Wednesday, September 20, 2017

This could be very difficult. Some messages are obvious, others not so much.
Web firms told to remove terror content within two hours
Tech giants like Google, Facebook and Twitter must find ways to remove terror propaganda within two hours of being posted online - or face fines, Theresa May will demand.
The prime minister will help lead an international call for the internet firms to be set a deadline of a month to show they can develop the necessary technology fixes.
The move comes as YouTube faced criticism for failing to take down extremist content that included videos praising Hitler and the Taliban.
And days after a report found more jihadist propaganda is viewed online in the UK than any other country in Europe.
… The so-called Islamic State generated 27,000 extremist postings on platforms like Twitter in a five-month period between January and May this year.
The links ranged from bomb-making instructions to calls to commit atrocities with cars and knives, with the majority of shares taking place in the first two hours. [So even a two hour window will miss ‘the majority’ of shares? Bob]

Twitter says its controls are weeding out users advocating violence
Twitter said it had removed 299,649 accounts in the first half of this year for the “promotion of terrorism”, a 20 percent decline from the previous six months, although it gave no reason for the drop. Three-quarters of those accounts were suspended before posting their first tweet.

(Related). A drop in the bucket or a way to identify potential solutions? launches $5 million innovation fund to counter ‘hate and extremism’
With controversy continuing to mount over the role the internet has played in fueling extremist groups, today announced a new initiative it hopes will put a dent in the problem.
The organization said it will pump $5 million into an innovation fund that will give grants to researchers and organizations that are building products and services to combat the problem.

We need some new thinking.
The Hill reports:
A District of Columbia court has dismissed two lawsuits over the Office of Personnel Management (OPM) data breach disclosed in 2015.
The American Federation of Government Employees, the largest federal workers union, filed the class action lawsuit against the OPM in June 2015, alleging that the breaches stemmed from gross negligence on the part of federal officials.
The lawsuit was one of two consolidated complaints related to the OPM breach that the U.S. District Court for D.C. dismissed on Tuesday, ruling that both sets of plaintiffs lacked the standing to bring their cases.
Read more on The Hill.
Okay, since these lawsuits weren’t under the same laws we generally see in consumer lawsuits over breaches, we’ll have to dig into this one a bit more to see why the court did not find that the plaintiffs had standing. In the meantime, I’ll keep an eye out to see if any law firms provide an analysis of the opinion on their sites that I can link to here.
Keep in mind that I consider the OPM breach one of the worst breaches ever because of the amount of personal and sensitive information involved. If these plaintiffs have trouble demonstrating why they have standing, well….. maybe it’s time to revisit what it should take to demonstrate standing when your background checks, biometric data, and other personal and sensitive information wind up in the hands of unknown threat actors due to an entity’s failure to adequately safeguard your information.

Not all algorithms are perfect. (But some are amusing.)
Amazon sends accidental gift email to shoppers due to glitch
A technical glitch caused Inc to email some of its customers erroneously that they had received a gift, the company said on Tuesday.
The email displayed an image of a crawling infant and told shoppers they had received a present from their baby registry. A number of recipients, however, reported on social media that they were not expecting a child.
“Amazon just informed me that someone has purchased a gift from my baby registry. My baby is 21, and hopes it’s a keg,” Washington Post reporter Karen Tumulty said on Twitter.

I bet they would! Big money, but is it enough to get the attention of other Boards of Directors?
Equifax May Be Happy to Spend $1 Per Customer for Their Trouble
… While the 118-year-old credit-reporting firm has been hit with more than 100 consumer lawsuits over its massive security breach, legal experts say there’s room for a deal because neither side has a slam-dunk case.
A global settlement of about $200 million is plausible, said Nathan Taylor, a cybersecurity lawyer with Morrison Foerster LLP in Washington. That’s a projection based on the $115 million Anthem Inc. agreed to pay in June -- setting a U.S. record -- to resolve claims that it didn’t protect a smaller number of people from a 2015 criminal hack that stole similarly sensitive information, Taylor said.
With lawyers collecting as much as a third of any payout, the company may end up spending an average of less than $1 per person for credit monitoring and out-of-pocket expenses for 143 million Equifax consumers whose data was compromised.
That’s a good deal for the embattled credit reporting company as its exposure theoretically could amount to $143 billion under a federal law that carries damages of as much as $1,000 per violation, plus punitive damages.

(Related). Look before you leap. Caveat emptor. There’s a sucker born every minute.
LifeLock offers to protect you from the Equifax breach — by selling you services provided by Equifax

A link for my Computer Security students.

I may use this in my next Statistics class.
A visual introduction to machine learning
by Sabrina I. Pacifici on Sep 19, 2017
R2D3 is an experiment in expressing statistical thinking with interactive design: “In machine learning, computers apply statistical learning techniques to automatically identify patterns in data. These techniques can be used to make highly accurate predictions… Using a data set about homes, we will create a machine learning model to distinguish homes in New York from homes in San Francisco…”

Hard to show you’re a serious worker if you can’t even complete the application…
What’s keeping teenagers unemployed? Online personality tests
… Where once teenagers or early 20-somethings may have wandered into their local supermarket and applied for their first job, now a substantial share of employers are using online personality assessments to gauge the skill and character of potential dishwashers, burger-flippers and other entry-level jobs.
That’s putting young job seekers at a disadvantage, according to a report released Wednesday by JobsFirstNYC, a New York City-based nonprofit that advocates for out-of-school and out-of-work young adults. The report is based on an experiment, which asked 18 to 22-year-olds to submit applications to 42 major employers in the New York City area in 2012 and 2014.
The authors found that tests were so extensive — in some cases 200 questions — that they discouraged young people from applying or made it difficult for them to complete the applications, a problem that was particularly acute for low-income young people who may not have regular access to the internet. Young adults may struggle more than older applicants to answer some of the questions because their brain and personality development isn’t complete, they added.

Why American teenagers are not interested in adult activities like sex, drinking — or working
Kids today are in no hurry to grow up.
Teenagers are increasingly less likely to engage in adult activities like drinking alcohol, working jobs, driving or having sex according to research from San Diego State University and Bryn Mawr College published in the peer-reviewed journal Child Development Tuesday.

This could be an interesting addition to student research papers.

Tuesday, September 19, 2017

This just got nasty.
You may have never heard of Flathead Valley in Montana. I’ll admit that I had never heard of it until tonight when I received a tip to go look at a post on their sheriff’s Facebook page. And that’s when I learned that Flathead County schools had not only been hacked and threatened if they didn’t pay the hackers, but parents had received messages threatening to kill their children. The threats were taken seriously enough that 30 schools were closed for days while the county and federal law enforcement investigated the threats.
We are now in the realm of TheDarkOverlord v2.0, it seems.
For those who, like this blogger, have followed the criminal activities of TheDarkOverlord, reading a report of them thoroughly hacking an entity and then writing a lengthy demand letter threatening to expose confidential files or personal information – well, that’s nothing new. But contacting parents of school children and threatening their children’s physical safety?
It is TheDarkOverlord on steroids, at the very least. But is it a real threat?
As The Flathead Beacon reported after the situation escalated:
The individual apparently gained access to the Columbia Falls School District’s electronically stored directory and began contacting and threatening families individually.
How do you terrorize an entire community? You raise the spectre of Sandy Hook. And you show that you know details about the children and the school.

TheDarkOverlord are masters at doing their research, and were aiming to create significant terror in their targets. I think it’s pretty clear that they accomplished that – at least in the short-term. But is this approach likely to result in more payments from victims, or has TheDarkOverlord misunderstood the psychology of its intended victims? There is certainly no indication that Flathead Valley will be paying them any money.
What the people of Flathead County may not know, but what law enforcement should certainly know, is that this is not the first time TheDarkOverlord has threatened physical violence against a victim. is not reproducing an earlier threat missive, but it, too, was designed to terrorize its target by threatening physical violence against the victim’s family. And the Flathead case is not the first case where TheDarkOverlord has contacted its victims by phone or SMS to threaten them or deliver obscenity-laden messages.
And maybe that’s the first thing law enforcement could have done to reassure the community: to recognize from the style and writing that this was/is the work of TheDarkOverlord and they’ve threatened physical violence before but never followed up on it – at least, not to date.
Of course, if TheDarkOverlord is really outside of the U.S., as the sheriff apparently told the community, then actual physical violence seems less likely. But should the county be telling the public that TheDarkOverlord is outside of the U.S.? It’s a reasonable hypothesis, but do they actually have any hard proof of that? If they don’t have actual proof, wouldn’t it be more honest to say, “We believe that they’re outside of the U.S.” than to assert that they are?
… In the meantime, the Flathead Beacon has done a truly admirable job of reporting on the situation as it has evolved, and you can get caught up on the details by reading their reports (in reverse chronological order, below:)

Management did not take the earlier breach as an indication that security was not up to snuff?
Equifax Suffered a Hack Almost Five Months Earlier Than the Date It Disclosed
Equifax Inc. learned about a major breach of its computer systems in March -- almost five months before the date it has publicly disclosed, according to three people familiar with the situation.
In a statement, the company said the March breach was not related to the hack that exposed the personal and financial data on 143 million U.S. consumers, but one of the people said the breaches involve the same intruders.
… Equifax hired the security firm Mandiant on both occasions and may have believed it had the initial breach under control, only to have to bring the investigators back when it detected suspicious activity again on July 29, two of the people said.
… The revelation of a March breach will complicate the company’s efforts to explain a series of unusual stock sales by Equifax executives. If it’s shown that those executives did so with the knowledge that either or both breaches could damage the company, they could be vulnerable to charges of insider trading. The U.S. Justice Department has opened a criminal investigation into the stock sales, according to people familiar with the probe.
Equifax has said the executives had no knowledge that an intrusion had occurred when the transactions were made.
… There’s no evidence that the publicly disclosed chronology is inaccurate, but it leaves out a set of key events that began earlier this spring, the people familiar with the probe said.
In early March, they said, Equifax began notifying a small number of outsiders and banking customers that it had suffered a breach and was bringing in a security firm to help investigate. The company’s outside counsel, Atlanta-based law firm King & Spalding, first engaged Mandiant at about that time. [Hired not by Equifax, but by their lawyers. Bob] While it’s not clear how long the Mandiant and Equifax security teams conducted that probe, one person said there are indications it began to wrap up in May. Equifax has yet to disclose that March breach to the public.
One possible explanation, according to several veteran security experts consulted by Bloomberg, is that the investigation didn’t uncover evidence that data was accessed. Most data breach disclosure laws kick in only once there’s evidence that sensitive personal identifying information like social security numbers and birth dates have been taken. The Equifax spokesperson said the company complied fully with all consumer notification requirements related to the March incident.

Apparently, a large percentage of people prefer conspiracy over truth.
Is There Any Hope for Facebook's Fact-Checking Efforts?
Facebook’s fact-checking efforts are on the rocks. Five months after the social-media giant debuted a third-party tool to stop the spread of dubious news stories on its platform, some of its fact-checker partners have begun expressing frustration that the company won’t share data on whether or not the program has been effective.
In the absence of that official data, a study by Yale researchers made waves last week by suggesting that flagging a post as “disputed” makes readers just a slim 3.7 percent less likely to believe its claim. Among Trump supporters and young people, the fact-checking program seems to backfire entirely: Those respondents were more likely to believe flagged posts than unflagged ones.
… Facebook users who cluster around conspiracy-related content tend to interact only with material that affirms their preexisting worldview, but in the rare cases when they do come into contact with dissenting information that attempts to debunk conspiracy theories—in the form of public posts by science-related pages—the conspiracy theorists become more, rather than less, likely to interact with conspiracy-related content in the future. In fact, conspiracy theorists who never interact with dissenting viewpoints are almost twice as likely as those who do to eventually drift away from conspiracy-themed content.
In other words, attempting to correct wrongheaded beliefs on Facebook appears to accomplish the precise opposite.

For my students who read.
Google adds local library ebook options to search results
… The user will need to first apply their location, though, so Google knows which library to search. T he results, as shown in the tweeted image above, lists the library under a ‘Borrow ebook’ section which itself appears to be found under the ‘Get Book’ tab. You’ll need to search the book’s title to see this, at which point there’s only a bit of scrolling and a tap to get to the item.
If you do tap the link to borrow the ebook, you’ll be taken to a page where you can then sign in with your library credentials. From there you can proceed as usual, reading a sample or outright borrowing the book if you already know you want it. The feature is rolling out now and can be found on mobile and desktop (at the bottom of the right-hand panel in the latter case).

Monday, September 18, 2017

I’m updating as I type this blog entry.
Hackers Hid Backdoor In CCleaner Security App With 2 Billion Downloads -- 2.3 Million Infected
Users of Avast-owned security application CCleaner for Windows have been advised to update their software immediately, after researchers discovered criminal hackers had installed a backdoor in the tool. The tainted application allows for download of further malware, be it ransomware or keyloggers, with fears millions are affected. According to Avast's own figures, 2.27 million ran the affected software, though the company said users should not panic.
… The malware would send encrypted information about the infected computer - the name of the computer, installed software and running processes - back to the hackers' server. The hackers also used what's known as a domain generation algorithm (DGA); whenever the crooks' server went down, the DGA could create new domains to receive and send stolen data. Use of DGAs shows some sophistication on the part of the attackers.

A good summary, but nothing new.

Social media has to respond to government “requests” to keep operating in that country. There is no higher court to appeal to.
Snapchat blocks Al Jazeera in Saudi Arabia at government’s request
Social media app Snapchat has blocked access to Al Jazeera articles and videos on the platform in Saudi Arabia, following a request from Saudi authorities.
Snapchat said it blocked access to AJ’s Discover Publisher Channel at the request of authorities because it allegedly violated Saudi laws.
Al Jazeera, a Qatari-backed broadcaster, was one of the points of contention in the ongoing dispute between Qatar on one side and Saudi Arabia, Bahrain, Egypt and the UAE on the other. All cut ties with Qatar for allegedly supporting terrorism. Doha denies the accusation.
The complete shutdown of Al Jazeera was included in the list of 13 conditions which Saudi Arabia gave to Qatar in return for the removal of sanctions.

(Related). The law is whatever we say it is.
Facebook Navigates an Internet Fractured by Governmental Controls
… Mr. Tuan’s arrest came just weeks after Facebook offered a major olive branch to Vietnam’s government. Facebook’s head of global policy management, Monika Bickert, met with a top Vietnamese official in April and pledged to remove information from the social network that violated the country’s laws.
While Facebook said its policies in Vietnam have not changed, and it has a consistent process for governments to report illegal content, the Vietnamese government was specific. The social network, they have said, had agreed to help create a new communications channel with the government to prioritize Hanoi’s requests and remove what the regime considered inaccurate posts about senior leaders.
Populous, developing countries like Vietnam are where the company is looking to add its next billion customers — and to bolster its ad business. Facebook’s promise to Vietnam helped the social media giant placate a government that had called on local companies not to advertise on foreign sites like Facebook, and it remains a major marketing channel for businesses there.
The diplomatic game that unfolded in Vietnam has become increasingly common for Facebook. The internet is Balkanizing, and the world’s largest tech companies have had to dispatch envoys to, in effect, contain the damage such divisions pose to their ambitions.
… As nations try to grab back power online, a clash is brewing between governments and companies. Some of the biggest companies in the world — Google, Apple, Facebook, Amazon and Alibaba among them — are finding they need to play by an entirely new set of rules on the once-anarchic internet.
And it’s not just one new set of rules. According to a review by The New York Times, more than 50 countries have passed laws over the last five years to gain greater control over how their people use the web.

At least they don’t have to record their choices in cursive. Perhaps we will soon need a new acronym: TO;CG (too old, call grandpa)?
LOL Democracy! Young Voters Are Baffled by Mail-In Ballots
Both sides in Australia’s referendum on same-sex marriage wonder if millennials, more accustomed to texting and social media, actually know how to send a letter.
The future of democracy faces an unexpected challenge from within.
Can young voters learn to use a mailbox?
The outcome of a national mail-in vote in Australia this fall on sanctioning same-sex marriage may teeter on the answer. “I don’t really know what the go is with post boxes, stamps, that kind of thing,” says 23-year-old Anna Dennis. Ms. Dennis, a sociology student at the elite Australian National University, says the last time she had to mail a parcel “I took my dad to help.”
… Tiernan Brady was recruited to run the Equality Campaign after heading Ireland’s same-sex marriage referendum in 2015. He says he starts campaign events by asking, “How many people have posted a letter in the past year?”
Typically, “only a handful of hands go up,” Mr. Brady says.
“Australians don’t do postal votes,” he says. “The last one was in 1917, so we can safely say no one alive remembers it.”
Like elsewhere, instant-message apps and email have taken their toll. Mail volume has plummeted, according to Australia Post, the national mail service: Australians sent a billion fewer letters last year than a decade ago. Business and government mail account for 95% of all letters.
Postal service appears to have joined the list of habits abandoned by millennials, including paying by check and answering the doorbell, a device that a majority in a recent Twitter poll agreed was “scary weird.”
… Sending a letter is like recalling the times table from grade-school arithmetic, says Yan Zhuang, a 21-year-old politics major at the University of Melbourne. “You sort of remember,” she says, “but not really.”
Australia Post says it doesn’t know how many young people send mail. A 2015 study for the Royal Mail in the U.K. found a third of them believe “writing letters is a thing of the past.” Half said they wrote friends on social media every day; most said they mailed about one letter a year.

Just out of curiosity, I’d like to see the cost projections they based this advertising scheme on.
Verizon disconnecting 8,500 people for being unprofitable
Verizon said it sent notices of disconnection to the affected customers this month and those customers will have until October 17th to find new mobile service. Verizon says that’s plenty of time for people to find new networks as the customers generate more in roaming charges than they generate income for Verizon.
“These customers live outside of areas where Verizon operates our own network. Many of the affected consumer lines use a substantial amount of data while roaming on other providers’ networks and the roaming costs generated by these lines exceed what these consumers pay us each month.”
The interesting part of this story is that Verizon’s letter to customers doesn’t provide any way for them to stick with Verizon by reducing their data use. The letter simply states the October 17 cut-off period. One affected customer contacted Ars Technica and said her family only used 50GB across 4 lines, which is well below the 22GB cut-off.
Verizon maintains that these customers are getting the boot because of their roaming charges, but also fails to mention that it advertised its own unlimited plans directly to these rural customers in order to entice them to get plans. Now that the cost has become more than Verizon can bare, they’re giving those customers the boot.

Would lawyers use/trust/admit to a free resource?
New on LLRX – The Fight to Bring Legal Research to the Front
by Sabrina I. Pacifici on Sep 17, 2017
Via LLRXThe Fight to Bring Legal Research to the Front – Law librarian and professor Brandon Adler identifies core issues to support educating third year law students in a wide range of reliable free and low cost legal resources. Many law librarians acknowledge that there is a lack of awareness and use of alternative legal resources, with the law student community as well across a large swath of attorneys in firms both large and small.

Perhaps not the most comprehensive review, but at least it’s a start.
New on LLRX – AI And The Rule Of Law
by Sabrina I. Pacifici on Sep 17, 2017
Via LLRX – AI And The Rule Of Law – Our exposure to and reliance upon an increasingly ubiquitous range of technology is intertwined with issues related to intellectual property law. With smartphone cameras used to capture and share what their respective creators otherwise claim as intellectual property, to the devices, services and applications that comprise the Internet of Things (IoT), Ken Grady raises significant and as yet unresolved concerns about how the rule of law will be applied in response to the use, and misuse, of AI and digital personal assistants.

Why lies work? Why it is hard to change the first thing you learn? The importance of a reliable first source?
Debunking Study Suggests Ways to Counter Misinformation and Correct ‘Fake News’
by Sabrina I. Pacifici on Sep 17, 2017
News release: “It’s no use simply telling people they have their facts wrong. To be more effective at correcting misinformation in news accounts and intentionally misleading “fake news,” you need to provide a detailed counter-message with new information – and get your audience to help develop a new narrative. Those are some takeaways from an extensive new meta-analysis [fee req’d] of laboratory debunking studies published in the journal Psychological Science. The analysis, the first conducted with this collection of debunking data, finds that a detailed counter-message is better at persuading people to change their minds than merely labeling misinformation as wrong. But even after a detailed debunking, misinformation still can be hard to eliminate, the study finds. “The effect of misinformation is very strong,” said co-author Dolores Albarracín, professor of psychology at the University of Illinois at Urbana-Champaign. “When you present it, people buy it. But we also asked whether we are able to correct for misinformation. Generally, some degree of correction is possible but it’s very difficult to completely correct…”
“Debunking: A Meta-Analysis of the Psychological Efficacy of Messages Countering Misinformation” was conducted by researchers at the Social Action Lab at the University of Illinois at Urbana-Champaign and at the Annenberg Public Policy Center of the University of Pennsylvania. The teams sought “to understand the factors underlying effective messages to counter attitudes and beliefs based on misinformation.” To do that, they examined 20 experiments in eight research reports involving 6,878 participants and 52 independent samples. The analyzed studies, published from 1994 to 2015, focused on false social and political news accounts, including misinformation in reports of robberies; investigations of a warehouse fire and traffic accident; the supposed existence of “death panels” in the 2010 Affordable Care Act; positions of political candidates on Medicaid; and a report on whether a candidate had received donations from a convicted felon. The researchers coded and analyzed the results of the experiments across the different studies and measured the effect of presenting misinformation, the effect of debunking, and the persistence of misinformation.”

(Related). Think this will help?
Bing now shows fact checks in search results
Following Google’s lead earlier this year, Bing has added fact checking tags to search results.

Perspective. You think I would have run into any Social Media tool this big, but strangely I have not.
Slack valued at $5.1 billion after new funding led by SoftBank
Software startup Slack Technologies Inc said it raised $250 million from SoftBank Group Corp (9984.T) and other investors in its latest funding round, boosting the company’s valuation to $5.1 billion.
… Slack’s sizeable funding round reflects the trend of a growing number of $100 million-plus checks pouring into technology startups. In the second quarter this year, there were 34 venture capital deals of $100 million or more, nearly triple the 12 such transactions in the first quarter, according to data firm PitchBook Inc.

Perspective. Maybe Apple is not crazy.
How Apple’s Pricey New iPhone X Tests Economic Theory
Thorstein Veblen was a cranky economist of Norwegian descent who coined the phrase “conspicuous consumption” and theorized that certain products could defy the economic laws of gravity by stoking more demand with superhigh prices.
His 1899 book, “Theory of the Leisure Class,” made him famous in his time and more than a century later his ideas are embodied in products like Hermès handbags, Bugatti cars and Patek Philippe watches.

For my students? Probably not…
Borrow, Read, and Listen - The Open Library
The Open Library is a part of the Internet Archive. The Open Library is a collection of more than one million free ebook titles. The collection is cataloged by a community of volunteer online librarians. The ebooks in the Open Library can be read online, downloaded to your computer, read on Kindle and other ereader devices, and embedded into other sites. Some of the ebooks, like Treasure Island, can also be listened to through the Open Library.
Much like Google Books, the Open Library can be a great place to find free copies of classic literature that you want to use in your classroom. The Open Library could also be a good place for students to find books that they want to read on their own. The audio option, while very electronic sounding, could be helpful if you cannot locate any other audio copies of the book you desire.

(Related). But, just in case…
eBooks and Texts
The Internet Archive offers over 12,000,000 freely downloadable books and texts. There is also a collection of 550,000 modern eBooks that may be borrowed by anyone with a free account.

Sunday, September 17, 2017

I mentioned yesterday this this ‘problem’ could be true for most social media. Looks like I got one right for a change. Add Snapchat, Bing, Yahoo, and LinkedIn to the list.
All of the anti-Semitic, racist, and xenophobic ad-targeting options offered by Big Tech

Troy gives us a good (as in thoughtful) security summary.
Face ID, Touch ID, No ID, PINs and Pragmatic Security
I was wondering recently after poring through yet another data breach how many people actually use multi-step verification. I mean here we have a construct where even if the attacker has the victim's credentials, they're rendered useless once challenged for the authenticator code or SMS which is subsequently set. I went out looking for figures and found the following on Dropbox:
"less than 1% of the Dropbox user base is taking advantage of the company’s two-factor authentication feature":

Looks like I’ll need to brush up on my AI and Robotics skills to teach this class. Suppose they will pay me $200,000 to teach? (Me neither.)
Pittsburgh's self-driving car boom means $200,000 pay packages for robotics grads
There's a war for talent in Pittsburgh's booming autonomous car market.
It started with Uber and now includes Argo AI, which is majority owned by Ford, and a start-up called Aurora Innovation. With so much hiring, it's a good time to be at the city's prized academic institution, Carnegie Mellon University.
Andrew Moore, the dean of Carnegie Mellon's computer science school, said that computer vision graduates right out of college are commanding pay packages of $200,000, which he described as "unheard of for any role until recently."
In addition to Uber, Argo and Aurora, Moore said there's a fourth self-driving car company in Pittsburgh that's not yet talking publicly.

Saturday, September 16, 2017

“Release the scapegoats!”
Top Equifax Executives Announce Immediate Retirement After Massive Data Breach
Equifax says its chief information officer and chief security officer are leaving the company, following the enormous breach of 143 million Americans' personal information.
The credit data company said Friday that Susan Mauldin, who had been the top security officer, and David Webb, the chief technology officer, are retiring from Equifax immediately. Mauldin, a college music major, had come under media scrutiny for her qualifications in security. Equifax did not say in its statement what retirement packages the executives would receive.

(Related). Is it enough?
Two Equifax executives will retire following massive data breach
… At least two congressional hearings on the Equifax breach have been announced. The first scheduled panel will take place on Oct. 3, when Smith is expected to testify. A bipartisan group of 36 senators have asked the Justice Department and the U.S. Securities and Exchange Commission to investigate reports Equifax executives sold stock after learning about the breach but before it was made public. The Federal Trade Commission took the unusual step of announcing it is conducting a probe into the Equifax breach.
… Senate Minority Leader Charles E. Schumer (D-N.Y.) said on Thursday the company's chief executive and board of directors should step down unless they take five steps to correct their mishandling:
notify affected consumers;
provide free credit monitoring to them for at least 10 years,
offer to freeze their credit for up to 10 years;
remove forced arbitration clauses from their terms of use;
and comply with fines or new standards that come out of investigations.

“It’s only right that the CEO and board step down if they can’t reach this modicum of corporate decency by next week,” he said.

(Related). Scary, if true. I bet Equifax hopes this is “Fake News.”
Wow. Just wow.
Read this. Those suing Equifax are going to find a lot in that report that will undoubtedly be referenced in any complaint alleging negligence.
Update: I should have added to the above that I have no way of knowing if any of it is true or if it is all fabricated. But I can see where people are going to be citing this – unless it’s disproved.
[From the article:
I asked the hackers one last request before disconnecting. I asked, "How did you manage to get the passwords to some of the databases?" Surely the panels had really bad security but what about the other sections to them? Surely there was encrypted data stored within these large archives no? Yes. There was. But guess where they decided to keep the private keys? Embedded within the panels themselves. The picture above shows exactly that, all the keys stored nicely, alongside any sub companies to Equifax. All pwned.

Like the HBO breach? When you just can’t wait to find out what happens next?
Todd Spangler reports:
A notorious hacker group broke into the servers of music-streaming service Vevo, releasing more than 3 terabytes of internal documents and video content online — before removing them later Friday morning at Vevo’s request.
The purloined cache, posted by hacking and security collective OurMine, included videos, a batch of documents labeled “premieres,” as well as marketing info, international social-media documents, and other internal files, as first reported by tech site Gizmodo.
Read more on Variety.

Apple probably wouldn’t like it if I started calling this a “mugshot feature.”
Apple X’s Face ID Feature Places Spotlight on Facial Recognition Technology, Raising Numerous Mobile Privacy and Data Usage Issues
… One issue that I thought was particularly interesting, however, relates to the ability of apps residing on a phone to interact with facial captures. Unless disabled, Face ID could potentially be “always on,” ready to capture facial images to authenticate the unlocking of the phone, and possibly capturing facial images as the user interacts with the unlocked phone. So, clients have asked: Will the apps on the phone be able to access and use those facial captures?
Fascinating question! Imagine the applications. An app would be able to discern all kinds of new demographic information about users, and possibly gauge information about a person’s mood, location, age, and health. Moreover, could an app evaluate on a real-time basis a user’s emotional response to interactions with a particular app or web page?

Should we know who sells those white hoods to the KKK?
Google Appears to Allow Racist Ad Targeting Like Facebook, Says BuzzFeed
Google's advertising platform can be used to create ads targeting racist or bigoted people, according to a report from BuzzFeed News on Friday.
BuzzFeed put in its own keywords which were supplemented by keywords suggested by the Google platform, to create a targeted ad. The news comes a day after ProPublica reported that Facebook algorithms allowed ads targeting anti-semitic audiences.
Such test cases show that the same technology used to sell legitimate products and services can be turned to more nefarious purposes.

(Related). Gee. Maybe all Social Media does this.
Twitter Says It Fixed ‘Bug’ That Let Marketers Target People Who Use the N-Word
… The Daily Beast reported Friday that Twitter Ads returned 26.3 million users who may respond to the term “wetback,” 18.6 million to “Nazi,” and 14.5 million to “n**ger.”

Perspective. Could you tell from looking at the tweet or reading the story that is was machine generated?
It’s been a year since The Washington Post started using its homegrown artificial intelligence technology, Heliograf, to spit out around 300 short reports and alerts on the Rio Olympics. Since then, it’s used Heliograf to cover congressional and gubernatorial races on Election Day and D.C.-area high school football games, producing stories like this one and tweets like this:

… Media outlets using AI say it’s meant to enable journalists to do more high-value work, not take their jobs. The AP estimated that it’s freed up 20 percent of reporters’ time spent covering corporate earnings and that AI is also moving the needle on accuracy. “In the case of automated financial news coverage by AP, the error rate in the copy decreased even as the volume of the output increased more than tenfold,” said Francesco Marconi, AP’s strategy manager and AI co-lead.
… All this goes back to the ad-supported — and stressed — pageview model of journalism. Publishers need to get readers or other groups to pay to support their business models. “Right now, automated journalism is about producing volume. Ultimately, media companies will have to figure out how to go beyond the pageview,” said Seth Lewis, a journalism professor at the University of Oregon whose focuses include the rise of AI in media.
… Right now, the Post can count the stories and pageviews that Heliograf generated. Quantifying its impact on how much time it gives reporters to do other work and the value of that work is harder. It’s also hard to quantify how much engagement, ad revenue and subscriptions can be attributed to those robo-reported stories.

Backstory? A long tale of the FBI’s interest in messaging Apps. Interesting read…
The Crypto- Keepers

“Rudolph the Red Nosed Drone!”
All of the other aircraft
Used to laugh and call them names
They never let poor Rudolph
Join in any aircraft games
Then one day after Irma,
The FAA, the Air National Guard, Customs and Border Protection, insurance companies, And Florida Power and Light came to say,
Rudolph with your nose so bright,
Won't you guide my relief effort tonight

Drones playing critical role in hurricane relief efforts
Drones have been playing an “invaluable” role in Hurricane Irma relief efforts, the Federal Aviation Administration (FAA) said Friday.
After Florida and the Caribbean suffered widespread destruction from Irma’s winds and floodwaters, the FAA issued 132 airspace authorizations for drones to help with recovery and response efforts.
The Air National Guard, for example, is deploying drones that are normally used for combat operations to help perform aerial surveys, assess disaster-stricken areas quickly and decide which need the most assistance.
Customs and Border Protection is using unmanned aircraft systems to help map areas in Key West, Miami and Jacksonville and using radar to survey key geographic points on infrastructure.
In the private sector, commercial drone companies are helping provide clearer images of damaged homes to insurance companies so that they can more quickly act on claims.
And Florida Power and Light is using dozens of drone teams to help restore electricity and air conditioning in the area by sending out drones to survey parts of the state that are still not accessible by vehicles.

Friday, September 15, 2017

If the US had a similar law, would Equifax have done anything differently?
Under EU General Data Protection Regulation large fines result from failure to protect consumer data
by Sabrina I. Pacifici on Sep 14, 2017
eSecurity Planet: “The massive Equifax breach that recently affected 143 million consumers would have led to hugely significant fines if the European Union’s General Data Protection Regulation (GDPR), which takes effect in May 2018, had already been in place. Under the new rules, organizations that fail to protect sensitive data can be fined up to 4 percent of annual global turnover, or 20 million Euros, whichever is greater. Since Equifax had $3.15 billion in operating revenue in 2016, if the breach had taken place after the GDPR had gone into effect, the company could have faced fines of up to $126 million. What’s more, CipherCloud founder and CEO Pravin Kothari told eSecurity Planet by email, GDPR may well just be the beginning. “We expect GDPR to serve as a model for similar regulations in the U.S. and around the world, helping to protect individual privacy and thus minimize the economic threat from future breaches,” he said…”

(Related). Cause and effect. The stock wasn’t impacted because of the breach but only when the FTC gets ready to investigate?
Equifax shares plunge after FTC announces probe of data breach
Equifax stock plunged in value Thursday morning after the Federal Trade Commission (FTC) announced an investigation into the security breach that exposed the personal information of roughly 143 million people to hackers.
Shares of the embattled credit reporting company dropped nearly 10 percent after the market opened Thursday morning, sinking as low as $90.64 per share, about $8 lower than Wednesday’s close. Equifax stock recovered slightly by 11 a.m., reaching $95 per share.
FTC’s announcement shook the market, given that the regulator typically doesn't announce pending investigations.

(Related). Worth a listen.
How Equifax Botched Its Data Breach Response
Wharton legal studies and business ethics professor Peter Conti-Brown, University of Michigan professor Erik Gordon and William Black, a professor at the University of Missouri-Kansas City, recently appeared on the on the Knowledge@Wharton show, which airs on SiriusXM channel 111, to discuss the breach, the mistakes that were made in the credit giant’s response, and what consumers can do to protect their credit going forward.
In terms of Equifax’s response, “this is an absolute case study in doing virtually everything wrong,” Black said.

“We should do something” or “We need to do something” are not the same as “We will do something.”
Senators blast internet subsidy program
Senators on the Homeland Security and Government Affairs Committee on Thursday criticized a subsidy program for phone and internet access that was the subject of a recent watchdog report detailing cases of fraud and abuse.
Sen. Ron Johnson (R-Wis.), the panel’s chairman, said at a hearing that there “probably” needs to be a complete overhaul of the Federal Communications Commission’s (FCC) Lifeline program, which offers low-income households a monthly $9.25 subsidy for mobile and broadband internet access.
We need to completely rethink how we distribute that subsidy,” Johnson told reporters.
The Government Accountability Office (GAO) put out a report in June that found that $1.2 million in subsidies went to fake or deceased people enrolled in the program. The GAO could not verify the eligibility of 36 percent of the program’s subscribers.
… “Why are we providing these companies with this massive opportunity for fraud?” McCaskill said. [Maybe because you delegated the creation and administration of the program to the companies that get the money? Bob]

Win some, lose some.
Google takes hit in fight with feds over foreign data
In the filings, which were first reported on by Politico, Chief Judge Beryl Howell of the U.S. District Court for the District of Columbia rejected a move by Google to challenge a warrant demanding data from the company being stored overseas.
On Sept. 5, Howell decided to hold the search giant in contempt for not turning over the documents, and fined Google $10,000 a day until it complies.

Toward automating lawyers?
Twitch co-founder Justin Kan unveils tech platform for law firms
Justin Kan, co-founder of startups like and Exec, is pulling the curtains off his new tech platform for law firms, Legal Technology Services. The first law firm to use LTS is Atrium, co-founded by Augie Rakow and BeBe Chueh. Both are launching today to bring a full-stacked technology-enabled law firm to startups.
What makes Atrium different from traditional law firms, Kan told me, is its technology and upfront pricing. With most law firms, it’s not always clear to the customer how much they’re going to have to pay.
Atrium, which has 30 startup customers focused on everything from cryptography to autonomous cars to medical tech, offers two products. One is Atrium Counsel, which offers ongoing services with fixed-rate, upfront pricing. It sort of functions as preventative legal services, Kan told me. The other is Atrium Financings, a fixed-fee service for startups to navigate the legal intricacies of their financing rounds from start to finish.
… Behind the scenes, doing all the technical work at Atrium, is LTS, co-founded by Kan and Chris Smoak. It provides the technical backbone to Atrium with its suite of tools, like document creation and e-signing, and project management workflows.
It does everything except give advice,” Kan said.

I guess Facebook is no longer a ‘neutral’ utility that does not promote or sensor. These ‘categories’ were automagically generated by collecting ‘like comments.’ Similar groups might include “Trump haters,” “Hillary haters,” “Math haters,” “lovers of Starbucks Moca-Frapa-whatsit.” Who gets to choose which groups are inappropriate? Wouldn’t it be better in the long run to try educating these people rather than driving them underground?
Facebook allowed advertisers to reach anti-Semitic individuals: report
Facebook allowed advertisers to target advertisements toward anti-semitic individuals, according to ProPublica.
The social media giant has taken down categories that advertisers could gear their ads towards like “Jew hater,” “How to burn jews,” or, “History of ‘why jews ruin the world,’ ” after ProPublica reached out them.
The outlet purchased $30 worth of ads targeting the mentioned categories to test the feature. Facebook reportedly approved the three ads within 15 minutes.

(Related). What Facebook had to say...
Updates to our ad targeting

Facebook’s Heading Toward a Bruising Run-In With the Russia Probe
We’ve seen a handful of very interesting articles over the last few days about Russian efforts to spread pro-Trump political propaganda on Facebook as part of their larger 2016 dis-information operation. As we noted last week, the seemingly paltry sum of $100,000 may belie the reach that was possible for that amount of money, given the way that the Facebook ecosystem can be used to amplify messages through a mix of highly targeted advertising and troll armies. The Facebook campaign also seems to include the first evidence of Russian operatives attempting to organize actual political events on American soil, as opposed to just spreading memes and fake news on the web.
… A separate article by Yahoo’s Mike Isikoff reports that Trevor Potter, a former FEC Chair and president of the Campaign Legal Center, wrote a letter to Facebook and Chairman Mark Zuckerberg yesterday calling on Facebook to release the information and upping the ante by writing this (emphasis added):
“[B]y hosting these secretly-sponsored Russian political ads, Facebook appears to have been used as an accomplice in a foreign government’s effort to undermine democratic self-governance in the United States. Therefore, we ask you, as the head of a company that has used its platform to promote democratic engagement, to be transparent about how foreign actors used that same platform to undermine our democracy.”
Facebook has said that it can’t release its findings because that would violate its own ‘internal policies’ which protect user privacy. That’s rich.

Another problem with algorithm controlled advertising?
Exclusive: Google is cracking down on sketchy rehab ads
Overnight, the search giant has stopped selling ads against a huge number of rehab-related search terms, including “rehab near me,” “alcohol treatment,” and thousands of others. Search ads on some of those keywords would previously have netted Google hundreds of dollars per click.
“We found a number of misleading experiences among rehabilitation treatment centers that led to our decision, in consultation with experts, to restrict ads in this category,” Google told The Verge in a statement.
Google is the biggest source of patients for most treatment centers. Advertisers tell Google how much they want to spend on search ads per month, which keywords they’d like those ads to run against, and then pay Google every time someone clicks on their ad.
While many treatment centers market themselves ethically, there are also significant numbers of bad actors using deceptive and even illegal tactics to get “heads in beds.” Last week, The Verge published a story uncovering how marketers use the internet to hook desperate addicts and their families, from hijacking the Google business listings of other treatment centers to deceiving addicts about where a treatment center is located.
… The exact keywords affected by the change still seem to be in flux. Yesterday, for instance, I noticed Googling “rehab near me” didn’t load any AdWords, but “rehabs near me” did. An hour after I reached out to Google’s spokespeople, “rehabs near me” no longer showed ads. Fischer says the list of blocked keywords continues to grow. [Suggests manual correction of computer generated lists Bob]

Perspective. Hedging their bet?
Google in talks to invest in Lyft
Google has held talks to invest around $1 billion in Lyft, Axios has learned from multiple sources. Bloomberg is reporting the same. It is unclear which group within Google would make the investment — the company has several investment arms and also invests off its balance sheet — but word is that this is being driven by top-level executives like Alphabet CEO Larry Page.
Why it matters: It would be a stunning move, given that Google was an early investor in Lyft rival Uber, even though the two companies have since gotten litigious over allegations of trade secret theft. Or, as one Uber investor explained it to Axios: "That is seriously messed up."

Perspective. “A TV in the hand is worth two in the home?”
Pew – 6 in 10 young adults in U.S. primarily use online streaming to watch TV
by Sabrina I. Pacifici on Sep 14, 2017
“The rise of online streaming services such as Netflix and HBO Go has dramatically altered the media habits of Americans, especially young adults. About six-in-ten of those ages 18 to 29 (61%) say the primary way they watch television now is with streaming services on the internet, compared with 31% who say they mostly watch via a cable or satellite subscription and 5% who mainly watch with a digital antenna, according to a Pew Research Center survey conducted in August. Other age groups are less likely to use internet streaming services and are much more likely to cite cable TV as the primary way they watch television. Overall, 59% of U.S. adults say cable connections are their primary means of watching TV, while 28% cite streaming services and 9% say they use digital antennas. Among the other findings of the survey:
  • Women are more likely than men to say their primary way of watching TV is via cable subscription (63% vs. 55%).
  • Men are more likely than women to say their primary pathway is online streaming (31% vs. 25%).
  • Those with a college education or more are more likely than those with less education to say their primary way to watch TV is online streaming. Roughly a third of college-educated Americans (35%) say they mainly watch via streaming, compared with 22% of those who have a high school diploma or less.
  • Those in households earning less than $30,000 are more likely than others to say they rely on a digital antenna for TV viewing. Some 14% say this, compared with just 5% who live in households earning $75,000 or more…”

I get to do Spreadsheets next Quarter.
Even people who thought they knew every trick in the book will occasionally stumble across a new feature that they were previously unaware of. Here are three amazing Excel 2016 tricks you definitely (ok, probably) overlooked.

Thursday, September 14, 2017

To Manage or not to Manage…
Equifax identity-theft hackers exploited flaw experts flagged in March
Security workers discovered, and created a fix for, the vulnerability that allowed attackers into the Equifax network two months before the company was hit by hackers.
Equifax told USA TODAY late Wednesday that the criminals who potentially gained access to the personal data of up to 143 million Americans had exploited a website application vulnerability known as Apache Struts CVE-2017-5638.
The fix for that flaw was first released March 10, though it was later modified, according to the National Vulnerability Database.
Equifax said that the unauthorized access began in mid-May. That's a period of two months in which the company could have, and should have, say experts, dealt with the problem.
… "Equifax has been intensely investigating the scope of the intrusion with the assistance of a leading, independent cybersecurity firm to determine what information was accessed and who has been impacted," the company said late Wednesday.
The company also indicated that it had not yet had determined the full impact of the breach.

(Related). Poor management everywhere.
Ayuda! (Help!) Equifax Has My Data!
… Earlier today, this author was contacted by Alex Holden, founder of Milwaukee, Wisc.-based Hold Security LLC. Holden’s team of nearly 30 employees includes two native Argentinians who spent some time examining Equifax’s South American operations online after the company disclosed the breach involving its business units in North America.
It took almost no time for them to discover that an online portal designed to let Equifax employees in Argentina manage credit report disputes from consumers in that country was wide open, protected by perhaps the most easy-to-guess password combination ever: “admin/admin.”

Thank You for Calling Equifax. Your Business Is Not Important to Us

Our government, always watching out for our security, has noticed (after only 20 years!) that Kaspersky Lab is a Russian Company! (Perhaps they read it on their website.) They also noticed that like all the US anti-virus vendors, they work with the government.
Kaspersky Lab Has Been Working With Russian Intelligence
Russian cybersecurity company Kaspersky Lab boasts 400 million users worldwide. As many as 200 million may not know it. The huge reach of Kaspersky’s technology is partly the result of licensing agreements that allow customers to quietly embed the software in everything from firewalls to sensitive telecommunications equipment—none of which carry the Kaspersky name.
That success is starting to worry U.S. national security officials concerned about the company’s links to the Russian government. In early May six U.S. intelligence and law enforcement agency chiefs were asked in an open Senate hearing whether they’d let their networks use Kaspersky software, often found on Best Buy shelves. The answer was a unanimous and resounding no.
… Most major cybersecurity companies maintain close ties to home governments, but the emails are at odds with Kaspersky Lab’s carefully controlled image of being free from Moscow’s influence.

(Related). Note that they never say Kaspersky is doing anything other than what they say they do (protect against viruses, etc.). Also note that this is the first Directive of 2017 – I find that curious.
DHS Statement on the Issuance of Binding Operational Directive 17-01

Social Media as a weapon?
NYT – How the Kremlin built one of the most powerful information weapons of the 21st century
by Sabrina I. Pacifici on Sep 13, 2017
“…After RT [Russia’s state-financed international cable network] and Sputnik gave platforms to politicians behind the British vote to leave the European Union, like Nigel Farage, a committee of the British Parliament released a report warning that foreign governments may have tried to interfere with the referendum. Russia and China, the report argued, had an “understanding of mass psychology and of how to exploit individuals” and practiced a kind of cyberwarfare “reaching beyond the digital to influence public opinion.” When President Vladimir V. Putin of Russia visited the new French president, Emmanuel Macron, at the palace of Versailles in May, Macron spoke out about such influence campaigns at a news conference. Having prevailed weeks earlier in the election over Marine Le Pen — a far-right politician who had backed Putin’s annexation of Crimea and met with him in the Kremlin a month before the election — Macron complained that “Russia Today and Sputnik were agents of influence which on several occasions spread fake news about me personally and my campaign…. RT might not have amassed an audience that remotely rivals CNN’s in conventional terms, but in the new, “democratized” media landscape, it doesn’t need to. Over the past several years, the network has come to form the hub of a new kind of state media operation: one that travels through the same diffuse online channels, chasing the same viral hits and memes, as the rest of the Twitter-and-Facebook-age media. In the process, Russia has built the most effective propaganda operation of the 21st century so far, one that thrives in the feverish political climates that have descended on many Western publics…”

(Related). We broke up the USSR, Russia wants to break up the US?
How Russia Created the Most Popular Texas Secession Page on Facebook
… One other arena these actors may have targeted: secession movements within the U.S. At this point, it’s little secret that a number of American secession movements — including Puerto Rico, Hawaii, and both white and black nationalists — have constructed links with Russian actors, including those funded by the Kremlin. Tracing these links has become an unexpected hobby of mine, and I’ve written on the topic a handful of times, from The Diplomat to Slate to The Daily Beast.

Perhaps they will issue another Directive?
Homeland Security hit with lawsuit over phone, laptop searches
The American Civil Liberties Union and the Electronic Frontier Foundation sued the Department of Homeland Security on Wednesday for searching the phones and laptops of 11 plaintiffs at the US border without a warrant.
The group of plaintiffs includes 10 US citizens and one lawful permanent resident, several of whom are Muslims or people of color. Among the group are journalists, a veteran and a NASA engineer. All were reentering the US following business or personal travel. Some plaintiffs had their devices confiscated for weeks or months. None were accused of wrongdoing following the searches.
… CBP, which is a Department of Homeland Security agency, states on its website that "no court has concluded that the border search of electronic devices requires a warrant." But many travelers, including the plaintiffs in this case, have cited concerns about officers reading private emails and messages on their phones and laptops.

Something strange here? What kind of “progress” would make secrecy no longer useful?
The Government Has Dropped Its Demand That Facebook Not Tell Users About Search Warrants
… According to court papers filed jointly by Facebook and the US attorney's office in Washington on Wednesday, prosecutors determined that the underlying investigation that prompted the search warrants — the details of which are under seal — had "progressed ... to the point where the [nondisclosure orders] are no longer needed."
The announcement came less than 24 hours before an appeals court in Washington, DC, was set to hear arguments in the case. According to the joint filing, a lower court judge vacated the nondisclosure orders at the government's request, making Facebook's appeal of those orders moot.

How many people should have access to your social media accounts and what training should they receive? I’m going to suggest my Computer Security class for starters. (If no one on the staff was required/asked to take the blame, I’m guessing it was not a staffer who hit like.)
For Hill staffers, Cruz’s ‘liked’ porn tweet a nightmare scenario
Sen. Ted Cruz’s (R-Texas) Twitter mishap late Monday night involving a pornographic account is nightmare fuel for congressional staffers who are increasingly tasked with managing social media for their bosses.
Twitter and Facebook have become crucial communication tools for members of Congress, helping them stake out their positions, interact with constituents and attract media attention. As a result, staffers spend many of their work hours managing and cultivating lawmakers’ social media presences.
But in an era where an inadvertent retweet or insensitive Facebook comment can balloon into controversy, the task can be perilous. And smartphone apps have only further blurred the line between work and personal accounts.
… Cruz this week began trending on social media after his official political Twitter account “liked” a two-minute pornographic video. The Texas Republican blamed the incident on a “staffing issue,” with many speculating the failure to switch from an official account to a personal one could be responsible for the action.
“There are a number of people on the team that have access to the account, and it appears that someone inadvertently hit the like button,” Cruz told reporters on Tuesday.

Ooh! All kinds of nifty science-fictiony kinds of scenarios leap to mind. If I can make one of those ‘Mission Impossible’ face masks, I could drain your bank account, steal your car, drive to your house and unlock the front door, etc. Thanks Apple!
What happens if a cop forces you to unlock your iPhone X with your face?
Imagine you've been detained at customs, waiting to cross the border. Or maybe you've been pulled over for a traffic violation. An officer waves your cellphone at you.
“Look at this. Is this yours?” he asks.
Before you can respond, a tiny infrared sensor in the phone has scanned your face. Matching those readings against the copy of your face that is stored in its archive, the phone concludes that its owner is trying to unlock it. The device lowers its defenses, surrendering its contents in moments to the law enforcement officer holding your phone. [Would that then be considered “in plain sight?” Bob]

Tips for my Computer Security students.
Online translation applications may pose security risk
by Sabrina I. Pacifici on Sep 13, 2017
Quartz: “…On Sept. 3, the Norwegian news agency NRK reported that sensitive Statoil information—contracts, workforce reduction plans, dismissal letters, and more—were available online because employees had used the free translation service, which stored the data in the cloud. The news traveled fast in Scandinavian countries. In response, the Oslo Stock Exchange even blocked employee access to and Google Translate…”

For my Computer Security students.
If you don’t already use Keybase, you will have to go through a few initial steps to get the app up and running for use on Facebook, Twitter, Reddit, Github, and HackerNews.

Something for continuing education?
Google’s Inside Search offers two training modules: Power Searching with Google and Advanced Power Searching.