Tuesday, July 27, 2021

When ‘security companies’ fail to secure... Who can customers rely on?

https://www.pogowasright.org/vpn-servers-seized-by-ukrainian-authorities-werent-encrypted/

VPN servers seized by Ukrainian authorities weren’t encrypted

Dan Goodin reports:

Privacy-tools-seller Windscribe said it failed to encrypt company VPN servers that were recently confiscated by authorities in Ukraine, a lapse that made it possible for the authorities to impersonate Windscribe servers and capture and decrypt traffic passing through them.
The Ontario, Canada-based company said earlier this month that two servers hosted in Ukraine were seized as part of an investigation into activity that had occurred a year earlier.

Read more on Ars Technica.





Learn to face the music? That I know my password is a ‘foregone conclusion.’ Same goes for my face? Remember, I’ve only seen it in photos and mirrors.

https://www.pogowasright.org/court-orders-us-capitol-rioter-to-unlock-his-laptop-with-his-face/

Court orders US Capitol rioter to unlock his laptop ‘with his face’

Zack Whittaker reports:

A federal judge in Washington, D.C., has ordered a man accused of participating in the U.S. Capitol riot on January 6 to unlock his laptop “with his face” after prosecutors argued that the laptop likely contains video footage that would incriminate him in the attempted insurrection.
Guy Reffitt was arrested in late January, three weeks after he participated in the riot, and has been in jail since. He has pleaded not guilty to five federal charges, including bringing a firearm to the Capitol grounds and a charge of obstructing justice. His Windows laptop was one of several devices seized by the FBI, which investigators said was protected with a password but could be unlocked using Reffitt’s face.

Read more on TechCrunch.





Can anyone opt out?

https://www.bespacific.com/states-working-with-id-me/

States working with ID.me

CNN – “As of July 19, unemployment agencies in 25 states were using ID.me, which uses facial recognition technology to verify unemployment benefit applications…”





We could develop devices/records that can not be fiddled with. Why isn’t that a requirement?

https://www.vice.com/en/article/qj8xbq/police-are-telling-shotspotter-to-alter-evidence-from-gunshot-detecting-ai

Police Are Telling ShotSpotter to Alter Evidence From Gunshot-Detecting AI

Prosecutors in Chicago are being forced to withdraw evidence generated by the technology, which led to the police killing of 13-year-old Adam Toledo earlier this year.

How did they know that’s where the shooting happened? Police said ShotSpotter, a surveillance system that uses hidden microphone sensors to detect the sound and location of gunshots, generated an alert for that time and place.

Except that’s not entirely true, according to recent court filings.

That night, 19 ShotSpotter sensors detected a percussive sound at 11:46 p.m. and determined the location to be 5700 South Lake Shore Drive—a mile away from the site where prosecutors say Williams committed the murder, according to a motion filed by Williams’ public defender. The company’s algorithms initially classified the sound as a firework. That weekend had seen widespread protests in Chicago in response to George Floyd’s murder, and some of those protesting lit fireworks.

But after the 11:46 p.m. alert came in, a ShotSpotter analyst manually overrode the algorithms and “reclassified” the sound as a gunshot. Then, months later and after “post-processing,” another ShotSpotter analyst changed the alert’s coordinates to a location on South Stony Island Drive near where Williams’ car was seen on camera.



(Related) How to automatically raise the level of suspicion...

https://www.bespacific.com/what-cops-understand-about-copyright-filters-they-prevent-legal-speech/

What Cops Understand About Copyright Filters: They Prevent Legal Speech

EFF: ““You can record all you want. I just know it can’t be posted to YouTube,” said an Alameda County sheriff’s deputy to an activist. “I am playing my music so that you can’t post on YouTube.” The tactic didn’t work—the video of his statement can in fact, as of this writing, be viewed on YouTube. But it’s still a shocking attempt to thwart activists’ First Amendment right to record the police—and a practical demonstration that cops understand what too many policymakers do not: copyright can offer an easy way to shut down lawful expression. This isn’t the first time this year this has happened. It’s not even the first time in California this year. Filming police is an invaluable tool, for basically anyone interacting with them. It can provide accountability and evidence of what occurred outside of what an officer says occurred. Given this country’s longstanding tendency to believe police officers’ word over almost anyone else’s, video of an interaction can go a long way to getting to the true..”



(Related) I doubt this is a universal problem, but it is worth considering.

https://thenextweb.com/news/cops-are-running-amok-with-artificial-intelligence?utm_source=feedburner&utm_medium=feed&utm_campaign=Feed%3A+TheNextWeb+%28The+Next+Web+All+Stories%29

Lying, corrupt, anti-American cops are running amok with AI

A cop installs software from a company such as Clearview AI on their personal smartphone. This allows them to take a picture of anyone and surface their identity. The cop then runs the identity through an app from a company such as Palantir, which surfaces a cornucopia of information on the individual.

So, without a warrant, officer Friendly now has access to your phone carrier, ISP, and email records. They have access to your medical and mental health records, military service history, court records, legal records, travel history, and your property records. And it’s as easy to use as Netflix or Spotify.

Best of all, at least for the corrupt cops using these systems unethically, there’s absolutely no oversight whatsoever. Cops are often offered these systems directly from the vendors as “trials” so they can try them before they decide whether to ask their departments to adopt them at scale.





Future law. Maybe. Possibly.

https://www.insideprivacy.com/internet-of-things/u-s-ai-iot-cav-and-privacy-legislative-update-second-quarter-2021/

U.S. AI, IoT, CAV, and Privacy Legislative Update – Second Quarter 2021

In this update, we detail the key legislative developments in the second quarter of 2021 related to artificial intelligence (“AI”), the Internet of Things (“IoT”), connected and automated vehicles (“CAVs”), and federal privacy legislation. As we recently covered on May 12, President Biden signed an Executive Order to strengthen the federal government’s ability to respond to and prevent cybersecurity threats, including by removing obstacles to sharing threat information between private sector entities and federal agencies and modernizing federal systems. On the hill, lawmakers have introduced a number of proposals to regulate AI, IoT, CAVs, and privacy.





Will they figure it out in our lifetime?

https://www.bespacific.com/data-literacy-in-government-how-are-agencies-enhancing-data-skills/

Data Literacy in Government: How Are Agencies Enhancing Data Skills?

Fed Tech: “The federal government is vast, and the challenge of understanding its oceans of data grows daily. Rather than hiring thousands of new experts, agencies are moving to train existing employees on how to handle the new frontier. Data literacy is now a common buzzword, spurred by the publication of the Federal Data Strategy 2020 Action Plan last year and the growing empowerment of chief data officers in the government. The document outlines a multiyear, holistic approach to government information that includes building a culture that values data, encouraging strong management and protection and promoting its efficient and appropriate use.

While the Federal government leads globally in many instances in developing and providing data about the United States and the world, it lacks a robust, integrated approach to using data to deliver on mission, serve the public and steward resources,” the plan notes. A key pillar of the plan is to “identify opportunities to increase staff data skills,” and it directs all federal agencies to undertake a gap analysis of skills to see where the weaknesses and needs lie…”





Who’d a thunk it?

https://venturebeat.com/2021/07/20/employees-want-more-ai-to-boost-productivity-study-finds/

Employees want more AI to boost productivity, study finds

Eighty-one percent of employees believe AI improves their overall performance at work. As a result, more than two-thirds (68%) are calling on their employers to deploy more AI-based technologies to help them execute tasks. That’s the top-level finding from a study published today by 3GEM on behalf of SnapLogic, which surveyed 400 office workers across the U.S. and U.K. about their opinions on AI in the workplace.



(Related)

https://hbr.org/2021/07/everyone-in-your-organization-needs-to-understand-ai-ethics

Everyone in Your Organization Needs to Understand AI Ethics

When most organizations think about AI ethics, they often overlook some of the sources of greatest risk: procurement officers, senior leaders who lack the expertise to vet ethical risk in AI projects, and data scientists and engineers who don’t understand the ethical risks of AI. Fixing this requires both awareness and buy-in on your AI ethics program across the organization. To achieve this, consider these six strategies: 1) remove the fear of not getting it right away, 2) tailor your message to your audience, 3) tie your efforts to your company purpose, 4) define what ethics means in an operational way, 5) lean on trusted and influential individuals, and 6) never stop educating.



No comments: