Monday, June 26, 2017

This does not bode well for the next election.
Govt Websites in Ohio, Maryland Hacked With Pro-IS Messages
Several government websites in the US states of Ohio and Maryland had to be shut down Sunday after being hacked to display messages supporting the Islamic State group.
Among the affected websites was one belonging to Ohio Governor John Kasich. 
Posted on the websites was a message from a group calling itself Team System DZ, vowing revenge against US President Donald Trump.

Technology and lawyers?  No comment.
ABA – Cloud Ethics Opinions Around the U.S.
by Sabrina I. Pacifici on Jun 25, 2017
ABA Law Practice Division – “Cloud Ethics Opinions – There’s a compelling business case for cloud computing, but can lawyers use it ethically?  We’ve compiled these comparison charts to help you make the right decision for your practice.
Broadly defined, cloud computing (or “Software as a Service”) refers to a category of software that’s delivered over the Internet via a Web browser (like Internet Explorer) rather than installed directly onto the user’s computer.  The cloud offers certain advantages in terms of minimal upfront costs, flexibility and mobility, and ease of use.  Because cloud computing  places data–including client data–on remote servers outside of the lawyer’s direct control, it has given rise to some concerns regarding its acceptability under applicable ethics rules.
Learn more about cloud computing in our brief overview…”

What information would you expect to be recorded for each stop?  Seven states don’t record the reason for a stop, only four fail to record the race of the driver. 
The Stanford Open Policing Project
by on
The Stanford Open Policing Project – “On a typical day in the United States, police officers make more than 50,000 traffic stops.  Our team is gathering, analyzing, and releasing records from millions of traffic stops by law enforcement agencies across the country.  Our goal is to help researchers, journalists, and policymakers investigate and improve interactions between police and the public.”

Sounds like Economics 101 was right all along.  Will politicians lead the charge to go back to lower wages?  Will they even acknowledge this study?
Seattle’s Minimum Wage Hike May Have Gone Too Far
   In January 2016, Seattle’s minimum wage jumped from $11 an hour to $13 for large employers, the second big increase in less than a year.  New research released Monday by a team of economists at the University of Washington suggests the wage hike may have come at a significant cost: The increase led to steep declines in employment for low-wage workers, and a drop in hours for those who kept their jobs.  Crucially, the negative impact of lost jobs and hours more than offset the benefits of higher wages — on average, low-wage workers earned $125 per month less because of the higher wage, a small but significant decline.

Read.  It’s something the apes (and my students) can’t seem to do. 
Project Gutenberg is the oldest digital library in the world.  You might even be reading a classic from there right now in your e-reader.
But don’t you hate how it’s formatted?
Gutenberg is a worthwhile effort, but as a true book lover you just might be turned off by the poor formatting of those old books, crippled by archaic typesets that strain your eyes.  The absence of attractive book covers might also irk you.
Standard Books promises to change all that.  This volunteer effort is bringing the oomph back to these old classics.
   Standard Books also makes browsing through the catalog easier.  It’s a clean interface with a search bar on top and a sort filter below . Click on the attractive book covers and jump to the book page.  The free download options cover all popular formats you would need today: EPUB, EPUB3, AZW3, and KEPUB for Kobo devices.
   You too can get involved.  It might make you a good reader, but it will surely make you a better editor.

I’m surprised they lasted this long.
Overwhelmed By Air Bag Troubles, Takata Files For Bankruptcy Protection
Long crippled by lawsuits and recall costs over its faulty air bags, Takata, the Japanese auto parts maker, filed for bankruptcy protection in Japan and the U.S. on Sunday.
Takata is on the hook for billions of dollars to banks and automakers, which have been covering the replacement costs of tens of millions of the recalled air bag inflators.
The company plans to sell what's rest of its operations to the rival U.S. auto parts supplier, Key Safety Systems, for $1.588 billion.

Sunday, June 25, 2017

Annoying, but probably no real threat to the government.  Unless someone uses “password” as a password?
The British Parliament has been hit by a cyberattack
   Authorities discovered unusual activity on the computer networks this morning, and have moved to take steps to protect them, which appears to include preventing access outside of the Palace of Westminster.  In an e-mail to Members of Parliament, parliamentary authorities say that they have “confirmed that hackers were carrying out a sustained and determined attack on all parliamentary user accounts in an attempt to identify weak passwords.”

(Related).  Very Trump-esque. 
Tweet frim: Henry Smith MP
Sorry no parliamentary email access today - we're under cyber attack from Kim Jong Un, Putin or a kid in his mom's basement or something...

The cost of a security breach…
Anthem will pay $115 million in largest data breach settlement in history
Anthem Inc. agreed to pay $115 million in a deal to end a court battle over the 2015 data breach where hackers gained access to sensitive records for nearly 80 million Americans.  The funds will go toward credit monitoring and reimbursement for customers, in addition to as much as $38 million in attorneys’ fees.
The 2015 breach saw hackers access records including Social Security numbers, birthdays, addresses, detailed employment information and income data.  Chinese state-sponsored attackers were suspected in the attack but there has been no official attribution.
The settlement requires Anthem to guarantee “a certain level of funding for information security and to implement or maintain numerous specific changes to its data security systems, including encryption of certain information and archiving sensitive data with strict access controls,” according to a statement by the plaintiffs’ attorneys . “The settlement is designed to protect class members from future risk, provide compensation, and ensure best cybersecurity practices to deter against future data breaches.”

I think he may have a point.  I’d like to see his tweets arranged like a diary.
I Found Trump’s Diary—Hiding in Plain Sight
Legally risky, undiplomatic and sometimes wrong, Trump’s Twitter feed is a document for the ages.  And historians don’t want to lose it.

Interesting summary.
What Amazon taught us this week: Data-centric companies will devour competitors
   The Wall Street Journal was one of the few publications to emphasize this vital aspect of the proposed buyout.  The Journal rightly points out that the deal would enable the new company to combine its online and in-store knowledge to better predict what goods to carry in-store and to offer cross-sell promotions to customers who shop at both venues.
All true.  But there’s a deeper principle involved here.  In general, a web company with high-quality data on its customers (Amazon, in this case) will have a much higher enterprise valuation than an equivalently sized “real economy” company with a less robust data set.  For example, Walmart has four times the revenue but only half the valuation of Amazon.
   As I see it, here are the key lessons we should draw from the deal:
·         This is just the beginning.
·         Deep data confers competitive advantages that may be unassailable.
·         It’s the depth and accuracy of the data that counts.

Somewhat misleading, but clearly this one will be big!
A game that isn't even out yet has already racked up $100 million in revenue
   "PlayerUnknown's Battlegrounds" is available only on PC so far (it's coming to Xbox One later this year).  It has only one game mode, and no single-player campaign.  It's not even fully complete — the game is available in "early access" through the online game platform Steam, which means it isn't finished but you can buy it early and start playing now.  
As it turns out, over 4 million people have already done that after just four months of availability.  At $30 apiece, that's quite a bit of revenue for an unfinished game — somewhere in the ballpark of $100 million, according to the folks at Bluehole Games. 

Saturday, June 24, 2017

A hacker’s dream!
Heaps of Windows 10 internal builds, private source code leak online
The data – some 32TB of official and non-public installation images and software blueprints that compress down to 8TB – were uploaded to, the latest load of files provided just earlier this week.  It is believed the confidential data in this dump was exfiltrated from Microsoft's in-house systems around March this year.
The leaked code is Microsoft's Shared Source Kit: according to people who have seen its contents, it includes the source to the base Windows 10 hardware drivers plus Redmond's PnP code, its USB and Wi-Fi stacks, its storage drivers, and ARM-specific OneCore kernel code.
Anyone who has this information can scour it for security vulnerabilities, which could be exploited to hack Windows systems worldwide.  The code runs at the heart of the operating system, at some of its most trusted levels.  It is supposed to be for Microsoft, hardware manufacturers, and select customers' eyes only. 

Selling rope to the hangman?  Is Russia that valuable a market? 
Under pressure, Western tech firms bow to Russian demands to share cyber secrets
Western technology companies, including Cisco, IBM and SAP, are acceding to demands by Moscow for access to closely guarded product security secrets, at a time when Russia has been accused of a growing number of cyber attacks on the West, a Reuters investigation has found.
Russian authorities are asking Western tech companies to allow them to review source code for security products such as firewalls, anti-virus applications and software containing encryption before permitting the products to be imported and sold in the country.  The requests, which have increased since 2014, are ostensibly done to ensure foreign spy agencies have not hidden any "backdoors" that would allow them to burrow into Russian systems.
But those inspections also provide the Russians an opportunity to find vulnerabilities in the products' source code - instructions that control the basic operations of computer equipment - current and former U.S. officials and security experts said.

I’m working on a similar App for Mom and Dad, so they can spy on their teenage drivers. 
Textalyzer Device Will Allow Cops To Snoop Your Cell Phone To See If You’ve Been Texting While Driving
According to the National Safety Council, one-quarter of all accidents in the United States are caused by texting and driving.  Approximately 330,000 people a year are injured due to accidents involving texting and driving.  In order to combat the problem, some police departments in the US are currently testing the “Textalyzer”, a device that can reveal whether or not a person was on their mobile device while driving.
The Textalyzer is a tablet-like device and police officers will be able to connect the driver’s smartphone to it and download their activity data within a few seconds.  The device records every click, tap or swipe, as well as the apps the driver was using at the time.
The Textalyzer was developed by Cellebrite, the same company that supposedly unlocked the iPhone involved in the San Bernardino shooting.
   There is currently a measure in New York waiting to be passed that would allow police officers to suspend a suspect’s license if they refused to hand over their mobile device.  There is also similar legislation being considered in the city of Chicago and the states of New Jersey and Tennessee.  It is important to note that the Textalyzer is still being tested and it is currently unclear how much information would be downloaded in a routine stop and what data would be retained afterward.

What must a corporate Gmail account be worth to Google? 
Google will stop scanning your Gmail messages to sell targeted ads
Google will stop its long-standing practice of scanning the contents of individual Gmail users for advertising purposes, the company announced in a blog post today.  The practice, something Google has done nearly since the launch of its email service, allows the company to digest the contents of email messages and use them to deliver targeted ads within Gmail itself.
Users are allowed to opt out, and Google also reserves the practice only for personal Gmail users and not those of corporate accounts.  However, the practice has made it difficult for Google to find and retain corporate clients for its cloud services business, according to Diane Greene, Google’s cloud division head, who spoke with the Financial Times.  This is due to general confusion over Google’s business tactics and an overall apprehension to trust the company with sensitive data, the report says.  

Far from Superbowl prices, but not bad for a small(?) share of the market.
Amazon to charge advertisers $2.8 million for Thursday night NFL ad packages
Amazon is looking to charge advertisers $2.8 million for packages that include 30-second spots during the Thursday night National Football League games it will stream live to its Prime customers this coming season, two people familiar with the matter told Reuters.
   Amazon is paying $50 million to the NFL to stream this season’s 10 Thursday night games, sources told Reuters in April.
   For each game, Amazon can sell 10 30-second spots, one of the sources said.

Look past your customers to their customers…
Kansas farmers win $218 million payout in suit against Syngenta
A Kansas federal jury awarded nearly $218 million on Friday to farmers who sued Swiss agribusiness giant Syngenta over its introduction of a genetically engineered corn seed variety. 
Syngenta vowed to appeal the verdict favoring four Kansas farmers representing roughly 7,300 growers from that state in what served as the first test case of tens of thousands of U.S. lawsuits assailing Syngenta’s decision to introduce its Viptera seed strain to the U.S. market before China approved it for imports. 
   Most of the farmers suing didn’t grow Viptera, but China also rejected millions of metric tons of their grain because elevators and shippers typically mix grain from large numbers of suppliers, making it difficult to source corn that was free of the trait.  So they say all farmers were hurt by the resulting price drop.

Another one for the geek toolkit.  
CheerpJ converts Java apps into JavaScript for the web
Melding Java and web development, CheerpJ is being readied as compiler technology that takes Java bytecode and turns it into JavaScript, for execution in browsers.  Based on the LLVM/Clang compiler platform as well as Learning Technologies’ own Cheerp C++-to-JavaScript compiler, CheerpJ takes Java bytecode and turns it into JavaScript without needing the Java source.

Friday, June 23, 2017

Bob to DHS: They never left!
DHS to Congress: The Russians Are Coming Back
A Department of Homeland Security official on Wednesday told the Senate Intelligence Committee that Russian government-backed hackers targeted as many as 21 states during the 2016 presidential election.
   DHS failed to share critical information with states about specific threat information that needed to be acted upon, such as the Russian hackers' targeting of 21 states, said Kay Stimson, spokesperson for the NASS.
"The general feedback we received from today's hearing," she told the E-Commerce Times, "is that state officials are very interested in receiving documented threat intelligence information from DHS so they can use that to protect their systems."

(Related).  Do you think the Russians bought ads?
Facebook refuses to release political advertising data
   "Advertisers consider their ad creatives and their ad targeting strategy to be competitively sensitive and confidential," Rob Sherman, Facebook’s deputy chief privacy officer, said in an interview with Reuters.
"In many cases, they'll ask us, as a condition of running ads on Facebook, not to disclose those details about how they're running campaigns on our service.
   Political science researchers have been asking the company for information on political advertising, like how it’s targeted, how much money is spent and how many people are engaging with the messages.
According to Reuters, President Trump’s campaign spent $70 million on Facebook digital ads; he has credited the social media site for helping him win the election. 

Didn’t Tom Clancy write about this a few years ago?  Something to file under Ethical Hacking.
WikiLeaks Details CIA's Air-Gapped Network Hacking Tool
WikiLeaks published several documents on Thursday detailing a tool allegedly used by the U.S. Central Intelligence Agency (CIA) to hack air-gapped networks through USB drives.
Dubbed “Brutal Kangaroo,” it has been described by its developer as a tool suite designed for targeting closed networks. The infected systems will form a covert network, and the attacker will be able to obtain information and execute arbitrary files.

How should I take this?  Is TSA saying it can’t identify anything with these scanners they are so hot to install everywhere?  They never make clear why this is needed.
Uncle Sam Wants Your Deep Neural Networks
The Department of Homeland Security is turning to data scientists to improve screening techniques at airports.
On Thursday, the department, working with Google, will introduce a $1.5 million contest to build computer algorithms that can automatically identify concealed items in images captured by checkpoint body scanners.

Out of the goodness in their hearts or because their lawyers are worried about lawsuits?
Mark Bergen reports:
Alphabet Inc.’s Google has quietly decided to scrub an entire category of online content — personal medical records — from its search results, a departure from its typically hands-off approach to policing the web.
Google lists the information it removes from its search results on its policy page.  On Thursday, the website added the line: “confidential, personal medical records of private people.”  A Google spokeswoman confirmed the changes do not affect search advertising but declined to comment further.
Read more on Bloomberg Technology.
I’m glad to see this, of course, but if you find personal medical information on the web, remember that you need to/should do more than just Google to de-index it, as the material will still be accessible on the web to those who know where to or how to look for it.  Be sure to contact the site or webmaster to alert them that they are exposing confidential medical information.
And if that fails to get results, you can file a complaint with state or federal regulators – or just go to the media to see if any local news station might be interested in picking up the story and getting involved with it. 

Part of a trend to let users see only the content they are comfortable with. 
   Tumblr’s Safe Mode is an extension of the Safe Search function that’s been around for several years now.  As its name suggests Safe Search filters sensitive content from search results. Safe Mode also filters sensitive content from your Dashboard, meaning you won’t see it at all ever.
With Safe Mode enabled you won’t see any content Tumblr has deemed to be sensitive in nature.  Instead you’ll see a gray screen with a message informing you, “This post may contain sensitive media”.  If you click View Post you can bypass this screen and see the content hidden beneath.
Tumblr is likely to face the usual claims of censorship.  In practical terms it is censoring sensitive content, but only if the user opts in by choice.  The exception are users under the age of 18, who will be opted in to using Safe Mode by default whether they like it or not.  However, users can simply lie about their age when registering their account in order to circumvent this.

Law, in the age of Google?
Digital security and due process: A new legal framework for the cloud era
For as long as we’ve had legal systems, prosecutors and police have needed to gather evidence.  And for each new advance in communications, law enforcement has adapted.  With the advent of the post office, police got warrants to search letters and packages.  With the arrival of telephones, police served subpoenas for the call logs of suspects.  Digital communications have now gone well beyond the Postal Service and Ma Bell.  But the laws that govern evidence-gathering on the internet were written before the Information Revolution, and are now both hindering the flow of information to law enforcement and jeopardizing user privacy as a result.
These rules are due for a fundamental realignment in light of the rapid growth of technology that relies on the cloud, the very real security threats that face people and communities, and the expectations of privacy that internet users have in their communications.
Today, we’re proposing a new framework that allows countries that commit to baseline privacy, human rights, and due process principles to gather evidence more quickly and efficiently

For my students.
Ten years ago, Jeanne Harris and I published the book Competing on Analytics, and we’ve just finished updating it for publication in September.  One major reason for the update is that analytical technology has changed dramatically over the last decade; the sections we wrote on those topics have become woefully out of date.  So revising our book offered us a chance to take stock of 10 years of change in analytics.
   Since much of big data is relatively unstructured, data scientists created ways to make it structured and ready for statistical analysis, with new (and old) scripting languages like Pig, Hive, and Python.  More-specialized open source tools, such as Spark for streaming data and R for statistics, have also gained substantial popularity.  The process of acquiring and using open source software is a major change in itself for established businesses.

I think I want to try this…  (I can always use a few millions)
Civic sells $33 million in digital currency tokens in public sale
U.S. startup Civic has sold $33 million in digital currency tokens for its identity verification project in a public sale, the company's co-founder and Chief Executive Vinny Lingham told Reuters.
The sale is the latest so-called initial coin offering (ICO), in which creators of digital currencies sell tokens to the public in order to finance their projects, in a similar way that companies raise money with an initial public offering, except there is no regulatory oversight. 

A contradictory report allows you to argue both sides of the question.
Reuters Institute Digital News Report 2017
by Sabrina I. Pacifici on Jun 22, 2017
This year’s report reveals new insights about digital news consumption based on a YouGov survey of over 70,000 online news consumers in 36 countries including the US and UK.  The report focuses on the issues of trust in the era of fake news, changing business models and the role of platforms.  This year’s report comes amid intense soul-searching in the news industry about fake news, failing business models, and the power of platforms.  And yet our research casts new and surprising light on some of the prevailing narratives around these issues.
  • The internet and social media may have exacerbated low trust and ‘fake news’, but we find that in many countries the underlying drivers of mistrust are as much to do with deep-rooted political polarisation and perceived mainstream media bias.
  • Echo chambers and filter bubbles are undoubtedly real for some, but we also find that – on average – users of social media, aggregators, and search engines experience more diversity than non-users.
With data covering more than 30 countries and five continents, this research is a reminder that the digital revolution is full of contradictions and exceptions.  Countries started in different places, and are not moving at the same pace.  These differences are captured in individual country pages that can be found towards the end of this report.  They contain critical industry context written by experts – as well as key charts and data points…”

   1.5 billion logged in viewers visit YouTube every single month.  That’s the equivalent of one in every five people around the world!  And how much do those people watch?  On average, our viewers spend over an hour a day watching YouTube on mobile devices alone.

You should read this article.

Thursday, June 22, 2017

Reports are still dribbling in. 
Honda Halts Production at Japan Plant After Cyber Attacks
Honda said Wednesday it had temporarily halted production at a plant in Japan after it suffered a cyberattack from the same ransomware that struck hundreds of thousands of computers worldwide last month.
The Japanese automaker said it had shut its plant in Sayama, near Tokyo, on Monday after discovering its computer system was infected with the so-called WannaCry virus.
The virus encrypts computer files, making them inaccessible until users pay a ransom.
"The malware affected the production of about 1,000 cars," a Honda spokeswoman told AFP, adding that production restarted on Tuesday.
   In May, French auto giant Renault was hit, forcing it to halt production at sites in France, Slovenia and Romania as part of measures to stop the spread of the virus.
Nissan's British unit in Sunderland was also hit in the attack.
   Japanese conglomerate Hitachi was also affected, saying its computer networks were "unstable", crippling its email systems.

I’m surprised it took so long.
Natasha Bertrand reports:
A data-analytics firm hired by the Republican National Committee last year to gather political information about US voters accidentally leaked the sensitive personal details of roughly 198 million citizens earlier this month.  And it’s now facing its first class-action lawsuit.
Deep Root Analytics, a data firm contracted by the RNC, stored details of about 61% of the US population on an Amazon cloud server without password protection for roughly two weeks before it was discovered by security researcher Chris Vickery on June 12.
The class-action lawsuit, filed by James and Linda McAleer of Florida and all others similarly situated, alleges Deep Root failed to “secure and safeguard the public’s personally identifiable information such as names, addresses, email addresses, telephone numbers, dates of birth, browsing history, and voter ID number, which Deep Root collected from many sources, including the Republican National Committee.”
Read more on Business Insider.
So here’s the thing, again.  Where’s the demonstrate of injury?  Spoiler alert: there doesn’t seem to be any.  According to Bertrand, the complaint says that those exposed in the data breach may be vulnerable to identity theft and “a loss of privacy,” and argue that the “actual damages” exceed $5 million.
Well, a lot of courts have already held that increased probability of possible harm does not confer standing.  And “loss of privacy?”  Well, that should be a cognizable harm or injury, but is it?
As bad as this misconfiguration/exposure seems, is this a case of “what might have been” or a case of “what happened?”  And either way, is what happened anything much more than publicly available information being made more conveniently publicly available? 

Keeping up with the e-criminals?
IC3 Issues Internet Crime Report for 2016
by Sabrina I. Pacifici on Jun 21, 2017
“The Internet Crime Complaint Center (IC3) has released its 2016 Internet Crime Report, describing the numbers and types of cyber crimes reported to IC3.  Business Email Compromise (BEC), ransomware attacks, tech support fraud, and extortion are all common schemes affecting people in the U.S. and around the world. US-CERT encourages users to review the 2016 Internet Crime Report for details and refer to the US-CERT Security Publication on Ransomware for information on defending against this particular threat.” [thanks Pete Weiss]

Another perspective.
Average Cost of Data Breach Drops Globally, Rises to $7.35 Million in U.S.
The 2017 IBM Security and Ponemon Institute annual report on the cost of a breach shows that the cost of stolen records and the total cost of a breach continues to rise -- at least in America.  The lost- or stolen-record cost rose from $221 to $225 each, while the average total cost of a breach increased from $7.01 million to $7.35 million for organizations in the United States.
In the European countries included in the study -- France, Germany Italy and the United Kingdom -- these costs actually fell.  For example, in the UK, the average per capita cost of a data breach decreased from £102 to £98 and the average total organizational cost decreased from £2.53 million in 2016 to £2.48 million in 2017.
The annual Cost of Data Breach Study (PDF) is one of security's yearly benchmark reports.

Some thoughts on propaganda.  Also useful for political campaigns? 
Computational Propaganda Worldwide: Executive Summary
by Sabrina I. Pacifici on Jun 21, 2017
Oxford Internet Institute, University of Oxford: “The Computational Propaganda Research Project at the Oxford Internet Institute, University of Oxford, has researched the use of social media for public opinion manipulation.  The team involved 12 researchers across nine countries who, altogether, interviewed 65 experts, analyzed tens of millions posts on seven different social media platforms during scores of elections, political crises, and national security incidents.  Each case study analyzes qualitative, quantitative, and computational evidence collected between 2015 and 2017 from Brazil, Canada, China, Germany, Poland, Taiwan, Russia, Ukraine, and the United States.”
The reports can be found at the following links:

The upside (downside) of the connected home? 
Joe Cadillic writes:
According to an article in the Telegraph, Houston County’s $46.5 million dollar 911 center allows police to spy inside homes and businesses:
“If the alarm goes off at your business, 911 operators will be able to view a live video stream from the security surveillance system and tell law enforcement what’s happening.”
“.. we’ll be able to have video streaming like if a burglar alarm goes off at a store … We can see inside of the store and see who’s in there,” Houston County sheriff’s Capt. Ricky Harlowe said.
FirstNet or Next Generation 911 allows police to spy inside people’s homes, and businesses without a warrant.
Police don’t need a warrant because citizens and business owners have given their alarm companies permission to spy on their homes.
Read more on MassPrivateI.

Simple surveillance tools marketed as friendly?
Snapchat acquires social map app Zenly for $250M to $350M
Snapchat’s newest feature, Snap Map, is based on its latest acquisition, social mapping startup Zenly.  TechCrunch has learned that Snapchat has bought Zenly for between $250 million and $350 million in mostly cash and some stock in a deal that closed in late May.  Snapchat will keep Zenly running independently, similar to how Facebook lets Instagram run independently.
Zenly’s app lets users see where their friends currently are on a map using constant GPS in the background.  People can then message these friends in the app to make plans to hang out.

Trying to get our heads around the future.
Regulation of Big Data: Perspectives on Strategy, Policy, Law and Privacy
by Sabrina I. Pacifici on Jun 21, 2017
Casanovas, Pompeu and de Koker, Louis and Mendelson, Danuta and Watts, David, Regulation of Big Data: Perspectives on Strategy, Policy, Law and Privacy (June 1, 2017).  Health and Technology (2017) DOI 10.1007/s12553-017-0190-6. Available at SSRN:
“This article encapsulates selected themes from the Australian Data to Decisions Cooperative Research Centre’s Law and Policy program.  It is the result of a discussion on the regulation of Big Data, especially focusing on privacy and data protection strategies.  It presents four complementary perspectives stemming from governance, law, ethics, and computer science.  Big, Linked, and Open Data constitute complex phenomena whose economic and political dimensions require a plurality of instruments to enhance and protect citizens’ rights.  Some conclusions are offered in the end to foster a more general discussion.  This article contends that the effective regulation of Big Data requires a combination of legal tools and other instruments of a semantic and algorithmic nature.  It commences with a brief discussion of the concept of Big Data and views expressed by Australian and UK participants in a study of Big Data use in a law enforcement and national security perspective.  The second part of the article highlights the UN’s Special Rapporteur on the Right to Privacy interest in the themes and the focus of their new program on Big Data.  UK law reforms regarding authorisation of warrants for the exercise of bulk data powers is discussed in the third part.  Reflecting on these developments, the paper closes with an exploration of the complex relationship between law and Big Data and the implications for regulation and governance of Big Data.”

I imagine there are many new things to consider when flying in places planes and helicopters don’t go.  Clothesline?  Dogs?  Sprinklers? 
Precise weather forecasting critical for product deliveries by drones
by Sabrina I. Pacifici on Jun 21, 2017

Wednesday, June 21, 2017

Picking a victim that can’t fight back?  I wouldn’t be so sure.  Definitely a place to watch. 
How An Entire Nation Became Russia's Test Lab for Cyberwar
   The Cyber-Cassandras said this would happen.  For decades they warned that hackers would soon make the leap beyond purely digital mayhem and start to cause real, physical damage to the world.  In 2009, when the NSA’s Stuxnet malware silently accelerated a few hundred Iranian nuclear centrifuges until they destroyed themselves, it seemed to offer a preview of this new era.  “This has a whiff of August 1945,” Michael Hayden, former director of the NSA and the CIA, said in a speech.  “Somebody just used a new weapon, and this weapon will not be put back in the box.”
Now, in Ukraine, the quintessential cyberwar scenario has come to life.  Twice.  On separate occasions, invisible saboteurs have turned off the electricity to hundreds of thousands of people.  Each blackout lasted a matter of hours, only as long as it took for scrambling engineers to manually switch the power on again.  But as proofs of concept, the attacks set a new precedent: In Russia’s shadow, the decades-old nightmare of hackers stopping the gears of modern society has become a reality.

Another attack against a state, but probably not state sponsored?  
Spear Phishing Campaign Targets Palestinian Law Enforcement
Palestinian law enforcement agencies and other targets within Palestine were targeted in a spear phishing campaign delivering malware to remotely control infected systems, Talos researchers reveal.
The actor behind this campaign “has appeared to have used genuine documents stolen from Palestinian sources as well as a controversial music video as part of the attack,” Talos says.  The attacker also referenced TV show characters and included German language words within the attack, researchers discovered.
Information on these attacks initially emerged in March from Chinese security firm Qihoo 360, and in early April, when researchers at Palo Alto Networks and ClearSky revealed four malware families being used in targeted campaigns in the Middle East: Windows-based Kasperagent and Micropsia, and Android-focused SecureUpdate and Vamp.
Last week, ThreatConnect shared some additional information on Kasperagent, sayung the threat was mainly used as a reconnaissance tool and downloader, but that newer samples can also steal passwords from browsers, take screenshots, log keystrokes, execute arbitrary commands, and exfiltrate files. 

A security heads-up!
Microsoft admits to disabling third-party antivirus code if Win 10 doesn't like it
Windows 10 does disable some third-party security software, Microsoft has admitted, but because of compatibility – not competitive – issues.
Redmond is currently being sued by security house Kaspersky Lab in the EU, Germany and Russia over alleged anti-competitive behavior because it bundles the Windows Defender security suite into its latest operating system.  Kaspersky (and others) claim Microsoft is up to its Internet Explorer shenanigans again, but that’s not so, said the operating system giant.

Be careful with your facts.
Deep Root Analytics Downplays Giant Voter Data 'Oops'
A data contractor working on behalf of the Republican National Committee earlier this month allowed the personal data of 198 million voters to be exposed online, marking the largest ever leak of voter data in history, according to the cybersecurity firm that discovered the incident.
Deep Root Analytics left 1.1 terabytes of sensitive information -- including names, home addresses, dates of birth, phone numbers and voter registration information -- on a publicly accessible Amazon Web Server, according to UpGuard.
   The previous record for a voter data leak was the exposure of 100 million records in Mexico, UpGuard reported.
Deep Root acknowledged that "a number of files" within its storage system had been accessed but claimed that the exposed database had not been built for any specific client.  Rather, it was the firm's "proprietary analysis" meant for television advertising purposes.
The information accessed consisted of voter data that already was publicly available and readily provided by state government offices, Deep Root maintained.
   Based on information made available about the leak, it appears that Amazon Web Services is not responsible for the incident, said Mark Nunnikhoven, vice president for cloud research at Trend Micro.
"From the little technical detail that is available, it appears as if the company managing the data left it exposed to the public," he told the E-Commerce Times.  "This is not the default setting for the service they used.  Making data publicly available is a feature of this service, but one that requires explicit configuration."

Good news. Bad news. 
Time to Detect Compromise Improves, While Detection to Containment Worsens: Report
Throughout 2016, Trustwave investigated hundreds of data breaches in 21 different countries, and conducted thousands of penetration tests across databases, networks and applications.  An analysis of key findings from this activity is presented in the 2017 Trustwave Global Security Report published Tuesday (PDF).
The result is a mixed bag.  Overall, security defenses have slightly improved, but attacks continue to evolve.  Detection is improving.  Trustwave says the median time to detect a compromise has decreased from 80.5 days in 2015 to 49 days in 2016.  The difference between self-detected and third-party detections is, however, dramatic: just 16 days for self-detected and 65 days for externally detected.

Golly gee willikers!  Could this be happening here too?
Jordan Pearson reports:
For over a year, Canadian military, intelligence, police, and border agencies have been meeting to develop and coordinate their biometric capabilities, which use biological markers like facial recognition and iris scanning to identify individuals.
This initiative—details of which were revealed to Motherboard in documents obtained through an access to information request—shows that the Canadian government is reigniting its focus on biometrics after a similar attempt a decade ago fizzled out.  According to these documents, which include emails, meeting agendas, and briefing reports, the meetings are an effort to coordinate the critical mass of biometrics programs that exist across many government agencies, particularly those relating to national security.
Read more on Motherboard.

For all me smartphone-packing students.

This could get nasty.
Walmart Gears Up Anti-Amazon Stance in Wake of Whole Foods Deal
Days after arch-rival Amazon announced plans to buy Whole Foods for $13.7 billion, Walmart is apparently ramping up its defense.
That acquisition takes square aim at Walmart's bread-and-butter grocery business by giving the online retailer 465 new retail locations—thus a much bigger brick-and-mortar presence.
Now, Walmart is telling some partners and suppliers that their software services should not run on Amazon Web Services cloud infrastructure, according to the Wall Street Journal.
   A Walmart spokesman told the Journal that some suppliers do use AWS services, but that in some cases, the retailer is wary of putting sensitive data on a competitor's servers.

Open is good.
Librarian highlights open access document discovery services
by Sabrina I. Pacifici on Jun 20, 2017
Getting serious about open access discovery — Is open access getting too big to ignore? – “…Still for whatever reason, suddenly services built around helping users find free full text began to emerge all at the same time..”
[From the article:
With all the intense interest Unpaywall is getting (See coverage in academic sites like Nature, Science, Chronicle of Higher education, as well as more mainstream tech sites like Techcruch, Gimzo), you might be surprised to know that Unpaywall isn’t in fact the first tool that promises to help users unlock paywalls by finding free versions.
Predecessors like Open Access button (3K users), Lazy Scholar button (7k Users), Google Scholar button (1.2 million users) all existed before Unpaywall (70k users) and are arguably every bit as capable as Unpaywall and yet remained a niche service for years.

I think some of my students are a bit over-prepared.
Want to Work for Jaguar Land Rover? Start Playing Phone Games
The carmaker announced on Monday that it would be recruiting 5,000 people this year, including 1,000 electronics and software engineers.  The catch?  It wants potential employees to download an app with a series of puzzles that it says will test for the engineering skills it hopes to bring in.
While traditional applicants will still be considered, people who successfully complete the app’s puzzles will “fast-track their way into employment,” said Jaguar Land Rover, which is owned by Tata Motors of India.

(Related).  Have I detected a trend?
Good at Texting? It Might Land You a Job
Your next job interview might happen via text message.  Srsly.
Claiming that prospective hires are too slow to pick up the phone or respond to emails, employers are trying out apps that allow them to screen candidates and conduct early-stage interviews with texts. 

Not sure I want to share this with my students.
Microsoft’s Dictate uses Cortana’s speech recognition to enable dictation in Office
Dictate, a new project from Microsoft’s experimental R&D group, Microsoft Garage, is launching today to offer a way to type using your voice in Office programs including Outlook, Word and PowerPoint.  Available as an add-in for Microsoft’s software, Dictate is powered by the same speech recognition technology that Cortana uses in order to convert your speech to text.
This is also same speech recognition and A.I. used in Microsoft Cognitive Services, including Microsoft Translator, the company says in an announcement about the new add-in.
   An introductory video posted this morning to YouTube offers a preview of how the software works in Word, PowerPoint, and Outlook.
   It also at launch supports more than 20 languages for dictation, and can translate in real-time into 60 languages.  This is perhaps its most clever trick, as that means you can speak in your language, while Dictate types it out in another.

(Related).  However, it is clear this is coming.
When AI Can Transcribe Everything
Two companies—Trint, a start-up in London, and SwiftScribe, a subsidiary of Baidu based out of its U.S. headquarters in Silicon Valley—have begun to offer browser-based tools that can convert recordings of up to an hour into text with a word-error rate of 5 percent or less.

Nextdoor, now in 160,000 neighborhoods globally, expands to Germany
Nextdoor, the social network that connects you with people in your neighborhood, is taking another step up in its global growth, after launching in the Netherlands and the UK last year.  Today, the company is opening for business in Germany, the largest internet market in Europe.
The move comes as Nextdoor says it is now used in 160,000 neighborhoods across the US, UK and Netherlands, with about 145,000 of those in its home market of the US, and the company continues to grow at a steady pace.
We are growing 100 percent year over year have done that since inception,” said co-founder and CEO Nirav Tolia in an interview.  This works out to adding around 100 new neighborhoods every day.

For the toolkit!
this simple one-page site holds 19 PDF tools and converters that can save you a lot of work.  Think of it as a Swiss Army knife for your PDF workflow.
  1. Convert PDF to any document format.
  2. Convert from Word, Excel, PowerPoint, or from popular image formats to PDF.
  3. A collection of free PDF utility tools to edit a PDF document.
The interface is neat and there are no annoying advertisements.  You don’t need to register and sign-in to use the site.

Another toolkit item.