Saturday, November 20, 2021

Will this eventually become a standard for all organizations?

https://www.databreaches.net/us-regulators-order-banks-to-report-cyberattacks-within-36-hours/

US regulators order banks to report cyberattacks within 36 hours

Sergiu Gatlan reports:

US federal bank regulatory agencies have approved a new rule ordering banks to notify their primary federal regulators of significant computer-security incidents within 36 hours.
Banks are only required to report major cyberattacks if they have or will likely impact their operations, the ability to deliver banking products and services, or the US financial sector’s stability.
Bank service providers will also have to notify customers “as soon as possible” if a cyberattack has materially affected or will likely affect the customers for four or more hours.

Read more on BleepingComputer.

The government notice:

Federal bank regulatory agencies today announced the approval of a final rule to improve the sharing of information about cyber incidents that may affect the U.S. banking system. The final rule requires a banking organization to notify its primary federal regulator of any significant computer-security incident as soon as possible and no later than 36 hours after the banking organization determines that a cyber incident has occurred. Notification is required for incidents that have materially affected—or are reasonably likely to materially affect—the viability of a banking organization’s operations, its ability to deliver banking products and services, or the stability of the financial sector.
In addition, the final rule requires a bank service provider to notify affected banking organization customers as soon as possible when the provider determines that it has experienced a computer-security incident that has materially affected or is reasonably likely to materially affect banking organization customers for four or more hours.
Compliance with the final rule is required by May 1, 2022.
Final Rule on Computer-Security Incident Notification Requirements for Banking Organizations and Their Bank Service Providers



Interesting, but it sounds like we are still playing catch-up. Or perhaps this is just a ‘feel good’ interview.

https://abcnews.go.com/Politics/whats-stake-security-nation-nsa-chief-defending-us/story?id=81258606

'What's at stake is obviously the security of our nation,' NSA chief says of defending US from cyberattacks

The surge of ransomware is a national security issue, Nakasone said, adding that if you asked him a year ago what he thought about the response, he'd say it was a criminal matter.


(Related)

https://www.cpomagazine.com/cyber-security/suspected-chinese-cyber-espionage-campaign-breached-nine-and-targeted-370-critical-organizations/

Suspected Chinese Cyber Espionage Campaign Breached Nine and Targeted 370 Critical Organizations

Palo Alto Networks Unit 42 researchers discovered that a hacking group with ties to China breached at least nine organizations in a global cyber espionage campaign.

The report indicated that attackers indiscriminately targeted about 370 organizations in the defense, healthcare, education, technology, and energy sectors.



A corollary to “we can, therefore we must!” If we are not sure what we should do, we should do everything we can and sort out the legal stuff later.

https://www.pogowasright.org/warrant-not-needed-for-moravian-college-students-school-wifi-records-in-robbery-case-court-rules/

Warrant not needed for Moravian College student’s school WiFi records in robbery case, court rules

Sarah Cassi reports:

A Moravian College student convicted of an armed robbery on campus did not have his constitutional rights violated when police collected his on-campus WiFi connection records without a warrant, the Pennsylvania Supreme Court ruled on Wednesday.
In a 5-2 decision, the Pennsylvania Supreme Court panel said Alkiohn Dunkins relinquished any purported expectation of privacy for his WiFi connection records and did so voluntarily when he agreed to the school’s WiFi usage terms and signed a school computing resources policy.

Read more on Lehigh Valley Live.

I am still working my way through the opinion and concurring and dissenting opinions, but the issues raised in this case are of nationwide concern and deserve serious consideration by the U.S. Department of Education and Congress to redefine or clarify exactly what is an “education record” under FERPA and whether students can be required to waive any rights in order to avail themselves of campus wide internet or other services. It also has significant implications for constitutional protections that would apply to criminal investigations and prosecutions.

There really is a lot here and side-stepping issues by basically saying, “Look, the students were told to read the handbook, the handbook told them that if they opted to automatically connect to campus wifi, they have no expectation of privacy, and the students signed waivers and statements that they understood this” puts a burden on college students that even older adults would have problems with — wading through TOS and really providing free and informed consent.

Related: Opinion
Related: Concurring and Dissenting Opinions



Start small, grow to Panamax and beyond?

https://techxplore.com/news/2021-11-electric-autonomous-cargo-ship-norway.html

First electric autonomous cargo ship launched in Norway

By shipping up to 120 containers of fertilizer from a plant in the southeastern town of Porsgrunn to the Brevik port a dozen kilometres (about eight miles) away, the much-delayed Yara Birkeland, shown off to the media on Friday, will eliminate the need for around 40,000 truck journeys a year that are now fuelled by polluting diesel.

The 80-metre, 3,200-deadweight tonne ship will soon begin two years of working trials during which it will be fine-tuned to learn to manoeuvre on its own.

The wheelhouse could disappear altogether in "three, four or five years", said Holsether, once the vessel makes its 7.5-nautical-mile trips on its own with the aid of sensors.



When farmers left for the city at the start of the industrial revolution, what jobs did they take?

https://allwork.space/2021/11/ai-will-create-97-million-jobs-but-workers-dont-have-the-skills-required-yet/

AI Will Create 97 Million Jobs, But Workers Don’t Have the Skills Required (Yet)

Despite the misconception that automation and AI decreases job opportunities, it may actually prompt a huge spike in new positions. According to the World Economic Forum Future of Jobs Report, 85 million jobs will be replaced by machines with AI by the year 2025.

While that statistic might make you uneasy, the same report states that 97 million new jobs will be created by 2025 due to AI.



Can politicians agree on anything until they know what the voters want?

https://www.techrepublic.com/article/policymakers-want-to-regulate-ai-but-lack-consensus-on-how/

Policymakers want to regulate AI but lack consensus on how

… When YouGov polled tech policy experts on behalf of Clifford Chance and asked priority areas for regulation ("To what extent do you think the following issues should be priorities for new legislation or regulation?"), ethical use of AI and algorithmic bias ranked well down the pecking order from other issues:

Just 23% rate algorithmic bias, and 33% rate the ethical use of AI, as a top priority for regulation.


(Related)

https://www.pogowasright.org/new-data-indicates-americans-support-for-federal-privacy-legislation/

New data indicates Americans’ support for federal privacy legislation

Colette Doyle reports:

Nearly all the voters surveyed ( 92%) in a recent study from Privacy for America believe it is important for congress to pass new legislation to protect consumers’ personal data.
A majority ( 62%) favour federal regulation over individual state regulations. As the Covid-19-induced digital transformation of American life continues, four out of five voters ( 81%) support a national standard that prohibits harmful ways of collecting, using and sharing personal data.
The study was conducted among 1,524 Americans across a demographically representative cross section of US registered voters to better understand the impact and concerns regarding the current state of privacy in the country.

Read more on ResearchLive.

So…. never having heard of Privacy for America, I took a look at their website to find out who they are. Oh look:

Mission

Privacy for America will work with Congress to support enactment of comprehensive federal consumer data privacy and security legislation. We have outlined a bold new paradigm for a national law that would make personal data less vulnerable to breach or misuse and set forth clear, enforceable and nationwide consumer privacy protections for the first time.

Steering Committee Members

      • American Association of Advertising Agencies (4A’s)

      • Association of National Advertisers (ANA)

      • Digital Advertising Alliance

      • Interactive Advertising Bureau (IAB)

      • Network Advertising Initiative (NAI)

Members

      • American Advertising Federation

      • Insights Association

      • National Business Coalition on E-Commerce and Privacy

So wanting a federal privacy law is okay… businesses should not have to deal with a patchwork of laws. BUT: passing a federal law that is weaker than the strongest state law is NOT okay with PogoWasRight.org. Whatever Congress does should not weaken any consumer’s rights. Somehow I don’t think Privacy for America will be advocating for the kind of strong privacy protections most privacy advocates fight for.


(Related)

https://www.pogowasright.org/new-state-privacy-laws-impose-higher-restrictions-on-processing-sensitive-personal-data/

New State Privacy Laws Impose Higher Restrictions on Processing Sensitive Personal Data

Robinson + Cole LLP write:

With the passage of the Colorado Privacy Act, Colorado joins Virginia and California as early adopters of state-level privacy legislation. These laws impose higher restrictions on companies processing specific sensitive categories of data that reveal information such as sexual orientation and ethnic origin. However, the law remains unclear on what constitutes “revealing” information. For example, do the data need to be explicit or is implicit information protected as well?

Read more on National Law Review.


(Related) (Potential seminar speaker?)

https://www.reuters.com/investigates/special-report/amazon-privacy-lobbying/

Amazon wages secret war on Americans' privacy, documents show

In recent years, Amazon.com Inc has killed or undermined privacy protections in more than three dozen bills across 25 states, as the e-commerce giant amassed a lucrative trove of personal data on millions of American consumers.

Amazon executives and staffers detail these lobbying victories in confidential documents reviewed by Reuters.

The architect of this under-the-radar campaign to smother privacy protections has been Jay Carney, who previously served as communications director for Joe Biden, when Biden was vice president, and as press secretary for President Barack Obama. Hired by Amazon in 2015, Carney reported to founder Jeff Bezos and built a lobbying and public-policy juggernaut that has grown from two dozen employees to about 250, according to Amazon documents and two former employees with knowledge of recent staffing.



Sounds like a good topic for a law school paper…

https://www.makeuseof.com/what-does-right-click-heist-mean-nfts/

You Wouldn't Steal a JPEG: What Does the Massive Right-Click Heist Mean for NFTs?

When you buy an NFT, what do you own? The image? The commercial rights? Or is it really just a bit of HTML pointing to a JSON file on a blockchain?

Or, as the joke goes, you can own any NFT you want by simply right-clicking and hitting Save As, taking ownership of any bit of digital art you want.

But surely saving an NFT to your hard drive doesn't convey ownership, right? The answer depends on who you ask.

So when one man decided to download every NFT on the Ethereum and Solana blockchains, the conversation surrounding NFTs and digital image ownership took another interesting turn.



Tools & Techniques.

https://www.makeuseof.com/best-data-visualization-methods-adds-value-to-reports/

The 9 Best Data Visualization Methods That Adds Value to Any Reports

Professional data analysts use data visualization techniques like graphs, charts, and maps to create reports from numerical data. These visual elements help others understand the patterns, trends, and outliers in any data set.



Kids today…

https://dilbert.com/strip/2021-11-20


No comments: