Saturday, February 12, 2022

As goes law, so goes all professions?

https://www.thomsonreuters.com/en/careers/careers-blog/how-ai-and-machine-learning-is-shaping-legal-strategy.html

How AI and machine learning is shaping legal strategy

Five years ago, many experts predicted that we would routinely see self-driving cars on the road in 2021. That has not come to pass. What we do have are cars where Artificial Intelligence (AI) can assist drivers. Forward collision warning, lane departure warning, or rear drive assistance are all AI-enable features that make my life safer.

Why talk about cars in the context of AI and the law? Because it illustrates a shift from full automation to assistance, or augmentation – helping individuals perform some tasks better, faster, smarter. And augmentation, rather than automation, is key to the role AI and machine learning can play in shaping legal strategy.

When we think about AI today in legal tech, it is important to remember that AI is not merely one thing. Instead, it is a variety of technologies and task-specific applications that can assist legal professionals in the exercise of their function. (The future of law firms and lawyers in the age of artificial intelligence)



Is this enough to encourage some lawyer to sue to prevent “owners” from killing their AI (by turning the computer off)? (Is AI as conscious as a cute, adorable little puppy?)

https://futurism.com/the-byte/openai-already-sentient

OPENAI CHIEF SCIENTIST SAYS ADVANCED AI MAY ALREADY BE CONSCIOUS

OpenAI’s top researcher has made a startling claim this week: that artificial intelligence may already be gaining consciousness.

Ilya Sutskever, chief scientist of the OpenAI research group, tweeted today that “it may be that today’s large neural networks are slightly conscious.”

Needless to say, that’s an unusual point of view. The widely accepted idea among AI researchers is that the tech has made great strides over the past decade, but still falls far short of human intelligence, nevermind being anywhere close to experiencing the world consciously.

It’s possible that Sutskever was speaking facetiously, but it’s also conceivable that as the top researcher at one of the foremost AI groups in the world, he’s already looking downrange.



Perspective. A way to “control” AI?

https://venturebeat.com/2022/02/11/symbolic-ai-the-key-to-the-thinking-machine/

Symbolic AI: The key to the thinking machine

Even as many enterprises are just starting to dip their toes into the AI pool with rudimentary machine learning (ML) and deep learning (DL) models, a new form of the technology known as symbolic AI is emerging from the lab that has the potential to upend both the way AI functions and how it relates to its human overseers.

Symbolic AI’s adherents say it more closely follows the logic of biological intelligence because it analyzes symbols, not just data, to arrive at more intuitive, knowledge-based conclusions. It’s most commonly used in linguistics models such as natural language processing (NLP) and natural language understanding (NLU), but it is quickly finding its way into ML and other types of AI where it can bring much-needed visibility into algorithmic processes.

… One of the keys to symbolic AI’s success is the way it functions within a rules-based environment. Typical AI models tend to drift from their original intent as new data influences changes in the algorithm. Scagliarini says the rules of symbolic AI resist drift, so models can be created much faster and with far less data to begin with, and then require less retraining once they enter production environments.



Perspective. Remember, Zillow tried the same thing with houses and failed spectacularly.

https://www.theverge.com/22923871/carvana-pandemic-used-car-prices-sold-online-chip-shortage

A ROBOT BOUGHT MY SEVEN-YEAR-OLD CAR FOR MORE THAN I PAID BRAND-NEW

In December 2014, I bought a Honda Fit right off the lot. It had 23 miles, and I paid $20,814.80, including accessories and an extended warranty. This December, a buzzy startup called Carvana drove away with my car, cutting me a check for $20,905 — leaving me with a profit of $90.20.

Not only that, but Carvana’s offer was $5,000 higher than Vroom, $6,000 higher than TrueCar, and $7,500 higher than CarMax. Carvana’s offer changed day by day, too: the final one I accepted was $1,338 higher than its lowest quote.

I knew I had everything going for me — low mileage, no accidents, and desirable trim at a time when car prices are going through the roof on a model that Honda discontinued. And yet, it sounded ludicrous. Used cars almost never sell for more than their original price, and the company knew next to nothing about me. Yet, Carvana’s algorithm had agreed to pay $20K for my car sight-unseen, even bring a pre-printed check to my door, before any inspection took place. The online quote arrived so fast, I knew a human couldn’t have been involved.

But Carvana didn’t become the fastest-growing digital car dealership in the United States (and the third-fastest company to ever make the Fortune 500 list) by asking pesky humans the price of a car. Instead, it built a computer system, one it trusts so implicitly that no employee was ever going to question what my Honda Fit was worth.

Carvana executives don’t think they have a bug. But they also can’t quite explain what’s going on with my Honda Fit.

The company’s last three quarterly earnings releases show it’s more than doubled its revenue and profit year over year and that the company averages over $4,000 in profit for every car it sells. But it’s not clear how Carvana could make anywhere near that on my vehicle.


Friday, February 11, 2022

An interesting attack on lawyers. Are they sure cyber criminals are opposed to human rights?

https://www.pogowasright.org/these-cybercriminals-plant-criminal-evidence-on-human-rights-defender-lawyer-devices/

These cybercriminals plant criminal evidence on human rights defender, lawyer devices

Charlie Osborne reports:

Cybercriminals are hijacking the devices of civil rights activists and planting “incriminating evidence” in covert cyberattacks, researchers warn.
According to SentinelLabs, an advanced persistent threat (APT) group dubbed ModifiedElephant has been responsible for widespread attacks targeting human rights activists and defenders, academics, journalists, and lawyers across India.
The APT is thought to have been in operation since at least 2012, and over the past decade, ModifiedElephant has continually and persistently targeted specific, high-profile people of interest.
However, rather than focusing on data theft, the APT’s activities are far more sinister: once inside a victim’s machine, the group conducts surveillance and may plant incriminating files later used to prosecute individuals.

Read more at ZDNet.

Dirty tricks” have pretty much always been a part of politics but this is on the level where the targets may wind up prosecuted or tortured. It is really no surprise that this is happening, though. And it’s another reason for people to be concerned about securing devices and not opening files or clicking on links



This is the tool the IRS was going to rely on?

https://www.bespacific.com/id-me-gathers-lots-of-data-besides-face-scans/

ID.me gathers lots of data besides face scans

Washington Post – “…A private company that government agencies have used to verify the identities of millions of Americans through facial recognition used a variety of other data techniques to screen users, including collecting people’s phone location records and using software from the data-mining company Palantir to assess whether they have ties to “organized crime.” But despite the scale of the data gathering by the company, ID.me, revealed in newly released records, the system has been exploited by scammers. Federal prosecutors last month said a New Jersey man was able to verify fake driver’s licenses through an ID.me system in California as part of a $2.5 million unemployment-fraud scheme. ID.me has pointed to the scam as an example of how well its systems work, noting that it referred the case to federal law enforcement after an internal investigation. But the criminal complaint in the case shows that ID.me’s identification systems did not detect bogus accounts created around the same day that included fake driver’s licenses with photos of the suspect’s face in a cartoonish curly wig…”



If we searched for truth, we wouldn’t make as much money.

https://www.bespacific.com/researchers-warn-that-social-media-may-be-fundamentally-at-odds-with-science/

Researchers warn that social media may be ‘fundamentally at odds’ with science

TechCrunch: “A special set of editorials published in today’s issue of the journal Science argue that social media in its current form may well be fundamentally broken for the purposes of presenting and disseminating facts and reason. The algorithms are running the show now, they argue, and the systems priorities are unfortunately backwards. In an incisive (and free to read) opinion piece by Dominique Brossard and Dietram Scheufele of the University of Wisconsin-Madison, the basic disconnect with what scientists need and what social media platforms provide is convincingly laid out. “Rules of scientific discourse and the systematic, objective, and transparent evaluation of evidence are fundamentally at odds with the realities of debates in most online spaces,” they write. “It is debatable whether social media platforms that are designed to monetize outrage and disagreement among users are the most productive channel for convincing skeptical publics that settled science about climate change or vaccines is not up for debate.” The most elementary feature of social media that reduces the effect of communication by scientists is pervasive sorting and recommendation engines. This produces what Brossard and Scheufele call “homophilic self-sorting” — the ones who are shown this content are the ones who are already familiar with it. In other words, they’re preaching to the choir. “The same profit-driven algorithmic tools that bring science-friendly and curious followers to scientists’ Twitter feeds and YouTube channels will increasingly disconnect scientists from the audiences that they need to connect with most urgently,” they write. And there’s no obvious solution: “The cause is a tectonic shift in the balance of power in science information ecologies. Social media platforms and their underlying algorithms are designed to outperform the ability of science audiences to sift through rapidly growing information streams and to capitalize on their emotional and cognitive weaknesses in doing so. No one should be surprised when this happens.”…


Thursday, February 10, 2022

Summary

https://www.databreaches.net/tech-transactions-data-privacy-2022-report-ransomware-reporting-requirements-a-look-forward-into-evolving-security-incident-notification-rules/

Tech Transactions & Data Privacy 2022 Report: Ransomware Reporting Requirements: A Look Forward into Evolving Security Incident Notification Rules

Michael J. Waters and Colin H. Black of Polsinelli write:

Tech Transactions & Data Privacy 2022 Report

Data breach notification laws in the United States have historically focused on notifying individuals, regulators and others in situations in which personal information has been accessed or acquired. Ransomware attacks, while incredibly disruptive, do not always involve data access or acquisition and, as such, are not always reported. As ransomware attacks increase in frequency and the severity of their impact, both law enforcement and industry regulators are seeking greater visibility into these incidents and, through the publication of new guidance and the amendment of notification laws, are starting to require increased reporting.

Read more The National Law Review.


(Related)

https://www.databreaches.net/secs-breach-notification-proposal-one-step-closer-to-a-final-vote/

SEC’s breach notification proposal one step closer to a final vote

Tonya Riley reports:

The Securities and Exchange Commission voted Wednesday 3-1 to approve a recommendation for tighter mandatory cybersecurity requirements for financial institutions. The proposed rule will now open to public comment before a final vote.
The proposed rules and amendments are designed to enhance cybersecurity preparedness and could improve investor confidence in the resiliency of advisers and funds against cybersecurity threats and attacks,” SEC Chairman Gary Gensler said at the agency’s open meeting.
Most critically, the new rule would require confidential reports of any “significant” cybersecurity incidents to the SEC within 48 hours.

Read more at CyberScoop.



Surveil the teacher – it’s for the children.

https://www.pogowasright.org/iowa-republican-introduces-bill-to-put-cameras-in-every-public-school-classroom/

Iowa Republican Introduces Bill to Put Cameras in Every Public School Classroom

Dan Spinelli reports:

Amid the ongoing Republican freakout over Critical Race Theory and the teaching of other supposedly objectionable material in public schools, an Iowa Republican has introduced a bill that would take the policing of the state’s teachers to a whole new level.
Earlier this week, Republican state Rep. Norlin Mommsen introduced a bill to place cameras at the back of public school classrooms so parents can monitor what’s being taught there. The seemingly Orwellian idea would function in a similar way to a body camera on a police officer, Mommsen told The Center Square, a conservative news site.

Read more at Mother Jones.



A frequent contributor.

https://www.pogowasright.org/article-the-limitations-of-privacy-rights-daniel-solove/

Article: “The Limitations of Privacy Rights” (Daniel Solove)

Professor and privacy law scholar Dan Solove has a new article that he is sharing via SSRN, where it can be downloaded for free. The article is called, “The Limitations of Privacy Rights.” Here is the abstract:

Individual privacy rights are often at the heart of information privacy and data protection laws. The most comprehensive set of rights, from the European Union’s General Data Protection Regulation (GDPR), includes the right to access, right to rectification (correction), right to erasure, right to restriction, right to data portability, right to object, and right to not be subject to automated decisions. Privacy laws around the world include many of these rights in various forms.
In this article, I contend that although rights are an important component of privacy regulation, rights are often asked to do far more work than they are capable of doing. Rights can only give individuals a small amount of power. Ultimately, rights are at most capable of being a supporting actor, a small component of a much larger architecture. I advance three reasons why rights cannot serve as the bulwark of privacy protection. First, rights put too much onus on individuals when many privacy problems are systematic. Second, individuals lack the time and expertise to make difficult decisions about privacy, and rights cannot practically be exercised at scale with the number of organizations than process people’s data. Third, privacy cannot be protected by focusing solely on the atomistic individual. The personal data of many people is interrelated, and people’s decisions about their own data have implications for the privacy of other people.
The main goal of providing privacy rights aims to provide individuals with control over their personal data. However, effective privacy protection involves not just facilitating individual control, but also bringing the collection, processing, and transfer of personal data under control. Privacy rights are not designed to achieve the latter goal; and they fail at the former goal.
After discussing these overarching reasons why rights are insufficient for the oversized role they currently play in privacy regulation, I discuss the common privacy rights and why each falls short of providing significant privacy protection. For each right, I propose broader structural measures that can achieve its underlying goals in a more systematic, rigorous, and less haphazard way.

Solove, Daniel J., The Limitations of Privacy Rights (February 1, 2022). Available at SSRN (free download): https://ssrn.com/abstract=4024790 or http://dx.doi.org/10.2139/ssrn.4024790

If you are not already subscribing to his free newsletter, you can sign up here.



A list for my Ethical Hackers.

https://www.makeuseof.com/penetration-testing-for-security-professionals/

The Top 10 Penetration Testing Tools for Security Professionals


Wednesday, February 09, 2022

Cyber war: Disrupting the logistics that enable warfighting is a legitimate strategic goal.

https://www.cpomagazine.com/cyber-security/fuel-troubles-continue-in-europe-as-oil-terminals-in-netherlands-and-belgium-suffer-cyber-attacks-unclear-if-breaches-are-coordinated/

Fuel Troubles Continue in Europe as Oil Terminals in Netherlands and Belgium Suffer Cyber Attacks; Unclear if Breaches Are Coordinated

Following closely on the heels of incidents with two oil suppliers in Germany, oil terminals in two other European countries have been hit with cyber attacks.

Belgium’s SEA-Invest and the Netherlands’ Evos are both reporting recent cyber attacks that have disrupted operations, collectively impacting port operations throughout Europe and Africa.



Biometric ID for all!

https://www.theregister.com/2022/02/09/sri_lanka_to_adopt_indias/

Sri Lanka to adopt India’s Aadhaar digital identity scheme

Sri Lanka has decided to adopt a national digital identity framework based on biometric data and will ask India if it can implement that nation’s Aadhaar scheme.

The island nation had previous indicated it would work with the Modular Open Source Identity Platform (MOSIP), an organisation based in India that offers tools governments can use to create and manage digital identities.

But a list of Cabinet decisions published on Tuesday, Sri Lanka’s government announced its intention to ask India for a grant of its scheme, which has been widely interpreted as meaning India share Aadhaar technology.

Aadhaar sees Indian citizens and residents issued a twelve-digit identity number, linked to either a fingerprint or iris scan, and is used to authenticate users of government services.



If I can use Google’s image search to find your face on social media, can you ban a company for doing it more efficiently?

https://www.theverge.com/2022/2/9/22925094/clearview-facial-recognition-dhs-doj-justice-interior-pentagon

Lawmakers call on feds to drop Clearview AI facial recognition contracts

A group of four progressive lawmakers — Sens. Markey (D-MA) and Merkley (D-OR) and Reps. Jayapal (D-WA) and Pressley (D-OH) — sent letters to several federal agencies on Wednesday calling for an end to their use of Clearview AI’s controversial facial recognition system.

The letter was sent to the Departments of Justice, Defense, Homeland Security, and the Interior. All four agencies were identified in an August 2021 report from the General Accounting Office as using Clearview for “domestic law enforcement” purposes.

Clearview AI’s technology could eliminate public anonymity in the United States,” the letter reads, describing the system as “capable of fundamentally dismantling Americans’ expectation that they can move, assemble, or simply appear in public without being identified.”

The letter adds to ongoing pressure on federal agencies to drop facial recognition systems entirely. On Monday, the director of the General Services Agency (GSA) told The Washington Post the agency is “committed to not deploying facial recognition… until rigorous review has given us confidence that we can do so equitably.” Still other agencies are planning to expand their use of the technology once it is more adequately tested.


(Related) While I never want that much familiarity with the IRS, I do enjoy walking into my bank and being greeted by name. (They do it the old fashioned way.)

https://gizmodo.com/id-me-facial-recognition-optional-government-1848503651

ID.me Says It Will Make Facial Recognition Optional for Government Agencies

The major reversal comes one day after the IRS ended its use of ID.me's facial recognition service and amidst an outpouring of public pushback.

In a major turn of events, embattled identity verification company ID.me says it will make facial recognition verification optional for all of its public sector government partners. Additionally, starting March 1, the company says all ID.me users will be able to delete their face scans.

That reversal comes just one day after the Internal Revenue Service said it would scrap ID.me’s facial recognition service for users trying to access online IRS services amid an outpouring of criticism from civil liberty groups and a bipartisan collection of lawmakers.



Well golly gosh and gee whiz, we might could maybe need this capability at some point.

https://theintercept.com/2022/02/08/cellebrite-phone-hacking-government-agencies/

WHY HAVE 14 OF 15 U.S. CABINET DEPARTMENTS BOUGHT PHONE UNLOCKING TECHNOLOGY? FEW WILL SAY.

INVESTIGATORS WITH THE U.S. Fish and Wildlife Service frequently work to thwart a variety of environmental offenses, from illegal deforestation to hunting without a license. While these are real crimes, they’re not typically associated with invasive phone hacking tools. But Fish and Wildlife agents are among the increasingly broad set of government employees who can now break into encrypted phones and siphon off mounds of data with technology purchased from the surveillance company Cellebrite.



Perspective. $600 Billion is too small to be a monopoly?

https://www.cnbc.com/2022/02/08/facebook-market-cap-under-600-billion-threshold-for-antitrust-bills.html

Facebook market cap falls below $600 billion — which could actually help it dodge new antitrust scrutiny

Facebook’s shrinking market cap could hold one upside for the tech giant: the possibility of skirting new antitrust liability.

The company, recently renamed Meta, closed with a market cap below $600 billion on Tuesday for the first time since May 2020. The stock fell 2.1%, bringing it to a market cap of $599.32 billion.

The $600 billion market cap figure also happens to be the number House legislators picked as the threshold for a “covered platform” under a package of competition bills designed specifically to target Big Tech. If Meta were to remain below that threshold, it could avoid the additional hurdles the bills would install for how it can conduct its business and make deals, while its larger peers like Amazon,  Alphabet, Apple and even Microsoft become subject to the rules.



Perspective. I’ll need someone with a background in both Law and Economics to explain this to me.

https://www.bespacific.com/public-blockchains-are-the-new-national-economies-of-the-metaverse/

Public Blockchains Are the New National Economies of the Metaverse

Wired:When we speak of an economy, we usually refer to a country or a region where interrelated activities of production, consumption, and trade happen. When we speak of blockchains, we speak of decentralized computer networks. On the surface, these two seem unrelated. But with on-chain activities growing at warp speed, the ecosystems of layer 1 public blockchains (the foundational blockchain protocols where decentralized databases and computer programs are run) are starting to look more and more similar to national economies—except the nation in this case is not a physical territory but a decentralized digital network. The trustless and programmable nature of public blockchains have made it possible to implement new “fiscal” and “monetary” policy tools in the blockchain economies, which in many cases have advantages over the traditional economic policy tools of national governments. In addition, the proof-of-stake mechanism adopted by second-generation public blockchains introduces a de facto “universal basic capital income” for their network “citizens.” This could be a major innovation in how economic systems distribute values among participants, with broader income-distribution implications for years to come as blockchain economies grow. (Disclosure: I hold cryptocurrency and have previously advised crypto funds.) Public blockchains allow anyone to deploy decentralized applications (DApps) on top, which users can interact with. Currently, decentralized finance (DeFi) applications and non-fungible token assets (NFTs) are the two main economic activities on layer 1 blockchains and associated layer 2 chains. (Layer 2 chains are secondary blockchain networks that rely on the underlying layer 1 for security, but typically offer faster and cheaper transactions.) Both activities have grown tremendously in the past couple of years. At the end of November 2021, gross total value locked from DeFi in the top 10 layer 1 blockchain platforms exceeded $250 billion, a year-over-year growth of 1,400 percent. And according to NFTGo.io, the market cap of NFT projects on Ethereum alone reached over $7 billion in November, increasing over 14,500 percent from a year before…”


Tuesday, February 08, 2022

Because they listen or something else?

https://www.pogowasright.org/i-r-s-to-end-use-of-facial-recognition-for-identity-verification/

I.R.S. to End Use of Facial Recognition for Identity Verification

Alan Rappeport reports:

The Internal Revenue Service plans to stop using facial recognition software to identify taxpayers accessing their accounts on the agency’s website amid concerns over privacy and data security.
The decision comes as the I.R.S. is coping with a daunting tax season, faced with backlogs of old tax returns, staffing shortages and additional complexity related to paying stimulus and child tax credits. Now, amid those challenges, the agency must change how it verifies the identity of taxpayers.

Read more at The New York Times.



Less social but not yet anti-social?

https://www.courthousenews.com/massachusetts-high-court-expands-social-media-privacy-rights/

Massachusetts high court expands social media privacy rights

Police can go snooping around in your Snapchat account, the justices held, but only within limits.

Writing for the unanimous court, Justice Frank Gaziano declined to adopt what has been the prevailing view "that … once any content is posted on social media, no reasonable expectation of privacy remains."

The opinion also quotes the Supreme Court's Justice Sonia Sotomayor, who said such a categorical rule is "ill suited to the digital age, in which people reveal a great deal of information about themselves to third parties in the course of carrying out mundane tasks."

And so to determine whether police can engage in social-media snooping, “each case must be resolved by carefully considering the totality of the circumstances,” Gaziano wrote — a steep hurdle for police, as they won’t necessarily be able to tell in advance whether any snooping they do will result in evidence that can be used in court.



Useful method or madness.

https://www.bbc.com/news/technology-60293057

Porn sites will be legally required to verify users' age

Porn websites in the UK will be legally required to verify the age of their users under new internet safety laws.

The legislation, which is part of the draft Online Safety Bill, aims to give children better protection from explicit material.

The measures, to ensure users are 18 or over, could see people asked to prove they own a credit card or confirm their age via a third-party service.

The Online Safety Bill is expected to be introduced to parliament over the next few months and is designed to protect users from harmful content.



Internal threat: Anyone in the other political party?

https://www.politico.com/news/2022/02/08/house-watchdog-behavioral-monitoring-internal-security-threats-00006447

House watchdog weighs ‘behavioral monitoring’ to deter internal security threats

A top congressional watchdog is considering calling for the House sergeant at arms to launch a program aimed at identifying and deterring internal threats, including through “behavioral monitoring,” according to a draft document reviewed by POLITICO.

The programs generally assess typical employee behavior — the average number of pages printed per week, for instance — in an effort to gauge if someone’s online activity has become aberrant. The degrees of scrutiny that these programs level can vary substantially from agency to agency.

Some of the most robust programs track every keystroke that employees make on their work computers.



Tools & Techniques.

https://www.creativebloq.com/news/davinciface

Turn your selfies into da Vinci paintings with this brilliant AI tool

DaVinciFace uses using artificial intelligence and algorithms to transform your face into something akin to the Mona Lisa in mere minutes. Developed by a Florence-based tech firm, the tool is already proving hugely popular online.

All you have to do is upload a photo to the DaVinciFace website, and you'll be presented with a renaissance-style version in under two minutes.



Tools & Techniques.

https://www.makeuseof.com/tag/5-ways-to-make-your-windows-computer-speak-to-you/

5 Ways to Make Your Computer Read Documents to You