Tuesday, February 23, 2021

Defining a good hacker: Stealing from the best the government has without being noticed. Of course this could just be normal everyday espionage.

https://www.wired.com/story/china-nsa-hacking-tool-epme-hijack/

China Hijacked an NSA Hacking Tool in 2014—and Used It for Years

The hackers used the agency’s EpMe exploit to attack Windows devices years before the Shadow Brokers leaked the agency’s zero-day arsenal online.

MORE THAN FOUR years after a mysterious group of hackers known as the Shadow Brokers began wantonly leaking secret NSA hacking tools onto the internet, the question that debacle raised—whether any intelligence agency can prevent its "zero-day" stockpile from falling into the wrong hands —still haunts the security community. That wound has now been reopened, with evidence that Chinese hackers obtained and reused another NSA hacking tool years before the Shadow Brokers brought it to light.





Something for my Ethical Hackers?

https://venturebeat.com/2021/02/22/eu-report-warns-that-ai-makes-autonomous-vehicles-highly-vulnerable-to-attack/

EU report warns that AI makes autonomous vehicles ‘highly vulnerable’ to attack

The dream of autonomous vehicles is that they can avoid human error and save lives, but a new European Union Agency for Cybersecurity (ENISA) report has found that autonomous vehicles are “highly vulnerable to a wide range of attacks” that could be dangerous for passengers, pedestrians, and people in other vehicles. Attacks considered in the report include sensor attacks with beams of light, overwhelming object detection systems, back-end malicious activity, and adversarial machine learning attacks presented in training data or the physical world.





I suspect China has quite a different perspective on privacy.

https://www.huntonprivacyblog.com/2021/02/23/hunton-partner-dora-luo-publishes-china-the-draft-pipl-and-the-gdpr-a-comparative-perspective/

Hunton Partner Dora Luo Publishes “China: The Draft PIPL and the GDPR – A Comparative Perspective”

In the February 2021 issue of the Data Protection Leader, Hunton partner Dora Luo discusses China’s draft Personal Information Protection Law (“Draft PIPL”) (in Chinese ) in the context of other comprehensive data protection frameworks, such as the EU General Data Protection Regulation (“GDPR”).

The article examines the Draft PIPL in the context of advanced technologies that have accelerated the collection of personal information more frequently than before. The Draft PIPL marks the introduction of a comprehensive system for the protection of personal information in China, which does not merely incorporate or replace rules that are already enshrined in other Chinese laws, but also draws inspiration from the GDPR.





Raises some interesting questions indeed.

https://www.pogowasright.org/fbi-seized-congressional-cellphone-records-related-to-capitol-attack/

FBI Seized Congressional Cellphone Records Related to Capitol Attack

Ken Klippenstein and Eric Lichtblau report:

Within hours of the storming of the Capitol on January 6, the FBI began securing thousands of phone and electronic records connected to people at the scene of the rioting — including some related to members of Congress, raising potentially thorny legal questions.
Using special emergency powers and other measures, the FBI has collected reams of private cellphone data and communications that go beyond the videos that rioters shared widely on social media, according to two sources with knowledge of the collection effort.
In the hours and days after the Capitol riot, the FBI relied in some cases on emergency orders that do not require court authorization in order to quickly secure actual communications from people who were identified at the crime scene. Investigators have also relied on data “dumps” from cellphone towers in the area to provide a map of who was there, allowing them to trace call records — but not content — from the phones.

Read more on The Intercept.





Lots to read.

https://fpf.org/blog/acting-ftc-chairwoman-slaughter-highlights-priorities-in-privacy-papers-for-policymakers-event-keynote/

ACTING FTC CHAIRWOMAN SLAUGHTER HIGHLIGHTS PRIORITIES IN PRIVACY PAPERS FOR POLICYMAKERS EVENT KEYNOTE

The Future of Privacy Forum’s 11th-annual Privacy Papers for Policymakers event – the first event in the series to take place virtually – was a success!

In her keynote address, which was also her first major speech as acting chair of the Federal Trade Commission, Acting FTC Chairwoman Slaughter outlined three of her major privacy-related priorities for the Commission:

1. Making enforcement more efficient and effective. 

2. Protecting privacy during the pandemic.

3. Racial equity concerns in data use and abuse. 

You can read Acting FTC Chairwoman Slaughter’s full remarks at PPPM 2021 on the FTC website.

Click the links below to read each of the winning papers, or read the 2021 PPPM Digest to read summaries of the papers and learn more about the authors and judges.





This came quicker than I had thought possible. Still much work to be done.

https://www.nbcnews.com/tech/social-media/facebook-users-australia-can-again-share-news-links-n1258589

Facebook users in Australia can again share news links

Facebook said late Monday it will restore the ability of Australian users to share links to news articles following a new deal with the local government.

The agreement, which gives Facebook and the Australian government two more months to negotiate a long-term agreement, ends a nearly weeklong period during which Facebook users in Australia could not access or share news stories on the platform.

Facebook had restricted news-sharing in response to impending legislation that would have required it to let an independent arbiter determine how much compensation it had to give to publishers for linking to their stories. Users could not share links or access news stories from Australian or global outlets.

The new deal includes amendments that give Facebook greater control over how it compensates publishers.



(Related) Does this mean war?

https://www.makeuseof.com/microsoft-google-facebook-eu/

Microsoft Plans to Take Down Google and Facebook in the EU

A proposed Australian law caused Google and Facebook to flee the country, and Microsoft wants it to happen in Europe too.

As such, the government put forward a new law that would mean Google and Facebook would have to pay the source website for every time they displayed a news snippet. Facebook responded by removing its Australian news coverage in light of the law.

Google, however, put up a fight. It argued that its snippets encouraged people to click on it to read more, thus driving more traffic to the news website. It also said that such a law would be too expensive to maintain in the long run.

When Microsoft caught wind of this news, it flew in to save Australia from Google. Not only did it declare that its own search engine, Bing, was ready to fill the void that Google would leave, but it also fully supported Australia's news laws. Granted, the news law wasn't aimed at Microsoft at all; but if it were, the company stated it'd abide by them.

However, Microsoft isn't stopping there. The company has likely realized that, wherever this law goes, it would bring with it the pressure on Google to scale down or leave. That's good news for Bing, who struggles to keep up with the search engine giant's popularity.

As such, US News reported on how Microsoft plans to encourage EU countries to adopt this new law too.





Perhaps compliance isn’t as well defined as we thought? More likely, it’s a case of asking forgiveness rather than asking permission?

https://digiday.com/media/new-york-times-cafemedia-california-privacy-law/

How The New York Times and CafeMedia have taken divergent approaches to complying with California’s privacy law

More than a year after the California Consumer Privacy Act took effect, publishers and programmatic ad sellers are still split on how they are required to comply with California’s privacy law.

Some like The New York Times have taken a strict interpretation, adopting a conservative approach in complying with the law. Others like ad management firm CafeMedia have taken a looser interpretation of the CCPA’s notoriously ambiguous definition of sale and may eventually find themselves running afoul of regulators.





A clear statement of the issue. If as Arthur C. Clarke said, “Any sufficiently advanced technology is indistinguishable from magic,” then it should be no surprise that politicians (Okay, all non-techies) are mystified.

https://www.weforum.org/agenda/2021/02/we-need-to-talk-about-artificial-intelligence/

We need to talk about Artificial Intelligence

While consensus starts to form around the impact that AI will have on humankind, civil society, the public and the private sector alike are increasing their requests for accountability and trust-building. Ethical considerations such as AI bias (by race, gender, or other criteria), and algorithmic transparency (clarity on the rules and methods by which machines make decisions) have already negatively impacted society through the technologies we use daily.

The AI integration within industry and society and its impact on human lives, calls for ethical and legal frameworks that will ensure its effective governance, progressing AI social opportunities and mitigating its risks. There is a need for sound mechanisms that will generate a comprehensive and collectively shared understanding of AI’s development and deployment cycle. Thus, at its core, this governance needs to be designed under continuous dialogue utilizing multi-stakeholder and interdisciplinary methodologies and skills.

Yet, this dialogue is hampered by the fact that creators of AI technology have all the information and understanding of the subject, while policymakers trying to regulate it often have very little. On the one hand, there is a limited number of policy experts who truly understand the full cycle of AI technology. On the other hand, the technology providers lack clarity, and at times interest, in shaping AI policy with integrity by implementing ethics in their technological designs (with, for example, ethically aligned design ).





Nobody cared.

https://kjzz.org/content/1660988/whistleblowers-software-bug-keeping-hundreds-inmates-arizona-prisons-beyond-release

Whistleblowers: Software Bug Keeping Hundreds Of Inmates In Arizona Prisons Beyond Release Dates

According to Arizona Department of Corrections whistleblowers, hundreds of incarcerated people who should be eligible for release are being held in prison because the inmate management software cannot interpret current sentencing laws.

KJZZ is not naming the whistleblowers because they fear retaliation. The employees said they have been raising the issue internally for more than a year, but prison administrators have not acted to fix the software bug. The sources said Chief Information Officer Holly Greene and Deputy Director Joe Profiri have been aware of the problem since 2019.

The Arizona Department of Corrections confirmed there is a problem with the software.





Sarcastic or not, an interesting article.

https://www.theatlantic.com/ideas/archive/2021/02/five-trump-amendments-constitution/618097/

The 5 Trump Amendments to the Constitution

When I step back to look at the legacy of President Donald Trump, a surprising conclusion emerges: He has substantially altered the Constitution. His changes aren’t formal, of course. But his informal amendments are important. If left to stand, they threaten to make Congress an advisory body and give carte blanche to rogue presidents.





What do you bet they’ve been doing it all wrong?

https://www.bespacific.com/a-complete-guide-for-lawyers-texting-clients/

A Complete Guide for Lawyers Texting Clients

Sharon Miki – “Undoubtedly, communicating via text is part of daily life. So if you’re a lawyer who isn’t texting your clients yet, you could be missing out on a powerful way to reach clients and streamline your client communication process. Lawyer texting could make all the difference in a client-lawyer relationship, as it helps you communicate quickly, clearly, and often. When used correctly and under the right circumstances, business texting for lawyers means faster, more effective communication—while also giving clients a better client-centered experience. In the following guide, we’ll cover the pros and cons of lawyer texting. We’ll also outline important ethical, security, and compliance best practices for attorneys to consider before you start texting with clients. Finally, we’ll highlight some of the top tools that can simplify and enhance security for lawyers texting clients…”



No comments: