It was hard not to pay the ransom when it was only your children being kidnapped. Now it’s your entire business!

https://www.theregister.com/2022/05/13/organizations_pay_ransomware/

Most organizations hit by ransomware would pay up if hit again

Almost nine in 10 organizations that have suffered a ransomware attack would choose to pay the ransom if hit again, according to a new report, compared with two-thirds of those that have not experienced an attack.

The findings come from a report titled "How business executives perceive ransomware threat" by security company Kaspersky, which states that ransomware has become an ever-present threat, with 64 percent of companies surveyed already having suffered an attack, but more worryingly, that executives seem to believe that paying the ransom is a reliable way of addressing the issue.

The report, available here, is based on research involving 900 respondents across North America, South America, Africa, Russia, Europe, and Asia-Pacific. The respondents were in senior non-IT management roles at companies between 50 and 1,000 employees.

Overly free speech?

https://www.nbcnews.com/tech/social-media/tech-firms-ask-us-supreme-court-block-texas-social-media-law-rcna28853

Tech groups ask Supreme Court to block Texas social media law

… The law forbids social media companies with more than 50 million active users per month from banning members based on their political views and requires them to publicly disclose how they moderate content.

… Internet lobbying groups NetChoice and the Computer & Communications Industry Association filed a lawsuit against the measure, and U.S. District Judge Robert Pitman in Austin, Texas, issued a preliminary injunction in December.

Pitman had found that the law would harm social media companies’ free speech rights under the First Amendment of the U.S. Constitution.

The tech groups, in their emergency request, asked the Supreme Court to “allow the District Court’s careful reasoning to remain in effect while an orderly appellate process plays out.”

Interesting. All this well before Russia invaded Ukraine.

https://executivegov.com/2022/05/study-no-unbridgeable-divide-between-dod-silicon-valley-on-military-use-of-ai/

Study Finds No Unbridgeable Divide Between Pentagon, Silicon Valley Over Military Use of AI

A RAND Corp. study found no unbridgeable gap between the Department of Defense and Silicon Valley and showed more similarities in attitudes across Silicon Valley employees, defense industrial base and alumni of universities with regard to the military use of artificial intelligence.

RAND surveyed 1,178 software engineers from traditional defense contractors, Silicon Valley and alumni of computer science universities between December 2020 and April 2021 and found that at least 33 percent of respondents from three large software companies feel uncomfortable with lethal use cases for AI.

The study found that over 66 percent of respondents in each population considered cyberattacks as critical threats to the U.S. and more than 75 percent from all three survey populations thought of Russia and China as serious threats to the U.S.

According to the report, nearly 90 percent of participants said they believe the use of military force would be justified to defend the U.S. and NATO allies against foreign aggression.

...and this from the city of Brotherly Love.

https://www.thedailybeast.com/philadelphia-inquirer-editorial-board-says-gop-are-too-insane-to-endorse-anyone-for-governor-or-senate

Philadelphia Inquirer Editorial Board Says GOP Candidates Are Too Nuts to Endorse

Pennsylvania will be holding primaries for governor and senator on Tuesday, but The Philadelphia Inquirer won’t be endorsing any Republicans this year because the paper says none are “operating in the same reality.” In a blistering editorial on Friday, the board said that while it has historically leaned toward Democrats, it has also endorsed Republicans “even when a candidate’s views didn’t exactly align” with their own. However, when sending out surveys to Pennsylvania GOP candidates in the Senate primary, only one would even acknowledge that Joe Biden won the 2020 presidential election. “How do you find points of agreement when you can’t reach common ground on facts so basic that they could be used in a field sobriety test?” the editorial board wrote. And although the GOPers in this year’s gubernatorial primary conceded that Trump’s lie about winning was, and continues to be, a lie, their extreme views on abortion were dubbed a “sad state of affairs” by the editorial board.

Tools & Techniques.

https://www.theregister.com/2022/05/14/eternity-project-malware-sale/

Shopping for malware: $260 gets you a password stealer. $90 for a crypto-miner…

A Tor-hidden website dubbed the Eternity Project is offering a toolkit of malware, including ransomware, worms, and – coming soon – distributed denial-of-service programs, at low prices.

According to researchers at cyber-intelligence outfit Cyble, the Eternity site's operators also have a channel on Telegram, where they provide videos detailing features and functions of the Windows malware. Once bought, it's up to the buyer how victims' computers are infected; we'll leave that to your imagination.

The Telegram channel has about 500 subscribers, Team Cyble documented this week. Once someone decides to purchase of one or more of Eternity's malware components, they have the option to customize the final binary executable for whatever crimes they want to commit.

Even a cliché has power…

https://dilbert.com/strip/2022-05-14

Interesting how laws that do not directly address privacy can still be of concern to privacy advocates.

https://www.bespacific.com/how-a-digital-abortion-footprint-could-lead-to-criminal-charges/

How a Digital Abortion Footprint Could Lead to Criminal Charges

TIME: “Getting away with breaking the law in the digital age is tricky. Almost everything one does—whether it’s making a Google search for “how to clean up a crime scene,” purchasing suspicious items on Amazon, or merely having been in the proximity of a crime scene with a cell phone that had its location services turned on—can be discovered via court-issued warrant and lead to charges and convictions. If Roe v. Wade is overturned—as a draft of a Supreme Court opinion signaled it might be— soon having or helping procure an abortion could become a crime in some states. And that means individuals’ personal internet data could be collected and used against them if they seek or facilitate a pregnancy termination. “Your geolocation data, apps for contraception, web searches, phone records—all of it is open season for generating data to weaponize the personal information of women across the country,” Senator Ron Wyden, an Oregon Democrat and longtime proponent of digital privacy reform, tells TIME. In states that not only outlaw but criminalize abortion—a move that Louisiana is considering adopting after a final decision from the Supreme Court —a pregnant woman’s digital search of abortion-inducing medication, online purchase of pregnancy tests, or email request for financial support to a pro-abortion resource group could be deployed against her in criminal proceedings. In states that criminalize assisting in abortions, data revealing frequent trips to a reproductive health clinic could also be used. “Everything we do is traceable,” says Bennett Capers, a visiting criminal law professor at Yale University and full professor at Fordham’s law school. “Once getting an abortion is illegal, then attempting to get an abortion is also illegal.” In recent years, several Democratic lawmakers have introduced legislation to bring America’s digital privacy laws into the 21st century and enshrine safeguards against the unfettered collection of individuals’ personal data by governments and companies for criminal surveillance and corporate profit. Now, Wyden and his colleagues are pushing with renewed urgency to get those bills passed, hoping the leak of the draft opinion spurs Congress to action with the Supreme Court’s final decision anticipated to come down in the next two months. “A lot of privacy rules are from the Dark Ages,” Wyden says. “The SCOTUS prospects certainly drive home the real world consequences of the law not keeping up with the time.”…

Your face on Post Office walls throughout America?

https://www.reuters.com/world/us/us-cities-are-backing-off-banning-facial-recognition-crime-rises-2022-05-12/

U.S. cities are backing off banning facial recognition as crime rises

Facial recognition is making a comeback in the United States as bans to thwart the technology and curb racial bias in policing come under threat amid a surge in crime and increased lobbying from developers.

Virginia in July will eliminate its prohibition on local police use of facial recognition a year after approving it, and California and the city of New Orleans as soon as this month could be next to hit the undo button.

… Efforts to get bans in place are meeting resistance in jurisdictions big and small from New York and Colorado to West Lafayette, Indiana. Even Vermont, the last state left with a near-100% ban against police facial-recognition use, chipped away at its law last year to allow for investigating child sex crimes.

Not all bangs are gunshots? Imagine that.

https://chicagoreader.com/news-politics/news/shotspotters-deafening-impact/

ShotSpotter’s deafening impact

Before last March, you might not have heard of ShotSpotter. That month, news of 13-year-old Adam Toledo’s killing by a police officer in Little Village rang through Chicago just as resoundingly as the alleged noise of gunshots that brought cops to his location in the first place.

Almost as soon as the news of Toledo’s death broke, activists began raising questions about the private gunshot-detection system that summoned police to the scene. That summer, the activists’ voices grew even louder when it became public that the city had quietly extended its $33 million, three-year contract with ShotSpotter by another two years, through August 2023.

ShotSpotter markets its technology as a “proactive” tool that hears gunshots and gets police to potential crime scenes faster than 911 calls.

But sound is a tricky thing. It travels, echoes, and reverberates, and can be muffled, distorted, or unclear. How can ShotSpotter sensors tell the difference between a gunshot or firework? They apparently can’t—at least not as accurately as the company has publicly asserted. And there is little evidence to suggest that the Chicago police (CPD) or ShotSpotter test the devices to see how they register different loud noises once deployed.

ShotSpotter’s primary purpose is to hear gunshots, but according to a report published by the city’s Office of the Inspector General (OIG) last August, only 9.1 percent of alerts generated between January 1, 2020, and May 31, 2021, actually resulted in police finding evidence of a gun crime. And a 2011 study commissioned by the company found that trucks, motorcycles, helicopters, fireworks, construction, trash pickup, and church bells, among other sounds, have all triggered false positive alerts, mistaking these sounds for gunshots.

Clearly true?

https://www.cnbc.com/2022/05/12/why-mark-cuban-predicts-ai-will-dominate-the-future-workplace.html

Mark Cuban predicts AI will dominate the future workplace: To be successful, ‘you’re going to have to understand it’

… “There’s two types of companies: those who are great at AI and everybody else,” Cuban said. “And you don’t necessarily have to be great at AI to start a company, but at some point, you’re going to have to understand it. It’s just like the early days of PCs. You didn’t have to be good at PCs, but it helped. Then networks, then the internet, then mobile.”

In Ye Olden Days (when I was working as an Analyst) Open Source always seemed to come after our other sources. Perhaps the Internet changed that?

https://federalnewsnetwork.com/intelligence-community/2022/05/spy-agencies-look-to-standardize-use-of-open-source-intelligence/

Spy agencies look to standardize use of open source intelligence

Intelligence agencies are starting to coalesce around a set of common standards and data for using open source intelligence, but challenges remain in boosting the use of OSINT throughout the intelligence community.

Patrice Tibbs, chief of community open source at the CIA, said open source has “proven itself over and over,” especially given current events like Russia’s invasion of Ukraine. OSINT is generally defined as unclassified information, often publicly available, like data gleaned from social media feeds.

… “I think more and more of our customers and personnel realize the value of open source,” he said. “They also get it first, frankly, in many cases. It’s very immediate. . . . It wasn’t possible 10 years ago, or 15 years ago, for information to be that widespread, immediately available to anyone who has a mobile device, or computer at their desk. So I think a lot of our customers, and our all source analysts and other collectors are getting much more comfortable with relying on open source early and often.”

(Related)

https://www.theregister.com/2022/05/13/cyberspace_is_first_theatre_of_war/

'Peacetime in cyberspace is a chaotic environment' says senior US advisor

The internet is now the first battleground of any new war – before the shooting starts

Cyber war has become an emerged aspect of broader armed conflicts, commencing before the first shot is fired, cybersecurity expert Kenneth Geers told the audience at the Black Hat Asia conference on Friday.

… Geers said the Russia-Ukraine war demonstrates how electronic and kinetic conflicts interact. Ahead of the Ukraine invasion, Russia severed network cables, commandeered satellites, whitewashed Wikipedia, and targeted military ops via mobile phone geolocations.

Geers highlighted that Russia's DDoS attack on the Ukraine began 10 days before its soldiers invaded on February 24. A day before the official war began, Russian cybersecurity operations began to execute wiper attacks, targeting Ukrainian systems and deleting its data.

That same day, February 23, the "psyops" began. These psychological operations included misinformation in the form text messages sent to Ukrainian soldiers that they should surrender, messages to citizens about non-functioning ATMs creating bank panic, and even deepfakes of Ukrainian president Volodymyr Zelensky surrendering.

Speech, with a Texas accent?

https://www.theverge.com/2022/5/11/23067002/texas-netchoice-paxton-hb20-social-media-law-fifth-circuit-appeals-court-grant-stay-ruling?scrolla=5eb6d68b7fedc32c19ef33b4

Court lets Texas restrictions on social platform content moderation take effect

The controversial Texas social media law HB 20 will take effect following a ruling today from a US appeals court. The tech industry trade groups NetChoice and the Computer and Communications Industry Association (CCIA) managed to block HB 20 in court last year, but that victory has been undone by the Fifth Circuit Court of Appeals, which today granted Texas Attorney General Ken Paxton’s request for a stay in NetChoice and CCIA v. Paxton. NetChoice and the CCIA were successful in blocking a similar law in Florida last year.

HB 20 allows Paxton’s office or Texas residents to sue social networks that moderate based on “the viewpoint of the user or another person,” among other offenses — language that potentially makes basic moderation decisions legally risky.

The ruling follows a confusing hearing where a Fifth Circuit judge claimed web services like Twitter “are not websites” and compared them to phone companies like Verizon, which are governed under specific common carrier rules set by the FCC. NetChoice and the CCIA can choose to mount an emergency appeal, but without quick intervention from a higher level like the Supreme Court, the law is now in force.

I guess this is cheaper than putting a camera on every street corner…

https://www.vice.com/en/article/v7dw8x/san-francisco-police-are-using-driverless-cars-as-mobile-surveillance-cameras

San Francisco Police Are Using Driverless Cars as Mobile Surveillance Cameras

… “Autonomous vehicles are recording their surroundings continuously and have the potential to help with investigative leads,” says a San Francisco Police department training document obtained by Motherboard via a public records request. “Investigations has already done this several times.”

The document released to Motherboard is a three-page guide for how officers should interact with autonomous vehicles (AVs), especially ones that have no human driver inside. It outlines basic procedures such as how to interact with the vehicles (”Do not open the vehicle for non-emergency issues” and ”Do not pull vehicles over unless a legitimate law enforcement action exists”) as well as whether to issue a citation for a moving violation for a car with no human driver (”No citation can be issued at this time if the vehicle has no one in the driver’s seat” but an incident report should be written instead). And the section titled “Investigations” has two bullet points advising officers of their usefulness in collecting footage.

Privacy advocates say the revelation that police are actively using AV footage is cause for alarm.

(Related)

https://www.beaconjournal.com/story/news/2022/05/11/akron-considers-flock-license-plate-readers-part-expanding-network/7399179001/

Akron preparing to join expanding traffic surveillance network; police say cameras with AI help solve crimes

The city of Akron is taking steps to become part of a national network of traffic surveillance cameras that has been growing in Northeast Ohio.

A recent demonstration of the system's capabilities came last month, when a police chase in Macedonia ended with the arrest of two people who police said had arrived in town to shoplift at a local store.

An automated license plate reader (ALPR) installed last fall by Georgia-based Flock Safety alerted police as a stolen vehicle entered town around 8:30 a.m. on April 21. Officers located the car minutes later in the local Target parking lot, they said, just as a thief and driver took off down state Route 82 with a stolen vacuum cleaner.

Readings for senior management.

https://sloanreview.mit.edu/article/the-ransomware-dilemma/

The Ransomware Dilemma

The decision on whether to pay up when cybercriminals hold data hostage is shaped by choices leaders made long before an attack.

The ransomware business is booming: In the United States alone, this form of cyberattack increased in frequency by 200% between 2019 and 2021. It’s an urgent threat, but too many leaders are caught flat-footed when it happens to them. Ransomware is malicious software that uses encryption to prevent access to data on the infected machine, effectively paralyzing the computer system. The culprits behind the attack then demand payment in exchange for decrypting the files and restoring access to the infected systems. The tactic dates to the 1980s, but it became a prominent threat to businesses after 2010 with the rise of cryptocurrency, criminals’ preferred mode of payment.

It’s a threat riddled with uncertainties, which makes planning a response difficult. Many organizations just want to find the quickest way out, and that often means paying the ransom, even though the financial burden may be considerable and the outcome far from certain. In a recent study of 300 companies, 64% revealed that they had experienced a ransomware attack within the previous 12 months, and a staggering 83% of those paid the ransom. On average, only 8% of organizations that paid up recovered all of their data, while 63% got about half of it back.

Learn from your vendors. Risk mitigation benefits you both.

https://www.csoonline.com/article/3659831/what-your-cyber-insurance-application-form-can-tell-you-about-ransomware-readiness.html#tk.rss_all

What your cyber insurance application form can tell you about ransomware readiness

The annual cyber insurance application form shows what the carriers think you should be doing to best prevent and recover from ransomware attacks. Pay attention.

Nothing new, but a bit more detail.

https://www.theguardian.com/world/2022/may/10/us-immigration-agency-ice-domestic-surveillance-study

US immigration agency operates vast surveillance dragnet, study finds

When cities and states passed ‘sanctuary’ laws to block police from aiding deportations, Ice found new ways to access private intel

US Immigration and Customs Enforcement (Ice) has built a vast digital surveillance system that gives it access to the personal details of almost every person in America, a two-year investigation by Georgetown University law center has found.

Researchers from the Center on Privacy & Technology on Tuesday released one of the most comprehensive reviews of Ice activities, concluding that the federal organisation has strayed well beyond its duties as an immigration body to become what is in effect a domestic surveillance agency.

Operating largely in secret and with minimal public oversight, Ice has amassed a formidable armory of digital capabilities that allows its agents to “pull detailed dossiers on nearly anyone, seemingly at any time”.

The vast mountain of data to which Ice now has access includes:

• Driver’s license data for three of every four adults living in the US.

• Data drawn from the utility records of 75% of adults, covering more than 218 million unique utility consumers in all 50 states.

• Information on the movements of drivers in cities that contain 75% of the US population.

• Facial recognition technology drawn from the driver’s license photos of at least a third of all adults.

The Georgetown researchers base their report, American Dragnet: Data-Driven Deportation in the 21st Century, on hundreds of freedom of information requests and a review of more than 100,000 previously unseen Ice spending transactions.

Only 45 more to go!

https://www.huntonprivacyblog.com/2022/05/10/connecticut-enacts-consumer-privacy-law/

Connecticut Enacts Consumer Privacy Law

On May 10, 2022, Connecticut Governor Ned Lamont signed An Act Concerning Personal Data Privacy and Online Monitoring, after the law was previously passed by the Connecticut General Assembly in April. Connecticut is now the fifth state to enact a consumer privacy law.

Sounds like it would be easy to duplicate. I bet it’s not…

https://www.institutionalinvestor.com/article/b1xzhzkcpwwpn8/How-a-Machine-Learning-Program-Finds-Litigation-Financing-Deals

How a Machine-Learning Program Finds Litigation Financing Deals

… Legalist’s application crawls government databases, including Pacer, as well as more than 200 databases representing state courts and government contractors.

The program — which Shang’s team calls a “truffle sniffer” — looks for static variables like defendants or lawyers, as well as time series variables, which include the events associated with cases. The technology is looking for key litigation dates, such as “creditor motions” in a bankruptcy.

Then, machine learning comes in. The app classifies the data by the type of case, individual, and event, among other variables, creating a decision tree that ultimately leads to a decision on whether the firm will finance the case.

… There are, of course, still errors. Shang said the litigation fund has about an 80 percent success rate. But her team tries to limit potential losses with its standardized process.

Problem with the cops or just a target of opportunity? Like pushing them back in time?

https://www.wgem.com/2022/05/09/troup-quincy-facing-one-worst-cyber-attacks-ever-hit-community/

Troup: Quincy facing one of the ‘worst cyber attacks’ to ever hit the community

… “This probably is going to go down as one of the worst cyber attacks for any organization in this community,” Troup said.

It took the Quincy Police Department’s non-emergency phone lines down for a full day.

Police still can’t access their emails. They also said they can’t process any Freedom of Information Act requests, their car computers are not working and they have to write paper copies for tickets and accident reports.

“Now instead of digital we are using paper copies. It’s like policing in the mid-to-late nineties [Oh, the horror! Bob] when I started. So we don’t have the car computers anymore,” Deputy Chief of Operations Shannon Pilkington said.

Pilkington said officers are still on patrol, and the 911 phone number still works.

… City of Quincy employees can’t send or receive emails and the Quincy Fire Department and Quincy Public Library were also impacted.

Troup said they are limiting employee usage of the internet until they know where the problem came from.

He said they are still unsure about how it happened, but he stressed the severity of the situation.

Troup said residents are able to pay their utility bills, but the city cannot accept credit card payments right now.

Imagine a world where weapons of war have no privacy. Pearl Harbors may become impossible but Ukraines will still get invaded. Tracking objects smaller than tanks should be possible.

https://www.scmp.com/news/china/science/article/3177079/chinese-smart-satellite-tracks-us-aircraft-carrier-real-time

Chinese smart satellite tracks US aircraft carrier in real time, researchers say

When USS Harry S. Truman was heading to a strait transit drill off the coast of Long Island in New York on June 17 last year, a Chinese remote sensing satellite powered by the latest artificial intelligence technology automatically detected the Nimitz-class aircraft carrier and alerted Beijing with the precise coordinates, according to a new study by Chinese space scientists.

There has got to be a better way. Six or seven years of effort to squeeze out $3 per victim? (Less attorney’s fees)

https://www.databreaches.net/lawyers-are-nearing-a-settlement-deal-for-the-infamous-2015-opm-hack/

Lawyers are nearing a settlement deal for the infamous 2015 OPM hack

Attorneys are closing in on a settlement deal that could deliver up to $63 million to some victims of one of the most cataclysmic data breaches in history

The settlement, if approved by a judge, would end a seven-year legal effort to win compensation for more than 21 million current and former federal employees who were victims of the hack of the Office of Personnel Management (OPM) in 2015, which intelligence officials say was almost certainly perpetrated by the Chinese government.

Read more at The Washington Post, but don’t expect to see compensation for most people.

A little more detail on a clear case of ‘undue reliance.’ After all, if AI is doing everything perfectly, why would I need to double check?

https://spectrum.ieee.org/artificial-intelligence-in-government

The Dutch Tax Authority Was Felled by AI—What Comes Next?

Until recently, it wasn’t possible to say that AI had a hand in forcing a government to resign. But that’s precisely what happened in the Netherlands in January 2021, when the incumbent cabinet resigned over the so-called kinderopvangtoeslagaffaire: the childcare benefits affair.

When a family in the Netherlands sought to claim their government childcare allowance, they needed to file a claim with the Dutch tax authority. Those claims passed through the gauntlet of a self-learning algorithm, initially deployed in 2013. In the tax authority’s workflow, the algorithm would first vet claims for signs of fraud, and humans would scrutinize those claims it flagged as high risk.

In reality, the algorithm developed a pattern of falsely labeling claims as fraudulent, and harried civil servants rubber-stamped the fraud labels. So, for years, the tax authority baselessly ordered thousands of families to pay back their claims, pushing many into onerous debt and destroying lives in the process.

… “The performance of the model, of the algorithm, needs to be transparent or published by different groups,” says Lee. That includes things like what the model’s accuracy rate is like, he adds.

The tax authority’s algorithm evaded such scrutiny; it was an opaque black box, with no transparency into its inner workings. For those affected, it could be nigh impossible to tell exactly why they had been flagged. And they lacked any sort of due process or recourse to fall back upon.

“The government had more faith in its flawed algorithm than in its own citizens, and the civil servants working on the files simply divested themselves of moral and legal responsibility by pointing to the algorithm,” says Nathalie Smuha, a technology legal scholar at KU Leuven, in Belgium.

This is one way to say it.

https://www.theverge.com/2022/5/9/23063952/clearview-ai-aclu-settlement-illinois-bipa-injunction-private-companies

Clearview AI agrees to permanent ban on selling facial recognition to private companies

Facial recognition surveillance company Clearview AI has agreed to permanently ban most private companies from using its service under a court settlement. The agreement, filed in Illinois court today, would settle a 2020 American Civil Liberties Union lawsuit that alleged the company had built its business on facial recognition data taken without user consent. The agreement formalizes measures Clearview had already taken and shields the company from further ACLU suits under Illinois’ Biometric Information Privacy Act (BIPA).

As part of the settlement, Clearview agrees to a permanent nationwide injunction restricting its sale (or free distribution) of access to a vast database of face photographs — many of which were originally scraped from social networks like Facebook.

(Related) A more accurate headline?

https://www.cnn.com/2022/05/09/tech/clearview-ai-aclu-settlement/index.html

Clearview AI agrees to restrict US sales of facial recognition mostly to law enforcement

Clearview AI, a controversial facial-recognition software company, agreed on Monday that it will not sell its software to most companies in the United States — a decision that will largely restrict its use to law-enforcement agencies in the country.

… "Clearview AI's posture regarding sales to private entities remains unchanged," Hoan Ton-That, CEO Clearview AI, said in a statement. "We would only sell to private entities in a manner that complies with BIPA. Our database is only provided to government agencies for the purpose of solving crimes."

Tools & Techniques.

https://www.bespacific.com/onelook-search-engine/

OneLook search engine

Total Anarchy – Ann Handley – “OneLook is a search engine that aggregates word definitions from over 1,061 indexed dictionaries. Visually, it’s a bit overwhelming—so it took me a minute to get used to its sorting + searching. Stick with it: it’s useful for not just defining words… but also finding them when you’re like what’s a word that means….?

Mission creep. You knew it would happen.

https://www.theregister.com/2022/05/08/pegasus_india_data_law_controversy/

India's ongoing outrage over Pegasus malware tells a bigger story about privacy law problems

NSO Group's Pegasus spyware-for-governments keeps returning to the headlines thanks to revelations such as its use against Spain's prime minister and senior British officials. But there's one nation where outrage about Pegasus has been constant for nearly a year and shows little sign of abating: India.

A quick recap: Pegasus was created by Israeli outfit NSO Group, which marketed the product as "preventing crime and terror acts" and promised it would only sell the software to governments it had vetted, and for approved purposes like taking down terrorists or targeting criminals who abuse children.

Those promises are important because Pegasus is very powerful: targets are fooled into a "zero click" install of the software, after which their smartphones are an open book.

In July 2021, Amnesty International and French journalism advocacy organisation Forbidden Stories claimed Pegasus had been used well beyond its intended purpose, and claimed to have accessed a list of over 50,000 phone numbers NSO clients had targeted for surveillance.

Many were politicans, activists, diplomats, or entrepreneurs - jobs that are just not the sort of role NSO said it would let governments target with Pegasus.

Over 300 Indian residents made that list – among them opposition politicians, activists, and officers of the Tibetan government in exile.

NSO has offered no explanation, or theory, for how its promises turned to dust.

The New York Times reported Prime Minister Narendra Modi purchased Pegasus in 2017 as part of an overall weapons deal worth roughly $2 billion, but Indian politicians have resisted admitting to its acquisition or use.

The mere implication that India's government had turned Pegasus against political opponents was dynamite and complaints poured in from those who felt they had been targeted.

A new “Most Wanted?”

https://www.axios.com/2022/05/06/data-company-headache-user-nightmare-abortion-roe

Without Roe, data will become a company headache and a user nightmare

The treasure troves of data tech companies have spent decades accumulating could put them right in the middle of efforts to prosecute people if the Supreme Court eliminates federal guarantees of abortion rights.

Why it matters: If Monday's leaked draft opinion becomes law, court orders could soon arrive at tech firm offices seeking info about individuals searching for emergency contraception, those seen near a suspected abortion clinic and more.

… In addition to non-medical information such as location, shopping and search data, medical records themselves could be targeted. And those records are far more digitized than they were in the pre-Roe era.

While HIPAA restricts how providers share medical information, it doesn't prevent them from sharing it with law enforcement. "I don’t think people can rely on HIPAA as being a defense in these cases if there were a criminal prosecution," Granick said.

Another way of saying ‘human error.’ Perhaps the instructions should be disclosed along with the algorithm?

https://techcrunch.com/2022/05/08/perceptron-ai-bias-can-arise-from-annotation-instructions/

Perceptron: AI bias can arise from annotation instructions

… This week in AI, a new study reveals how bias, a common problem in AI systems, can start with the instructions given to the people recruited to annotate data from which AI systems learn to make predictions. The coauthors find that annotators pick up on patterns in the instructions, which condition them to contribute annotations that then become over-represented in the data, biasing the AI system toward these annotations.

Many AI systems today “learn” to make sense of images, videos, text, and audio from examples that have been labeled by annotators. The labels enable the systems to extrapolate the relationships between the examples (e.g., the link between the caption “kitchen sink” and a photo of a kitchen sink) to data the systems haven’t seen before (e.g., photos of kitchen sinks that weren’t included in the data used to “teach” the model).

… As it turns out, annotators’ predispositions might not be solely to blame for the presence of bias in training labels. In a preprint study out of Arizona State University and the Allen Institute for AI, researchers investigated whether a source of bias might lie in the instructions written by data set creators to serve as guides for annotators. Such instructions typically include a short description of the task (e.g. “Label all birds in these photos”) along with several examples.

Mr Zillman assembles very complete lists of resources.

https://www.bespacific.com/web-guide-for-the-new-economy-2022/

Web Guide for the New Economy 2022

Via LLRX – Web Guide for the New Economy 2022 – Accurate and actionable data on the economy is critical to many aspects of our research and scholarship. This guide by research expert Marcus P. Zillman provides researchers with links to information on a range of sources focused on new economy data and analysis from the public and private sectors, as well as scholarly work, news, government information, reports and alerts. Many of these sources should find a place in your customized research toolkit. The sites recommended in this guide are all free to use, and they are published by advocacy, government, corporate, academic, international financial groups and research experts. Many of the sites are updated on a regular basis, so it is recommended that you use RSS feeds or alerts to remain abreast of changes.

Tools & Techniques.

https://finance.yahoo.com/news/turn-smartphone-flatbed-scanner-sign-163309887.html

How to turn your smartphone into a flatbed scanner to sign forms or digitize text

… Obviously, a “scan” really means taking a “photo” of what you’re pointing the camera at, but the technology can go beyond that.

Along with adding color and lighting correction to photos, today’s phones also boast “OCR” technology, which stands for “optical character recognition,” which can translate typewritten (and even handwritten) words into editable and searchable text.