Saturday, July 01, 2023

A first! Holding management accountable?

https://www.databreaches.net/wells-notice-against-solarwinds-ciso-could-be-first-of-its-kind/

Wells Notice Against SolarWinds CISO Could Be First of Its Kind

Com Sivesind writes:

SolarWinds Corporation, which suffered a major breach of its Orion software platform in December 2020, submitted a U.S. Securities and Exchange Commission (SEC) filing on June 23rd, saying the enforcement staff of the SEC provided the company with a Wells Notice related to its investigation into the cyber incident.
A Wells Notice is a letter the SEC generally issues to organizations or individuals when it is planning to take action against them.

Read more at SecureWorld.

[From the article:

"This is a really big deal. It's unprecedented: this is likely the first time a CISO has ever received one of these. And the implications are immense: Wells Notices are no joke. They create massive career hardships—especially if one plans to work for a publicly traded company."





Interesting argument…

https://www.theregister.com/2023/06/30/new_jersey_cops_facebook_wiretap/

Cops told: Er, no, you need a wiretap order if you want real-time Facebook snooping

New Jersey cops must apply for a wiretap order — not just a warrant — for near-continual snooping on suspects' Facebook accounts, according to a unanimous ruling by that US state's Supreme Court.

Thursday's decision overturned a lower court's ruling that said a search warrant was sufficient to compel Meta's social network to turn over access to a user's future posts and messages every 15 minutes for a period of 30 days. That's effectively a real-time tapping system, it was argued.

"The state argues that because of the brief 15-minute delay involved, it is obtaining 'stored communications' rather than intercepting live ones, so fewer safeguards apply. We do not agree," the Garden State's Supremes said [PDF ], noting that this would make New Jersey the only state in America to permit this practice.

This type of near-real-time access to Facebook users' communications "invokes heightened privacy protections," the top court argued. "We also find that the nearly contemporaneous acquisition of electronic communications here is the functional equivalent of wiretap surveillance and is therefore entitled to greater constitutional protection."





Congratulations! Your face matches your phony ID! Welcome aboard.

https://www.fastcompany.com/90918235/tsa-facial-recognition-program-privacy

Exclusive: TSA to expand its facial recognition program to over 400 airports

The pilot program is officially voluntary and uses what’s known as 1:1 facial matching technology to verify that a traveler standing at a checkpoint matches the photo on their physical ID. “The comparison is extremely accurate,” Langston says.





Challenging. How do you identify a fake review?

https://www.theverge.com/2023/6/30/23779880/ftc-fake-reviews-ban-ai

The FTC wants to put a ban on fake reviews

If you, too, are so very tired of not knowing which reviews to trust on the internet, we may eventually get some peace of mind. That’s because the Federal Trade Commission now wants to penalize companies for engaging in shady review practices. Under the terms of a new rule proposed by the FTC, businesses could face fines for buying fake reviews — to the tune of up to $50,000 for each time a customer sees one.





Perspective.

https://hbr.org/2023/06/13-principles-for-using-ai-responsibly

13 Principles for Using AI Responsibly

The competitive nature of AI development poses a dilemma for organizations, as prioritizing speed may lead to neglecting ethical guidelines, bias detection, and safety measures. Known and emerging concerns associated with AI in the workplace include the spread of misinformation, copyright and intellectual property concerns, cybersecurity, data privacy, as well as navigating rapid and ambiguous regulations. To mitigate these risks, we propose thirteen principles for responsible AI at work.





Something to explore?

https://venturebeat.com/ai/ai-foundation-launches-ai-xyz-to-give-people-their-own-ai-assistants/

AI Foundation launches AI.XYZ to give people their own AI assistants

AI Foundation, an AI research lab that gave us virtual Deepak Chopra, has launched AI.XYZ, a platform for people to create their own AI assistants.

AI.XYZ is available in public beta and can be accessed on the web with an invitation code. Creators can interact with their AIs through text, voice, and video. A free subscription to AI.XYZ allows users to get started creating their own AI, while a premium subscription for $20 per month allows additional capabilities and customization options.





Tools & Techniques. “Hello, I’m an AI and I’m running for President.”

https://www.makeuseof.com/wondershare-virbo-ai-video-content/

Wondershare Virbo: Unleash the Power of AI to Create Stunning Video Content

Virbo, available for iOS, Android, and Windows, can create realistic videos with different avatars in various languages. What’s more, videos can be synced via the Cloud so you’ll never lose your work.

You give your script or prompt to the app, and it will create a video for you. With many models from different nationalities and a selection of languages, you can make custom videos in minutes for various locations in the world.



Friday, June 30, 2023

This could be interesting…

https://www.bespacific.com/privacy-class-action-claims-chatgpt-is-catastrophic-risk-to-humanity/

AI Arms Race’: Privacy Class Action Claims ChatGPT Is ‘Catastrophic Risk to Humanity’

Law.com The lawsuit likens Open AI’s alleged privacy violations to complaints against Clearview AI for scraping photos off the internet for commercial gain: “A proposed class action lawsuit against Open AI and ChatGPT investor Microsoft Corp. is seeking a court order requiring the generative artificial-intelligence platform to stop its alleged secret “harvesting” of personal data, and to immediately put in place safeguards to protect society from “potentially catastrophic risk.” The 151-page complaint, surfaced by Law.com Radar and filed Wednesday in the U.S. District Court for the Northern District of California, claims that ChatGPT scrapes personal information on the internet without consent, and also gathers user data from their products, including the OpenAI website and other APIs and plug-ins…”





The downside of “We gotta do something!”

https://www.databreaches.net/high-school-changes-every-students-password-to-chngeme/

High school changes every student’s password to ‘Ch@ngeme!’

File this in your “You did WHAT?!” file.

Lorenzo Franceschi-Bicchierai reports that after a cybersecurity audit mistakenly reset everyone’s password, Oak Park and River Forest High School in Illinois did a global replace, changing all students’ passwords to “Ch@ngeme!” to prompt them to change their password.

What could possibly go wrong if you now know every student’s password, right?

Read more at TechCrunch.





My AI found this article interesting.

https://ipwatchdog.com/2023/06/29/u-s-copyright-office-generative-ai-event-three-key-takeaways/id=162771/

U.S. Copyright Office Generative AI Event: Three Key Takeaways

On Wednesday, June 28, the United States Copyright Office (USCO) hosted a virtual event exploring guidance for registration of works containing generative artificial intelligence (AI) content. The hour-long event included a recap of the USCO’s previously released policy guidance and the Zarya of the Dawn partial registration refusal, staff walking through numerous examples of how AI technologies are being used, and a Q&A session consisting of pre-planned and live audience discussion.

Here are three key takeaways from the event.





Tools & Techniques.

https://www.bespacific.com/how-to-use-new-bing-with-chatgpt-and-what-you-can-do-with-it/

How to use the new Bing with ChatGPT and what you can do with it

Tom’s Guide – Here’s how to use the new AI-supercharged Bing search: “This could be the beginning of a new era of searching the web, one in which you tell your search engine what you want in a far more natural and intuitive way. I’ve been using Microsoft’s new Bing with ChatGPT, and after exploring it for some time I’m ready to walk you through the process of how to use Bing with ChatGPT to full effect. Also, be sure to check out our guide on 9 helpful things Bing with ChatGPT can do for you to get the most out of the chatbot. But beware, Microsoft Edge is sending all your visited pages to Bing — here’s how to turn it off if you’d rather it didn’t…”



Thursday, June 29, 2023

So much for the Turing test…

https://www.theverge.com/2023/6/28/23775311/gpt-3-ai-language-models-twitter-disinformation-study

AI-generated tweets might be more convincing than real people, research finds

People apparently find tweets more convincing when they’re written by AI language models. At least, that was the case in a new study comparing content created by humans to language generated by OpenAI’s model GPT-3.

The authors of the new research surveyed people to see if they could discern whether a tweet was written by another person or by GPT-3. The result? People couldn’t really do it. The survey also asked them to decide whether the information in each tweet was true or not. This is where things get even dicier, especially since the content focused on science topics like vaccines and climate change that are subject to a lot of misinformation campaigns online.

Turns out, study participants had a harder time recognizing disinformation if it was written by the language model than if it was written by another person. Along the same lines, they were also better able to correctly identify accurate information if it was written by GPT-3 rather than by a human.





...and Sony is a technology company?

https://www.theverge.com/2023/6/28/23777298/sony-ftc-microsoft-confidential-documents-marker-pen-scanner-oops

Sony’s confidential PlayStation secrets just spilled because of a Sharpie

Sony highly confidential information about its PlayStation business has just been revealed by mistake. As part of the FTC v. Microsoft hearing, Sony supplied a document from PlayStation chief Jim Ryan that includes redacted details on the margins Sony shares with publishers, its Call of Duty revenues, and even the cost of developing some of its games.

It looks like someone redacted the documents with a black Sharpie — but when you scan them in, it’s easy to see some of the redactions. Oops.

The court has scrambled to remove the document, but the damage is done; reporters and Sony’s competition have already downloaded all the documents while they were in the public domain.





Resource.

https://www.gizmochina.com/2023/06/29/microsoft-free-generative-ai-skills-courses/

Microsoft is Now Offering Free Generative AI Skills & Training Courses

In a move that reflects the growing impact of generative AI technology, Microsoft has unveiled a comprehensive training program aimed at equipping workers with the necessary skills to harness the power of artificial intelligence. Announced as part of Microsofts “Skills for the Jobs” initiative, the program offers free online courses and certificates to help individuals master the fundamental concepts and applications of AI.

LinkedIn, a subsidiary of Microsoft, has developed a series of online courses that cover introductory knowledge of AI and provide a “framework for responsible AI.” These courses when completed will grant a professional certificate, which is the first of its kind in generative AI available on the online learning scenario.





Wednesday, June 28, 2023

Would you have to explain the step by step decryption process to each jury?

https://apnews.com/article/encrypted-phones-crime-encrochat-drugs-arrests-3ccc15ef095c201eb9fe55837bfdd886

A 3-year probe of encrypted phones led to the seizure of hundreds of tons of drugs, prosecutors say

Investigations triggered by the cracking of encrypted phones three years ago have so far led to more than 6,500 arrests worldwide and the seizure of hundreds of tons of drugs, French, Dutch and European Union prosecutors said Tuesday.

The French and Dutch investigation gained access to more than 115 million encrypted communications between some 60,000 criminals via servers in the northern French town of Roubaix, prosecutors said at a news conference in the nearby city of Lille.

As a result, 6,558 suspects have been arrested worldwide, including 197 “high-value targets.” Seized drugs included 30.5 million pills, 103.5 metric tons (114 tons) of cocaine, 163.4 metric tons (180 tons) of cannabis and 3.3 metric tons (3.6 tons) of heroin. The investigations also led to nearly 740 million euros ($809 million) in cash being recovered and assets or bank accounts worth another 154 million euros ($168 million) frozen.





So I have to ask, couldn’t you type exculpatory notes as easily?

https://www.schneier.com/blog/archives/2023/06/typing-incriminating-evidence-in-the-memo-field.html

Typing Incriminating Evidence in the Memo Field

Don’t do it:

Recently, the manager of the Harvard Med School morgue was accused of stealing and selling human body parts. Cedric Lodge and his wife Denise were among a half-dozen people arrested for some pretty grotesque crimes. This part is also at least a little bit funny though:
Over a three-year period, Taylor appeared to pay Denise Lodge more than $37,000 for human remains. One payment, for $1,000 included the memo “head number 7.” Another, for $200, read “braiiiiiins.”

It’s so easy to think that you won’t get caught.





No one is dumb enough to do that. (Think of them as lemmings, following their leader off the cliff.)

https://www.bespacific.com/review-of-the-intelligence-failures-in-advance-of-january-6-2021/

Planned in Plain Sight: A Review of the Intelligence Failures in Advance of January 6th, 2021

U.S. Senator Gary Peters (D-MI), Chairman of the Senate Homeland Security and Governmental Affairs Committee, released a new report detailing the results of his investigation examining intelligence failures by the Federal Bureau of Investigation (FBI) and the Department of Homeland Security’s (DHS) Office of Intelligence and Analysis (I&A) in the lead-up to the attack on the U.S. Capitol on January 6, 2021. The report found that FBI and I&A received numerous tips and were aware of significant online posts threatening violence at the Capitol, yet they failed to accurately assess this intelligence and share the information with law enforcement partners. Peters’ investigation found that these missteps contributed to the security planning failures that left frontline officers unprepared for the violent mob that breached the Capitol and disrupted the peaceful transfer of power. The findings build on a bipartisan investigation and report Peters led in 2021 detailing security, planning and response failures related to the attack. The report released by Peters today addresses previously unanswered questions about how the FBI and I&A severely misjudged the threat level. “Despite the high volume of tips and online traffic about the potential for violence – some of which the Federal Bureau of Investigation and the Office of Intelligence and Analysis were aware of as early as December 2020 – these agencies failed to sound the alarm and share critical intelligence information that could have helped law enforcement better prepare for the events of January 6, 2021,” said Senator Peters…”





Tools & Techniques.

https://www.makeuseof.com/what-is-wintoys-guide/

What Is Wintoys? A Short Guide to a Powerful Windows Tool

As per its developer Bogdan Pătrăucean, Wintoys lets you experience Windows your way and keeps it fresh every day. T he app gives you control to set up, debloat, optimize, repair, and tweak your operating system in a simple, time-saving, yet safe approach.

Indeed, Wintoys is that and more, depending on how you apply it to Windows. It's perfect to keep your system running smoothly while tweaking it to do what you want, the way you want. And the best part is that it's all at your easily accessible in one place.

Getting Wintoys is a matter of clicks too. It's free and you can search for it on the Microsoft Store on your PC or download and install the app from its official Microsoft Store page.



Tuesday, June 27, 2023

Twelve fiftieths of the way…

https://www.insideprivacy.com/data-privacy/oregon-legislature-passes-consumer-privacy-act/

Oregon Legislature Passes Consumer Privacy Act

On June 22, 2023, the Oregon state legislature passed the Oregon Consumer Privacy Act, S.B. 619 (the “Act”). This bill resembles the comprehensive privacy statutes in Colorado, Montana, and Connecticut, though there are some notable distinctions. If passed, Oregon will be the twelfth state to implement a comprehensive privacy statute, joining California, Virginia, Colorado, Connecticut, Utah, Iowa, Indiana, Tennessee, Montana, Texas, and Florida.





Repeating and reiterating, redundantly.

https://www.bespacific.com/do-not-use-chatgpt-for-legal-research/

Do NOT, I Repeat, Do NOT Use ChatGPT For Legal Research

Above the Law – Nicole Black – These chatbots are bald-faced liars that pull facts out of thin air. “In light of recent events, I feel obliged to write this post, if only to create an internet breadcrumb upon which over-caffeinated lawyers hellbent on cutting legal research corners might stumble. Are you one of those lawyers? Are you pressed for time with a looming deadline for a responsive motion? Did you hear about this thing called ChatGPT, and now you’re wondering if it will conduct legal research and write a complex brief for you? Did you subsequently sign up for a free Open AI ChatGPT account, and after testing it out with a few simple legal questions, are ready to submit a query asking it to draft a lengthy brief? If you’re guilty as charged, and you’ve caught the ChatGPT fever, listen closely. No, I mean really listen. Move closer to your screen. Even closer. Closer still. Perfect…”



(Related)

https://www.bespacific.com/is-artificial-intelligence-capable-of-writing-a-law-journal-article/

Is Artificial Intelligence Capable of Writing a Law Journal Article?

Yankovskiy, Roman M, Is Artificial Intelligence Capable of Writing a Law Journal Article? (March 8, 2023). Yankovskiy, R. M. (2023). Sposoben li iskusstvennyj intellekt napisat’ stat’yu v yuridicheskij zhurnal? [Is Artificial Intelligence Capable of Writing a Law Journal Article?] Zakon [The Statute], (3), 126-133. doi:10.37239/0869-4400-2023-20-3-126-133, Available at SSRN: https://ssrn.com/abstract=4473414 or http://dx.doi.org/10.2139/ssrn.4473414

In this article, we explore the potential of artificial intelligence (AI), in particular, ChatGPT based on GPT 4.0 model, to create articles in the field of legal studies. We analyze the pros and cons of employing AI in jurisprudence, specifically focusing on its capacity to adapt to intricate legal terminology, evolving legislation, and nuanced argumentation. The primary emphasis is placed on potential inaccuracies that may emerge in AI-generated text, as well as the underlying causes and subsequent ramifications. Furthermore, we discuss the copyright implications for works created via AI and propose possible solutions. In conclusion, we outline the current limitations and future prospects for leveraging AI in both legal practice and scholarly research. A substantial portion of the article is entirely generated by AI



Monday, June 26, 2023

A new direction for privacy laws?

https://www.cpomagazine.com/data-protection/my-health-my-data-washington-poised-to-upend-how-companys-handle-health-information/

My Health My Data! Washington Poised to Upend How Company’s Handle Health Information

Adding to the ever increasing sea of state-sponsored privacy regulations, the state of Washington in April threw its hat in the privacy ring, or rather, its net in the water. Instead of a tailored regulation, however, Washington’s My Health My Data Act (“MHMDA”) is the legislative equivalent of bottom trawling—casting a net so wide that it threatens to engulf businesses from nearly every sector.

Supporters have billed MHMDA as providing necessary protection for health data not covered by the Health Insurance Portability and Accountability Act (“HIPAA”) in the wake of the Supreme Court’s Dobbs v. Jackson Women’s Health Organization which overturned its ruling in Roe v. Wade. MHMDA’s broad scope and definitions, however, will undoubtedly expand its reach to data not normally considered health data and businesses who do not traditionally consider themselves to be health care providers or to be collecting consumer health data. And given the expansive private right of action given to consumers, MHMDA is sure to create a new wave of privacy class action litigations.





Either they never had a plan to save these emails or the plan was horribly inadequate.

https://www.theregister.com/2023/06/26/jp_morgan_fined_for_deleting/

JP Morgan accidentally deletes evidence in multi-million record retention screwup

JP Morgan has been fined $4 million by the US Securities and Exchange Commission (SEC) for deleting millions of email records dating from 2018 relating to its Chase Bank subsidiary.

The Financial services outfit apparently deleted somewhere in the region of 47 million electronic communications records from about 8,700 electronic mailboxes covering the period January 1 through to April 23, 2018.

Many of these, it turns out, were business records that were required to be retained under the Securities Exchange Act of 1934, the SEC said in a filing [PDF] detailing its ruling.

Worse still, the stuffup meant that it couldn't produce evidence that that the SEC and others subpoenaed in their investigations. "In at least 12 civil securities-related regulatory investigations, eight of which were conducted by the Commission staff, JPMorgan received subpoenas and document requests for communications which could not be retrieved or produced because they had been deleted permanently," the SEC says.



Sunday, June 25, 2023

If we can sneak this by, our lives will be much easier...

https://www.theguardian.com/world/2023/jun/22/draft-eu-plans-to-allow-spying-on-journalists-are-dangerous-warn-critics

Draft EU plans to allow spying on journalists are dangerous, warn critics

Draft legislation published by EU leaders that would allow national security agencies to spy on journalists has been condemned by media and civic society groups as dangerous and described by a leading MEP as “incomprehensible”.

On Wednesday, the European Council – which represents the governments of EU member states – published a draft of the European Media Freedom Act that would allow spyware to be placed on journalists’ phones if a national government thought it necessary.

Unusually, the council did not take the step of holding an in-person meeting of ministers responsible for media before the draft was published.

The Dutch MEP Sophie in’t Veld, who has overseen the European parliament’s investigation into the use of Pegasus spyware on journalists and public figures, said the claim that permission to spy on the press was needed in the interests of national security was “a lie”.

I think what the council is doing is unacceptable. It’s also incomprehensible. Well, it’s incomprehensible if they are serious about democracy,” said In ‘t Veld.





Maybe so, maybe not.

https://link.springer.com/chapter/10.1007/978-981-19-9980-2_6

Technology and Lawyering: On Legal Practice and Value in a Digital Age

In 2010, Richard Susskind documented the impact of digital transformation and development of Artificial Intelligence (AI) in the legal industry. He portentously queried, are we on the precipice of witnessing ‘The End of Lawyers’? It is now a decade since Susskind’s seminal publication on the future of the legal profession, and certainly, many of his proclamations ring true. The changes to the legal profession have been immense: robo judges, ‘newlaw’, online dispute resolution and blockchain technologies, to name a few. A fear that robots will replace lawyers preoccupies the profession. And yet, in 2021, the legal profession has not been transformed by digital technology and lawyers have not become extinct. There are still judges hearing cases and handing down judgements, and there are still bricks and mortar courts in which lawyers appear, paper brief in hand. So what does this say about the continued relevance of legal professionals in the digital world? How can we understand the human value of solicitors, barristers and judges in the face of digital transformation? What is it about the human element in the practice of law that pushes against its replacement by technologies often lauded as better, cheaper and faster? This chapter uses the legal profession as a prism to explore these themes, specifically through the narratives of five legal actors: a barrister, a law firm partner, an in-house lawyer, an ethics lawyer and a law student. It asks them to reflect upon their human value, which perhaps the world of law can’t do without. In tracking the changing nature of the legal profession and interweaving the rich narratives of central protagonists in the legal world, this chapter contributes to the broader understanding of the digital human condition with which this book is concerned.





A large part of my working life was involved with computer auditing, so this caught my eye.

https://sustainabilitydigitalage.org/featured/wp-content/uploads/missing-links-in-ai-governance-unesco-mila.pdf#page=13

CHANGE FROM THE OUTSIDE: TOWARDS CREDIBLE THIRD-PARTY AUDITS OF AI SYSTEMS

When artificial intelligence (AI) systems cause harm, it is important to identify the responsible stakeholders and hold them accountable. Recently, AI audits have become an increasingly popular proposed accountability mechanism, and a growing ecosystem of AI auditors has emerged. By AI audit, we mean a process through which an auditor evaluates an AI system or product according to a specific set of criteria and provides findings and recommendations. AI audits can help identify whether AI systems meet stated performance targets, or in terms of other concerns such as bias and harm, data protection and privacy, transparency and accountability, adherence to standards and regulatory requirements, or labor practices and ecological impacts. AI audits may be conducted by first-party (internal), second-party (contracted), or third-party (external and fully independent) auditors. Third-party auditors, such as independent researchers, investigative journalists, community advocates, law firms, and regulators, have conducted many of the most impactful audits of AI systems to date. However, despite the importance of third-party auditors to AI accountability, this group has been mostly overlooked in AI policy.

In this chapter, we propose seven key policy interventions to strengthen the ability of third-party auditors to scrutinize AI systems: legal protections for third-party AI auditor access; accreditation for AI auditors; standards development for AI products; AI harm incident reporting; mandatory public disclosure of AI systems use; a frame shift beyond AI bias to harms; and accountability mechanisms to ensure appropriate audit responses.

By identifying these missing links, we hope to help advance a regulatory landscape that enables, protects and supports the ability of “outsiders” such as third-party auditors and other external stakeholders to scrutinize AI systems. We believe that credible third-party audits will help protect the human rights of communities that are most likely to be harmed by the use of AI systems





A look into the crystal ball.

https://www.pewresearch.org/internet/2023/06/21/as-ai-spreads-experts-predict-the-best-and-worst-changes-in-digital-life-by-2035/

As AI Spreads, Experts Predict the Best and Worst Changes in Digital Life by 2035

Spurred by the splashy emergence of generative artificial intelligence and an array of other AI applications, experts participating in a new Pew Research Center canvassing have great expectations for digital advances across many aspects of life by 2035. They anticipate striking improvements in health care and education. They foresee a world in which wonder drugs are conceived and enabled in digital spaces; where personalized medical care gives patients precisely what they need when they need it; where people wear smart eyewear and earbuds that keep them connected to the people, things and information around them; where AI systems can nudge discourse into productive and fact-based conversations; and where progress will be made in environmental sustainability, climate action and pollution prevention.