Friday, December 31, 2021

Interesting that these documents include checks.

https://www.databreaches.net/vendor-hack-slows-nj-state-agencys-ability-to-print-documents/

Vendor hack slows NJ state agency’s ability to print documents

101.5 reports:

Receiving a printed state document could prove to be a challenge because of an issue with the vendor used by the state.
The state office of Office of Information Technology, which facilitates the service, said vendor R.R. Donnelley & Sons identified a “systems intrusion in its technical environment” and responded by shutting down its servers and systems, began a forensic investigation and hired a cybersecurity expert.

Read more at 101.5

[From the article:

For New Jersey, the problem means a multi-day delay to receive certain documents including but not limited to vendor payments, disbursement checks, and motor vehicle documentation.



A summary.

https://www.makeuseof.com/biggest-hacks-of-2021/

The 4 Biggest Hacks of 2021 (and What We Can Learn From Them)



Should I view this as a reason to mingle various types of accounts?

https://www.pogowasright.org/u-s-court-denies-access-to-defendants-hard-drive-in-online-piracy-case/

U.S. Court Denies Access to Defendant’s Hard Drive in Online Piracy Case

Ernesto van der Sar discusses a California piracy case where the defendant objected to Strike 3’s request for a copy of his hard drive and access to his cloud hosting accounts because the request would result in Strike 3 obtaining personal and private information such as family photos as well as attorney-client privileged communications.

In this case, the judge agreed with the defendant and rejected Strike 3’s proposed solutions.

Read about the issue on TorrentFreak. A copy of U.S. Magistrate Judge Sheri Pym’s order on Strike 3’s request to compel discovery responses is available on Torrent Freak, here (pdf).



Everyone should know how to use this.

https://www.bespacific.com/global-privacy-control-popularity-grows-as-legal-status-up-in-air/

Global Privacy Control Popularity Grows as Legal Status Up in Air

BloombergLaw: “Global Privacy Control, a way for consumers to signal privacy preferences to a host of websites without manually reaching out to each one, is gaining traction. A handful of internet browsers offer the tool, and California’s attorney general indicated the tool could be used to comply with the state’s privacy law. But its ability to satisfy privacy statutes on the books in Virginia and Europe is less certain. Mozilla Corp.’s Firefox, one of the country’s most popular browsers, released Global Privacy Control in December for people to turn on if they wish after rolling it out experimentally earlier this year. Brave and DuckDuckGo, two leading privacy-oriented internet browsers, also offer the technology. “It’s a signal that expresses a user’s preference for privacy,” said Peter Dolanjski, a product director at DuckDuckGo, which helped develop the tool. “The goal is for that preference to have legal teeth behind it—like it does in California—and carry protection in jurisdictions where websites might otherwise sell or share your data.”…


Thursday, December 30, 2021

How does this help? Probably smarter to run like hell…

https://www.databreaches.net/ransomware-gang-coughs-up-decryptor-after-realizing-they-hit-the-police/

Ransomware gang coughs up decryptor after realizing they hit the police

Lawrence Abrams reports:

The AvosLocker ransomware operation provided a free decryptor after learning they encrypted a US government agency.
Last month, a US police department was breached by AvosLocker, who encrypted devices and stole data during the attack.
However, according to a screenshot shared by security researcher pancak3, after learning that the victim was a government agency, they provided a decryptor for free.

Read more at BleepingComputer.



Perhaps Russia will claim they never invaded, but sent in some cyber tools instead?

https://www.cpomagazine.com/cyber-security/cyber-attacks-an-expected-element-of-military-strategy-as-russia-deploys-on-the-ukraine-border/

Cyber Attacks an Expected Element of Military Strategy as Russia Deploys on the Ukraine Border

The conflict between Russia and Ukraine has led to border tensions, but United States and British intelligence think that coordinated cyber attacks are a much more likely opening move than a physical incursion.

The New York Times reports that the US and UK have dispatched cyber warfare advisors to Ukraine to prepare for potential attacks. The prospect is not unprecedented, as Russia disabled Ukrainian power stations the last time tensions between the two countries escalated.



Perspective. I recall higher resolutions some years ago. It’s the speed that is new.

https://nypost.com/2021/12/29/chinese-ai-satellite-takes-ultra-high-res-images-from-orbit-at-speeds-never-before-seen/

Chinese AI satellite takes ultra-high res images from orbit at speeds ‘never before seen’

China has developed a powerful AI satellite capable of taking hi-res images of cities in a matter of seconds.

Beijing-3, a small one-ton commercial satellite, can take images clear enough to be able to identify a military vehicle on the street and tell what type of weapon it might be carrying, according to researchers.

The satellite was launched by China in June and performed an in-depth scan of the central San Francisco Bay area, covering 1,470 square miles, the journal Spacecraft Engineering reports.

Most satellites observing the Earth must be stable when taking image because altitude control mechanisms can produce vibrations that blur the images.

But in the Chinese experiment on June 16, the satellite was able to change the angle of its camera’s line of sight to the ground when passing over the US.

The movement meant it could capture a larger area than satellites have been previously able to.

The pictures were taken at an altitude of 310 miles and had a resolution of 50 centimeters per pixel with the test showing the satellite could take images while its body was twisting at up to 10 degrees per second, a speed not seen on a satellite before.



Resources.

https://www.makeuseof.com/tag/top-10-professional-sample-code-websites-for-programmers/

Top 9 Professional Sample Code Websites for Programmers



Stuff to wallow in?

https://www.bespacific.com/january-1-2022-is-public-domain-day/

January 1, 2022, is Public Domain Day

Duke Center for the Study of the Public Domain Works from 1926 are open to all, as is a cornucopia of recorded music: an estimated 400,000 sound recordings: “On January 1, 2022, copyrighted works from 1926 will enter the US public domain, where they will be free for all to copy, share, and build upon. The line-up this year is stunning. It includes books such as A. A. Milne’s Winnie-the-Pooh, Felix Salten’s Bambi, Ernest Hemingway’s The Sun Also Rises, Langston Hughes’ The Weary Blues, and Dorothy Parker’s Enough Rope. There are scores of silent films—including titles featuring Harold Lloyd, Buster Keaton, and Greta Garbo, famous Broadway songs, and well-known jazz standards. But that’s not all. In 2022 we get a bonus: an estimated 400,000 sound recordings from before 1923 will be entering the public domain too!


Wednesday, December 29, 2021

Ready to start a serious discussion of privacy?

https://iapp.org/news/a/privacy-as-code-a-new-taxonomy-for-privacy/

Privacy as code: A new taxonomy for privacy

Privacy by design” implies putting privacy into practice in system architectures and software development from the very beginning and throughout the system lifecycle. It is required by the EU General Data Protection Regulation in Article 25. In the U.S., the Federal Trade Commission included an entire section on privacy by design in its 2012 report on recommendations for businesses and policymakers. Privacy by design is also covered by India’s PDP Bill and by Australia’s Privacy Management Framework, to name just a few. Privacy by design has come a long way since its original presentation by Ann Cavoukian, former Canadian privacy commissioner of Ontario, in 2009.

While privacy as design is conceptually simple, its reduction to practice is not. System developers and privacy engineers responsible for it face simple but hard-to-answer questions: Where is the actual data in the organization? What types of information fall under personal data? How does one set up a data deletion process for structured as well as unstructured data?

Three years ago, Cillian Kieran and his team at Ethyca embarked on a quest to develop a unified solution to those questions. Their vision? Nothing less than privacy-as-code – privacy built into the code itself. This revolutionary approach classifies data in such a way that its privacy attributes are obvious within the code structure.

Last week, Ethyca celebrated an additional $7.5 million in funding and announced the first release of Fides. Fides is named after the Roman god of trust.

Fides is an open-source, human-readable description language based on the data-serialization language YAML. Fides allows one to write code with privacy designed in. It is based on common definitions of types, categories and purposes of personal data. Developers that use this language can easily see where privacy-related information is at any point in the software development. For any given system, engineers shall be able to understand at a glimpse whose data is in the system and what it is being used for.



Perhaps it is not too late.

https://sloanreview.mit.edu/article/catching-up-fast-by-driving-value-from-ai/

Catching Up Fast by Driving Value From AI

Some organizations may feel that acquiring AI capabilities is a race, and if a company starts late, it can never catch up.

That notion is belied by Scotiabank (officially the Bank of Nova Scotia), which has pursued a results-oriented approach to artificial intelligence over the past two years. While some of its resources are devoted to exploring how new technologies — including blockchain and quantum computing — might drive fresh business models and products, the great majority of its data and AI work is focused on improving operations today rather than incubating for the future.

As a result, Scotiabank — one of the Big Five banks based in Canada — has caught up to competitors in some crucial areas. It has done so by more closely integrating its data and analytics work; taking a pragmatic approach to AI; and focusing on reusable data sets, which help with both speed and return on investment.



Questions yes, answers not so much.

https://www.fedscoop.com/questions-around-federal-ai-oversight/

2021 in review: Oversight questions loom over federal AI efforts

The Biden administration established several artificial intelligence bodies in 2021 likely to impact how agencies use the technology moving forward, but oversight mechanisms are lacking, experts say.

Bills mandating greater accountability around AI haven’t gained traction because the U.S. lacks comprehensive privacy legislation, like the European Union’s General Data Protection Regulation, which would serve as a foundation for regulating algorithmic systems, according to an Open Technology Institute brief published in November.

… “Right now most advocates and experts in the space are really looking to the EU as the place that’s laying the groundwork for these kinds of issues,” Spandana Singh, policy analyst at OTI, told FedScoop. “And the U.S. is kind of lagging behind because it hasn’t been able to identify a more consolidated approach.”

Instead lawmakers propose myriad bills addressing aspects of privacy, transparency, impact assessments, intermediary liability, or a combination in a fragmented approach year after year. The EU has only the Digital Services Act, requiring transparency around algorithmic content curation, and the AI Act, providing a risk-based framework for determining if a particular AI system is “high risk.”


Tuesday, December 28, 2021

My concern: AI may convince either side that it can win the conflict if given the freedom to act now!

https://thediplomat.com/2021/12/how-does-china-aim-to-use-ai-in-warfare/

How Does China Aim to Use AI in Warfare?

Chinese military thinkers believe that under conditions of informatized warfare, dominating a system of systems confrontation rather than the large-scale attrition of enemy forces is the key factor in winning. Therefore, the PLA’s main strategy to defeat an adversary on the battleground is by creating disruption or paralysis on the enemy side through a system of systems operations. AI is believed to play a central role in intelligentized warfare to target and crash key elements of opponent operational systems. A PLA Senior Colonel Li Minghai pointed out that algorithms, unmanned platforms and extreme domains are emerging factors contributing to the form of intelligentized warfare.



Papers, citizen.

https://www.pogowasright.org/idea-of-national-patient-ids-revives-privacy-fight/

Idea of national patient IDs revives privacy fight

Ben Leonard reports:

Advocates of unique IDs to match patients to their health records may be close to lifting a decadeslong congressional ban on using federal funds to develop the system.
The effort, long mired in broader debates over patient privacy, gained steam this fall when the Senate for the first time left the ban out of a fiscal 2022 spending package. But its ultimate fate is still tied to uncertainties surrounding the appropriations process and an overdue report on the benefits and risks from the Department of Health and Human Services’ health information technology office that could influence the system’s design.

Read more at Politico.



Worried that Covid will spread throughout the population or simply ensuring that the infected never enter my neighborhood?

https://www.pogowasright.org/canadas-public-health-agency-admits-it-tracked-33-million-mobile-devices-during-lockdown/

Canada’s public health agency admits it tracked 33 million mobile devices during lockdown

Swikar Oli reports:

The Public Health Agency of Canada accessed location data from 33 million mobile devices to monitor people’s movement during lockdown, the agency revealed this week.
Due to the urgency of the pandemic, (PHAC) collected and used mobility data, such as cell-tower location data, throughout the COVID-19 response,” a spokesperson told National Post. The program’s existence was first brought to wider attention by Blacklock’s Reporter.
[…]
In March, the Agency awarded a contract to the Telus Data For Good program to provide “de-identified and aggregated data” of movement trends in Canada.

Read more at National Post.



Take a minute and catch up.

https://spectrum.ieee.org/artificial-intelligence-2021

2021's Top Stories About AI

2021 was the year in which the wonders of artificial intelligence stopped being a story. Which is not to say that IEEE Spectrum didn't cover AI—we covered the heck out of it. But we all know that deep learning can do wondrous things and that it's being rapidly incorporated into many industries; that's yesterday's news. Many of this year's top articles grappled with the limits of deep learning (today's dominant strand of AI) and spotlighted researchers seeking new paths.

Here are the 10 most popular AI articles that Spectrum published in 2021, ranked by the amount of time people spent reading them. Several came from Spectrum's October 2021 special issue on AI, The Great AI Reckoning.



Imagine a technology that seems a short term miracle and hides its long term danger...

https://www.unite.ai/tackling-the-us-governments-pdf-mountain-with-computer-vision/

Tackling the US Government’s PDF Mountain With Computer Vision

Adobe’s PDF format has entrenched itself so deeply in US government document pipelines that the number of state-issued documents currently in existence is conservatively estimated to be in the hundreds of millions. Often opaque and lacking metadata, these PDFs – many created by automated systems – collectively tell no stories or sagas; if you don’t know exactly what you’re looking for, you’ll probably never find a pertinent document. And if you did know, you probably didn’t need the search.



Perspective.

https://www.makeuseof.com/facebook-big-tech-not-trusted-shows-poll/

New Poll Shows People Don't Trust Big Tech, but Especially Facebook

… About 44% of Americans trust Apple and Microsoft. Google does better with 48% trust. Amazon does really well comparatively, as it has the trust of a majority 53% of users (Amazon and Washington Post are both owned by Jeff Bezos). Other users either distrust these four companies or have no opinion.

When it comes to social media, it is more meaningful to speak of distrust rather than trust. As a net figure, users distrust all social media companies. A solid 60% distrust Instagram and 63% distrust TikTok, while 53% distrust WhatsApp and YouTube.

However, Facebook is off the charts, with an overwhelming 72% sitting in the distrust camp. Only 20% of users trust Facebook and 8% have no opinion.


Monday, December 27, 2021

What harms will the law address? (You must have harm or there is no reason for law?)

https://www.cpomagazine.com/data-privacy/big-tech-isnt-breaking-any-privacy-rules-if-there-arent-rules-to-break/

Big Tech Isn’t Breaking Any Privacy Rules if There Aren’t Rules to Break

Here’s something to think about. There are digital warehouses of information about you, and their inventory expands every time you use a popular social media app or web browser. These warehouses store and make accessible all kinds of details about you, big and small. Consider tidbits such as your address, phone number, aliases, relatives, political affiliation, resting heart rate, and preference for plant-based over cow’s milk.

All this data is for sale to anyone offering the right price. Some merchants buy your data to get you to try their new line of sneakers, and some use it to convince you to vote a certain way. Whatever their conversion goal, none of them are particularly transparent about where they’re collecting your information from and how they’re using it.



Simple and useful.

https://www.infoworld.com/article/3645789/how-digital-twins-improve-physical-systems.html

How digital twins improve physical systems

There is a long lineage of technologies and tools used to model the physical world, including drawings, diagrams, and CAD models. There are also many ways to use technology to model real-world systems and make predictions, including financial trading simulators, weather predictors, and traffic pattern models.

When you put these two capabilities together—combining a digital representation of a physical-world system and a model that simulates output conditions based on inputs drawn from the physical environment—you get a digital twin. A digital twin allows you to validate the system against a wide array of real-world situations.



Some truth?

https://www.wsj.com/articles/congress-breaking-up-silicon-valley-tech-is-a-gift-to-china-tencent-baidu-bytedance-quantum-11640525284

Breaking Up Tech Is a Gift to China

Few issues unite both sides of the political divide more than anger at U.S. tech companies, whether for censorship of conservative viewpoints or for failing to counter misinformation online. In response to these concerns, legislation introduced in Congress would weaken the U.S. tech industry, ostensibly in the name of breaking up monopolies. Unfortunately, the various bills would hurt the U.S. and strengthen the hand of our greatest geopolitical rival, the People’s Republic of China.


(Related) If you track everything do you know everything about everything?

https://www.wsj.com/articles/chinas-growing-access-to-global-shipping-data-worries-u-s-11640001601?mod=djemalertNEWS

China’s Growing Access to Global Shipping Data Worries U.S.

China’s expanding grip on data about the world’s cargo flows is sparking concern in Washington and among industry officials that Beijing could exploit its logistics information for commercial or strategic advantage.

Even cargo that never touches Chinese shores often still passes through Beijing’s globe-spanning logistics networks, including through sophisticated data systems that track shipments transiting ports located far from China. Control over the flow of goods and information about them gives Beijing privileged insight into world commerce and potentially the means to influence it, say cargo-industry officials.

With ports clogged globally and shortages plaguing many industries, shipping data has become an enormously valuable commodity.



Interesting. Puts Russia in perspective.

https://www.visualcapitalist.com/visualizing-the-94-trillion-world-economy-in-one-chart/

Visualizing the $94 Trillion World Economy in One Chart


Sunday, December 26, 2021

A number of papers my lawyers friends should consider…

https://papers.ssrn.com/sol3/papers.cfm?abstract_id=3989327

Lawyer-Client Conflict Of Interest When AI Is The Attorney On Both Sides

As a sacrosanct part of the lawyer-client relationship, conflicts of interest by an attorney are to be made apparent and normally eliminated or mitigated in one fashion or another. This raises an interesting question about the future as to the advent of AI in the law and the possibility of AI-based attorneys that could equally embody conflicts of interest toward their clients.


(Related)

https://papers.ssrn.com/sol3/papers.cfm?abstract_id=3989320

AI Anticipated Impacts On The Sixth Amendment Effective Counsel Provision

The U.S. Constitution mandates the assistance of legal counsel for criminal defendants. Meanwhile, relevant Supreme Court decisions have clarified that such legal counsel must be effective and that when legal counsel is ineffective there are opportunities to overturn case results. Consider how the question of effectiveness might be altered in an era of AI-based legal reasoning systems.


(For others, see here:)

https://papers.ssrn.com/sol3/cf_dev/AbsByAuth.cfm?per_id=4190984



Other than identification...

https://researchportal.vub.be/en/publications/person-identification-human-rights-and-ethical-principles-rethink

Person identification, human rights and ethical principles: Rethinking biometrics in the era of artificial intelligence

As the use of biometrics becomes commonplace in the era of artificial intelligence (AI), this study aims to identify the impact on fundamental rights of current and upcoming developments, and to put forward relevant policy options at European Union (EU) level. Taking as a starting point the proposal for a regulation of the European Parliament and of the Council laying down harmonised rules on AI, presented by the European Commission in April 2021, the study reviews key controversies surrounding what the proposal addresses through the notions of 'remote biometric identification' (which most notably includes live facial recognition), 'biometric categorisation' and so-called 'emotion recognition'. Identifying gaps in the proposed approaches to all these issues, the study puts them in the context of broader regulatory discussions. More generally, the study stresses that the scope of the current legal approach to biometric data in EU law, centred on the use of such data for identification purposes, leaves out numerous current and expected developments that are not centred on the identification of individuals, but nevertheless have a serious impact on their fundamental rights and democracy.



Perspective.

https://www.villagelivingonline.com/news/garrison-named-one-of-washingtons-most-powerful-women/

Garrison named one of ‘Washington’s Most Powerful Women’: Mountain Brook resident attracts attention for role with tech firm Clearview AI

Clearview AI in New York City is a company that provides what it says is the world’s largest facial recognition network.

One of the leaders in the effort to sell the benefits of the company’s technology is Jessica Medeiros Garrison, a Mountain Brook resident since 2011 who lives in Crestline.

Garrison has worked for Clearview AI since 2019 and currently serves in Washington, D.C., as the company’s vice president of government affairs.

She takes pride in the company’s technology.

We are now recognized as the most accurate algorithm in the Western world,” Garrison said.


(Related)

https://www.bbc.com/news/world-africa-59702837

Letter from Africa: Why Kenya's taxman is eyeing social media

… But in Kenya there is now another hidden follower, tracking every step you make, every photo you post, every meal you eat, every car you flaunt, every house you show off.

This loyal follower is the taxman.

… "This may in some instances involve viewing the social media profiles of targeted individuals," a KRA spokesperson admits to me.

"Isn't this an infringement on people's privacy?" I ask.

"No," says the authority: "The KRA does not infringe on anyone's right of privacy as what they post is for public viewing and in public social media."


Saturday, December 25, 2021

Mele Kalikimaka



I expect this to change as AI gets better at pretending to be human.

https://www.bespacific.com/should-i-email-text-or-call-researchers-have-discovered-the-answer-to-an-age-old-question/

Should I email, text, or call? Researchers have discovered the answer to an age-old question

Fast Company: “Whatever you do, don’t email. Or text. That is, if you want someone to actually help you. A new research paper finds that in-person communication is the most successful way to get the assistance you need. Should that not be an option, a phone call or video call are second best. “In-person requests were 67% more effective than audio and video calls in one study,” Cornell University associate professor Vanessa Bohns, who wrote the paper with Ryerson University assistant professor M. Mahdi Roghanizad, explains in an email to Fast Company. “In another study, video and audio requests were 86% more effective than email requests.” In their write-up, they also explain that the participants in their studies underestimate the effectiveness of in-person communication. “We didn’t compare in-person to email in that paper, but did in an earlier paper with requests made of strangers (rather than friends, as in this study),” Bohns added. “In that study, we found in-person requests were 34 times more effective than email requests.” Participants in the new study asked 1,490 respondents for help proofreading a half-page of text. The research was published in the November issue of the journal Social Psychological and Personality Science…”



For my musical geeks?

https://analyticsindiamag.com/a-guide-to-omnizart-a-general-toolbox-for-automatic-music-transcription/

A Guide to Omnizart: A General Toolbox for Automatic Music Transcription

The activity of notating, reproducing, or otherwise memorizing existing pieces of music is known as music transcription. Music transcription includes melodies, chords, basslines, entire orchestral arrangements, and other aspects. In this post, we will take a look at Yu-Te Wu et al’s recently published Python-based toolbox, which transcribes a given audio music file into the various modes stated above.


Friday, December 24, 2021

and that’s just in one state…

https://www.databreaches.net/washington-state-data-breaches-in-2021-analysis/

Washington State Data Breaches in 2021 – Analysis

The Washington State Attorney General report on data breaches reported to their office in 2021 shows a significant increase over previous years. No surprise there, right From the Executive Summary:

  • 2021 set a new record for the highest number of data breach notices sent to Washingtonians (6.3 million).

    • This represents approximately an 80% increase on the previous record of 3.5 million (2018).

    • Moreover, this is a nearly 500% increase over last year.

  • Businesses, agencies and other entities 280 reported to our office — also a new record.

    • This represents about a 260% increase over the previous record of 78 (2017), and nearly five times last year’s total of 60 breaches.

  • Cyberattacks and ransomware attacks spiked in 2021.

    • Cyberattacks caused 87.5% of all reported data breaches — up from 63% in 2020.

    • 150 notices cited ransomware in 2021 — more than the last 5 years combined. A significant proportion of these refer to the ransomware breach of Blackbaud

    • Ransomware attacks accounted for 61% of all cyberattacks (150 of 245) and more than half of all breaches (150 of 280).

  • 2021 saw the first recorded mega breach since 2018.

    • The cyberattack targeted Accellion, a company that specializes in file sharing technology, resulting in the exposure of files in the possession of the Washington State Auditor’s Office. These files contained the personal information of approximately 1.3 million Washingtonians, including residents’ names, Social Security numbers, dates of birth, bank account and routing numbers, addresses, and email.

    • This is the third reported mega breach since 2016.

Read the report.



Racing ahead?

https://www.insideprivacy.com/artificial-intelligence/u-s-ai-and-iot-legislative-update-year-end-2021-4/

U.S. AI and IoT Legislative Update – Year-End 2021

As 2021 comes to a close, we will be sharing the key legislative and regulatory updates for artificial intelligence (“AI”), the Internet of Things (“IoT”), connected and automated vehicles (“CAVs”), and privacy this month. Lawmakers introduced a range of proposals to regulate AI, IoT, CAVs, and privacy as well as appropriate funds to study developments in these emerging spaces. In addition, from developing a consumer labeling program for IoT devices to requiring the manufacturers and operators of CAVs to report crashes, federal agencies have promulgated new rules and issued guidance to promote consumer awareness and safety. We are providing this year-end round up in four parts. In this post, we detail IoT updates in Congress, the states, and federal agencies.



For the military history buff (and the autonomous AI in training)

https://www.freetech4teachers.com/2021/12/4000-maps-of-military-battles-and.html

4,000+ Maps of Military Battles and Campaigns

The Library of Congress housed hundreds of thousands of maps covering a huge array of topics from maps used by fire insurance companies to population density to maps of military battles and campaigns.

The LOC's collection of maps of military battles and campaigns contains more than 4,000 maps that are free to view, download, and reuse. The vast majority of the maps are from the 18th and 19th centuries although there are about 600 maps covering World War I and II.

You can browse through the collection according to date, location, subject, and language (most of the maps are in English or French). Once you've found a map that seems interesting, click on it to view more information about the cartographer and a little backstory on the map. Most of the maps can be downloaded as images and some can be downloaded as PDFs.


Thursday, December 23, 2021

Choices, choices all of them bad.

https://www.databreaches.net/if-your-disclosure-of-a-data-breach-was-late-you-may-have-to-litigate/

If Your Disclosure of a Data Breach Was “Late,” You May Have to Litigate

Jean E. Tomasco of Robinson & Cole writes about a breach involving an accounting firm that is a business associate to a number of covered entities. This month, the firm, Bansley & Kierner, issued a notice and started notifying individuals and HHS. But the time frame for discovery and notification has resulted in a potential class action lawsuit.

On December 17, 2021, a lawsuit was filed against Bansley & Kierner, LLP, which offers payroll and benefit services to businesses, by an employee of one of its clients, seeking damages on behalf of himself and others. According to the allegations of the complaint, Bansley failed to properly secure and safeguard a wide range of payroll and benefit plan participants’ PII, including names, dates of birth, Social Security numbers, drivers’ license and passport numbers, financial account numbers, and personal health information. Bansley apparently discovered in mid-December 2020 that its network had fallen victim to a ransomware attack by an “unauthorized person.” The complaint asserts that Bansley elected not to notify participants and clients of the incident at that time, instead choosing to address the incident on its own by making upgrades to some aspects of its computer security, restoring the impacted systems from backups, and then resuming normal business operations.
In May 2021, Bansley allegedly learned that PII had been exfiltrated from its network, and only then retained a cybersecurity company to investigate.

But even then, notifications were not immediately forthcoming, with the firm making required notifications in November and this month, almost a year after the incident.

Read more at National Law Review.

As Bansley & Kierner explained it in their recent notice:

On December 10, 2020, B&K identified a data security incident that resulted in the encryption of certain systems within our environment. B&K addressed the incident, made upgrades to certain aspects of our computer security, restored the impacted systems from recent backups, and resumed normal operation. We believed at the time that the incident was fully contained and did not find any evidence that information had been exfiltrated from our environment. On May 24, 2021, we were made aware that certain information had been exfiltrated from our environment by an unauthorized person. We immediately launched an investigation, and a cyber security firm was engaged to assist.

The complaint is, of course, unproven allegations, and the accounting firm is certainly not the only firm to not make timely notifications following a ransomware attack or other attack. And they are certainly not the only firm to discover that PII or PHI was exfiltrated after they had thought it hadn’t been. Who made the initial determination that no PII or PHI was accessed? Someone in-house or forensic experts? And should they have notified state attorneys general promptly in August when investigation revealed personal information was involved, even if they were unable at that point to indicate who was impacted and how?

There’s nothing particularly unusual about this incident, but it does raise questions. Of course, those questions may never be litigated if the plaintiffs do not survive a likely motion to dismiss for lack of standing. Has anyone experienced actual concrete injury from this breach? There is a lot we do not yet know.



Probably not the last.

https://www.databreaches.net/pain-and-suffering-for-a-data-breach-german-court-issues-first-decision-of-its-kind-in-europe/

Pain and Suffering for a Data Breach? German Court Issues First Decision of Its Kind in Europe.

Odia Kagan of Fox Rothschild writes:

A German Court has ordered pain and suffering damages as a result of a data breach, the first decision of its kind in Europe.
According to the judgment, Scalable Capital has to pay the plaintiff, represented by consumer organization EuGD Europäische Gesellschaft für Datenschutz mbH, € 2,500 in damages for non-material damage because he was affected by the Scalable data leak. The plaintiff from southern Germany is one of the 33,200 Scalable Capital customers whose e-mail addresses, copies of ID cards, photos and account numbers ended up on the Darknet between April and October 2020 as a result of a data leak.

Read more at Privacy Compliance & Data Security.



You are free to say anything we like.

https://economictimes.indiatimes.com/news/india/20-anti-india-youtube-channels-two-websites-banned-under-new-it-rules/articleshow/88401150.cms

20 'anti-India' YouTube channels, two websites banned under new IT rules

"The inquiry revealed that these websites were being run from Pakistan. The content run on these channels is blasphemous and hugely impinges on national security," said the official, who was part of the review. Among the YouTube channels banned by India, 15 are owned by Naya Pakistan group, while the others include 'The Naked Truth', '48 News' and 'Junaid Halim official'.



Would these match your top 10?

https://www.pogowasright.org/top-10-privacy-and-data-protection-cases-of-2021-a-selection/

Top 10 Privacy and Data Protection Cases of 2021: A selection

Over at Inforrm’s Blog, Suneet Sharma writes:

Inforrm covered a wide range of data protection and privacy cases in 2021. Following my posts in 2018, 2019 and 2020 here is my selection of most notable privacy and data protection cases across 2021:
  1. Lloyd v Google LLC [2021] UKSC 50
In the most significant privacy law judgment of the year the UK Supreme Court considered whether a class action for breach of s4(4) Data Protection Act 1998 (“DPA”) could be brought against Google of its obligations as a data controller for its application of the “Safari Workaround”. The claim for compensation was made under s.13 DPA 1998. The amount claimed per person advanced in the letter of claim was £750. Collectively, with the number of people impacted by the processing, the potential liability of Google was estimated to exceed £3bn.

Read more at Inforrm’s Blog.



Perspective. No need for security, it’s only a toy!

https://www.theregister.com/2021/12/23/fisher_prices_bluetooth_reboot_of/

Fisher Price's Bluetooth reboot of pre-school play phone has adult privacy flaw

Chatter’ can be bugged thanks to kindergarten-grade security