Saturday, December 04, 2021

Inevitable.

https://thehackernews.com/2021/12/pegasus-spyware-reportedly-hacked.html

Pegasus Spyware Reportedly Hacked iPhones of U.S. State Department and Diplomats

Apple reportedly notified several U.S. Embassy and State Department employees that their iPhones may have been targeted by an unknown assailant using state-sponsored spyware created by the controversial Israeli company NSO Group, according to multiple reports from Reuters and The Washington Post.

At least 11 U.S. Embassy officials stationed in Uganda or focusing on issues pertaining to the country are said to have singled out using iPhones registered to their overseas phone numbers, although the identity of the threat actors behind the intrusions, or the nature of the information sought, remains unknown as yet.

The attacks, which were carried out in the last several months, mark the first known time the sophisticated surveillance software has been put to use against U.S. government employees. [I doubt it was the first time… Bob]



Good news for my Computer Security students.

https://www.axios.com/government-business-cyber-jobs-601a027c-cf68-47bb-96ca-da46237052f6.html

U.S. faces urgent anti-hacker crisis

The Biden administration is accelerating efforts to fill nearly 600,000 vacant cybersecurity positions in the public and private sectors bogging down efforts to protect digital infrastructure.

Why it matters: Following a deluge of ransomware attacks targeting critical government and corporate infrastructure this year, clogs in the talent pipeline are leaving federal, cash-strapped local governments and Big Business even more susceptible to hacking.

A nonprofit, Public Infrastructure Security Cyber Education Systems, provides university students hands-on experience: monitoring real-time data on local government networks.


(Related)

https://pisces-intl.org/2021/12/02/pisces-and-ncc/

PISCES and NCC

PISCES Director Steve Stein and Western Washington Professor Erik Fretheim, discuss the new partnership with Colorado’s National Cyber Center.



Local ransomware

https://www.theregister.com/2021/12/03/dmea_colorado_cyber_attack_billing_systems/

Utility biz Delta-Montrose Electric Association loses billing capability and two decades of records after cyber attack

A US utility company based in Colorado was hit by a ransomware attack in November that wiped out two decades' worth of records and knocked out billing systems that won't be restored until next week at the earliest.

The attack was detailed by the Delta-Montrose Electric Association (DMEA) in a post on its website explaining that current customers won't be penalised for being unable to pay their bills because of the incident.

"We are a victim of a malicious cyber security attack. In the middle of an investigation, that is as far as I’m willing to go," DMEA chief exec Alyssa Clemsen Roberts told a public board meeting, as reported by a local paper.

She is said to have confirmed that the co-operative's billing systems were also taken down by the attackers, telling a local TV station: "And we lost the majority of our historical data for the last 20-25 years. Since then we have been slowly rebuilding our network."



Tracking a wholesale hacker…

https://krebsonsecurity.com/2021/12/who-is-the-network-access-broker-babam/

Who Is the Network Access Broker ‘Babam’?

Rarely do cybercriminal gangs that deploy ransomware gain the initial access to the target themselves. More commonly, that access is purchased from a cybercriminal broker who specializes in acquiring remote access credentials — such as usernames and passwords needed to remotely connect to the target’s network. In this post we’ll look at the clues left behind by “Babam,” the handle chosen by a cybercriminal who has sold such access to ransomware groups on many occasions over the past few years.


(Related)

https://therecord.media/fbi-says-the-cuba-ransomware-gang-made-43-9-million-from-ransom-payments/

FBI says the Cuba ransomware gang made $43.9 million from ransom payments

The US Federal Bureau of Investigations said today that the operators of the Cuba ransomware have earned at least $43.9 million from ransom payments following attacks carried out this year.

In a flash alert sent out on Friday, the Bureau said the Cuba gang has “compromised at least 49 entities in five critical infrastructure sectors, including but not limited to the financial, government, healthcare, manufacturing, and information technology sectors.”

The FBI said it traced attacks with the Cuba ransomware to systems infected with Hancitor, a malware operation that uses phishing emails, Microsoft Exchange vulnerabilities, compromised credentials, or RDP brute-forcing tools to gain access to vulnerable Windows systems.

Once systems are added to their botnet, Hancitor operators rent access to these systems to other criminal gangs in a classic Malware-as-a-Service model.

The FBI document [PDF] released earlier today highlights how a typical Hancitor-to-Cuba infection takes place and provides indicators of compromise that companies could use to shore up their defenses.

It is also worth mentioning that Cuba is also one of the ransomware groups that gather and steal sensitive files from compromised companies before encrypting their files. If companies don’t pay, the Cuba group will threaten to dump sensitive files on a website they have been operating on the dark web since January this year.



Forecasting change...

https://www.pogowasright.org/what-is-the-online-privacy-act-of-2021/

What is the Online Privacy Act of 2021?

Odia Kagan of Fox Rothschild writes:

U.S. Congresswomen Anna Eshoo (D-California) and Zoe Lofgren (D-California) have reintroduced House Resolution 6027 for the Online Privacy Act of 2021.
Some of the bill’s key differentiators from CCPA, CDPA and CPA:
  • limitations on the disclosure of personal information to third parties that are not subject to the Act/jurisdiction of the US (Counter-Schrems II) (Section 204)
  • disclosure in privacy notice needs to name parties with whom information was shared (not just categories)

Read more of the key differences at Privacy Compliance & Data Security


Friday, December 03, 2021

This does not make sense to me. Yes, you can encrypt the contents of a message on the sender’s device and not decrypt it until it arrives on the recipient’s device. However, you can’t encrypt the address or there is no way to deliver the message. Also you can’t encrypt the sender’s id without being unable to deliver requests for retransmission of garbled packets or other housekeeping messages. What am I missing?

https://www.cpomagazine.com/data-privacy/consumer-privacy-rests-on-encryption-lawsuit-whatsapps-legal-battle-in-india/

Consumer Privacy Rests on Encryption Lawsuit: WhatsApp’s Legal Battle in India

... The WhatsApp case centers around Indian regulations that require WhatsApp, and other messaging services, to trace user messages back to the authors of those messages. The tracing requirement is limited to certain government purposes, but to fulfill the requirement, WhatsApp says it must break its security mechanism of encrypting user content.



Gathering personal data when your regular providers have stopped providing.

https://www.wsj.com/articles/big-tech-privacy-moves-spur-companies-to-amass-customer-data-11638456544?mod=djemalertNEWS

Big Tech Privacy Moves Spur Companies to Amass Customer Data

Marketers are staging sweepstakes, quizzes and events to gather people’s personal information and build detailed profiles

New privacy protections put in place by tech giants and governments are threatening the flow of user data that companies rely on to target consumers with online ads.

As a result, companies are taking matters into their own hands. Across nearly every sector, from brewers to fast-food chains to makers of consumer products, marketers are rushing to collect their own information on consumers, seeking to build millions of detailed customer profiles.

Avocados From Mexico, a nonprofit marketing organization that represents avocado growers and packers, is encouraging people to submit grocery receipts to earn points exchangeable for avocado-themed sportswear.

It is also conducting a contest for the chance to win a truck. To enter, consumers scan QR codes on in-store displays and enter their name, birthday, email and phone number.

We have a limited window to figure this out, and everybody’s scrambling” to do so, said Ivonne Kinser, vice president of marketing for the avocado group. It has managed to capture roughly 50 million device IDs—the numbers associated with mobile devices—and is working to link them to names and email addresses. The group plans to use the customer information for ad targeting and to make its ads more relevant to its customers.



Interesting what you can do with the proper nudge. How soon will the rest catch up with the leaders?

https://www.bespacific.com/how-courts-embraced-technology-met-the-pandemic-challenge-and-revolutionized-their-operations/

How Courts Embraced Technology, Met the Pandemic Challenge, and Revolutionized Their Operations

Pew – “What the changes mean for the millions of people who interact with the civil legal system each year—and what remains to be done… To begin to assess whether, and to what extent, the rapid improvements in court technology undertaken in 2020 and 2021 made the civil legal system easier to navigate, The Pew Charitable Trusts examined pandemic-related emergency orders issued by the supreme courts of all 50 states and Washington, D.C. The researchers supplemented that review with an analysis of court approaches to virtual hearings, e-filing, and digital notarization, with a focus on how these tools affected litigants in three of the most common types of civil cases: debt claims, evictions, and child support…”



Another future for lawyers?

https://www.bespacific.com/coding-and-collaboration-data-analytics-in-the-law-school-classroom/

Coding and Collaboration: Data Analytics in the Law School Classroom

Alexander, Charlotte and Iannarone, Nicole G., Coding and Collaboration: Data Analytics in the Law School Classroom (June 2021). Forthcoming, Transactions: Tennessee Journal of Business Law, Available at SSRN: https://ssrn.com/abstract=3965047 or http://dx.doi.org/10.2139/ssrn.3965047

Technological advances provide opportunities for lawyers to deliver sophisticated – and cost effective – legal advice. A basic understanding of the emerging field of legal analytics, which employs computational and statistical modeling, analysis, and visualization of legal data to accomplish both descriptive and predictive goals, helps lawyers better serve their clients while meeting their ethical responsibility to understand the benefits and risks of technology in law practice. Lawyers and technologists have much to learn from each other and their respective fields. They must also learn to collaborate. In this session at the 2021 Emory Transactional Law & Skills Conference, we provided an overview of a co-taught Legal Analytics course that brought together law and master’s level computational analytics students to teach and learn from each other as they approached a real-world analytics problem. For analytics students, the course provided an introduction to the U.S. legal system and legal reasoning, the types of legal materials that analytics projects might analyze, and the problems and questions present in the law. For law students, the course offered an introduction to basic computer coding, as well as to the theory and applications of text mining, natural language processing, machine learning and other methods for managing and analyzing unstructured data such as that found in legal documents. Working in teams, students learned and deployed analytics skills to extract information from large numbers of legal documents, identify patterns, and attempt to predict future outcomes. Our remarks describe the collaborative, experiential approach taken in delivering the course material and student learning outcomes as student teams worked together to apply data analytics tools to derive insight from FINRA securities arbitration awards. “


Thursday, December 02, 2021

How to best employ and defend against weapons cheap enough for your average terrorist to create?

Rules of war need rewriting for the age of AI weapons

Killer robots’ combine mass destructive power with cheap production

Whoever becomes the leader in artificial intelligence “will become the ruler of the world”, Vladimir Putin said in 2017, predicting future wars would be fought using drones. Even then, for all the Russian leader’s own ambitions, China and the US were the frontrunners in developing the technology. Yet four years later, the vision of autonomous fighting units is becoming a reality, with potentially devastating consequences. The computer scientist Stuart Russell — who will devote a forthcoming Reith Lecture on BBC radio to the subject — met UK defence officials recently to warn that incorporating AI into weapons could wipe out humanity.

AI promises enormous benefits. Yet, like nuclear power, it can be used for good and ill. Its introduction into the military sphere represents the biggest technological leap since the advent of nuclear weapons. While atomic bombs were used on real cities in 1945, however, it took more than two decades before the first arms control treaties were signed.



No guarantees in the ransomware wars.

https://www.databreaches.net/double-extortion-ransomware-victims-soar-935/

Double Extortion Ransomware Victims Soar 935%

Phil Muncaster reports:

Researchers have recorded a 935% year-on-year increase in double extortion attacks, with data from over 2300 companies posted onto ransomware extortion sites.
Group-IB’s Hi-Tech Crime Trends 2021/2022 report covers the period from the second half of 2020 to the first half of 2021.
During that time, an “unholy alliance” of initial access brokers and ransomware-as-a-service (RaaS) affiliate programs has led to a surge in breaches, it claimed.

Read more at InfoSecurity.

Of special note if you are trying to convince people not to pay ransom:

Group-IB warned that, even if victim organizations pay the ransom, their data often end up on these sites.



Another instance of change. Still no universal definition?

https://www.csoonline.com/article/3642372/chinas-personal-information-protection-law-pipl-presents-challenges-for-cisos.html#tk.rss_all

China's Personal Information Protection Law (PIPL) presents challenges for CISOs

The manner in which companies do business in China saw a monumental change take effect on November 1 when China’s new Personal Information Protection Law (PIPL) took effect. First announced in August 2021, it was clear entities with a China footprint were faced with the dilemma: Comply or face the consequences.

… While the PIPL is similar in makeup to the GDPR, notes Armaan Mahbod, director of security and business intelligence at DTEX Systems, compliance isn’t any easier and substantive differences exist. He wryly notes, “The PIPL may in fact spur business in China, as companies create their own versions of their offering in a ‘China-light’ format. The companies will have to hire a development and support team for their offering. There might be a bit of vulnerability for each company as complying may in fact reveal a bit of their infrastructure which had previously been protected information to the Chinese government.”



Some very interesting interactive graphics at the top of the article.

https://themarkup.org/prediction-bias/2021/12/02/crime-prediction-software-promised-to-be-free-of-biases-new-data-shows-it-perpetuates-them

Crime Prediction Software Promised to Be Free of Biases. New Data Shows It Perpetuates Them

Between 2018 and 2021, more than one in 33 U.S. residents were potentially subject to police patrol decisions directed by crime prediction software called PredPol.

The company that makes it sent more than 5.9 million of these crime predictions to law enforcement agencies across the country—from California to Florida, Texas to New Jersey—and we found those reports on an unsecured server.

… Residents of neighborhoods where PredPol suggested few patrols tended to be Whiter and more middle- to upper-income. Many of these areas went years without a single crime prediction.

… “No one has done the work you guys are doing, which is looking at the data,” said Andrew Ferguson, a law professor at American University who is a national expert on predictive policing. “This isn’t a continuation of research. This is actually the first time anyone has done this, which is striking because people have been paying hundreds of thousands of dollars for this technology for a decade.”



Social” media becomes even more anti-social.

https://www.npr.org/2021/12/02/1060597759/debt-collectors-can-now-text-email-and-dm-you-on-social-media

Debt collectors can now text, email and DM you on social media

New rules approved by the Consumer Financial Protection Bureau that took effect on Tuesday dictate how collection agencies can email and text people as well as message them on social media to seek repayment for unpaid debts.

Kathleen L. Kraninger, the former CFPB director who oversaw the rule changes, said last year that they were a necessary update to the Fair Debt Collection Practices Act, which is more than four decades old.

"We are finally leaving 1977 behind and developing a debt collection system that works for consumers and industry in the modern world," Kraninger said in a blog post.



Perspective.

https://gizmodo.com/37-percent-of-the-worlds-population-has-never-been-onli-1848145327?scrolla=5eb6d68b7fedc32c19ef33b4

37 Percent of the World's Population Has Never Been Online, U.N. Report Finds

Nearly two-thirds of the world’s population now have the opportunity to waste away their life online just like you. Specifically, around 2.9 billion (or 37%) of the world’s population have still never used the internet, with the vast majority of those people residing in developing countries. Those figures are part of a new report conducted by the UN’s International Telecommunication Union which simultaneously found a rapid increase in new global internet connections, seemingly fast-tracked by the pandemic.

According to the report, the number of people using the internet worldwide surged from 4.1 billion in 2019 to 4.9 billion in 2021. This “Covid Connectivity boost” was likely the result of lockdowns, pivots towards remote work and school, and huge increases in e-commerce and online banking. Overall, global internet users grew by more than 10% in 2020, the largest annual increase in a decade, the report notes.



I’m shocked. Shocked I tell you!

https://www.theverge.com/2021/12/1/22812956/shopify-textbook-publishers-lawsuit-piracy-copyright?scrolla=5eb6d68b7fedc32c19ef33b4

Shopify has a ‘textbook pirate’ problem, publishers allege

Five major publishers have sued Shopify over pirated learning materials like PDFs of ebooks and test materials, saying the e-commerce platform fails to remove listings and stores that violate the publishers’ trademarks and copyrights. The lawsuit, filed today in the US District Court for Eastern Virginia, claims statutory damages higher than $500 million.


(Related)

https://www.makeuseof.com/tag/top-5-sites-for-college-textbooks/

The 11 Best Sites to Get College Textbooks Online

Don't let college textbooks empty your pockets every semester. Use these websites to buy or rent cheap college books.


Wednesday, December 01, 2021

Unless there was an (human) error in determining the cause…

https://www.databreaches.net/nz-opc-finds-leading-cause-of-privacy-breaches-is-human-error/

NZ: OPC finds leading cause of privacy breaches is human error

Catherine Knowles reports:

Human error is the leading cause of serious privacy breaches, according to a new report released today by the Office of the Privacy Commissioner (OPC).
Privacy Commissioner John Edwards says, “We are seeing clear patterns emerging since mandatory reporting of serious privacy breaches came into effect with the Privacy Act 2020 on 1 December last year.”
Since reporting of serious privacy breaches became a legal requirement, OPC has seen a nearly 300% increase in privacy breach reporting compared to the same 11-month period the year before.
Human error has been the leading cause of serious privacy breaches during this period (61%), with email error accounting for over a quarter of those breaches.

Read more at ITBrief.



Let me ‘splain the rules.

https://www.databreaches.net/vendors-and-hipaa/

Vendors and HIPAA

Matt Fisher of Carium writes:

An important part of establishing strong security for an organization rests with how it interacts with its vendors. The creation of a chain of entities creating, interacting with, storing, or otherwise handling sensitive patient information starts at the top, but can easily and frequently go down many layers. Given the layered approach, every time an organization introduces a new sublayer that organization must keep security as a forefront consideration. The risks associated with vendors not appropriately deploying security measures can be seen with the increasing number of data breaches resulting from an issue at the vendor level. Given that reality, what should or should not happen at each vendor level?

Read some of his down-to-earth advice at The Pulse



We already have cameras almost everywhere, now they will be much harder to spot.

https://www.slashgear.com/princeton-researchers-latest-salt-grain-sized-camera-has-massive-potential-30700790/

Princeton researchers’ latest salt grain-sized camera has massive potential

There are many uses for cameras in medicine and other areas, but typical modern cameras are too large for many medical uses. A group of researchers from Princeton University and the University of Washington has teamed up to create an extremely small camera about the size of a coarse grain of salt. Cameras of such small size have excellent potential for exploring inside the human body, among other things.



Must link to some interesting papers?

https://dailynous.com/2021/12/01/multi-million-euro-award-for-philosopher-of-artificial-intelligence/

Multi-Million Euro Award for Philosopher of Artificial Intelligence

Vincent C. Müller, currently professor of philosophy and ethics of technology at the Technical University of Eindhoven, was awarded an Alexander von Humboldt Professorship to support his work on the philosophy of artificial intelligence.



What do I know well enough to match this? Certainly not TikTok…

https://www.theverge.com/22807858/tiktok-influencer-microsoft-excel-instagram-decoder-podcast

HOW AN EXCEL TIKTOKER MANIFESTED HER WAY TO MAKING SIX FIGURES A DAY

Kat Norton is a Microsoft Excel influencer. She has over a million followers on TikTok and Instagram, where she goes by the name Miss Excel, and she’s leveraged that into a software training business that is now generating up to six figures of revenue a day. That’s six figures a day. And she’s only been doing this since June 2020.

Kat is a one-woman operation, with no staff or management layer.



Perspective.

https://www.makeuseof.com/technology-trends-2022/

The 8 Massive Technology Trends Set for 2022

5. AI Everywhere



I like lists.

https://www.bespacific.com/the-new-york-times-best-books-of-2021/

The New York Times Best Books of 2021

The Times Book Review choose the best fiction and nonfiction titles this year.



Resource.

https://www.bespacific.com/justia-portal-by-the-numbers-resources-for-aspiring-lawyers-and-practicing-lawyers-too/

Justia Portal by the Numbers: Resources for Aspiring Lawyers (And Practicing Lawyers Too!)

Via LLRX Justia Portal by the Numbers: Resources for Aspiring Lawyers (And Practicing Lawyers Too!) Justia’s mission is to make the law and legal resources free for all. In keeping with this mission, the Justia Portal offers free access to statutes from all 50 states, cases from federal courts and the highest state courts, legal guides, and more! While these resources make the law more accessible to the general public, they also help aspiring lawyers just beginning their journeys into the profession and ease the early stages of legal research for practicing attorneys looking for quick access to relevant laws. Additionally, Justia Law Schools helps prospective law students (and those already studying to become lawyers) gather information on U.S. law schools and the law school admissions process. In this post, Justia’s team shares some data about some of the most frequently viewed law schools nationwide, as well as some information about the most viewed provisions of the law and cases on their site.


Tuesday, November 30, 2021

A new definition of war?

https://www.theregister.com/2021/11/30/lloyds_london_cyber_insurance_clauses/

Lloyd's of London suggests insurers should not cover 'retaliatory cyber operations' between nation states

Lloyd’s of London may no longer extend insurance cover to companies affected by acts of war, and new clauses drafted for providers of so-called "cyber" insurance are raising the spectre of organisations caught in tit-for-tat nation state-backed attacks being left high and dry.

The insurer's "Cyber War and Cyber Operation Exclusion Clauses", published late last week, include an alarming line suggesting policies should not cover "retaliatory cyber operations between any specified states" or cyber attacks that have "a major detrimental impact on… the functioning of a state."

"The insurer shall have the burden of proving that this exclusion applies," warn the exclusion policies published by the Lloyd's Market Association.

Although the wordings in the four clauses are published as a suggestion for insurers in Lloyd's-underwritten policies and are not concrete rules, they provide a useful indicator for the direction of travel in the slow-moving cyber insurance world.

The policy clauses also raise the idea of insurance companies attributing cyber attacks to nation states in the absence of governments carrying out attribution for specific incidents, an idea that seems extremely unlikely to survive contact with reality. All four of the clauses, available as PDFs from the bulletin, contain this wording:

Pending attribution by the government of the state (including its intelligence and security services) in which the computer system affected by the cyber operation is physically located, the insurer may rely upon an inference which is objectively reasonable as to attribution of the cyber operation to another state or those acting on its behalf. It is agreed that during this period no loss shall be paid.



Your results may vary…

https://www.databreaches.net/recovering-from-ransomware-one-organizations-inside-story/

Recovering from ransomware: One organization’s inside story

Yann Serra reports:

On Sunday 21 February 2021, Manutan, a large office equipment distributor, discovered that two-thirds of its 1,200 servers had succumbed to a cyber attack by the DoppelPaymer ransomware crew.
Commercial activity at the France-headquartered company – which has 25 subsidiaries spread across Europe – would be frozen for 10 days and did not resume fully until May. This has now led to a total overhaul of its IT systems, which started in September and is set to take 18 months.
Manutan cannot reveal the scale of the economic losses it suffered in the cyber attack, and when asked that exact question, Jérôme Marchandiau, the group’s director of IT operations, says that the more profound impact was on the employees themselves.

Read more on ComputerWeekly. This company admits mistakes it had made and lessons learned. And it really does shine some light on what goes on — the impact on employees, and the failure of big companies that you may have contracts with and rely on to actually help you when you need it the most (spoiler alert: Microsoft gets slammed in this report)



Providing potential evidence without realizing it?

https://www.pogowasright.org/as-critics-warn-of-genetic-surveillance-rcmp-explores-use-of-dna-matching-in-criminal-probes/

As critics warn of genetic ‘surveillance’, RCMP explores use of DNA matching in criminal probes

Catharine Tunney reports:

While law enforcement’s use of genetic genealogy has been credited with advancing and solving cold cases, it’s also raising ethical questions about how police are taking advantage of the at-home DNA testing trend.
There have been some pretty big wins with this technology, but the downsides are pretty big as well,” said Brenda McPhail, director of the Canadian Civil Liberties Association’s privacy, surveillance and technology program.

Read more on CBC.



If I tell you how my algorithm works, would you know if that was the proper/best way to do it?

https://www.theguardian.com/technology/2021/nov/29/working-of-algorithms-used-in-government-decision-making-to-be-revealed

Working of algorithms used in government decision-making to be revealed

Ministers and public bodies must reveal the architecture behind algorithms that influence exam results, housing benefit allocations and pothole repairs, under new transparency standards.

The UK government has published a transparency standard for algorithms, the series of instructions that a computer follows to complete a task or produce a single outcome. Algorithms have become the focus of increasing controversy, whether through their role in deciding A-level results last year or making decisions about benefit claims.

Under the new approach, government departments and public sector bodies will be required to explain where an algorithm was used, why it was used and whether it achieved its aim. There will also be an obligation to reveal the architecture behind the algorithm. It will be tested by several government departments and public sector bodies in the coming months before being reviewed again and formally launched next year.



Automated auditing? Data flows and processes change constantly. How often must you try to identify privacy risks?

https://techcrunch.com/2021/11/30/soveren-seed-gdpr-compliance/

Soveren launches from stealth with $6.5M seed funding to automate GDPR compliance

Soveren, a London-based startup that automates the detection of privacy risks to help organizations comply with GDPR and CCPA, has launched out of stealth with $6.5 million in seed funding.

The company analyzes real-time data flows inside an organizations’ infrastructure to discover personal data and detect privacy risks to make it easier for CTOs and CISOs to recognize and address privacy gaps.

… “Security software successfully addresses security threats, but has a limited impact on addressing privacy challenges,” Peter Fedchenkov, founder and co-CEO of Soveren, tells TechCrunch. “This is because, unlike other confidential data that can be easily isolated, personal data is actually meant to be accessed, used, and shared in day-to-day business operations. We believe that privacy is the new security because it demands the same automated, continuous protection measures.”


(Related)

https://hbr.org/2021/11/how-to-navigate-the-ambiguity-of-a-digital-transformation

How to Navigate the Ambiguity of a Digital Transformation

Summary: A successful digital transformation can be hard to predict or plan; it is often the result of new customer interactions, new combinations of talent and teams, unexpected alliances with new partners, and entirely new business models. These components are constantly evolving, shaped, and influenced by algorithmic systems, aggregated in such a way that their collective behavior is more than the sum of their parts. More is different. Just as water becomes ice when cold enough, or graphite turns into diamond under enough pressure, at a critical point, more data and algorithms can transform an organization or an industry into something else entirely. That raises a question for leaders: how do you navigate a transformation from what you know to what you have yet to define? What you need is an emergent approach to digital transformation, focused on the three principles described in this article.


(Related)

https://www.nytimes.com/2021/11/29/your-money/credit-score-alternatives-options.html

No Credit Score? No Problem! Just Hand Over More Data.

To determine your risk, start-ups are applying technology to data points as various as your college and the mileage on the used car you want to buy.



Perspective. Is this a good thing? Plain as in written at a sixth grade level?

https://www.bespacific.com/the-rise-of-plain-language-laws/

The Rise of Plain Language Laws

Blasie, Michael, The Rise of Plain Language Laws (October 1, 2021). University of Miami Law Review, 2022 Forthcoming, Available at SSRN: https://ssrn.com/abstract=3941564 or http://dx.doi.org/10.2139/ssrn.3941564

When lawmakers enacted 778 plain language laws across the United States, no one noticed. Apart from a handful, these laws went untracked and unstudied. Without study, large questions remain about these laws’ effects and utility, and about how they inform the adoption or rejection of plain language. This Article creates a conceptual framework for plain language laws to set the stage for future empirical research and normative discussions on the value of plain language. It unveils the first nationwide empirical survey of plain language laws to reveal their locations, coverages, and standards. In doing so, the Article creates a systematic method to find these laws. Then it coins categories and terminology to describe their coverage and standards, thus creating a timely launchpad for future scholarship on domestic and international plain language laws. Along the way, the Article exposes the previously unknown scope of these laws—from election ballots and insurance contracts to veterans housing and consumer contracts to regulatory drafting and governor reports. That scope underscores the pervasive influence of plain language across public and private sectors, and over lawyers and non-lawyers alike. More, the survey reveals significant intrastate and interstate variations and trends in coverages and standards. With this knowledge, for the first-time empirical research can more precisely measure the benefits and costs of plain language laws while controlling for variables. Plus, the Article sets the stage for a forthcoming series of normative assessments on the role and design of plain language laws. Ultimately, the Article reignites a lively discourse on plain language amongst lawmakers, practitioners, and academics.”



You won’t use these every day, but keep them in your toolkit.

https://www.makeuseof.com/tag/download-anything-free/

How to Download Anything on the Web for Free: 12 Tips and Tools

There are countless useful things online that aren't easy to download. Photos, music, videos, maps, and other exciting content often doesn't come with a download button. It's also possible they're no longer free or may be gone from the web altogether.

Here, we'll show you how to download anything from the web that you thought you couldn't for free (but without breaking the law).