Saturday, October 02, 2021

This question always.

https://www.databreaches.net/pottawatomie-co-pays-hackers-to-restore-computer-systems-after-cyber-attack/

Pottawatomie Co. pays hackers to restore computer systems after cyber attack

Chris Fisher reports:

Officials in Pottawatomie County say computer systems are slowly being restored after a ransom was paid to hackers.

County officials say several of their servers were encrypted during a cyber attack on September 17, 2021.

The county was able to resolve the attack by paying less than 10% of the hacker’s original demands.

Read more on WIBW.

While they brag about how they talked the threat actors down in amount of demand, did anyone ask them why they were unable to use a current backup? Did they even have one?

The most recent notice on the county’s site is from September 28. It states:

Pottawatomie County computer networks and systems are currently offline. We don’t have a date yet when systems will be fully restored, but we are working diligently to address the problem and restore services as soon as possible.
We apologize for any inconvenience this may cause. We are doing as much as we can with pen and paper, but some services are unavailable until systems are restored.
If you need to do business with a County department or agency, please call the appropriate office before stopping in to make sure we can provide what is needed. Click here for a Staff Directory. Thank you for your patience.
We will post updates here as the situation is resolved.



Yes, we know where you are and yes, we can use that information against you.

https://thenextweb.com/news/multibillion-dollar-market-phones-location-data-syndication?utm_source=feedburner&utm_medium=feed&utm_campaign=Feed%3A+TheNextWeb+%28The+Next+Web+All+Stories%29

There’s a multibillion-dollar market for your phone’s location data

Companies that you likely have never heard of are hawking access to the location history on your mobile phone. An estimated $12 billion market, the location data industry has many players: collectors, aggregators, marketplaces, and location intelligence firms, all of which boast about the scale and precision of the data that they’ve amassed.

… “There isn’t a lot of transparency and there is a really, really complex shadowy web of interactions between these companies that’s hard to untangle,” Justin Sherman, a cyber policy fellow at the Duke Tech Policy Lab, said. “They operate on the fact that the general public and people in Washington and other regulatory centers aren’t paying attention to what they’re doing.”



Scenario away!

https://www.theregister.com/2021/10/01/internet_archive_wayforward_machine/

Internet Archive's 2046 Wayforward Machine says Google will cease to exist

Stop cheering, you're meant to think this is a bad thing

The Internet Archive has launched a campaign against tech regulation by setting up a Wayforward Machine, semi-parodying its famous Wayback Machine archiving site.

The Wayforward Machine paints a picture of the internet in 2046 – smeared with censorship, regulation, governmental interference, and more.

On typing in any well-known web address to the Wayforward Machine, the viewer is presented with a number of popups – all of which suggest a nightmarish future where governmental surveillance reigns supreme and privacy is heavily frowned upon.

Visiting the BBC website brings up a popup stating: "Content on the site you are trying to access is protected by the Content Truth Gateway," while trying to reach Google.com shows that the Chocolate Factory has ceased to function after being regulated out of existence – perhaps intended as the sole light at the end of the tunnel rather than a sign of crushing defeat for freedom.



I’m not sure there is a point to this, but it is interesting.

https://www.androidcentral.com/ai-controversial-future-tech-whether-we-it-or-not

AI is the controversial future of tech whether we like it or not

Artificial Intelligence is the best and worst thing that's ever happened to our daily lives.



For my students.

https://www.makeuseof.com/google-scholar-alternatives/

4 Google Scholar Alternatives to Find Educational Material

Here, we'll look at four alternative search tools, where you can find articles, textbooks, and other forms of educational material.



An elegant answer to an old question.

https://dilbert.com/strip/2021-10-02


Friday, October 01, 2021

Possibly the expiration date was encrypted?

https://news.yahoo.com/internet-goes-down-millions-tech-021400230.html

Internet goes down for millions, tech companies scramble as key encryption service expires

The expiration of a key digital encryption service on Thursday sent major tech companies nationwide scrambling to deal with internet outages that affected millions of online users.

Tech giants — such as Amazon, Google, Microsoft, and Cisco, as well as many smaller tech companies — were still battling with an endless array of issues by the end of the night. The problems were caused by the forced expiration of a popular digital certificate that encrypts and protects the connection between devices and websites on the internet.



I read about the process and wonder: If I had been wandering by and the FBI noted that I do not have a smartphone, would I immediately leap to the top of their suspect list? Clearly I’m trying to hide my tracks…

https://www.wired.com/story/capitol-riot-google-geofence-warrant/

How a Secret Google Geofence Warrant Helped Catch the Capitol Riot Mob

COURT DOCUMENTS SUGGEST the FBI has been using controversial geofence search warrants at a scale not publicly seen before, collecting account information and location data on hundreds of devices inside the US Capitol during a deadly invasion by a right-wing mob on January 6.


(Related) Same thing, another angle.

https://www.pogowasright.org/when-the-fbi-seizes-your-messages-from-big-tech-you-may-not-know-it-for-years/

When the FBI seizes your messages from Big Tech, you may not know it for years

Jay Greene and Drew Harwell recently reported:

At first, Ryan Lackey thought the email was a scam. It arrived one morning in March, bearing news that Facebook had received an order from the Federal Bureau of Investigation to turn over data from personal accounts Lackey uses to chat with friends and exchange cat photos.
Even weirder, the email said Facebook had been forced to keep this intrusion secret. Six months later, Lackey, a computer security consultant in Puerto Rico, still has no idea what Facebook turned over to an FBI investigation that he believes may have started as early as 2019.

Read more on Washington Post, I am in a similar situation, I have heard, but I have no details as yet as to the gag order on Twitter that may have gone on for years.

For another aspect of law enforcement and tech, see It’s not easy to control police use of tech—even with a law by Sidney Fussell of Wired.com.

And in the most recent story about government surveillance, John Wright has a story on Raw Story: FBI used secret Google tracking data to nab Capitol rioters. It begins:

Federal prosecutors have cited secretive “geofence” warrants — which allow law enforcement to pinpoint cell-phone users’ precise locations over time — in 45 Capitol riot cases, including six where where suspects had not previously been identified.
Geofence warrants, also known as reverse-location warrants, allow law enforcement to obtain data from Google to identify potential suspects.

Read more on Raw Story.



A right the Founding Fathers missed?

https://www.bespacific.com/discriminatory-ai-and-the-law-legal-standards-for-algorithmic-profiling/

Discriminatory AI and the Law Legal Standards for Algorithmic Profiling

von Ungern-Sternberg, Antje, Discriminatory AI and the Law – Legal Standards for Algorithmic Profiling. (June 29, 2021). Draft Chapter, in: Silja Vöneky, Philipp Kellmeyer, Oliver Müller and Wolfram Burgard (ed.) Responsible AI, Cambridge University Press (Forthcoming), Available at SSRN: https://ssrn.com/abstract=3876657

Artificial Intelligence is increasingly used to assess people (profiling) and helps employers to find qualified employees, internet platforms to distribute information or to sell goods, and security authorities to single out suspects. Apart from being more efficient than humans in processing huge amounts of data, intelligent algorithms – which are free of human prejudices and stereotypes – would also prevent discriminatory decisions, or so the story goes. However, many studies show that the use of AI can lead to discriminatory outcomes. From a legal point of view, this raises the question if the law as it stands prohibits objectionable forms of differential treatment and detrimental impact. In the legal literature dealing with automated profiling, some authors have suggested that we need a “right to reasonable inferences”, i.e. a certain methodology for AI algorithms affecting humans. This paper takes up this idea with respect to discriminatory AI and claims that such a right already exists in antidiscrimination law. It argues that the need to justify differential treatment and detrimental impact implies that profiling methods correspond to certain standards. It is now a major challenge for both lawyers as well as data and computer scientist to develop and establish those methodological standards in order to guarantee compliance with antidiscrimination law (and other legal regimes), as the paper outlines.”



Was customer demand high or is this purely speculative?

https://www.ft.com/content/c2cf67d6-a143-4aff-9eb1-b7a4e93c3c73

Amazon’s Astro robot is a symbol of the surveillance age

When Amazon unveiled a domestic robot this week, it promised that the Astro is capable of “many delightful things”. Tellingly, the first practical example given by Dave Limp, the executive in charge, was checking whether his dogs were cheekily sleeping on the sofa while he was out of the house.

In 1967, the American novelist and poet Richard Brautigan imagined “a cybernetic ecology where we are free of our labours . . . and all watched over/by machines of loving grace.” Brautigan was prescient about one thing: the task for which Amazon’s robot is best suited is surveillance, loving or not.

… Astro’s most human talent is recognising its owners. Amazon has built into the device a screen and artificial intelligence, so that it can identify up to 10 family members, follow them around playing music or videos, blink its digital eyes and carry small items from one to another. In other words, it performs like a well-behaved toddler; it will even go away on command. Where Astro outperforms the toddler is on sentry duty. It can act like a miniature guard, patrolling while the occupants are out and checking on unexpected noises, such as burglar alarms or breaking windows. If it finds an intruder, it will track him and observe the crime, unless he kicks it over.



Reading this got me thinking. The first company to succeed because of strong ethics will change the world. Any idea how that would work?

https://venturebeat.com/2021/09/30/are-ai-ethics-teams-doomed-to-be-a-facade-the-women-who-pioneered-them-weigh-in/

Are AI ethics teams doomed to be a facade? Women who pioneered them weigh in

The concept of “ethical AI” hardly existed just a few years ago, but times have changed. After countless discoveries of AI systems causing real-world harm and a slew of professionals ringing the alarm, tech companies now know that all eyes — from customers to regulators — are on their AI. They also know this is something they need to have an answer for. That answer, in many cases, has been to establish in-house AI ethics teams.

Now present at companies including Google, Microsoft, IBM, Facebook, Salesforce, Sony, and more, such groups and boards were largely positioned as places to do important research and even act as safeguards against the companies’ own AI technologies. But after Google fired Timnit Gebru and Margaret Mitchell, leading voices in the space and the former co-leads of the company’s ethical AI lab, this past winter after Gebru refused to rescind a research paper on the risks of large language models, it felt as if the rug had been pulled out on the whole concept. It doesn’t help that Facebook has also been criticized for steering its AI ethics team away from research into topics like misinformation, in fear it could impact user growth and engagement. Now, many in the industry are questioning if these in-house teams are just a facade.



Perspective. Perhaps Facebook isn’t so bad? Shouldn’t management of any organization have confidence that they can deal with any issues that arrise?

https://www.techdirt.com/articles/20210929/17352047662/facebooks-latest-scandals-banality-hubris-messiness-humanity.shtml

Facebook's Latest Scandals: The Banality Of Hubris; The Messiness Of Humanity

Over the last few weeks, the WSJ has run a series of posts generally called "The Facebook Files," which have exposed a variety of internal documents from Facebook that are somewhat embarrassing. I do think some of the reporting is overblown -- and, in rather typical fashion regarding the big news publications and their reporting on Facebook, presents everything in the worst possible light. For example, the report on how internal research showed that Instagram made teen girls feel bad about themselves downplays that the data actually shows a significantly higher percentage of teens indicated that Instagram made them feel better:



Perspective.

https://www.bespacific.com/pwc-offers-u-s-employees-full-time-remote-work/

PwC offers U.S. employees full-time remote work

Reuters: “Accounting and consulting firm PwC told Reuters on Thursday it will allow all its 40,000 U.S. client services employees to work virtually and live anywhere they want in perpetuity, making it one of the biggest employers to embrace permanent remote work. The policy is a departure from the accounting industry’s rigid attitudes, known for encouraging people to put in late nights at the office. Other major accounting firms, such as Deloitte and KPMG, have also been giving employees more choice to work remotely in the face of the COVID-19 pandemic. PwC’s deputy people leader, Yolanda Seals-Coffield, said in an interview that the firm was the first in its industry to make full-time virtual work available to client services employees. PwC’s support staff and employees in areas such as human resources and legal operations that do not face clients already had the option to work virtually full-time…”


Thursday, September 30, 2021

Once surveillance concepts leak from government software, programmers realize how simple it is to create similar tools for the civilian markets.

https://www.boston.com/news/technology/2021/09/29/stalkerware-apps-are-proliferating-protect-yourself/

Stalkerware’ apps are proliferating. Protect yourself.

Flash Keylogger is part of a rapidly expanding group of apps known as “stalkerware.” While these apps numbered in the hundreds a few years ago, they have since grown into the thousands. They are widely available on Google’s Play Store and to a lesser degree Apple’s App Store, often with innocuous names like MobileTool, Agent and Cerberus. And they have become such a tool for digital domestic abuse that Apple and Google have started in the past year acknowledging that the apps are an issue.

From last September to May, the number of devices infected with stalkerware jumped 63%, according to a study by security firm NortonLifeLock. This month, the Federal Trade Commission said it had barred one app-maker, Support King, from offering SpyFone, a piece of stalkerware that gains access to a victim’s location, photos and messages. It was the first ban of its kind.

Stalkerware is a thorny issue because it lives in a gray area. There are legitimate uses for surveillance apps, like parental control software that monitors children online to protect them from predators. But this technology becomes stalkerware when it’s stealthily installed on a partner’s phone to spy on him or her without consent.


(Related) Some adaption of surveillance is more direct than others.

https://www.theregister.com/2021/09/30/mod_data_strategy_social_media_surveillance/

UK MoD data strategy calls for social media surveillance on behalf of 'local authorities'

The Ministry of Defence has published a data strategy that calls on the British armed forces to make better use of its "enduring strategic asset" – by spying on social media and dobbing in dissenters to local councils.

In a move bound to fuel tinfoil hat-wearing conspiracy theorists, the MoD's Data Strategy for Defence document [PDF ] published this week says the military ought to be carrying out "Automated scanning of social media platforms" to detect "change in population sentiment."

"Decision making is enhanced by local surveillance of groups of interest," notes the strategy document, adding that spying on irritated citizens' Facebook rants helps "local authorities" impose "heightened readiness measures".

Nowhere does the document explain why a strategy paper has gone so far off the beaten track that it promotes collecting data the MoD doesn't have and using it for decidedly non-military purposes.



No doubt “Honest Abe” will be selling “His” Lincoln Town Cars soon.

https://www.bespacific.com/speaking-portraits-make-it-unsettlingly-easy-to-turn-still-photos-into-animated-deepfakes/

Speaking Portraits’ Make It Unsettlingly Easy to Turn Still Photos Into Animated Deepfakes

Gizmodo: “Earlier this year, social media was briefly taken over by seemingly everyone using MyHeritage’s Deep Nostalgia feature to bring old photos to life. The company whose AI technology powers Deep Nostalgia, D-ID, is taking that technology one step further, turning still headshot photos into videos that move and say whatever a user wants. As impressively lifelike as the results from MyHeritage’s Deep Nostalgia often were, the feature had its limitations. After a still photo of a person was uploaded, their orientation in the shot was analyzed to determine which direction their head and eyes were looking, at which point a matching video from a small collection of ‘driver videos’ was selected to be used as a reference to create the AI-generated movements. Users had no control over the movements in the generated video, and the subject made no attempt to speak. At the recent TechCrunch Disrupt 2021, D-ID revealed a more advanced version of Deep Nostalgia called Speaking Portraits that can make still photos appear to move and talk based on either a source video, just an audio clip, or even a text file with a pre-written script…”



Interesting, but you have to give up the tools you know and love…

https://techcrunch.com/2021/09/29/the-death-of-identity-knowing-your-customer-in-the-age-of-data-privacy/

The death of identity: Knowing your customer in the age of data privacy

Know your customer” is one of the foundational concepts of business. In the digital age, companies have learned much about their customers by forming individual profiles from third-party cookies, social content, purchased demographics and more. But in the face of growing demands for privacy, businesses have the opportunity to overhaul their relationship with customer data to focus solely on first-party data and patterns of behavior.

Companies have employed digital analytics, advertising and marketing solutions to track customers and connect their behaviors across touch points. This enabled the creation of data profiles, which have been leveraged to deliver personalized experiences that resonate through relevance and context.

Now, however, this practice of profiling and identifying customers is increasingly coming under scrutiny. Regulators are adopting new data and consumer privacy legislation, most recently seen with the Colorado Privacy Act. Moreover, Apple’s privacy implementations in iOS 14.8 and iOS 15 have been adopted by an estimated 96% of users, who have opted to stop apps from tracking their activity for ad targeting. And Google has announced it will no longer support third-party cookies and will stop tracking on an individual basis altogether through its Chrome browser.



Tools & Techniques. Have a process you would like to automate?

https://www.bespacific.com/metasoftware-building-blocks-for-legal-technology/

Metasoftware: Building Blocks for Legal Technology

Shadab, Houman B., Metasoftware: Building Blocks for Legal Technology (June 29, 2021). NYLS Legal Studies Research Paper No. 3876785, Available at SSRN: https://ssrn.com/abstract=3876785 or http://dx.doi.org/10.2139/ssrn.3876785

This Article develops a novel concept in information technology called metasoftware. It then applies the concept of metasoftware to developing legal technology. Metasoftware enables users to create the software of their choosing and stands in sharp contrast to traditional, functional software that is intended for a particular purpose or a defined range of tasks. Functional software is the default type of software that is currently produced and includes word processing, email, social networking, enterprise resource management, online marketplaces, and video game software. Metasoftware, by contrast, is not functional. Metasoftware presents the user with a blank slate upon which to build functional software. I argue that software is metasoftware to that extent that (1) it enables users to build user interface elements, workflow logic, and perform database operations, (2) provides connectivity with external data and software systems, and (3) is able to be stored and run independently from the platform that is used to build the software. In its purest form, metasoftware enables its users to build any functional software (given the existing state of technology), integrate with all open software platforms, and be hosted and run in the environment of the user’s choosing without being bound to a particular vendor or other proprietary software platform. My identification of metasoftware contributes to the academic literature on information systems (and technology). Metasoftware is a hitherto unrecognized category of software for analysis in terms of several foundational lines of information technology research including user acceptance and usage, diffusion within an organization, and impact on organizational innovation and success (e.g., business performance). I analyze three types of metasoftware platforms to determine how metasoftware characteristics are implemented in each and important inherent tradeoffs. These platforms are those closely tied to major producers of cloud-based software platforms, standalone proprietary “no code” software builder platforms, and open source visual development platforms. This Article also describes how metasoftware platforms can be used to build functional legal technology and analyzes how the tradeoffs between different types of metasoftware platforms turn impact how each type of platform should be approached as building blocks for legaltech software. I focus on four major categories of legaltech as illustrative of the potential for metasoftware to build functional software: legal research, legal matter management, contract automation, and a variety of applications of artificial intelligence…”


Wednesday, September 29, 2021

Another “At least” list.

https://www.makeuseof.com/identify-employee-data-theft/

5 Ways to Identify Employee Data Theft

When a company holds a lot of sensitive info, it can feel overwhelming keeping track of who is accessing it. Here's how to monitor for data theft.



At least, the basis for your own guide.

https://www.bespacific.com/nsa-cisa-publish-guide-for-securing-vpn-servers/

NSA, CISA publish guide for securing VPN servers

The Record: “The National Security Agency (NSA) and the Cybersecurity and Infrastructure Security Agency (CISA) have published today technical guidance on properly securing VPN servers used by organizations to allow employees remote access to internal networks. The NSA said it put together the nine-page guide [PDF ] after “multiple nation-state advanced persistent threat (APT) actors” weaponized vulnerabilities in common VPN servers as a way to breach organizations. “Exploitation of these CVEs [vulnerabilities] can enable a malicious actor to steal credentials, remotely execute code, weaken encrypted traffic’s cryptography, hijack encrypted traffic sessions, and read sensitive data from the device,” the NSA said today in a press release announcing the guide’s publication. “If successful, these effects usually lead to further malicious access and could result in a large-scale compromise to the corporate network,” the agency added. For example, Chinese, Iranian, and Russian state-sponsored groups have been spotted abusing vulnerabilities in Pulse Secure and Fortinet VPNs in campaigns that have taken place between 2019 and 2021…”



Another resource to milk for anything useful.

https://thehackernews.com/2021/09/ebook-your-first-90-days-as-ciso-9.html?utm_source=feedburner&utm_medium=feed&utm_campaign=Feed%3A+TheHackersNews+%28The+Hackers+News+-+Cyber+Security+Blog%29

[eBook] Your First 90 Days as CISO — 9 Steps to Success

Chief Information Security Officers (CISOs) are an essential pillar of an organization’s defense, and they must account for a lot. Especially for new CISOs, this can be a daunting task. The first 90 days for a new CISO are crucial in setting up their security team, so there is little time to waste, and much to accomplish.

Fortunately. A new guide by XDR provider Cynet (download here ) looks to give new and veteran CISOs a durable foundation to build a successful security organization. The challenges faced by new CISOs aren’t just logistical.

They include securing their environment from both known and unknown threats, dealing with stakeholders with unique needs and demands, and interfacing with management to show the value of strong security.



Ethics to merge into your own?

https://www.weforum.org/agenda/2021/09/case-study-on-ibm-ethical-use-of-artificial-intelligence-technology/

3 lessons from IBM on designing responsible, ethical AI

Over the past two years, the World Economic Forum has been working with a multi-stakeholder group to advance ethics in technology under a project titled Responsible Use of Technology. This group has identified a need to highlight and share best practices in the responsible design, development, deployment and use of technology. To this end, we have embarked on publishing a series of case studies that feature organizations that have made meaningful contributions and progress in technology ethics. Earlier this year, we began this series with a deep dive into Microsoft’s approach to responsible innovation.

In the second edition of this series, we focus on IBM’s journey towards ethical AI technology. The insights from this effort are detailed in a report titled Responsible Use of Technology: The IBM Case Study, which is jointly authored by the World Economic Forum and the Markkula Center for Applied Ethics at Santa Clara University. Below are the key lessons learned from our research, along with a brief overview of IBM's historical journey towards ethical technology.



This does not seem logical. Has Australia lost its voice?

https://www.wsj.com/articles/cnn-restricts-access-to-facebook-pages-in-australia-11632868267?mod=djemalertNEWS

CNN Restricts Access to Facebook Pages in Australia

CNN said it has restricted access to its Facebook Inc. pages in Australia following a ruling from that country’s high court that makes news organizations legally liable for comments on their Facebook posts.

The court ruled that media companies facilitated and encouraged comments from users by creating public Facebook pages and posting content on them. According to the court, media companies are responsible for any defamatory content that appears on them because they are considered publishers of the comments.



Perspective. (Yeah, it’s an article for geeks.)

https://www.efinancialcareers.com/news/2021/09/banks-python-vs-r

R is better than Python. Try telling that to banks

"R is much more of a tool for professional statisticians, meaning people who are interested in inference about data, rather than computer scientists who are people interested in code." As the computer scientists in banks have gained traction, Giller says banks have "replaced quants with IT professionals or with quants who deep down want to be IT professionals," and they've brought Python with them.



Resources.

https://www.makeuseof.com/tag/public-domain-movies-sites/

The 5 Best Sites for Free Public Domain Movies