and by extension, my students need to explain these to the CISO
https://www.csoonline.com/article/3601001/6-board-of-directors-security-concerns-every-ciso-should-be-prepared-to-address.html?upd=1608642841748
6 board of
directors security concerns every CISO should be prepared to address
The COVID pandemic
and spike in cybercriminal activity has raised interest in security
among corporate boards. These are the concerns and questions CISOs
say they are now hearing from them.
I think we need an “Underwriter’s Lab” for
software.
https://www.bespacific.com/how-u-s-agencies-trust-in-untested-software-opened-the-door-to-hackers/
How U.S.
agencies’ trust in untested software opened the door to hackers
Politico
– The
government doesn’t do much to verify the security of software from
private contractors. And that’s how suspected Russian hackers got
in:
“The massive monthslong hack of agencies across the U.S.
government succeeded, in part, because no one was looking in the
right place. The federal government conducts only cursory security
inspections of the software it buys from private companies for a wide
range of activities, from managing databases to operating internal
chat applications. That created the blind spot that suspected
Russian hackers exploited to breach the Treasury Department, the
Department of Homeland Security, the National Institutes of Health
and other agencies. After embedding code in widely used network
management software made by a Texas company called SolarWinds, all
they had to do was wait for the agencies to download routine software
updates from the trusted supplier…
Dystopian
ethics.
https://dilbert.com/strip/2020-12-22
Perhaps
not as ‘figured out’ as we’d like.
https://www.bbc.com/news/technology-55399509
Facebook
child abuse detection hit by new EU rules
Facebook
has switched off some of its child abuse detection tools in Europe in
response to new rules from the EU.
The
company said it has had no choice but to do so, since the new privacy
directive bans automatic scanning of private messages.
The
change only applies to messaging services rather than all content
uploaded to Facebook.
However,
there is no change in the UK, where measures are "consistent
with applicable laws", Facebook said.
The
problem has emerged despite warnings from child protection advocates
that the new privacy rules effectively ban automated systems scanning
for child sexual abuse images and other illegal content.
Papers,
Citizen!
https://www.technologyreview.com/2020/12/21/1015353/covid-vaccine-passport-digital-immunity-record/
Will
you have to carry a vaccine passport on your phone?
… You
may have heard about using “vaccine certification” or “immunity
passports,” analog or digital tools to prove you’re vaccinated.
Some experts champion them as a way to get back to normal life, while
others warn about privacy risks and the potential for discrimination
and abuse.
These
debates are mostly speculative, but underlying issues of privacy,
verification, and ethical use aren’t unique to the vaccine.
Governments and businesses already use covid-related records every
day to make decisions about who can do what. Here’s what we know.
For the implementers…
https://www.cpomagazine.com/data-protection/ccpa-vs-gdpr-spot-the-difference/
CCPA vs
GDPR – Spot the Difference
For more than two years, the GDPR has been one of
the most pressing pieces of data protection legislation that
organisations handling data on EU residents had to get to grips with.
Its strict regulations meant that companies compliant with the GDPR
would also be likely to comply with the data protection standards in
any territory outside of the EU as well. The status quo changed in
July however, when the California Consumer Protection Act (CCPA)
began to be enforced.
While there are many similarities between CCPA and
the GDPR, there are some subtle yet significant differences many of
those planning to do business in California need to be aware of.
(Related)
https://fpf.org/blog/a-deep-dive-into-new-zealands-new-privacy-law-extraterritorial-effect-cross-border-data-transfers-restrictions-and-new-powers-of-the-privacy-commissioner/
A DEEP DIVE
INTO NEW ZEALAND’S NEW PRIVACY LAW: EXTRATERRITORIAL EFFECT,
CROSS-BORDER DATA TRANSFERS RESTRICTIONS AND NEW POWERS OF THE
PRIVACY COMMISSIONER
Last
week, on December 1st, the newly amended Privacy
Act 2020 (Act)
of New Zealand came
into force.
The act was passed
by
the New Zealand Parliament on June 20, 2020 and made significant
changes to the 1993 law, Privacy Act 1993. The amendments cover a
broad range of topics including the extraterritorial scope of the
law, new mandatory data breach notification requirements, changes to
“compliance notices” as a key enforcement tool of the Office of
the Privacy Commissioner, to data subject access requests,
restrictions on cross-border transfers of personal information, and
the enforcement regime overall.
Futile?
https://www.bespacific.com/civil-rights-groups-move-to-block-expansion-of-facial-recognition-in-airports/
Civil
rights groups move to block expansion of facial recognition in
airports
The
Verge:
“A coalition of civil rights groups led by the American Civil
Liberties Union have filed
an objection to
the proposed expansion of Customs and Border Protections facial
recognition at land and sea ports. The National Immigration Law
Center, Fight for the Future, and the Electronic Frontier Foundation
are also participating in the motion, alongside twelve others. Filed
in November, CBP’s proposed rule would expand
the biometric exit system,
authorizing the collection of facial images from any non-citizen
entering the country. But in a filing on Monday, the final day of
the comment period, the coalition argued that those measures are too
extreme.
CBP’s proposed use of face surveillance
at airports, sea ports, and the land border would put the United
States on an extraordinarily dangerous path toward the normalization
of this surveillance,” said Ashley Gorski, senior staff attorney
with the ACLU’s National Security Project, in a statement to
reporters. “The deployment of this society-changing technology is
unnecessary and unjustified.”…
Explaining why you need to explain Explainable AI
https://www.zdnet.com/article/explaining-explainable-ai/
Explaining
explainable AI
… AI systems making inexplicable decisions are
your governance, regulatory, and compliance colleagues' worst
nightmare. But aside from this, there are other compelling reasons
for shining a light into the inner workings of AI. For one, as more
and more companies adopt AI, they find that the business stakeholders
who will rely on AI for their workflows won't trust decisions if they
don't have at least a general understanding of how they were made.
Also, opaque AI obfuscates the "second-order insights,"
such as nonintuitive correlations that emerge from the inner workings
of a machine-learning model.
… To
understand the business and technology trends critical to 2021,
download Forrester's complimentary 2021 Predictions Guide here.
Perspective.
https://insidebigdata.com/2020/12/21/big-data-industry-predictions-for-2021/
Big Data
Industry Predictions for 2021
2020
has been year for the ages, with so many domestic and global
challenges. But the big data industry has significant inertia moving
into 2021. In order to give our valued readers a pulse on important
new trends leading into next year, we here at insideBIGDATA heard
from all our friends across the vendor ecosystem to get their
insights, reflections and predictions for what may be coming. We
were very encouraged to hear such exciting perspectives. Even if
only half actually come true, Big Data in the next year is destined
to be quite an exciting ride.