How do you break the chain of interdependency that was so useful until the breach?
A multi-party data breach creates 26x the financial damage of single-party breach
HelpNet Security reports:
Cyentia Institute and RiskRecon released a research that quantifies how a multi-party data breach impacts many organizations in today’s interconnected digital world. The study is based on an analysis of 897 multi-party breaches involving three or more interrelated companies.
Here are just two of the findings that HelpNet highlights:
A median ripple breach event causes 10x the financial damage of a traditional single-party breach.
The worst of the multi-party data breach events causes 26x the financial damage of the worst single-party breach.
Read more on HelpNet Security.
You can request the full research report on Cyentia’s site.
[The finding that caught my eye:
It takes 379 days for a typical ripple event to impact 75% of its downstream victims.
Another privacy perspective.
https://www.pogowasright.org/saudi-arabia-issues-personal-data-protection-law/
Saudi Arabia issues Personal Data Protection Law
Abdulaziz Al-Bosaily, Masha Ooijevaar, and Dino Wilkinson of Clyde & Co write:
Saudi Arabia has issued its first comprehensive national data protection law to regulate the collection and processing of personal information. In this article we consider the implications of this important development for organisations operating in the Kingdom.
What is the new law?
The Personal Data Protection Law (PDPL) was implemented by Royal Decree M/19 of 9/2/1443H (16 September 2021) approving Resolution No. 98 dated 7/2/1443H (14 September 2021). It was published in the Official Gazette on 24 September 2021.
The Saudi Data & Artificial Intelligence Authority (SDAIA) will supervise the implementation of the new legislation for the first two years, following which a transfer of supervision to the National Data Management Office (NDMO) will be considered.
Read more on Clyde & Co.. Of note, their breach notification provision requires people be notified “immediately.” And the disclosure or publication of sensitive data contrary to the PDPL may result in penalties of imprisonment for up to two years or a fine of up to SAR 3,000,000 (US$ 800,000). Let’s see if they really enforce that.
Lots of ethical questions, few papers offering answers. London is heavily surveilled (millions of cameras) can this technology find you on any or all of them?
https://www.wired.co.uk/article/met-police-facial-recognition-new
London is buying heaps of facial recognition tech
The UK’s biggest police force is set to significantly expand its facial recognition capabilities before the end of this year. New technology will enable London’s Metropolitan Police to process historic images from CCTV feeds, social media and other sources in a bid to track down suspects. But critics warn the technology has “eye-watering possibilities for abuse” and may entrench discriminatory policing.
In a little-publicised decision made at the end of August, the Mayor of London’s office approved a proposal allowing the Met to boost its surveillance technology. The proposal says that in the coming months the Met will start using Retrospective Facial Recognition (RFR), as part of a £3 million, four-year deal with Japanese tech firm NEC Corporation. The system examines images of people obtained by the police before comparing them against the force’s internal image database to try and find a match.
“Those deploying it can in effect turn back the clock to see who you are, where you've been, what you have done and with whom, over many months or even years,” says Ella Jakubowska, policy advisor at European Digital Rights, an advocacy group. Jakubowska says the technology can “suppress people's free expression, assembly and ability to live without fear”.
A Cory Doctorow thought piece.
https://cacm.acm.org/magazines/2021/10/255710-competitive-compatibility/fulltext
Competitive Compatibility: Let's Fix the Internet, Not the Tech Giants
Tech's market concentration—summed up brilliantly by Tom Eastman, a New Zealand software developer, as the transformation of the Internet into "a group of five websites, each consisting of screenshots of text from the other four"—has aroused concern from regulators around the world.
In China tech giants have been explicitly co-opted an arm of the state. In Europe regulators hope to discipline the conduct of U.S.-based "Big Tech" firms by passing strict rules about privacy, copyright, and terrorist content and then slapping the companies with titanic fines when they fail to abide by them. At the same time, European leaders talk about cultivating "national champions"—monopolistically dominant firms with firm national allegiance to their local governments.
U.S. lawmakers are no more coherent: on the one hand, Congress recently held the most aggressive antitrust hearings since the era of Ronald Reagan, threatening to weaken the power of the giants by any means necessary. On the other hand, lawmakers on both sides of the aisle want to deputize Big Tech as part of law enforcement, charged with duties as varied as preventing human trafficking, policing copyright infringement, imposing neutrality on public discourse, blocking disinformation, and ending harassment and hate speech. If any of these duties can be performed (and some of them are sheer wishful thinking), they can only be performed by the very largest of companies, monopolists who extract monopoly rents and use them to fund these auxiliary duties.
Tech has experienced waves of concentration before and resolved them with minimal state action. Instead, tech's giants were often felled by interoperability, which allows new market entrants to seize the "network effect" advantages of incumbents to turn them to their own use. Without interoperability, AT&T ruled the nation. With interoperability, the ubiquity of the Bell System merely meant that anyone who could make an answering machine, radio bridge, or modem that could plug into an RJ-11 jack could sell into every house and business in America.
Everyone in the tech world claims to love interoperability—the technical ability to plug one product or service into another product or service—but interoperability covers a lot of territory, and depending on what's meant by interoperability, it can do a lot, a little, or nothing at all to protect users, innovation and fairness.
Let's start with a taxonomy of interoperability.
No comments:
Post a Comment