Saturday, March 27, 2021

Probably not too unusual. What might the implications be?

https://www.itnews.com.au/news/service-nsw-unable-to-notify-54000-customers-impacted-by-cyber-attack-562675

Service NSW unable to notify 54,000 customers impacted by cyber attack

Service NSW has been unable to reach more than half the 104,000 customers who had their personal information stolen in an email compromise attack against 47 staff members last year.

The data breach, which exposed 736GB of data between March and early April 2020, is also now likely to cost up to $35 million to remediate, more than five times as much as first estimated.

In an update on Friday, the one-stop shop for NSW government services said it had been unable to reach approximately 18,500 customers for whom it had sent a notification via registered mail, but that had not signed for it.

The agency has only used registered mail to notify customers to date in a bid to reduce the prospect of scammers impersonating the agency.

But the agency has also revealed that a further 36,000 people were never contacted because it was unable to source a current residential mailing address, even after working with Transport for NSW.





Is there such a thing as a “surveillance free zone?” Is it too late to create one? Could we at least require notification/subpoena to use the data for anything other than its original purpose?

https://www.smartcitiesworld.net/news/news/partnership-created-to-expand-use-of-ai-video-analytics-across-the-us-6241

Partnership created to expand use of AI video analytics across the US

MIT-spin-off Derq has teamed with US distributor of traffic signal control and intelligent transportation systems (ITS) equipment, Control Technologies Group (CT Group), for a multi-year distribution agreement in a move to help accelerate road safety and smart infrastructure.

CT Group will be distributing Derq’s artificial intelligence (AI) video analytics solutions for connected roads and vehicles as well as traffic and safety insights across its network in the US.



(Related)

https://www.theguardian.com/business/2021/mar/26/missing-from-desk-ai-webcam-raises-remote-surveillance-concerns

'Missing from desk': AI webcam raises remote surveillance concerns

For anyone concerned that an era of home working could also become one of remote surveillance, the training video for Teleperformance’s in-house webcam security system, called TP Observer, is the stuff of bad dreams.

Explained by “Anna”, a desk-sitting avatar complete with an artificial voice, the video introduces TP Observer as “a risk-mitigation tool that monitors and tracks real time employee behaviour, and detects any violations to pre-set business rules”.

Anna explains that this means home workers will have an AI-enabled webcam added to their computers that recognises their face, tags their location and scans for “breaches” of rules at random points during a shift.

These include an “unknown person” detected at the desk via the facial recognition software, “missing from desk”, “detecting an idle user” and “unauthorised mobile phone usage”.



(Related)

https://www.makeuseof.com/governments-requested-record-data/

Governments Requested Record Amounts of Data in 2020. Should You Be Worried?

In the six-month period between July 1 and December 31 2020, Amazon received an 800 percent increase in user data requests. The e-commerce giant was contacted by organizations both in the US and abroad.

Overall, 27,664 cases of requested data sharing were processed by the company.

Amazon said in its report that queries related to using data related to shopping searches. They were also associated with the company's Echo, Ring, and Fire services.

In a separate part of the report, the company revealed that 523 data requests had been made in relation to Amazon Web Services, which offers various cloud-based products.





Every ‘feature’ is a potential ‘flaw.’

https://portswigger.net/daily-swig/isnt-it-ironic-exploiting-gdpr-laws-to-gain-access-to-personal-data

Isn’t it ironic: Exploiting GDPR laws to gain access to personal data

Under the sweeping legislation, individuals can use a Data Subject Access Request (DSAR) to access information that an organization is processing about them.

However, as Hx01 found, many of these organizations are exposed to DSAR vulnerabilities and exploits “ranging from lack of email confirmations to an SSTI affecting multiple organizations”, meaning that an unauthorized attacker could gain access to private data.

Added to this, companies accepting DSAR requests through email channels would often process the request without vetting it, allowing an attacker to spoof emails on behalf of the victim and send a DSAR request due to a lack of email authentication.





Here we go again.

https://www.law.com/therecorder/2021/03/26/the-case-for-ai-as-named-inventors/

The Case for AI as Named Inventors

On April 6, Ryan Abbott of the University of Surrey School of Law will be arguing an appeal of the USPTO's rejection of a patent application that named only a machine as the inventor. Abbott says if the legal system doesn't allow AI-generated output to be protected, people will not be encouraged to develop innovation using artificial intelligence.

We’ve heard some arguments against the idea of allowing artificially intelligent machines to be named inventors on patents. This week I’m giving equal time to Professor Ryan Abbott of the University of Surrey School of Law and author of The Reasonable Robot: Artificial Invention and the Law. Abbott will be representing Stephen Thaler in the Eastern District of Virginia on April 6. Thaler is appealing the USPTO’s rejection of a patent application that named only Thaler’s inventive machine, DABUS. (Thaler’s motion for summary judgment here, PTO opposition here, Thaler reply here.)





Using the hype for fund raising? If so, smart!

https://www.tampabay.com/opinion/2021/03/27/heres-why-uf-is-going-to-use-artificial-intelligence-across-its-entire-curriculum-column/

Here’s why UF is going to use artificial intelligence across its entire curriculum | Column

UF will likely be the nation’s first comprehensive research institution to integrate AI across the curriculum and make it a ubiquitous part of its academic enterprise. It will offer certificates and degree programs in AI and data science, with curriculum modules for specific technical and industry-focused domains. The result? Thousands of students per year will graduate with AI skills, growing the AI-trained workforce in Florida and serving as a national model for institutions across the country. Ultimately, UF’s effort will help to address the important national problem of how to train the nation’s 21st-century workforce at scale.





Have we been frying brains for a generation? No one reads the user manual…

https://www.makeuseof.com/right-way-make-calls-using-mobile-phone/

The Right Way to Make Calls Using Your Mobile Phone

… Nearly all cellphone manufacturers advise a distance of at least a quarter of an inch away. In fact, Apple even advises you to keep the cellphone at least ½ inch from their body or brain when in use. Other factors that influence radiation levels when using mobile phones are signal strength, distance, and connection time.

… Start by avoiding taking calls when your phone has a weak signal. When you only have one or two bars, your phone must emit more energy to connect to a tower. Similarly, the moments when you are trying to connect to a call also generate more radiation than the actual call itself.

To minimize exposure, wait for the line to connect before putting the cellphone close to your ear.





Interesting.

https://physicsworld.com/a/alan-turing-50-note-is-unveiled-how-to-get-a-mortgage-on-the-moon/

Alan Turing £50 note is unveiled, how to get a mortgage on the Moon

The Bank of England has unveiled the final design of its new £50 polymer banknote that features the mathematician and wartime codebreaker Alan Turing. The new £50 – the last of the bank’s notes to go from paper to polymer – will come into circulation on 23 June, which is the 109th anniversary of Turing’s birth. “He was a leading mathematician, developmental biologist and a pioneer in the field of computer science,” says Bank of England governor Andrew Bailey. “He was also gay and was treated appallingly as a result. By placing him on our new polymer £50 banknote, we are celebrating his achievements, and the values he symbolizes.”



Friday, March 26, 2021

High value targets.

https://www.schneier.com/blog/archives/2021/03/hacking-weapons-systems.html

Hacking Weapons Systems

Lukasz Olejnik has a good essay on hacking weapons systems.

Basically, there is no reason to believe that software in weapons systems is any more vulnerability free than any other software. So now the question is whether the software can be accessed over the Internet. Increasingly, it is. This is likely to become a bigger problem in the near future. We need to think about future wars where the tech simply doesn’t work.





This was inevitable. The CIA does not inform Google when it starts a hack.

https://www.technologyreview.com/2021/03/26/1021318/google-security-shut-down-counter-terrorist-us-ally/

Google’s top security teams unilaterally shut down a counterterrorism operation

The decision to block an “expert” level cyberattack has caused controversy inside Google after it emerged that the hackers in question were working for a US ally.





Security by crippling the car?

https://thenextweb.com/shift/2021/03/26/dodges-anti-theft-feature-no-sense-experts/

Dodge’s new anti-theft feature made NO sense… until I spoke with experts

Dodge’s new security feature is a type of two-factor authentication. Before starting the car, the driver has to input a four-digit code into the infotainment screen to unlock its full potential.

If the driver doesn’t punch in the code, the car will enter a low-power mode where its engine won’t rev beyond idle.

This kind of tech is nothing new. It can be enabled as an option on Tesla vehicles, and it has also been used on Peugeot and Citroën cars — in fact my dad had it on one of his old cars, he tells me it was nothing but a faff, anyway…

Dodge says their cars will be limited to 675 rpm, and produce less than 3 horsepower. In other words, it will roll away at walking pace.





Is it possible to claim “equal time” on social media? Should it be?

https://www.makeuseof.com/study-facebook-election-misinformation/

Study Suggests Facebook Handled Election Misinformation Poorly

Avaaz latest online campaign, entitled "Facebook: From Election to Insurrection," claims that Facebook could have prevented 10.1 billion estimated views of post flagged for election misinformation (from its "top-performing pages") if it had acted sooner.

Failure to downgrade the reach of these pages and to limit their ability to advertise in the year before the election meant Facebook allowed them to almost triple their monthly interactions, from 97 million interactions in October 2019 to 277.9 million interactions in October 2020. [This number is] catching up with the top 100 US media pages (ex. CNN, MSNBC, Fox News) on Facebook.





Probably still a long way to go, but I keep looking for ideas.

https://www.cpomagazine.com/data-protection/new-federal-privacy-law-proposal-designed-to-reach-across-political-aisle/

New Federal Privacy Law Proposal Designed to Reach Across Political Aisle

After an extended pause due to the coronavirus and the 2020 election, the prospect of a federal privacy law is once again being raised by Congress. Discussions of the several existing bills that were effectively tabled for over a year are resuming, and one that seems to be gaining early traction is the Information Transparency and Personal Data Control Act. First introduced by Rep. Suzan DelBene (D-WA) in April of 2019, the bill covers personal data protection issues championed by Democrats while also attempting to appeal to the business issues raised by Republican legislators who have shown an interest in increased regulation of tech companies.





Forces of change?

https://www.politico.eu/article/gdpr-reform-digital-innovation/

How to bring GDPR into the digital age

most importantly, the GDPR is seriously hampering the EU’s capacity to develop new technology and desperately needed digital solutions, for instance in the realm of e-governance and health.

While the creation of our golden standard of data protection is a great achievement, it has come to be seen as something untouchable that ranks above all other legal interests and fundamental rights, with no exception.

Many of the important technologies of the future — such as artificial intelligence, blockchain or single sign-on solutions — were already widely known in 2016, when the GDPR was finalized. And yet, provisions in the legislation — which many argue was supposed to be “technology neutral” — make it impossible to properly use or even develop them.





Would they ever recommend increased use of AI? What simple implementations are we missing?

https://www.axios.com/aclu-national-security-artificial-intelligence-bc2bf189-6cdb-44d4-a0d4-42c37a8b69ed.html

ACLU to FOIA information about national security uses of AI

The ACLU will be seeking information about how the government is using artificial intelligence in national security, Axios has learned.

Why it matters: The development of AI has major implications for security, surveillance, and justice. The ACLU's request may help shed some light on the government's often opaque applications of AI.





I find this a simple(?) yet elegant idea.

https://www.forbes.com/sites/rebeccaszkutak/2021/03/25/notarize-raises-a-130-million-series-d-round-after-a-year-of-600-growth/

This Electronic Notary Startup Just Raised $130 Million After A Year Of 600% Growth

When Covid-19 hit and the world went on lockdown, industries that operated exclusively on paper were left behind, scrambling to navigate the regulatory intricacies between the physical world and the Internet. Boston-based Notarize had the process down cold. “The reason we were doing well prior to Covid is because we had really created legal clarity in the market. Online is infinitely more convenient, but if it doesn’t have legal standing, it’s pointless.”

Kinsel knows all about a lack of legal standing, as well as the inconveniences of the notary process, which he encountered after selling Spindle, his mobile data collection startup, to Twitter in 2013. The transaction resulted in a ton of documents that needed to be notarized, and when the notary stamped, but forgot to sign them, the documents became invalid. This began a weeks-long process to ratify the situation, which Kinsel vowed to never do again. In an effort to eliminate this pain point by bringing the process online, Kinsel spent the last few years, and tens of millions of dollars, navigating the thorny notarization regulatory system, which intersects different requirements at the federal and state levels, and in some instances, county. Kinsel himself has traveled to 40 states and helped pass 31 pieces of state legislation to help pave the way for Notarize, which proved critical when the demand poured in last March.





Got an idea for a children’s book?

https://www.bespacific.com/childrens-books-get-the-algorithm-treatment/

Children’s Books Get the Algorithm Treatment

WSJ (paywall): “Goodnight Ninja? Knuffle Blobfish? Epic, a digital reading platform, tracks what kids are searching for on its site and uses that data to create new books; ‘Bug is higher on the list than crocodile’… The digital comic book passed one million reads in its first five days last week. Epic predicted as much. It engineered the book to become a hit with kids ages 6 to 10 by basing its new owl heroine partly on children’s preferences and reading habits on the site. When a kid’s sticky fingers search for something to read, Epic captures that activity and feeds the information into its book recommendation engine—a tool that also informs the creation of new titles in-house. Epic’s team knows that children prefer owls to chickens and chickens to hedgehogs. Kids hunt for unicorns almost twice as often as they look for mermaids. Volcanoes are more popular than tsunamis, which are more popular than earthquakes. The Titanic is bigger than cowboys, pizza is bigger than cake, science is bigger than art and “poop” is bigger than all of them. During the pandemic, Epic has more than doubled its reach to 50 million children globally, most of them in the U.S. The online subscription children’s book service, founded in 2013 and based in Redwood City, Calif., is free to schools and has become a fixture of remote classrooms across the country by offering an easily accessible library of books and educational videos. Epic now possesses a trove of data on children, a group famously difficult to track…”





A bit of legal prognostication.

https://www.bespacific.com/digital-justice-in-2058-trusting-our-survival-to-ai-quantum-and-the-rule-of-law/

Digital Justice in 2058: Trusting Our Survival to AI, Quantum and the Rule of Law

Ritter, Jeffrey, Digital Justice in 2058: Trusting Our Survival to AI, Quantum and the Rule of Law (December 22, 2020). 8 J. INT’L & COMPARATIVE LAW __ (2021), Available at SSRN: https://ssrn.com/abstract=3778678 or http://dx.doi.org/10.2139/ssrn.3778678

As legal scholarship on the interactions among artificial intelligence (AI) and the rule of law advances, quantum computing is rapidly moving from scientific theory into reality, offering unprecedented potential for what AI will accomplish. To anticipate what the rule of law will offer when quantum becomes real, Part I introduces a future reality in which a new machine-based legal system, quantum law, governs humankind. Time travelling forward to 2058, the centennial birthday of the Internet, Part II surveys the condition of the world, in which the rule of law serves an essential purpose—to extend the survival of humankind. Part III offers the text of an imagined keynote address in that year, describing the foundations on which justice has evolved and quantum law is administered. Part IV concludes by challenging custodians of the law to think differently about how to fit law and technology together, while still preserving and advancing the humane values cherished as principles of the rule of law today—compassion, forgiveness, redemption, equality and fairness.”



(Related) A short SciFi story dealing with the future of law.

http://www.gutenberg.org/files/51420/51420-h/51420-h.htm

LICENSE TO STEAL

By LOUIS NEWMAN



Thursday, March 25, 2021

Oh joy…

https://www.bespacific.com/anyone-with-an-iphone-can-now-make-deepfakes/

Anyone with an iPhone can now make deepfakes

Washington Post – “We aren’t ready for what happens next. Realistic videos of people doing things that never really happened have become shockingly easy to create. Now is the time to put in some guardrails. The past few months have brought advances in this controversial technology that I knew were coming, but am still shocked to see. A few years ago, deepfake videos — named after the “deep learning” artificial intelligence used to generate faces — required a Hollywood studio or at least a crazy powerful computer. Then around 2020 came apps, like one called Reface, that let you map your own face onto a clip of a celebrity. Now with a single source photo and zero technical expertise, an iPhone app called Avatarify lets you actually control the face of another person like a puppet. Using your phone’s selfie camera, whatever you do with your own face happens on theirs. Avatarify doesn’t make videos as sophisticated as pro fakes of Tom Cruise that have been flying on social network TikTok — but it has been downloaded more than 6 million times since February alone. (See for yourself in the video I made on my phone to accompany this column.) Another app for iPhone and Android devices called Wombo turns a straight-on photo into a funny lip-sync music video. It generated 100 million clips just in its first two weeks…”





Would this be covered by existing ‘Good Samaritan’ laws? If not, let’s craft a law that will cover good people acting ethically.

https://www.databreaches.net/engineer-reports-data-leak-to-apperta-hears-from-the-police/

Engineer reports data leak to Apperta, hears from the police

Ax Sharma reports another troubling instance of “Shoot the Messenger:” threatening or blaming those who responsibly disclose leaks that they discover. This episode appears to be brought to us via Apperta Foundation.

Earlier this month, Dyke had discovered an exposed GitHub repository exposing passwords, API keys, and sensitive financial records which belonged to Apperta Foundation.
On discovering this GitHub repository which, the engineer says, was public since at least 2019, the engineer privately reported it to Apperta, and got thanked by them.
On March 9th, however, he received legal correspondence from Apperta’s lawyers, leading him to hire his own solicitors to represent him.
Furthermore, an email followed yesterday from a Northumbria Police cyber investigator in relation to a report of “Computer Misuse.”

Read more on BleepingComputer.





How to win friends and influence people. NOT!

https://www.makeuseof.com/facebook-rules-call-death-public-figures/

Facebook Rules Say It's OK to Call for the Death of Public Figures

Facebook allows users to allude to a public figure's death, as long as the figure isn't "purposefully exposed" to it.





Trying to keep up. [CPRA is the California Privacy Rights Act of 2020 ]

https://www.pogowasright.org/new-york-considering-dramatic-expansion-of-consumer-privacy-rights/

New York Considering Dramatic Expansion of Consumer Privacy Rights

Delonie A. Plummer, Damon W. Silver and Jeffrey M. Schlossberg of JacksonLewis write:

In 2018, the California Consumer Privacy Act (“CCPA”), which provides for an expansive array of privacy rights and obligations, was enacted. At the time, it was reasonable to wonder whether California’s bold example would catalyze similar activity in other states. It’s clear now that it has. Virginia recently passed its own robust privacy law, the Consumer Data Protection Act (“CDPA”), and New York, as well as other states, like Florida, appear poised to follow suit. (Building on its own momentum, California passed another privacy law, the California Consumer Privacy Act (“CPRA”), last November, which expands the rights and obligations established by the CCPA).

Read more on Workplace Privacy, Data Management & Security Report





I say it’s none of your business.

https://www.latimes.com/business/technology/story/2021-03-24/federal-agencies-subpoena-google-personal-information

This is what happens when ICE asks Google for your user information

In one email The Times reviewed, Google notified the recipient that the company received a request from the Department of Homeland Security to turn over information related to their Google account. (The recipient shared the email on the condition of anonymity due to concern about immigration enforcement). That account may be attached to Gmail, YouTube, Google Photos, Google Pay, Google Calendar and other services and apps.

The email, sent from Google’s Legal Investigations Support team, notified the recipient that Google may hand over personal information to DHS unless it receives within seven days a copy of a court-stamped motion to quash the request.





The next step in Insurance monitors.

https://www.caranddriver.com/news/a35916314/crash-reconstruction-japan-revealed/

AI-Powered Automatic Crash Reconstruction Goes Live in Japan

In not-at-all-creepy news from Japan, more than 200,000 drivers are now using an automatic crash reconstruction system that combines cameras, sensors and good old-fashioned artificial intelligence to make sense of car accidents. No more pointing fingers and claiming it's the other guy's fault when you blithely change lanes in your Mitsuoka Galue and ram some innocent in a Suzuki Alto Lapin Turbo straight into the guardrail on the Bayshore Route to Ichikawa. Because that Lapin Turbo, in addition to its 60 horsepower and inimitable style, might be packing a Nexar AI crash reconstruction system. In which case, the computer will combine camera footage and information from the car's sensors to draw its own conclusions—as well as alert the authorities the moment things go wrong.

This seems like a natural outgrowth of programs like Progressive Snapshot, wherein you share vehicle data with your insurance company in hopes for a discount—except, in Japan, the drivers pay a subscription fee of "less than $10 per month" for the system. (It speaks to our cultural differences that the underlying premise there is proving innocence, which is something you'd pay for.) Until now, the crash reconstruction equipment was part of a pilot program, but its success prompted Nexar and MSI to roll it out to the general public.

"You'll be able to walk into a courtroom and see a 3D AR crash scene. And with an autonomous car, a system like this would be required, because there'll be a need for proof." If cars end up driving themselves, they'll also be the witnesses. And if a car can create a 3D representation of the world in real time as it's driving, it won't be a major leap to generate a detailed replay after an accident.





Got cash? Get patent! (Keep your AI poor!)

https://sifted.eu/articles/ai-generated-inventions-patentable/

Are AI-generated inventions patentable?

The best way to provide adequate protection to such works would be the creation of a unique right, similar to the exclusive right of the maker of a database to reproduce and distribute the database in whole, or qualitatively or quantitatively substantial parts thereof.

Such a one-of-a-kind right should be afforded to both the algorithm and the designs it generates. This right should not require an invention or the creation of a work of authorship by a human, but only a sizeable investment in the software that created the algorithms that determine the shape and other properties of the final product they create. The owner of such a unique right will be the individual or legal entity that made the investment — only the investor will have the exclusive right to tweak the algorithm and/or use and exploit a product design generated by the algorithm.



(Related) kind of…

https://www.weforum.org/agenda/2021/03/responsible-machine-learning-that-protects-trade-secrets/

Responsible machine learning can still protect intellectual property – here’s how





Perspective?

https://www.bespacific.com/artificial-intelligence-and-the-right-to-data-protection/

Artificial Intelligence and the Right to Data Protection

Poscher, Ralf, Artificial Intelligence and the Right to Data Protection (January 19, 2021). Available at SSRN: https://ssrn.com/abstract=3769159 or http://dx.doi.org/10.2139/ssrn.3769159

One way in which the law is often related to new technological developments is as an external restriction. Lawyers are frequently asked whether a new technology is compatible with the law. This implies an asymmetry between technology and the law. Technology appears dynamic, the law stable. We know, however, that this image of the relationship between technology and the law is skewed. The right to data protection itself is an innovative reaction to the law from the early days of mass computing and automated data processing. The paper explores how an essential aspect of AI-technologies, their lack of transparency, might support a different understanding of the right to data protection. From this different perspective, the right to data protection is not regarded as a fundamental right of its own but rather as a doctrinal enhancement of each fundamental right against the abstract dangers of digital data collection and processing. This understanding of the right to data protection shifts the perspective from the individual data processing operation to the data processing system and the abstract dangers connected with it. The systems would not be measured by how they can avoid or justify the processing of some personal data but by the effectiveness of the mechanisms employed to avert the abstract dangers associated with a specific system. This shift in perspective should also allow an assessment of AI-systems despite their lack of transparency.”





I’m shocked! Shocked, I tell you.

https://www.bespacific.com/harvard-study-work-from-home-more-appealing-than-return-to-business-as-usual/

Harvard Study – Work from home more appealing than return to ‘business as usual’

USA Today – “Despite potentially longer hours, most Americans enjoy working remotely and want the option to keep doing so post-pandemic, according to a new Harvard Business School Online survey. As COVID-19 forced countless companies to let employees work remotely and presented new challenges such as readjusting their home life and fighting Zoom fatigue from numerous virtual meetings, most of the 1,500 people surveyed say they excelled and even grew in their professions. “I think it’s a combination of factors, like a Jekyll and Hyde, so to speak,” said Patrick Mullane, the school’s executive director. “We love working remotely in some ways; it gives us more time to focus, spend time with our families, and no long commutes back and forth to work. “We found out that we can do a lot without having to be face-to-face as COVID really forced that issue,” Mullane said…”



(Related) Dilbert on the joy of working from home.

https://dilbert.com/strip/2021-03-25



Wednesday, March 24, 2021

The trick is, you have to have a ‘best practices’ level plan AND you have to follow it.

https://www.jdsupra.com/legalnews/utah-becomes-the-second-u-s-state-to-7031711/

Utah Becomes the Second U.S. State to Establish Affirmative Defenses for Data Breach

In enacting the Cybersecurity Affirmative Defense Act, HB80, (Act) on March 11, 2021, Utah became the second state in the U.S. to create affirmative defenses for “persons” to certain causes of action arising out of a breach of system security.

The Act establishes the following three (3) affirmative defenses to tort-based claims brought under Utah law in a Utah state court:

  • A person that creates, maintains, and reasonably compiles with written industry-recognized cybersecurity regulations that were in place at the time of the breach has an affirmative defense to a claim that the person failed to implement reasonable information security controls that resulted in the breach;

  • A person that creates, maintains, and reasonably complies with their program and also had in place protocols for responding to a breach of system security at the time of the breach has an affirmative defense to a claim that the person failed to appropriately respond to a breach of a security system; and

  • A person that creates, maintains, and reasonably compiles with their program and also had in place protocols for notifying an individual about a breach at the time of the breach has an affirmative defense to a claim that the person failed to appropriately notify an individual whose personal information was compromised in a breach of a security system.





About time.

https://www.pogowasright.org/colorado-joins-list-of-states-proposing-privacy-laws/

Colorado Joins List of States Proposing Privacy Laws

Odia Kagan of FoxRothschild writes:

Colorado has introduced the “Colorado Privacy Act” bill (SB21-190).
Key things to note:
  • Recital notes that the “EU GDPR is emerging as a model for countries across the globe in data privacy.”
  • Consumer rights: access, correction, deletion, data portability and right to opt out of general collection and use of personal data not just use for sale.
  • Opt-in consent for processing sensitive data.
  • Affirmative obligation for information security.
  • Requirement for clear, transparent privacy disclosure,
  • Requirement for data protection assessments (for targeted advertising, sale, sensitive data).
  • Enforcement by AG.
  • Definition of “consent” modeled after Article 7 of GDPR.
  • Different definition of “de-identified data” which is similar to that under HIPAA.
  • Processing must be necessary, reasonable and proportionate to the specific purpose disclosed.
  • Controller is liable for a processor’s actions.
  • Requirement for controller/processor agreement but no specifics.

Read the full text of the bill.





The future law of the workplace?

https://www.vice.com/en/article/dy8n3j/amazon-delivery-drivers-forced-to-sign-biometric-consent-form-or-lose-job

Amazon Delivery Drivers Forced to Sign ‘Biometric Consent’ Form or Lose Job

Amazon delivery drivers nationwide have to sign a "biometric consent" form this week that grants the tech behemoth permission to use AI-powered cameras to access drivers' location, movement, and biometric data.

If the company’s delivery drivers, who number around 75,000 in the United States, refuse to sign these forms, they lose their jobs. The form requires drivers to agree to facial recognition and other biometric data collection within the trucks they drive.





...if you want to do business in Virginia.

https://www.huntonprivacyblog.com/2021/03/23/webinar-on-virginias-consumer-data-protection-act/

Webinar on Virginia’s Consumer Data Protection Act

On March 30, 2021, Hunton Andrews Kurth will host a webinar examining Virginia’s new Consumer Data Protection Act.





Speaking of privacy.

https://www.huntonprivacyblog.com/2021/03/13/edpb-releases-guidelines-on-virtual-voice-assistants/

EDPB Releases Guidelines on Virtual Voice Assistants

On March 12, 2021, the European Data Protection Board (“EDPB”) published its Guidelines 01/2021 on Virtual Voice Assistants for consultation (the “Guidelines”). Virtual voice assistants (“VVAs”) understand and execute voice commands or coordinate with other IT systems. These tools are available on most smartphones and other devices and collect significant amounts of personal data, such as through user commands. In addition, VVAs require a terminal device equipped with a microphone and transfer data to remote service. These activities raise compliance issues under both the General Data Protection Regulation (“GDPR”) and the e-Privacy Directive.





Interesting how the timing of one law impacts the utility of another.

https://fpf.org/blog/the-right-to-be-forgotten-is-not-compatible-with-the-brazilian-constitution-or-is-it/

THE RIGHT TO BE FORGOTTEN IS NOT COMPATIBLE WITH THE BRAZILIAN CONSTITUTION. OR IS IT?

The Brazilian Supreme Federal Court, or “STF” in its Brazilian acronym, recently took a landmark decision concerning the right to be forgotten (RTBF), finding that it is incompatible with the Brazilian Constitution. This attracted international attention to Brazil for a topic quite distant than the sadly frequent environmental, health, and political crises.

The fact that the RTBF has been predominantly analyzed and discussed through the European lenses does not mean that this is the only possible perspective, nor that this approach is necessary the best. In fact, the Brazilian conception of the RTBF is remarkably different from a conceptual, constitutional, and institutional standpoint. The main concern of the Brazilian RTBF is not how a data controller might process personal data (this is the part where frustration and disappointment might likely arise in the reader) but the STF itself leaves the door open to such possibility (this is the point where renewed interest and curiosity may arise).





Makes perfect sense to me.

https://www.cpomagazine.com/data-privacy/todays-cpo-tomorrows-general-counsel/

Today’s CPO, Tomorrow’s General Counsel

The future belongs to those who understand data. Nowhere will this adage be truer than in the General Counsel’s office. As data privacy is reaching the fore of consumer consciousness, and as the United States inches toward a possible federal data privacy law, an increasing number of Chief Privacy Officers are being tapped for the ultimate legal hot seat: the General Counsel spot.





Thinking ahead?

https://www.lexology.com/library/detail.aspx?g=c773be0f-6e4a-4ed1-911d-d8fdfca1c1d0

Protecting Privacy in the Era of AI

This article was originally published in the Canadian Bar Association's periodical, National Magazine, on March 16, 2021. Click here for the original article.

When it introduced its new privacy bill, the federal government took its first major step in modernizing the regulation of artificial intelligence in Canada.

Bill C-11, tabled in November 2020, will, among other things, create a new Consumer Privacy Protection Act (CPPA), which contains a novel addition to Canadian privacy law: the right to an “explanation” concerning decisions made by an automated decision system. It’s a welcome measure, but the government must now give organizations better guidance on what constitutes a meaningful explanation.

Under section 63(3) of the CPPA, individuals have a right to an explanation about the use of an automated decision system to make a prediction, recommendation or decision about them and how their personal information was used in the process.

Automated decision system” means “any technology that assists or replaces the judgement of human decision-makers using techniques such as rules-based systems, regression analysis, predictive analytics, machine learning, deep learning and neural nets.‍”





Right now, it’s at the level of a one celled organism.

https://www.itproportal.com/features/data-privacy-must-evolve-in-an-ai-centric-world/

Data privacy must evolve in an AI-centric world

… In the end, a best practice approach to Secure AI requires an organization to identify and define the end-to-end process for collecting data; building and deploying AI platforms that can use protected sensitivity of data; and developing an IT framework that ensures data in motion can remain protected and anonymized when necessary. This need extends to websites, apps, devices, and other systems. Likewise, it’s vital to keep an eye on what changes as various data sources and models change—and impact one another.

Finally, there’s a need to know that specific tools protect data across an ecosystem. This includes multi-cloud and hybrid-cloud environments (including containers and migrations that occur within clouds); AI protection solutions that anonymize, de-identify, or tokenize data and access; encryption methods such as homomorphic encryption that can hide the actual data even while it’s being analyzed; policy enforcement frameworks that support initiatives like GDPR and the California Consumer Privacy Act; and robust privacy reporting and auditing tools to ensure that systems are performing as expected.





Let’s hope we’re not “shut-ins” long enough to read all of these!

https://www.bespacific.com/open-syllabus-project-visualizes-the-1000000-books-most-frequently-assigned-in-college-courses/

Open Syllabus Project Visualizes the 1,000,000+ Books Most Frequently Assigned in College Courses

Open Culture -“The Prince, The Canterbury Tales, The Communist Manifesto, The Souls of Black Folk, The Elements of Style: we’ve read all these, of course. Or at least we’ve read most of them (one or two for sure), if our ever-dimmer memories of high school or college are to be trusted. But we can rest assured that students are reading — or in any case, being assigned — these very same works today, thanks to the Open Syllabus project, which as of this writing has assembled a database of 7,292,573 different college course syllabi. Greatly expanded since we previously featured it here on Open Culture, its “Galaxy now visualizes the 1,138,841 most frequently assigned texts in that database, presenting them in a Google Maps-like interface for your intellectual exploration…”





Tools.

https://www.freetech4teachers.com/2021/03/forky-simple-mind-mapping-tool.html?utm_source=feedburner&utm_medium=feed&utm_campaign=Feed:+freetech4teachers/cGEY+(Free+Technology+for+Teachers)

Forky - A Simple Mind Mapping Tool

Forky is a new mind mapping tool that fits into the category of simple but effective.

Forky is a free mind mapping tool that focuses on just connecting text boxes. As you'll see in this video, all that you have to do to make a mind map with Forky is to double-click on the screen then start typing in the text box that appears when you double-click. To add a new connected idea just hit the tab key on your keyboard and a new text box appears for you to type in. If you want to create a new text box that isn't connected to a previous one, just double-click somewhere else on your screen. You can make connections between boxes after they're written by simply holding the shift key while clicking on one box then another.

Forky doesn't include support for inserting images, video, or any other media. It's just for writing a series of connected ideas. You can invite other people to view your Forky mind maps via email.

Here's my complete video overview of Forky.