Thursday, April 29, 2021

Useful starting points?

https://www.theregister.com/2021/04/29/ransomware_task_force_offers_48/

48 ways you can avoid file-scrambling, data-stealing miscreants – or so says the Ransomware Task Force

The Institute for Security and Technology's Ransomware Task Force (RTF) on Thursday published an 81-page report presenting policy makers with 48 recommendations to disrupt the ransomware business and mitigate the effect of such attacks.

The report, provided in advance of publication to The Register and due to appear here, attempts to provide guidance for dealing with the alarmingly popular scourge of ransomware, which generally involves miscreants who obtain access to poorly secured systems and steal or encrypt system data, thereafter offering to restore it or keep quiet about the whole thing in exchange for a substantial payment.





We were taught to look for changes in a pattern. For example, changes in cash flow might indicate the start or end of the fraud.

https://www.schneier.com/blog/archives/2021/04/identifying-people-through-lack-of-cell-phone-use.html

Identifying People Through Lack of Cell Phone Use

In this entertaining story of French serial criminal Rédoine Faïd and his jailbreaking ways, there’s this bit about cell phone surveillance:

After Faïd’s helicopter breakout, 3,000 police officers took part in the manhunt. According to the 2019 documentary La Traque de Rédoine Faïd, detective units scoured records of cell phones used during his escape, isolating a handful of numbers active at the time that went silent shortly thereafter.





Helped me understand a few things.

https://www.lawfareblog.com/machines-learn-brussels-writes-rules-eus-new-ai-regulation

Machines Learn That Brussels Writes the Rules: The EU’s New AI Regulation

The European Union’s proposed artificial intelligence (AI) regulation, released on April 21, is a direct challenge to Silicon Valley’s common view that law should leave emerging technology alone. The proposal sets out a nuanced regulatory structure that bans some uses of AI, heavily regulates high-risk uses and lightly regulates less risky AI systems.

The proposal would require providers and users of high-risk AI systems to comply with rules on data and data governance; documentation and record-keeping; transparency and provision of information to users; human oversight; and robustness, accuracy and security. Its major innovation, telegraphed in last year’s White Paper on Artificial Intelligence, is a requirement for ex-ante conformity assessments to establish that high-risk AI systems meet these requirements before they can be offered on the market or put into service. An additional important innovation is a mandate for a postmarket monitoring system to detect problems in use and to mitigate them.





No need to find these yourself, just jump when we point one out. (Who determines what is art or academic content?)

https://www.theverge.com/2021/4/29/22409306/eu-law-one-hour-terrorist-content-takedowns-passes-parliament?scrolla=5eb6d68b7fedc32c19ef33b4

EU adopts controversial law forcing one-hour takedowns of terrorist content

The European Parliament has formally adopted a law requiring internet companies to “remove or disable access to flagged terrorist content” within one hour after being notified by national authorities. Once issued, such takedown notices will apply across the EU, with countries able to levy financial penalties against firms that refuse to comply.

The legislation will come into force 12 months after it is published in the EU’s official journal, a standard step for all EU law. It will then have to be adopted by each member state.

Notably, the legislation now explicitly excludes takedowns targeting terrorist content that’s part of any educational, artistic, journalistic, or academic material. It also includes no obligation for internet companies to preemptively monitor or filter their content.





Perhaps governments are not that anxious to eliminate bias.

https://thenextweb.com/news/black-man-says-racially-biased-ai-system-rejected-his-passport-photo-facial-recognition-tiktok

Black man says racially-biased AI system rejected his passport photo

… Joris Lechêne, a model and racial justice activist, said in a TikTok video that his photo met every rule in the application guidelines:

But lo and behold, that photo was rejected because the artificial intelligence software wasn’t designed with people of my phenotype in mind.

… Despite knowing about these biases for years, the government is still using the same face analysis algorithm.

In March, the Passport Office told New Scientist that an update to the system had been available for more than a year, but still hadn’t been rolled out.





Interesting article.

https://www.lawfareblog.com/data-brokers-and-national-security

Data Brokers and National Security

In the worlds of data protection and privacy, too often there is a decoupling of national security issues and what might be termed non-national security issues despite the clear interplay between the two realms. Over the past decade, U.S. adversaries have vacuumed up the personal data of many Americans with one nation possibly being at the fore: the People’s Republic of China (PRC). The PRC was connected to the Office of Personnel Management and Equifax hacks, both of which provided massive troves of data the PRC has reportedly used to foil U.S. espionage and intelligence collection efforts abroad.

California and Vermont have enacted laws requiring the registration of data brokers operating in those states, and legislation has been proposed in Congress to do the same.

Earlier this month, Justin Sherman discussed definitional problems and gaps with the California and Vermont statutes on Lawfare, arguing that getting these matters right in federal legislation is critical.





Probably should have happened years ago. (Will virtual lawyers wear pants?)

https://www.bespacific.com/zoom-court-is-changing-how-justice-is-served/

Zoom Court Is Changing How Justice Is Served

The Atlantic – “Last spring, as COVID-19 infections surged for the first time, many American courts curtailed their operations. As case backlogs swelled, courts moved online, at a speed that has amazed—and sometimes alarmed—judges, prosecutors, and defense attorneys. In the past year, U.S. courts have conducted millions of hearings, depositions, arraignments, settlement conferences, and even trials—nearly entirely in civil cases or for minor criminal offenses—over Zoom and other meeting platforms. As of late February, Texas, the state that’s moved online most aggressively, had held 1.1 million remote proceedings. “Virtual justice” (the preferred, if unsettling, term) is an emergency response to a dire situation. But it is also a vision some judicial innovators had long tried to realize. One leading booster, Michigan Chief Justice Bridget Mary McCormack, told me that going online can make courts not only safer but “more transparent, more accessible, and more convenient.” Witnesses, jurors, and litigants no longer need to miss hours of work and fight traffic. Attorneys with cases in multiple courts can jump from one to another by swiping on their phones. In July the Conference of Chief Justices and the Conference of State Court Administrators jointly endorsed a set of “Guiding Principles for Post-pandemic Court Technology with a blunt message: The legal system should “move as many court processes as possible online,” and keep them there after the risk of infection passes. The pandemic, they wrote, “is not the disruption courts wanted, but it is the disruption that courts needed.”…





Perspective. This has never happened before, so it can’t happen now?

https://www.thedailybeast.com/artificial-intelligence-company-dataminr-warned-us-capitol-police-about-jan-6-riot

Even a Private AI Company Warned Capitol Police Ahead of Jan. 6 Riot

Capitol Police received warnings on Jan. 5 about social media posts discussing an attack on the U.S. Capitol, according to emails obtained by CNN. The warnings came from a rep for artificial intelligence company Dataminr, who said they had detected a number of troubling posts, including one on internet message board 8kun, which said “we will storm government buildings, kill cops, kill security guards, kill federal employees and agents.” Hours later, the same Dataminr rep got back in touch with Capitol Police to flag comments on Parler about storming the Capitol. However, internal communications indicate that Capitol Police didn’t consider the threats credible. According to one Senate source, after months of investigation, they are “stunned” at the way that Capitol Police ignored warning signs about the Jan. 6 insurrection. The heads of other law enforcement agencies have all blamed each other for dropping the ball.





It has always been possible to make guns in your home workshop. Expensive and time consuming, yes. But possible. 3D printing is faster and cheaper.

https://apnews.com/article/courts-gun-politics-b94001d41109ac47dda41ac6f3583340

U.S. court says ‘ghost gun’ plans can be posted online

Plans for 3D-printed, self-assembled “ghost guns” can be posted online without U.S. State Department approval, a federal appeals court ruled Tuesday.

A divided panel of the 9th U.S. Circuit Court of Appeals in San Francisco reinstated a Trump administration order that permitted removal of the guns from the State Department’s Munitions List.

Listed weapons need State Department approval for export.

In 2015, federal courts applied the requirement to weapons posted online and intended for production on 3D printers, the San Francisco Chronicle reported.



No comments: