Saturday, July 18, 2020


Feedly seems to be unavailable. Fortunately, everything will be there tomorrow when (I hope) it returns.




Can you trust a hacker to do what you pay for?
Cloud provider stopped ransomware attack but had to pay ransom demand anyway
BlackBaud said it had to pay a ransom demand to ensure hackers would delete data they stole from its network.




Another SciFi term shows up in the AI literature.
A beginner’s guide to the AI apocalypse: Artificial stupidity
Welcome to the latest article in TNW’s guide to the AI apocalypse. In this series we’ll examine some of the most popular doomsday scenarios prognosticated by modern AI experts.
You won’t find any comprehensive data on the subject outside of the testimonials at the Darwin Awards, but stupidity is surely the biggest threat to humans throughout all of history.
Based on the fact that we can’t know exactly what’s going to happen once a superintelligent artificial being emerges, we should probably just start hard-coding “artificial stupidity into the mix.
So, rather than attempting to program advanced AI with a philosophical view on the sanctity of human life and what constitutes the greater good, we should just hamstring them with artificial stupidity from the start.




When do hackers cross the line?
Researchers warn court ruling could have a chilling effect on adversarial machine learning
A cross-disciplinary team of machine learning, security, policy, and law experts say inconsistent court interpretations of an anti-hacking law have a chilling effect on adversarial machine learning security research and cybersecurity. At question is a portion of the Computer Fraud and Abuse Act (CFAA). A ruling to decide how part of the law is interpreted could shape the future of cybersecurity and adversarial machine learning.
… “If we are correct and the Supreme Court follows the Ninth Circuit’s narrow construction, this will have important implications for adversarial ML research. In fact, we believe that this will lead to better security outcomes in the long term,” the researchers’ report reads. “With a more narrow construction of the CFAA, ML security researchers will be less likely chilled from conducting tests and other exploratory work on ML systems, again leading to better security in the long term.”
Roughly half of circuit courts have ruled on the CFAA provisions around the country and have reached a 4-3 split. Some courts adopted a broader interpretation, which finds that “exceed authorized access” can deem improper access to information as including a breach of some terms of service or agreement. A narrow view finds that accessing information alone constitutes a CFAA violation.
The paper, titled “Legal Risks of Adversarial Machine Learning Research,” was accepted for publication and presented today at the Law and Machine Learning workshop at the International Conference on Machine Learning (ICML).



Friday, July 17, 2020


A story of credibility lost.
We take data protection very seriously,” New Zealand Friday edition
There were two incidents concerning New Zealand leaks or breaches in my news feed this morning. One of them caught my attention because the story didn’t seem accurate — and not because the reporters weren’t reporting accurately, but because the entity may not have been fully transparent or accurate about the incident.




Makes one wonder how dependent they are on facial recognition.
HOMELAND SECURITY WORRIES COVID-19 MASKS ARE BREAKING FACIAL RECOGNITION, LEAKED DOCUMENT SHOWS
WHILE DOCTORS AND politicians still struggle to convince Americans to take the barest of precautions against Covid-19 by wearing a mask, the Department of Homeland Security has an opposite concern, according to an “intelligence note” found among the BlueLeaks trove of law enforcement documents: Masks are breaking police facial recognition.




Perspective.
Video – Covid, Privacy, and Education with Daniel Solove and Tracy Mitrano
In this video, Daniel Solove and Tracy Mitrano (former IT Policy at Cornell and now Democratic candidate for US Senate in New York’s 23rd district) discuss Covid, privacy, education, work-from-home, and other privacy, security, and technology issues.




Coming soon to many more companies...
Walmart Sued Under CCPA After Data Breach
Walmart has become the latest big-name brand accused of violating California’s new data breach regulations.
The retail giant is the subject of a new complaint alleging that customers now face “significant injuries and damage” after an unspecified incident.
Customer names, addresses, financial and other information were among the haul for attackers, according to the suit filed in the US District Court for the Northern District of California.
As a result of defendants’ wrongful actions and inactions, customer information was stolen. Many customers of Walmart have had their PII compromised, have had their privacy rights violated, have been exposed to the risk of fraud and identify theft and have otherwise suffered damages,” the suit alleges.
Further, despite the fact that the accounts are available for sale on the dark web, and Walmart’s website contains multiple severe vulnerabilities through which the data was obtained, Walmart has failed whatsoever to notify its customers that their data has been stolen.”
Although it’s unknown at present how many customers were affected by the incident, the filing claims that the number of class members is “at least in the thousands.”
If the maximum damages under the California Consumer Privacy Act (CCPA) are awarded, that means $750 per customer.




Something ear-y about Van Gogh?
Van Gogh’s paintings online
blooloop: “The Van Gogh Museum’s website receives more than 8.5 million visits every year. The new redesign is more than a place to find out the museum’s opening times or to buy a ticket. Its new layout allows visitors to explore the artwork of Vincent Van Gogh in more detail and links seamlessly to retail. Content is displayed with the user experience as its foundation. The Van Gogh Museum has now put their entire collection of letters, paintings and drawings online. Visitors to the new website will even be able to zoom in on each artwork to see the brushwork. There will also be information about which artwork is currently on display at the museum. A new filter system means it is easy for visitors to search the collection online. The new ‘Vincent for scale’ function allows visitors to visualise the size of each painting compared to Van Gogh’s height of 1.64 metres…”




Useful techniques.
How to Insert a PDF Into Word
We’re going to show you all the ways to add a PDF into a Word document. This includes copy-pasting text from PDF into Word, using screenshots, and inserting the PDF directly into the Word document.




The chart we should be using?
COVID Risk Chart
XKCD – This is the chart that you want to share to help educate others using real world examples of conduct in correlation to non-COVID and COVID associated risk – imaginative and cogent.



Thursday, July 16, 2020


They didn’t hack their targets directly, they hack the Twitter employees who already had access to these accounts.
Twitter says hacking of high-profile Twitter accounts was a "coordinated social engineering attack"
Some of the world's richest and most influential politicians, celebrities, tech moguls and companies were the subject of a massive Twitter hack on Wednesday. Elon Musk, Joe Biden, Jeff Bezos, Michael Bloomberg, Kim Kardashian West and Bill Gates were among the accounts pushing out tweets asking millions of followers to send money to a Bitcoin address.
Twitter said in a statement that the company detected what they believed to be "a coordinated social engineering attack by people who successfully targeted some of our employees with access to internal systems and tools."
Companies, including Apple and Uber, were apparently hacked as well. Following the incident, all of Apple's tweets appeared to have been deleted.


(Related) This is a bit of an overreaction – isn’t it?
A catastrophe at Twitter
After today it is no longer unthinkable, if it ever truly was, that someone take over the account of a world leader and attempt to start a nuclear war. (A report on that subject from King’s College London came out just last week.)




Start securing your data…
TrojanNet – a simple yet effective attack on machine learning models
Injecting malicious backdoors into deep neural networks is easier than previously thought, a new study by researchers at Texas A&M University shows.
The threat of trojan attacks against AI systems has also drawn the attention of US government agencies.
With the rapid commercialization of DNN-based products, trojan attacks would become a severe threat to society,” the Texas A&M researchers write.
Previous research pertains that hiding a trojan in a deep learning system is an arduous, costly, and time-consuming process.
But in their paper, titled ‘An Embarrassingly Simple Approach for Trojan Attack in Deep Neural Networks, the Texas A&M researchers show that all it takes to weaponize a deep learning algorithm is a few tiny patches of pixels and a few seconds’ worth of computation resources.




Should work as well as any other predictive policing.
Cities Turn to Software to Predict When Police Will Go Rogue
A startup selling tech to identify ‘bad apples’ shows the promise and challenges of using data to improve policing.




Another perspective.
An Ethics Guide for Tech Gets Rewritten With Workers in Mind
IN 2018, SILICON Valley, like Hamlet’s engineer, was hoist with its own petard. Citizens were panicking about data privacy, researchers were sounding alarms about artificial intelligence, and even industry stakeholders rebelled against app addiction. Policymakers, meanwhile, seemed to take a renewed interest in breaking up big tech, as a string of congressional hearings put CEOs in the hot seat over the products they made. Everywhere, techies were grasping for answers to the unintended consequences of their own creations. So the Omidyar Network—a “philanthropic investment firm” created by eBay founder Pierre Omidyar—set out to provide them. Through the firm’s newly minted Tech and Society Solutions Lab, it issued a tool kit called the EthicalOS, to teach tech leaders how to think through the impact of their products ahead of time.
Two years later, some things have changed. But it’s not CEOs who are leading the charge. It’s the workers—engineers, designers, product managers—who have become the loudest voices for reform in the industry. So when it came time for the Omidyar Network to refresh its tool kit, it became clear that a new target audience was needed.
The kit includes a “field guide” for navigating eight risk zones: surveillance, disinformation, exclusion, algorithmic bias, addiction, data control, bad actors, and outsize power




For anyone keeping score...
These Are the Highest Penalties under GDPR – Including Fines Issued to Private Individuals
PrivacyAffairs, a leading source of data privacy and cybersecurity research, has issued a report tallying fines issued under the 2018 General Data Protection Regulation (GDPR). It also lists the countries where the highest fines were dealt, as well as the nations with the most punishable incidents.
According to the research firm, since its rollout in May 2018, the GDPR has claimed 340 ‘victims’ for unlawful data protection practices. The report notes that every single one of the 28 EU nations, including the now Brexited United Kingdom, has issued at least one penalty under the new data protection legislature.




Two people out of a million (or more).
Amazon, Google, Microsoft sued over photos in facial recognition database
Amazon, Google parent Alphabet and Microsoft used people's photos to train their facial recognition technologies without obtaining the subjects' permission, in violation of an Illinois biometric privacy statute, a trio of federal lawsuits filed Tuesday allege.
The photos in question were part of IBM's Diversity in Faces database, which is designed to advance the study of fairness and accuracy in facial recognition by looking at more than just skin tone, age and gender. The data includes 1 million images of human faces, annotated with tags such as face symmetry, nose length and forehead height.
The two Illinois residents who brought the lawsuits, Steven Vance and Tim Janecyk, say their images were included in that data set without their permission, despite clearly identifying themselves as residents of Illinois. [Can that be accomplished when only the image is used? Bob]




But will all this activity result in a Covid vaccine?
Deep Dive Into Big Pharma AI Productivity: One Study Shaking The Pharmaceutical Industry
On June 15th, one article titled “The upside of being a digital pharma playergot accepted and quietly went online in a reputable peer-reviewed industry journal Drug Discovery Today.
Upon a closer look it turned out to be not a perspective but a comprehensive research study with a head-to-head comparison of the pharmaceutical companies by their efforts in AI in research and development.



Wednesday, July 15, 2020


Think it can’t happen here?
And this, kids, is a great reminder of why people can never really trust their government with their health/medical information. They may collect it with a set of promises about confidentiality and then decide they can violate their promises. Or in some cases, there may be no law at all specifically protecting your medical info and your government will share it with …. your neighbors… in the name of public safety.
From the Jakarta Post:
The national COVID-19 task force is considering releasing patients’ personal data in an effort to encourage adherence to health protocols in affected areas.
Task force chief and National Disaster Mitigation Agency (BNPB) head Doni Monardo said such data would only be made available to people living in the patients’ neighborhoods.
Read more on Jakarta Post.


(Related) “We don’t need no stinking Doctors!”
Trump Administration Strips CDC of Control of Coronavirus Data
The New York Times – “The Trump administration has ordered hospitals to bypass the Centers for Disease Control and Prevention and send all Covid-19 patient information to a central database in Washington beginning on Wednesday. The move has alarmed health experts who fear the data will be politicized or withheld from the public. The new instructions were posted recently in a little-noticed document on the Department of Health and Human Services website. From now on, the department — not the C.D.C. — will collect daily reports about the patients that each hospital is treating, the number of available beds and ventilators, and other information vital to tracking the pandemic. Officials say the change will streamline data gathering and assist the White House coronavirus task force in allocating scarce supplies like personal protective gear and remdesivir, the first drug shown to be effective against the virus. But the Health and Human Services database that will receive new information is not open to the public, which could affect the work of scores of researchers, modelers and health officials who rely on C.D.C. data to make projections and crucial decisions…”




Another regulator talks security.
SEC’s OCIE Issues Ransomware Risk Alert
Kate Hanniford of Alston & Bird writes:
On July 10, the SEC’s Office of Compliance Inspections and Examinations (OCIE) issued a Risk Alert noting the increasing sophistication of ransomware attacks on SEC registrants and service providers to SEC registrants. The Risk Alert is notable for its encouragement of financial services market participants more broadly and not just SEC registrants to monitor CISA alerts, and for the specificity of the cybersecurity measures it includes as recognized defenses to current ransomware threats.
[From the Blog:
The Risk Alert includes two new observations related to operational resiliency, first that registrants are determining which systems and processes are capable of being restored during a disruption so business services can continue. Second, it notes that registrants are focusing on the capability to continue operations in the event a primary system is unavailable, which underscores the importance of “geographic separation of back-up data, and writing back-up data to an immutable storage system in the event primary data sources are unavailable.”


(Related) Continuity of Privacy.
COVID-19 and GDPR: Organizational Considerations for Business Continuity of Privacy Compliance Programs
Businesses are facing new and exceptional challenges in connection with the COVID-19 outbreak. In times of uncertainty, ensuring the ongoing availability of resources within an organization is important to limit disruption to daily business operations and maintain appropriate internal governance. This article discusses key steps businesses may consider taking to ensure the business continuity of their privacy compliance programs during the COVID-19 pandemic.




Is law enforcement’s use of facial recognition also Technology Theatre?
Technology Theatre
On June 18, 2020, Prime Minister Justin Trudeau announced that Canada would join the ranks of governments launching a mobile contact-tracing application as part of the national response to COVID-19. That announcement came a few days after Norway’s government shut down its app for failing a necessity and proportionality analysis, the United Kingdom abandoned its contact-tracing app project in favour of the Google-Apple model and reports that Australia’s app was working on just 25 percent of phones. In other words, there was a lot of attention paid to contact-tracing apps at all political levels, despite their questionable — if not actively harmful — role in the response to COVID-19.
Whether it’s the national release of contact-tracing apps meant to battle a pandemic, or Sidewalk Labs’ (now defunct) bid to create a “city built from the internet up,public conversations about major policy initiatives tend to focus on technological components and evade significantly harder questions about power and equity.




Does your insurance provide any assurance?
Beyond Data Breach: Evaluating Coverage for Misuse of Information Claims
New and comprehensive privacy and cyber regulations continue to proliferate across the globe. These are not your father’s data breach notification laws.
In addition, these mandates typically are not limited to data breach and disclosure situations; they often apply to how covered entities treat protected information throughout its entire lifecycle, from collection or creation, through use, retention, security, until ultimate disposition. They may create disclosure obligations concerning the entity’s information-related practices as well as actionable rights for affected individuals. Some laws require that companies create certain roles such as a data protection officer or a chief information security officer, and establish requirements concerning oversight by corporate boards. They also may mandate creation of specific internal and/or publicly-facing written policies and procedures. In addition to empowering enforcement by a state attorney general or other governmental or regulatory agency, these new laws and regulations sometimes provide a private right of action to affected individuals, pursuant to which they can seek statutory and/or actual damages.
Cyber insurance policies typically include coverage for claims arising out of violations of cyber and privacy laws and regulations, but the coverage provided can vary greatly from policy to policy. When considering whether any given claim falls within a policy’s coverage, the following issues should be considered:




Still short of consensus.
Ethical and societal implications of algorithms, data, and artificial intelligence: a roadmap for research
Whittlestone, J. Nyrup, R. Alexandrova, A. Dihal, K. Cave, S. (2019) Ethical and societal implications of algorithms, data, and artificial intelligence: a roadmap for research. London: Nuffield Foundation. “The aim of this report is to offer a broad roadmap for work on the ethical and societal implications of algorithms, data, and AI (ADA) in the coming years. It is aimed at those involved in planning, funding, and pursuing research and policy work related to these technologies. We use the term ‘ADA-based technologies’ to capture a broad range of ethically and societally relevant technologies based on algorithms, data, and AI, recognising that these three concepts are not totally separable from one another and will often overlap. A shared set of key concepts and concerns is emerging, with widespread agreement on some of the core issues (such as bias) and values (such as fairness) that an ethics of algorithms, data, and AI should focus on. Over the last two years, these have begun to be codified in various codes and sets of ‘principles’. Agreeing on these issues, values and high-level principles is an important step for ensuring that ADA-based technologies are developed and used for the benefit of society. However, we see three main gaps in this existing work: (i) a lack of clarity or consensus around the meaning of central ethical concepts and how they apply in specific situations; (ii) insufficient attention given to tensions between ideals and values; (iii) insufficient evidence on both (a) key technological capabilities and impacts, and (b) the perspectives of different publics.”




I would base my European operations in Ireland too.
Apple wins appeal against $15 billion EU tax bill
Apple has won its appeal against a European Commission ruling that it owed Ireland €13 billion ($14.9 billion) in taxes.
The European Union's second highest court ruled Wednesday that the Commission had not proven that the company had received illegal state aid from Ireland through favorable tax agreements.
The European Commission — Europe's top antitrust authority — said in 2016 that the Irish government had granted Apple an illegal advantage by helping the iPhone maker keep its tax bill artificially low for more than 20 years.
But Ireland didn't want the money. The small country became the European base for companies such as Apple, Google (GOOGL) and Facebook (FB) because it has one of the lowest corporate tax rates in Europe. So it teamed up with Apple to fight the Commission.
"The correct amount of Irish tax was charged taxation in line with normal Irish taxation rules," the finance ministry said in a statement.
Margrethe Vestager, the Commission's top antitrust official, said she was carefully studying the judgment before deciding on next steps. But she vowed that the Commission would continue to aggressively pursue what it considers "illegal state aid."




Tools for handouts?
Book Creator Adds New Options for Copying and Re-using Pages
Book Creator is one of my go-to tools for making ebooks and digital portfolios. In fact, I like it so much that it's one of the featured tools in my Practical Ed Tech Virtual Summer Camp. And now there is a new feature that makes Book Creator better than ever. That new feature is the option to copy multiple pages from one of your books and re-use them in another book.
In Book Creator you can now copy and re-use any of the pages in your books including the cover page. This can be done within the same book or be done between multiple books.
As Book Creator wrote in their Tweet announcing this new feature, copying and pasting pages could be quite useful in creating a template that you want students to use for their books. I find that when using Book Creator as a tool for a portfolio it's nice to have students follow the same structure. Following the same structure makes it easier for a teacher to quickly locate an artifact related to a topic or standard within a portfolio.




Helping my students move on…
The 6 Best Resume Review Websites to Help You Update Your Resume



Tuesday, July 14, 2020


Improve your work-from-home comfort level.
Remote working: This free tool tests how good your security really is
Remote workers can learn how to keep themselves – and their organisations – secure from cyberattacks with the aid of a new set of free tools and roleplay exercises from the National Cyber Security Centre (NCSC).
The 'Home and Remote Working' exercise has been added to the NCSC's Exercise in a Box, a toolkit designed to help small and medium-sized businesses prepare to defend against cyberattacks by testing employees with scenarios based around real hacking incidents – and lessons on how to respond.
As part of the exercises – which are available to download for free – employees are provided information about processes and knowledge about boosting cybersecurity and are tested on what they learned.




The first public offering of this technology?
Google Cloud steps up privacy, security with Confidential VMs and Assured Workloads
Google Cloud on Tuesday announced two new security offerings designed for customers with highly-regulated or sensitive data that requires extra protection in the cloud. The first, Confidential Vms, is the initial product in Google's Confidential Computing portfolio, which promises to let customers keep data encrypted while in use. The second, Assured Workloads for Government, allows customers to configure workloads in a way that meets strict compliance requirements, without having to rely on a siloed "government cloud."
Confidential Computing is a "game-changing technology," Potti said. "It's almost like the last bastion of sensitive data that can now be unlocked to leverage the full power of the cloud."
For example, Potti said, many financial services firms keep their most sensitive IP around algorithmic trading on premise because of sensitivities around data processing. Those concerns could be relieved with confidential computing.




Probably won’t come as fast as Privacy laws. Still, don’t get caught short.
The Rise of Internet of Things Security Laws – Part II
This is the second part of a two-part article examining the enactment of California’s Internet of Things (“IoT”) security law, and the wave of similar IoT laws expected to follow close behind in 2020. The first part of this article, which appeared in the June 2020 issue of Pratt’s Privacy & Cybersecurity Law Report, discussed the current legal landscape as it relates to the security of connected devices and took a closer look at California’s new IoT security law – which went into effect at the start of the year. This second part provides tips and strategies for IoT device manufacturers to comply with the IoT security regulations expected to begin to blanket the country.




This looks like fun, let’s try it!”
'Booyaaa': Australian Federal Police use of Clearview AI detailed
Earlier this year, the Australian Federal Police (AFP) admitted to using a facial recognition tool, despite not having an appropriate legislative framework in place, to help counter child exploitation.
The tool was Clearview AI, a controversial New York-based startup that has scraped social media networks for people's photos and created one of the biggest facial recognition databases in the world. It provides facial recognition software, marketed primarily at law enforcement.
The AFP previously said while it did not adopt the facial recognition platform Clearview AI as an enterprise product and had not entered into any formal procurement arrangements with the company, it did use a trial version.




More stuff I didn’t know...
EFF Launches Searchable Database of Police Agencies and the Tech Tools They Use to Spy on Communities
San Francisco—The Electronic Frontier Foundation (EFF), in partnership with the Reynolds School of Journalism at the University of Nevada, Reno, today launched the largest-ever collection of searchable data on police use of surveillance technologies, created as a tool for the public to learn about facial recognition, drones, license plate readers, and other devices law enforcement agencies are acquiring to spy on our communities. The Atlas of Surveillance database, containing several thousand data points on over 3,000 city and local police departments and sheriffs’ offices nationwide, allows citizens, journalists, and academics to review details about the technologies police are deploying, and provides a resource to check what devices and systems have been purchased locally. Users can search for information by clicking on regions, towns, and cities, such as Minneapolis, Tampa, or Tucson, on a U.S. map. They can also easily perform text searches by typing the names of cities, counties, or states on a search page that displays text results. The Atlas also allows people to search by specific technologies, which can show how surveillance tools are spreading across the country…”




An AI reference.
The Brookings glossary of AI and emerging technologies
Many people fear artificial intelligence, but don’t understand what it is or how it is being used. In our Brookings Institution Press book, Turning Point: Policymaking in the Era of Artificial Intelligence,, we discuss AI applications in healthcare, education, transportation, e-commerce, and defense, and present a policy and governance blueprint for responsible and trustworthy AI. Below is a glossary of key terms drawn from that book, which we present as a living document that will be updated as the AI conversation unfolds.




So easy, a 13 year old can do it!
Eighth grader builds IBM Watson-powered AI chatbot for students making college plans
A bored 13-year-old from New Jersey used COVID-19 isolation to take an online IBM class, and within two weeks created and launched Rita, a fully functional chatbot.
Harita is more than a little familiar with tech, "I have been interested in technology since I was 5," she said. "My first coding challenge was the Lightbot Hour of Code. I was fascinated that the code I wrote could control the actions of the characters on screen. Since then, I pursued coding on multiple platforms like code.org, CodeMonkey, and CodeCombat. The more I learned about tech, the more I wanted to know. In fifth grade, I took a Python programming course offered by Georgia Tech."
Two weeks after starting the IBM course, she created, and launched a fully functioning IBM Watson-powered AI chatbot named Rita. It was designed for the business her father, Suresh Kashyap, runs, Analyze-Ed, a college and career-readiness platform.




I always wanted one of these. If there were two for sale, the FBI would probably have a fit.
Enigma Machine for Sale
A four-rotor Enigma machine -- with rotors – is up for auction.




How to ‘logic circularly.’