Monday, October 04, 2021

Security considerations.

https://www.csoonline.com/article/3634776/4-steps-to-protect-the-c-suite-from-business-email-compromise-attacks.html#tk.rss_all

4 steps to protect the C-suite from business email compromise attacks

CISOs responsible for securing sensitive C-suite email accounts face the dual challenge of securing accounts with wide-ranging permissions coupled with a significant educational role with the largely non-technical executive. But with brute-force attacks on the rise and account takeover attempts for C-suite mailboxes escalating by a staggering 671%, according to the latest report from Abnormal Security, now is the time to review executive account protections and security procedures.



For your amusement?

https://www.pogowasright.org/modern-day-general-warrants-and-the-challenge-of-protecting-third-party-privacy-rights-in-mass-suspicionless-searches-of-consumer-databases/

Modern-Day General Warrants and the Challenge of Protecting Third-Party Privacy Rights in Mass, Suspicionless Searches of Consumer Databases

A Hoover Institution Essay by Jennifer Lynch Aegis Series Paper No. 2104

From the introduction:

Today, more than ever, law enforcement has access to massive amounts of consumer data that allow police to essentially pluck a suspect out of thin air. Internet service providers and third parties collect and aggregate precise location data generated by our devices and their apps, making it possible for law enforcement to easily determine everyone who was in a given area during a given time period. Similarly, search engines compile and store our internet searches in a way that allows law enforcement to learn everyone who searched for specific keywords like an address or the word “bomb.” In addition, DNA is now amassed in consumer genetic genealogy databases that make it possible for law enforcement to identify almost any unknown person from their DNA, even if the unknown person never chose to add their own DNA to the database.
Modern law enforcement officials very frequently conduct “suspicionless searches”—searches that are not based on individualized suspicion—on these computer databases. These searches can include the private information of millions of people unconnected to a crime on the mere possibility the police will find one person who is. Law enforcement justifies these searches by arguing that people voluntarily provide their information to third parties and agree to contracts that allow those third parties to share consumers’ data with others. They also argue that the individual data points exposed through these searches are, standing alone, not all that revealing or are de-identified. Therefore, they argue, the Fourth Amendment should not restrict access to the data.
For the most part, courts are only addressing the privacy and civil liberties issues posed by these searches piecemeal through the criminal justice system. But by looking only at the data used to identify an individual defendant, society as a whole is missing a much larger looming problem: as we and our devices generate more and more data that is shared with third parties, law enforcement now has relatively easy and inexpensive access to data that can identify and track all of us. Consumers would be surprised to know that their data is so readily accessible to law enforcement. However, as discussed below, it is almost impossible to opt out.
There are currently few explicit legislative or judicial checks on these kinds of searches. That has left it up to third-party data collectors to push back. In some cases, this happens, to a certain extent. For example, in response to warrants for mass location data, it appears Google has shaped search protocols to try to protect accounts.1 However, in other cases, disclosure may be subject to the whims of the data collector. Genetic genealogy company GEDmatch allowed law enforcement access to its clients’ DNA data for investigations that its founder personally felt were worthy,2 while a similar company, FamilyTreeDNA, has welcomed law enforcement with open arms.3 And location data brokers appear ready and willing to sell aggregated data to anyone able to buy it on the open market, including the government.
This article describes the problem of suspicionless searches of consumer databases, explains the threat that these searches pose to privacy interests, argues that the legal arguments put forth by law enforcement in defense of these practices are flawed, and suggests what should be done about the problem both in courts and in the legislature.

Read the essay on Hoover.org.



I want to read all the reports.

https://www.infoworld.com/article/3635489/the-way-we-ai-now.html

The way we AI now

We’ve been overselling current capabilities of AI for years, but that doesn’t mean it doesn’t have a bright future. That’s perhaps why Stanford University researchers conceived of a “One Hundred Year Study on Artificial Intelligence (100 years!) back in 2016, with plans to update the report every five years through 2116, charting the progress of AI along the way. Five years after the inaugural report, the study authors recently released the second report.

The TL;DR? We’ve made “remarkable progress” in just five years, on the back of ever-improving data infrastructure, yet we still fall "far short of the field’s founding aspiration of recreating full human-like intelligence in machines.” What we are discovering, however, is the importance of meshing human and machine to achieve better outcomes. Is it “true” AI? Not as originally envisioned. But arguably it’s better.

One of the primary inhibitors to data science (and resultant AI) becoming real has little to do with science and everything to do with data. As FirstMark investor Matt Turck recently called out in “The 2021 Machine Learning, AI, and Data (MAD) Landscape,” only recently have data warehouses evolved “to store massive amounts of data in a way that’s useful, not completely cost-prohibitive, and doesn’t require an army of very technical people to maintain.” Yes, we’ve had data warehouses for decades, but they’ve been complicated and costly.


No comments: