Saturday, March 19, 2022

Typical California?

https://www.nytimes.com/2022/03/15/technology/california-privacy-agency-ccpa-gdpr.html

How California Is Building the Nation’s First Privacy Police

A new state agency has a $10 million budget to regulate Google, Facebook and others. But first it needs to be created.





Every silver lining has a cloud.

https://www.theatlantic.com/ideas/archive/2022/03/putin-dictator-trap-russia-ukraine/627064/

Vladimir Putin Has Fallen Into the Dictator Trap

In the span of a couple of weeks, Vladimir Putin—a man recently described by Donald Trump as a strategic “genius”—managed to revitalize NATO, unify a splintered West, turn Ukraine’s little-known president into a global hero, wreck Russia’s economy, and solidify his legacy as a murderous war criminal.

How did he miscalculate so badly?

To answer that question, you have to understand the power and information ecosystems around dictators. I’ve studied and interviewed despots across the globe for more than a decade. In my research, I’ve persistently encountered a stubborn myth—of the savvy strongman, the rational, calculating despot who can play the long game because he (and it’s typically a he) doesn’t have to worry about pesky polls or angry voters. Our elected leaders, this view suggests, are no match for the tyrant who gazes into the next decade rather than fretting about next year’s election.

Reality doesn’t conform to that rosy theory.



(Related)

https://apnews.com/article/ussia-ukraine-war-us-view-of-putin-1271f76008b3e639df6ff21e3644e339

US view of Putin: Angry, frustrated, likely to escalate war

One independent Russian political analyst, Kirill Rogov, posted on his Telegram account that the war is “lost” and an “epic failure.”

The mistake was the notion that the West was unwilling to resist aggression, that it was lethargic, greedy and divided,” Rogov wrote. “The idea that the Russian economy is self-sufficient and secure was a mistake. The mistake was the idea of the quality of the Russian army. And the main mistake was the idea that Ukraine is a failed state, and Ukrainians are not a nation.

Four mistakes in making one decision is a lot,” he said.



Friday, March 18, 2022

Just because we don’t want it to be true does not mean it isn’t.

https://www.csoonline.com/article/3654156/new-gartner-report-quick-answer-ransomware-what-happens-if-you-pay.html#tk.rss_all

New Gartner Report, Quick Answer: Ransomware — What Happens If You Pay?

There's one surefire way to end ransomware once and for all: Stop paying. If every organization that suffered a ransomware attack refused to pay up, the threats would lose their income stream, and the work would dry up leading to the end of these attacks as we know them.

Simple, right? It turns out, not so much.

The ransomware industry has become increasingly adept at generating demand. While there are both government and private entities working to dissuade organizations from paying, including legislation that may ban ransom payments for certain sectors, or the phasing out of ransom payment coverage by cyber insurance companies, the hold that cyber ransom has on its victims makes it likely that breached companies will continue paying the ransom. Organizations that do not pay ransomware risk potential losses that far outweigh the financial hit taken from an extortion fee, which gives attackers a clear advantage.

If your organization is ever faced with that hard question, refer to Gartner's Quick Answer as a starting place.





Allowing you to select the cheapest, easily assembled from readily available ingredients… I wonder if it works as well on antidotes?

https://www.theverge.com/2022/3/17/22983197/ai-new-possible-chemical-weapons-generative-models-vx

AI suggested 40,000 new possible chemical weapons in just six hours

It took less than six hours for drug-developing AI to invent 40,000 potentially lethal molecules. Researchers put AI normally used to search for helpful drugs into a kind of “bad actor” mode to show how easily it could be abused at a biological arms control conference.

All the researchers had to do was tweak their methodology to seek out, rather than weed out toxicity. The AI came up with tens of thousands of new substances, some of which are similar to VX, the most potent nerve agent ever developed. Shaken, they published their findings this month in the journal Nature Machine Intelligence.





Teachers have more rights than parents?

https://www.pogowasright.org/federal-violation-anchorage-school-district-keeps-student-gender-pronouns-a-secret-from-parents/

Federal violation? Anchorage school district keeps student gender pronouns a secret from parents

Suzanne Downing reports:

Parents logging into the Q/ParentConnection database in the Anchorage School District’s web pages can find up-to-date information about their students, including items such as grades, contact information, and class news. Some parents know this website as Zangle.
What they don’t see is what the school district officials can see — the student’s preferred pronoun. That information only shows up on the district’s side of the database — hidden from parents’ view.
One Anchorage parent, who is also a teacher, happened to notice the difference between the information shown to teachers and administrators, and information that she as a parent can see from the parent portal.

Read more at MustReadAlaska.





We’ll be talking about this, a lot!

https://www.bespacific.com/the-law-of-war-and-the-russian-invasion-of-ukraine/

The Law of War and the Russian Invasion of Ukraine

CRS Legal Sidebar, The Law of War and the Russian Invasion of Ukraine, March 6, 2022 – “In the days after Russia’s invasion of Ukraine on February 24, 2022, many countries condemned the action as a violation of international law governing when countries may use force against one another. Since then, several observers, including the U.S. Secretary of State and other foreign government officials, have cited evidence that the Russian military has targeted civilians, struck protected sites, and taken other actions that violate international law regulating the conduct of war. This Legal Sidebar provides a brief introduction to the international legal framework governing the use of force in the invasion of Ukraine and concludes with a discussion of avenues for accountability and options for Congress.”

See also from CRS – War Crimes: A Primer March 15, 2022; and CRS Insight Russia’s Invasion of Ukraine: NATO Response, March 15, 2022.





Because I need to study everything to learn anything.

https://www.popsci.com/technology/stanford-artificial-intelligence-index-report/

Artificial intelligence is everywhere now. This report shows how we got here.

Artificial intelligence is getting cheaper, better at the tasks we assign it, and more widespread—but concerns over bias, ethics, and regulatory oversight still remain. At a time when AI is becoming accessible to everyone, the Stanford Institute for Human-Centered Artificial Intelligence put together a sweeping 2022 report analyzing the ins and outs of the growing field.





This is exactly how I encourage my students!

https://dilbert.com/strip/2022-03-18



Thursday, March 17, 2022

Mr. Byrne shows you how to swat a bug.

https://www.freetech4teachers.com/2022/03/watch-me-unravel-email-scam.html

Watch Me Unravel an Email Scam

As you know, I am a huge advocate for teaching students and teachers to respect copyright. To that end I always advocate for using your own media or media that is in the public domain whenever possible. So when an email with the subject line "DMCA Copyright Infringement Notice" landed in my inbox this morning, I immediately opened it. It turned out to be the second attempt by the same person to scam/ threaten me into linking to a website.

I outlined the basics of a similar scam a couple of years ago. In short, the person emails you to say that you are using an image in violation of their copyright or that of someone they represent (in this case the person was claiming to be an attorney). They then say that you have to link to a particular website within seven days or they will pursue some kind of legal action.

I was in a particularly bad mood this morning when I received this email so I decided to fight fire with fire. I did a little research on the person who claimed to be an attorney and then told her to get lost! If you're interested in the whole process that I went through, here's the video I made to explain it.

In the video you'll see me do the following:

  1. Identify the fairly obvious red flags in the email.

  2. Show the original image as found here on Pixabay.

  3. Conduct an email trace (this video shows you all the steps).

  4. Uncover that the "law firm" doesn't actually exist.

  5. Discover that the "attorney" probably isn't even a real person.

  6. Conduct a WHOIS look up.

  7. Use the Internet Archive Wayback Machine to view changes in a website.





Everything I missed?

https://www.insideprivacy.com/artificial-intelligence/u-s-ai-iot-cav-and-privacy-legislative-update-first-quarter-2022/

U.S. AI, IoT, CAV, and Privacy Legislative Update – First Quarter 2022

This quarterly update summarizes key federal legislative and regulatory developments in the first quarter of 2022 related to artificial intelligence (“AI”), the Internet of Things (“IoT”), connected and automated vehicles (“CAVs”), and data privacy, and highlights a few particularly notable developments in the States.





Say what you mean, mean what you say.

https://www.pogowasright.org/geofence-warrants-are-the-future-and-thats-a-good-thing/

Geofence Warrants Are the Future (and That’s a Good Thing)

Eugene Volohn writes:

Jane Bambauer, a leading information law scholar (both on the First Amendment and the Fourth Amendment side), wrote up these thoughts on the recent geofencing case, on which Orin had also written; I’m delighted to be able to pass them along:
Last week, Judge Lauck of the Eastern District of Virginia handed down the first thorough Fourth Amendment analysis of the police investigation process known as “geofencing.” Judge Lauck found that the geofence warrant at issue in the case was unconstitutional. Moreover, the infirmities she found would be very difficult to cure in most police investigations where geofenced data might be helpful.
Civil liberties organizations have praised the opinion, but like Orin Kerr, I found the opinion confusing and poorly reasoned in its handling of key Fourth Amendment precedent. So I’ll take this opportunity to add a few additional doctrinal critiques to Orin’s excellent summary.

Read more at Reason.





Should provide more information than we have had before, but I expect a lot of “corrections” to the initial reports.

https://www.databreaches.net/president-biden-signs-critical-infrastructure-ransomware-payment-and-cyber-incident-reporting-into-law/

President Biden Signs Critical Infrastructure Ransomware Payment and Cyber Incident Reporting into Law

Ashden Fein, Robert Huffman, Moriah Daugherty, and Hensey A. Fenton III of Covington and Burling write:

On March 15, 2022, President Biden signed the Consolidated Appropriations Act 2022, a $1.5 trillion omnibus spending package to fund the government through September 2022. The omnibus spending package includes the Cyber Incident Reporting for Critical Infrastructure Act of 2022 (the “Act”), which establishes two cyber incident reporting requirements for covered critical infrastructure entities: a 24-hour requirement to report any ransomware payments to the U.S. Cybersecurity and Infrastructure Security Agency (“CISA”) and a 72-hour requirement to report all covered cyber incidents to CISA. These requirements will take effect upon the issuance of implementing regulations from the Director of CISA.

Read more at InsidePrivacy.



(Related) “Ye olde days”

https://www.csoonline.com/article/3654293/sec-filings-show-hidden-ransomware-costs-and-losses.html#tk.rss_all

SEC filings show hidden ransomware costs and losses

The ransomware scourge reached unprecedented levels in 2021, with ransomware threat actors demanding, and in many cases receiving, ransom payments in the millions of dollars.

… CSO ‘s examination of 8-K filings at the SEC found 30 publicly traded companies that reported a ransomware incident, paid ransomware-related expenses, or received ransomware-related insurance reimbursements during 2020 and 2021. Although most of these filings deemed the ransomware attacks as not material or lacked financial data to spell out the costs experienced in dealing with the incidents, seven contained sufficient cost data to shed light on how high the costs of a ransomware incident can go.

Ransomware costs one company $50 million in legal expenses, another $64 million in lost revenue

The following are snapshots of what these filings had to say.





I want to write better. This seems like good advice.

https://www.makeuseof.com/tips-for-writing-long-emails/

5 Tips for Writing Long Emails That Recipients Can Read

Sending long emails to your clients and coworkers is typically frowned upon. However, there are times when you just need to send a lengthy update or overview.

In that case, you'll want to do yourself and the recipient a favor by getting right to the point and ensuring they don't need to dig through lengthy paragraphs for information.

In this article, we’ll take you through sometimes you can use to help make your longer emails more readable and easier to respond to.



Wednesday, March 16, 2022

I can’t help thinking how much less difficult approval of my security budgets would have been if the FTC had adopted this approach earlier…

https://www.databreaches.net/ftc-takes-action-against-cafepress-for-data-breach-cover-up-and-poor-security/

FTC Takes Action Against CafePress for Data Breach Cover Up and Poor Security

The FTC has taken enforcement action against CafePress stemming, in part from a 2019 data breach previously reported on this site. In December, 2020, seven states settled charges with CafePress.

The Federal Trade Commission today took action against online customized merchandise platform CafePress over allegations that it failed to secure consumers’ sensitive personal data and covered up a major breach. The FTC alleges that CafePress failed to implement reasonable security measures to protect sensitive information stored on its network, including plain text Social Security numbers, inadequately encrypted passwords, and answers to password reset questions. The Commission’s proposed order requires the company to bolster its data security and requires its former owner to pay a half million dollars to compensate small businesses.

CafePress employed careless security practices and concealed multiple breaches from consumers,” said Samuel Levine, Director of the FTC’s Bureau of Consumer Protection. “These orders dial up accountability for lax security practices, requiring redress for small businesses that were harmed, and specific controls, like multi-factor authentication, to better safeguard personal information.”

In a complaint filed against Residual Pumpkin Entity, LLC, the former owner of CafePress, and PlanetArt, LLC, which bought CafePress in 2020, the FTC alleged that CafePress failed to implement reasonable security measures to protect the sensitive information of buyers and sellers stored on its network. In addition to storing Social Security numbers and password reset answers in clear, readable text, CafePress retained the data longer than was necessary. The company also failed to apply readily available protections against well-known threats and adequately respond to security incidents, the complaint alleged. As a result of its shoddy security practices, CafePress’ network was breached multiple times.

As part of the proposed settlement, Residual Pumpkin and PlanetArt will be required to implement comprehensive information security programs that will address the problems that led to the data breaches at CafePress. This includes replacing inadequate authentication measures such as security questions with multi-factor authentication methods; minimizing the amount of data they collect and retain; and encrypting Social Security numbers.

Source: Federal Trade Commission





Sounds pretty serious to me.

https://knowledge.wharton.upenn.edu/article/economic-sanctions-affecting-russia/

How Economic Sanctions Are Affecting Russia

LISTEN TO THE PODCAST: Wharton’s Nikolai Roussanov speaks with Wharton Business Daily on SiriusXM about the impact of Western sanctions on the Russian economy.

The ruble is now worth less than a penny and the economy is teetering, with Russia expected to default on billions of dollars in foreign debt. Multinational companies across all sectors are pulling out of the country, taking their products, services, and jobs with them.

Pretty much anybody who has participation in the banking system, which is a vast majority of the population, feels it one way or another,” Wharton finance professor Nikolai Roussanov said. “This is felt by all strata of society, maybe in different ways.”




It occurred to me that this has some potential to combat Russian propaganda. Once identified, Ukraine could send images to the social media account(s) that matched. Imagine mothers getting a post (and photo) that says, ‘You were told Russian troops are not here in the Ukraine. You were told there is no war. Yet here is your son, dead/a POW/driving his tank. What other lies are you being told?’

https://www.dailymail.co.uk/sciencetech/article-10614561/Ukraine-using-facial-recognition-technology-uncover-Russian-assailants-identify-dead.html

Ukraine is using AI facial recognition technology to uncover Russian assailants and identify the dead, report reveals



(Related)

https://www.nytimes.com/2022/03/12/technology/ukraine-minister-war-digital.html

Shaming Apple and Texting Musk, a Ukraine Minister Uses Novel War Tactics

To achieve Russia’s isolation, Mr. Fedorov, a former tech entrepreneur, used a mix of social media, cryptocurrencies and other digital tools. On Twitter and other social media, he pressured Apple, Google, Netflix, Intel, PayPal and others to stop doing business in Russia. He helped form a group of volunteer hackers to wreak havoc on Russian websites and online services. His ministry also set up a cryptocurrency fund that has raised more than $60 million for the Ukrainian military.

The work has made Mr. Fedorov one of Mr. Zelensky’s most visible lieutenants, deploying technology and finance as modern weapons of war. In effect, Mr. Fedorov is creating a new playbook for military conflicts that shows how an outgunned country can use the internet, crypto, digital activism and frequent posts on Twitter to help undercut a foreign aggressor.

In his first in-depth interview since the invasion began on Feb. 24, Mr. Fedorov said his goal was to create a “digital blockade” and to make life so unpleasant and inconvenient for Russian citizens that they would question the war. He praised companies that had pulled out of Russia, but said Apple, Google and others could go further with steps such as completely cutting off their app stores in the country.



(Related)

https://www.theregister.com/2022/03/15/russian_demand_for_vpns/

Russian demand for VPNs skyrockets by 2,692%

Virtual iron curtains are a lot harder to keep free of holes

… VPNs, of course, create private tunnels that obscure what someone does online and allows a connected machine to appear as though it's located in a different country. This explains the massive surge, especially in Russia, where access to popular social media sites and news services have been cut off.



Tuesday, March 15, 2022

A war-like act or simply a childish reaction?

https://www.bespacific.com/russia-says-its-businesses-can-steal-patents-from-anyone-in-unfriendly-countries/

Russia says its businesses can steal patents from anyone in ‘unfriendly’ countries

Washington Post:Russia has effectively legalized patent theft from anyone affiliated with countries “unfriendly” to it, declaring that unauthorized use will not be compensated. The decree, issued this week, illustrates the economic war waged around Russia’s invasion of Ukraine, as the West levies sanctions and pulls away from Russia’s huge oil and gas industry. Russian officials have also raised the possibility of lifting restrictions on some trademarks, according to state media, which could allow continued use of brands such as McDonald’s that are withdrawing from Russia in droves. The effect of losing patent protections will vary by company, experts say, depending on whether they have a valuable patent in Russia. The U.S. government has long warned of intellectual property rights violations in the country; last year Russia was among nine nations on a “priority watch list” for alleged failures to protect intellectual property. Now Russian entities could not be sued for damages if they use certain patents without permission…”





This could hurt. Will they have to prove that any replacement algorithm does not include any objectionable aspects of the old algorithm?

https://www.protocol.com/policy/ftc-algorithm-destroy-data-privacy

The FTC’s new enforcement weapon spells death for algorithms

The Federal Trade Commission has struggled over the years to find ways to combat deceptive digital data practices using its limited set of enforcement options. Now, it’s landed on one that could have a big impact on tech companies: algorithmic destruction. And as the agency gets more aggressive on tech by slowly introducing this new type of penalty, applying it in a settlement for the third time in three years could be the charm.

In a March 4 settlement order, the agency demanded that WW International — formerly known as Weight Watchers — destroy the algorithms or AI models it built using personal information collected through its Kurbo healthy eating app from kids as young as 8 without parental permission. The agency also fined the company $1.5 million and ordered it to delete the illegally harvested data.

When it comes to today’s data-centric business models, algorithmic systems and the data used to build and train them are intellectual property, products that are core to how many companies operate and generate revenue. While in the past the FTC has required companies to disgorge ill-gotten monetary gains obtained through deceptive practices, forcing them to delete algorithmic systems built with ill-gotten data could become a more routine approach, one that modernizes FTC enforcement to directly affect how companies do business.





Another opportunity for bias. Always “correct” a New Jersey accent but never modify a Texas accent.

https://techcrunch.com/2022/03/14/sayso-accent-changing/

Sayso is launching an API to dial down people’s accents a wee bit

Struggling to understand your heavily accented co-worker? Can’t follow what the customer support person at the other end of the phone is saying? Technology rushes to the rescue. It turns out that listening to an accent you’re not familiar with can dramatically increase the cognitive load (and, by extension, the amount of energy you expend to understand someone). Sayso is attempting to tackle this problem, by giving developers an API that can change accented English from one accent to another in near real time





Another study to watch. Can technology change the way the world thinks?

https://www.usu.edu/today/story/the-future-of-governance-usu-professors-studying-effect-of-ai-enabled-surveillance-in-government

The Future of Governance: USU Professors Studying Effect of AI-Enabled Surveillance in Government

Just how much influence can artificial intelligence-enabled surveillance technology have on how a society is governed? This is the key question Utah State University researchers Jeannie Johnson and Briana Bowen are looking to answer, thanks to a three-year, $1.49 million grant from the Department of Defense and its Minerva Research Initiative. Johnson and Bowen are studying the effect of AI surveillance technology and how its adoption in certain governments could change societal structure and norms.

Taking a case-study approach, Johnson and Bowen are heading up a multidisciplinary, multi-institution team to study the export of AI-enabled surveillance technology originating in and exported from China to a number of Latin American countries. The Chinese government is a major world supplier of AI-driven surveillance systems and also has been testing the technology domestically in certain pilot cities, often with transparency to its own citizens.

The question is, if you export these digital technologies, do you also export political norms?” Bowen said. “Or are you exporting a tool — and societies will use the tool however they want and remain relatively untouched by the social ecosystem from which those technologies originated?”





Coming from an Audit background, I like to start with “What is the system supposed to do?”

https://twin-cities.umn.edu/news-events/meaningful-standards-auditing-high-stakes-artificial-intelligence

Meaningful Standards for Auditing High-Stakes Artificial Intelligence

it is important to ask: can AI tools ever be truly unbiased decision-makers? In response to claims of unfairness and bias in tools used in hiring, college admissions, predictive policing, health interventions, and more, the University of Minnesota recently developed a new set of auditing guidelines for AI tools.

The auditing guidelines, published in the American Psychologist, were developed by Richard Landers, associate professor of psychology at the University of Minnesota, and Tara Behrend from Purdue University.

The researchers developed guidelines for AI auditing by first considering the ideas of fairness and bias through three major lenses of focus:

  • How individuals decide if a decision was fair and unbiased

  • How societal legal, ethical and moral standards present fairness and bias

  • How individual technical domains — like computer science, statistics and psychology — define fairness and bias internally





Another summary?

https://cosmosmagazine.com/technology/ai/ai-ethics-good-in-the-machine/

Where AI and ethics meet

How we can make “good” artificial intelligence, what does it mean for a machine to be ethical, and how can we use AI ethically? Good in the Machine – 2019’s SCINEMA International Science Film Festival entry – delves into these questions, the origins of our morality, and the interplay between artificial agency and our own moral compass.




Monday, March 14, 2022

This was a risk even before the war in Ukraine. Can it succeed without access to the secret formula for Coke or suppliers outside of Russia?

https://www.usatoday.com/story/money/business/2022/03/13/russia-putin-threatens-to-seize-assets-of-departing-western-companies/7026192001/

Vladimir Putin threatens to seize assets of Western businesses that have left Russia

Hundreds of companies have similarly announced plans to curtail ties to Russia, with the pace accelerating over the past week as the deadly violence and humanitarian crisis in Ukraine worsens, and as Western governments ratchet up economic sanctions.

Russian President Vladimir Putin responded Thursday by saying that if foreign companies shut down production in Russia, he favored a plan to “bring in outside management and then transfer these companies to those who want to work.”

A draft law could allow Russian courts to appoint external administrators for companies that cease operations and are at least 25% foreign-owned. If the owners refuse to resume operations or to sell, the company’s shares could be auctioned off, the ruling United Russia party has said, calling it “the first step toward nationalization.”





Clearview must seem useful, given all the places it shows up.

https://www.reuters.com/technology/exclusive-ukraine-has-started-using-clearview-ais-facial-recognition-during-war-2022-03-13/

Exclusive: Ukraine has started using Clearview AI’s facial recognition during war

Ukraine's defense ministry on Saturday began using Clearview AI’s facial recognition technology, the company's chief executive told Reuters, after the U.S. startup offered to uncover Russian assailants, combat misinformation and identify the dead.

Ukraine is receiving free access to Clearview AI’s powerful search engine for faces, letting authorities potentially vet people of interest at checkpoints, among other uses, added Lee Wolosky, an adviser to Clearview and former diplomat under U.S. presidents Barack Obama and Joe Biden.





Ukraine is having an impact in lots of areas.

https://www.databreaches.net/ukraine-war-has-insurers-worried-about-cyber-policies/

Ukraine War Has Insurers Worried About Cyber Policies

Alice Uribe, Leslie Scism, and David Uberti report:

Insurance for cyberattacks has been a booming business, but Russia’s invasion of Ukraine has insurers sweating about the possibility of big losses. They are rushing to plug a possible loophole that leaves them vulnerable.
Sales of cyber insurance more than doubled last year to about $15 billion as companies sought to protect themselves from the costs of ransomware and computer viruses that could cripple their operations.
Like most insurance policies, these have exclusions for acts of war.

Read more at The Wall Street Journal.





Perspective. Another crime facilitated by technology…

https://www.theguardian.com/society/2022/mar/13/new-law-banning-cyberflashing-to-be-included-in-online-safety-bill

New law banning cyberflashing to be included in online safety bill

Cyberflashing is to become a criminal offence, with perpetrators facing up to two years in jail under government plans to strengthen the upcoming online safety bill.

Three-quarters of girls aged 12-18 have been sent unsolicited nude images of boys or men, according to research published in 2020. A revised version of the online safety bill is expected to be published the week that will include a number of new offences in addition to cyberflashing.

The culture secretary, Nadine Dorries, said: “The forthcoming online safety bill will force tech companies to stop their platforms being used to commit vile acts of cyberflashing. We are bringing the full weight on individuals who perpetrate this awful behaviour.”