% who are not US natives who came here to study and complete their Ph.D. here.




Tools for teachers and others I suppose.
How to Make a Free Temporary Website Within Seconds
Create a Temporary Web Page Using Just Email




Field trips for shut-ins.
50 National Geographic 360 Videos
Watching 360 degree videos is probably my favorite thing to do with my Google Cardboard viewer. A lot of people don't realize that a Cardboard viewer can be used for more than just Google Expeditions. For example, National Geographic's YouTube channel contains fifty 360 videos featuring things like Mount Everest, glaciers in Iceland, elephants, sea turtles, lions, sharks, and polar expeditions.
You don't need to have a Google Cardboard viewer or any virtual reality headset. You can can just view them in your web browser then click and drag to experience the full 360 degree imagery. Of course, it's more fun to do it in a VR viewer.
YouTube's search tools include a filter to help you identify 360 degree videos.



Friday, June 26, 2020


The horror in Australia is over!
Lion gets breweries up and running following ransomware attack
But the beverage giant cannot confirm that data won't eventually make its way out into the wild, despite not finding any evidence of it being removed.




Perspective. If it’s not war, it’s very similar. (What is the percentage in the US?)
Cyber accounts for 26% of all crimes in Singapore
Accounting for 26.8% of all crimes in the country, cybercrime remains on an upwards trajectory with 9,430 cases reported last year and e-commerce scams leading the way.




Forewarned is forearmed.
Understanding Email Security Threats and BEC Trends During the Pandemic
A report from Barracuda Networks revealed that, by the end of February alone, there was a 667% spike in email-based attacks themed around the disease.
According to Mimecast’s ‘The State of Email Security 2020’, impersonation fraud increased by 30% in the first 100 days of COVID-19.




Double check your checklist against this checklist.
Core cybersecurity principles for new companies and products
The cyber essentials need to be tailored to an organization’s size, nature and type of product. The report details each, followed by practical steps for their implementation and guidance for investors on how to validate them.




Seems a bit wimpy to me.
Privacy Commissioner John Edwards welcomed Parliament passing the Privacy Act 2020 with unanimous support.
The new Act replaces the 27-year-old Privacy Act 1993. Many of the changes are based on recommendations from the Law Commission’s comprehensive 2011 review of New Zealand’s privacy laws.
Mandatory notification of harmful privacy breaches. If organisations or businesses have a privacy breach that poses a risk of serious harm, they are required to notify the Privacy Commissioner and affected parties.
Introduction of compliance orders. Failure to follow a compliance notice could result a fine of up to $10,000. [Not 4% of revenue? Bob]
The Act comes into effect on 1 December 2020.
To view a PDF of the file, click here.




Interesting, but I suspect this is far from complete. I would like to know more about the assumptions behind the data.
Demographic report on protests shows how much info our phones give away
Buzzfeed: “On the weekend of May 29, thousands of people marched, sang, grieved, and chanted, demanding an end to police brutality and the defunding of police departments in the aftermath of the police killings of George Floyd and Breonna Taylor. They marched en masse in cities like Minneapolis, New York, Los Angeles, and Atlanta, empowered by their number and the assumed anonymity of the crowd. And they did so completely unaware that a tech company was using location data harvested from their cellphones to predict their race, age, and gender and where they lived. Just over two weeks later, that company, Mobilewalla, released a report titled “George Floyd Protester Demographics: Insights Across 4 Major US Cities.” In 60 pie charts, the document details what percentage of protesters the company believes were male or female, young adult (18–34); middle-aged 35ยบ54, or older (55+); and “African-American,” “Caucasian/Others,” “Hispanic,” or “Asian-American.” “African American males made up the majority of protesters [How? 75% of the protesters are flagged as “Caucasian” Bob] in the four observed cities vs. females,” Mobilewalla claimed. “Men vs. women in Atlanta (61% vs. 39%), in Los Angeles (65% vs. 35%), in Minneapolis (54% vs. 46%) and in New York (59% vs. 41%).” The company analyzed data from 16,902 devices at protests — including exactly 8,152 devices in New York, 4,527 in Los Angeles, 2,357 in Minneapolis, and 1,866 in Atlanta. Sen. Elizabeth Warren told BuzzFeed News that Mobilewalla’s report was alarming, and an example of the consequences of the lack of regulation on data brokers in the US…”




Looks like the self-driving world is still active.
Amazon to buy self-driving technology company Zoox
Amazon has just taken its boldest step yet into self-driving vehicles, acquiring six-year-old start-up Zoox, the company announced Friday.
Amazon said the deal will help bring Zoox’s “vision of autonomous ride-hailing to reality.”
Terms of the deal weren’t disclosed, but the Financial Times previously reported that Amazon would pay more than $1.2 billion to acquire Zoox. An Amazon spokesperson declined to comment.
It’s not immediately clear what Amazon plans to do with Zoox’s technology, but it’s possible Amazon could integrate Zoox’s offerings into its logistics network to offer cheaper and faster delivery, as well as its cashierless grocery stores.




Perspective? The new normal does not need brick & mortar.
Microsoft is permanently closing its retail stores
Microsoft on Friday announced it will permanently close its Microsoft Store retail locations. It will instead focus on its online store at Microsoft.com, where customers can go for support, sales, training and more.



Thursday, June 25, 2020


It’s not hiding the evidence, is it?
How to make sure Google automatically deletes your data on a regular basis
Vox: “…The company announced on Wednesday that auto-delete will be the default setting for user account activity settings. That said, this “default” setting only applies to new accounts or existing accounts that now turn on data retention after having it disabled. And the default auto-delete time still gives Google as much as three years of your data, as opposed to manual auto-delete settings that keep as little as three months’ worth. Google also announced that its account privacy and security settings will soon be accessible through its search page. You’ll also be able to switch over to Chrome’s Incognito mode in its apps more easily — simply press down on your profile photo for a second or two. Incognito mode lets you browse the internet “privately,” which means Google Chrome won’t save your history or cookies on your computer. It does not, however, mean that the websites you visit or the server you use can’t see what you’re doing. The Google announcement comes just a couple days after rival Apple announced some new privacy features for its software. More on that in a second. If you have a Google account and use Google products like Gmail, YouTube, or Chrome, you’re probably logged in all the time. In this case, your activity while using those apps and services can be tracked by Google, which will then use that data to target ads to you, among other things. Over the years, Google has introduced privacy controls over the data you send the company and has made efforts to make those features more obvious to users. You can find most of these privacy controls in your account settings by clicking on “Manage your data & personalization.” From there, you can click on “Manage your activity controls.” This is the section where you can save your web and app activity, location history, and YouTube history if you want Google to use that data to give you what it calls a “more personalized experience.” Or you can just ask Google not to save anything and have an impersonal, but more private, experience…”


(Related)
UK Information Commissioner Says Police Are Grabbing Too Much Data From Phones Owned By Crime Victims
The UK's Information Commissioner's Office (ICO) has taken a look at what law enforcement officers are hoovering up from citizens' phones and doesn't like what it sees. The relentless march of technology has enabled nearly everyone to walk around with a voluminous, powerful computer in their pocket – one filled with the details and detritus of everyday living. And that relentless march has propelled citizens and their pocket computers right into the UK's regulatory void.
The ICO's report [PDF] doesn't just deal with the amount of data and communications UK cops can get from suspects' phones. It also deals with the insane amount of data cops are harvesting from devices owned by victims and witnesses of criminal acts. Left unaddressed, the lack of a solid legal framework surrounding mobile phone extractions (MPEs) will continue to lead law enforcement officers to believe they can harvest everything and look for the relevant stuff at their leisure.




In case you missed it.
Average Cost of a Data Breach: $116M
The authors of the "Trends in Cybersecurity Breach Disclosures report from Audit Analytics reviewed 639 cybersecurity breaches at public companies since 2011 and discovered that, on average, each cyber breach costs $116 million.




What’s in a name?” Shocking as it may sound, I believe that Russians can read. As long as they see a loophole, they will gladly exploit it.
Cyberwarfare in Latvia: A Call for New Cyberwarfare Terminology
Two recent Russian malicious cyber operations in Latvia targeted the government and a social media platform. But, legally, those instances do not rise to the level of a “cyberattack” as defined by the Tallinn Manual 2.0. Despite not satisfying the elements of a cyberattack per se, the Kremlin is nonetheless using disinformation campaigns and other cyber activity tactics to create instability abroad, and international rules on cyberwarfare and cyberattacks must be reevaluated to include these new forms of warfare. The current terminology is inadequate: “cyber activity” and “cyber operation,” which have been used to define such attacks, suggest Russia’s actions are not serious or harmful. Instead, a new term like “soft power cyberattacks” should be coined to reflect the changes in cyberwarfare and provide governments appropriate recourse.
The Tallinn Manual 2.0, published by the North Atlantic Treaty Organization (NATO) and international law experts, is the current most comprehensive, but non-binding, source on international law and cyber operations. According to the manual, “A cyberattack is a cyber operation, whether offensive or defensive, that is reasonably expected to cause injury or death to persons or damage or destruction to objects,” during an armed conflict. However, under the Tallinn Manual, cyber espionage—or any act that is used “to gather, or attempt to gather information”—is considered legal during peacetime.




Undue reliance. (Even I, the non-lawyer, know this goes back to at least 1964: Ford Motor Credit v. Swarens https://itlaw.wikia.org/wiki/Ford_Motor_Credit_v._Swarens )
Wrongfully Accused by an Algorithm
ars technica: “Civil rights activists have filed an official complaint against the Detroit police, alleging the department arrested the wrong man based on a faulty and incorrect match provided by facial recognition software—the first known complaint of this kind. The American Civil Liberties Union filed the complaint (PDF ) Wednesday on behalf of Robert Williams, a Michigan man who was arrested in January based on a false positive generated by facial recognition software. “At every step, DPD’s conduct has been improper,” the complaint alleges. “It unthinkingly relied on flawed and racist facial recognition technology without taking reasonable measures to verify the information being provided” as part of a “shoddy and incomplete investigation.”…
[Much omitted Bob]




Just when I was learning to spell CCPA…
California Privacy Rights Act to Appear on November 2020 Ballot
It’s official. The California Privacy Rights Act (CPRA) has received enough valid signatures to appear on the November 2020 ballot. And if polling from late last year remains accurate, California voters are likely to approve it. If voters approve the initiative, the CPRA would significantly expand the CCPA, establish the California Privacy Protection Agency, remove the CCPA’s cure period, and impose a number of GDPR-styled obligations on businesses, among other requirements. The substantive provisions of the CPRA would take effect January 1, 2023.




Hard to tell when the President is serious, joking, or simply out of touch.
Could Donald Trump claim a national security threat to shut down the internet?
... An obscure provision tucked at the back of the Communications Act (Sec.706, codified as 47 USC 606) empowers the president to “cause the closing of any station for radio communications” (such as broadcasting or mobile phone networks) as well as “cause the closing of any facility or station for wire communications” (such as telephone and internet networks). All that is necessary for the exercise of these huge powers is a “proclamation by the President” of “national emergency” in the case of broadcast stations and mobile phones, or the “interest of the national security” for the internet or telephone networks. The statute also gives the president the power to suspend or amend FCC regulations.
Such authority makes one tremble when considered alongside Donald Trump’s stated belief, “When somebody’s the President of the United States, the authority is total.” His recent threat to social media platforms to “close them down” continues his efforts to use government authority to coerce and manipulate the media.




We’ve changed our mind… (Or lost it)
Google will start paying publishers to license content
In a major departure from its long-standing practice of not paying publishers directly to distribute their work, Google executives tell Axios that the search giant is creating a licensing program to pay publishers "for high-quality content" as a part of a new news product launching later this year.
Why it matters: Regulators around the world have been threatening Google with broad-based policies that would force it to pay publishers on policymakers' terms. Google aims to get ahead of that threat by introducing its own payout terms, while also strengthening its relationship with the embattled publishing community.




Not sure I agree, unless there will be an asterisk next to their degree? Are they also teaching how to use the tools law firms are likely to continue to use even after the pandemic has run its course?
Subpar in Every Aspect’: Harvard Law Student Sues Over Online Classes
Law.com – “A Harvard Law student has filed a class action against the university, arguing that students should be charged a lower tuition for online classes on the grounds that they are inferior to in-person instruction. Harvard is the latest target in a wave of litigation focused on college and university tuition reimbursements amid the COVID-19 pandemic—at least 100 campuses have been sued thus far. Plaintiffs firms Hagens Berman Sobol Shapiro, which is representing incoming second-year law student Abraham Barkhordar, has also filed suit against 13 other universities. Barkhordar’s complaint, which seeks to represent all Harvard students and not just those who attend the law school, takes issue not only with the fact that students were not issued tuition refunds last spring when classes shifted online, but also that the law school plans to keep tuition at the same level of $65,875 even though the fall semester will be entirely remote. “While Plaintiff’s coursework requires group projects and collaboration, such teamwork is now significantly harder to orchestrate,” reads the complaint, filed June 22 in the U.S. District Court for the District of Massachusetts. “Plaintiff has also been unable to connect with professors and classmates on the same level online as he had in-person and is similarly lacking the intellectual stimulation of the in-person learning environment.”…


(Related)
Get A Comfortable Chair: Permanent Work From Home Is Coming
NPR – “Indefinite. Or even permanent. These are words companies are using about their employees working from home. It’s three months into a huge, unplanned social experiment that suddenly transported the white-collar workplace from cubicles and offices to kitchens and spare bedrooms. And many employers now say the benefits of remote work outweigh the drawbacks. Tech companies Twitter and Facebook captured headlines with announcements about permanent work from home. But the news from a 94-year-old company based in the heartland — Columbus, Ohio — may have been even more significant. Nationwide Insurance is shutting five regional offices since remote work has gone off so smoothly during the pandemic. And thousands of employees will permanently ditch their commutes for home offices… One potential change: Demand for commercial real estate falls due to the growth of remote work and the realities of a painful economic downturn. For example, 90% of the 60,000 employees at investment bank Morgan Stanley have been working remotely during the pandemic. Lesson learned, according to Morgan Stanley CEO James Gorman…”



Wednesday, June 24, 2020


I wonder if there is a known ratio of ethical to unethical hackers?
India surpasses U.S., others in number of ethical hackers: report
India’s ethical hackers now represent the biggest nationality within Bugcrowd’s network of security researchers, according to the firm’s annual report issued yesterday titled of “Inside the Mind of a Hacker.”




If nothing else, visit their Tool Guide.
Digital Security Advice for Journalists Covering the Protests Against Police Violence
This guide is an overview of digital security considerations specific to journalists covering protests. For EFF’s comprehensive guide to digital security, including advice for activists and protesters, visit ssd.eff.org. Legal advice in this post is specific to the United States. As the international protests against police killings enter their third week, the public has been exposed to shocking videos of law enforcement wielding violence against not only demonstrators, but also the journalists who are tasked with documenting this historic moment. EFF recently issued Surveillance Self-Defense tips for protesters who may find their digital rights under attack, either through mass surveillance of crowds or through the seizure of their devices. However, these tips don’t always reflect the reality of how journalists may need to do their jobs and the unique threats journalists face. In this blog post, we attempt to address the digital security of news gatherers after speaking with reporters, photographers, and live streamers who are on the ground, risking everything to document these protests…”




A GIGO problem. Will we ever resolve that problem?
AI experts say research into algorithms that claim to predict criminality must end
AI is in danger of revisiting the pseudoscience of physiognomy
A coalition of AI researchers, data scientists, and sociologists has called on the academic world to stop publishing studies that claim to predict an individual’s criminality using algorithms trained on data like facial scans and criminal statistics.




A mere swing of the pendulum?
Victory: Indiana Supreme Court Rules that Police Can’t Force Smartphone User to Unlock Her Phone
In courts across the country, EFF has been arguing that the police cannot constitutionally require you to unlock your phone or give them your password, and today the Indiana Supreme Court issued a strong opinion agreeing with us. In the case, Seo v. State, the court found that the Fifth Amendment privilege against self-incrimination protected a woman against unlocking her phone because complying with the order was a form of “testimony” under the Fifth Amendment. Indiana joins Pennsylvania, which ruled strongly in favor of the Fifth Amendment privilege in a compelled decryption case last year. Meanwhile, state supreme courts in New Jersey and Oregon are also considering this issue.


(Related)
United States v. Moore-Bush: No Reasonable Expectation of Privacy Around the Home
On June 16, 2020, the First Circuit released its opinion in United States v. Moore-Bush. The issue presented was whether the Government’s warrantless use of a pole camera to continuously record for eight months the front of Defendants’ home, as well as their and their visitors’ comings and goings, infringed on the Defendants’ reasonable expectation of privacy in and around their home and thereby violated the Fourth Amendment.
Because the First Circuit held that Bucci was still controlling precedent, and Bucci had determined that there was no objective reasonable expectation of privacy in activity outside the home and exposed to public view, the use of the pole camera to film the outside of Defendants’ home in this case likewise did not constitute a search under the Fourth Amendment.




Will others follow? At least Congress has something to point to when discussing opt-in.
Apple’s Latest Privacy Announcement Could Be More Impactful than CCPA or GDPR
Consent now required to access Apple's mobile advertising tool IDFA
Apple did not outright kill its key mobile advertising tool IDFA this week, meaning a $45 billion subsector of the media industry lives to see another day. But its new consent requirements present a significant hurdle.
The updates require app developers to seek consent from iOS device users in order for third parties, aka app monetization partners, to access their data. This, in effect, makes IDFA an opt-in feature for users, and advertisers will no longer be able to target them by default.
As part of its iOS 14 update, Apple will require app developers, including media owners and brands, to disclose the data they collect and the third parties they share it with.
Apple called this requirement a “nutrition label for privacy.” App Store product pages will feature summaries of developers’ self-reported privacy practices with the wording in layman’s terms.
The announcements and subsequently released documentation have led to varying interpretations of what the latest announcements say about Apple’s long-term plans.
What is clear is that iOS 14’s transparency requirements will have repercussions for the digital media ecosystem with laws such as the California Consumer Privacy Act and growing public backlash over how user data is used to target ads.
One industry source, who requested anonymity, said the upcoming features, which are expected to roll out starting in September, will effectively make IDFA an opt-in feature on a per-app basis with use of Apple’s Limit Ad Tracking tool likely to increase.
… “Apple is making a statement,” said Matt Barash, head of strategy and business development at mobile advertising company AdColony, who claimed the updates will clear up some of the “grey areas” of data practice that have prevailed in recent years.
Advertisers should prepare to recognize a shift in the scale of the audiences they can target,” Barash added. “Savvy advertisers should be prepared to balance both audience and contextual approaches in their mobile media mix.”




A natural evolution: Facial recognition becomes feather recognition.
Amazing bird-identifying A.I camera brings birdwatching into the 21st century
Drawing on the power of A.I. image recognition technology, they’ve developed a Wi-Fi camera that will not only record what’s happening outside, but also ID the bird species and assorted other wildlife that crop up on screen. These recordings are saved and labeled automatically, making it easy to find and watch the day’s highlights. Right now, Birdsy can reportedly ID feeder birds and yard wildlife for North America and European varieties. However, on its project page, its creators note that the A.I. is “constantly learning and improving.” Over time, this should mean that the total number of species Birdsy can recognize will increase.
As with any Kickstarter project, we’d advise a degree of caution. Projects can — and often do — ship late, not quite as described, or sometimes even not at all. However, if you’re nonetheless keen to get involved you can do so on the project’s Kickstarter page.




I’m guessing anything that got them hired would be appreciated.
The Pandemic Pushed Clerkship Hiring to Zoom and Law Students Liked It
Law.com – “Remote clerkship interviewing went so well last week that some law school career services officials hope it remains an option even after COVID-19 subsides…”