CIA FAIL
@zachsdorfman Zach Dorfman “New in @ForeignPolicy: My story on how the CIA botched its covert communications system in China, leading to the disastrous exposure–and ultimate execution–of dozens of the Agency’s assets there
https://www.yahoo.com/news/cias-communications-suffered-catastrophic-compromise-started-iran-090018710.html
In 2011-2012, the CIAs secret online communication system suffered a global compromise, beginning in Iran and spreading to China. The effects will reverberate for years. New from me and @JennaMC_Laugh
Document: Justice Department Charges Chinese Intelligence Officers and Recruits in Commercial Hacking Conspiracy
https://www.lawfareblog.com/document-justice-department-charges-chinese-intelligence-officers-and-recruits-commercial-hacking
PRIVACY FAIL
FACEBOOK IN MYANMAR FAIL
Human Rights Impact Assessment
Facebook in Myanmar https://fbnewsroomus.files.wordpress.com/2018/11/bsr-facebook-myanmar-hria_final.pdf
The legal framework in Myanmar is not aligned with international human rights norms and provides insufficient legal protections for Facebook users. Laws governing telecoms services, content restrictions, defamation, and privacy are very ambiguous, and many provisions are available to prosecute users for content shared on Facebook
Facebook hasn’t got its house in order, says ICO’s Elizabeth Denham https://www.businessinsider.com/facebook-hasnt-got-its-house-in-order-ico-elizabeth-denham-2018-11
Senators demand Zuckerberg fix Facebook’s ad transparency tool
https://www.cnet.com/news/senators-demand-zuckerberg-fix-facebooks-ad-transparency-tool/
Wyden Unveils New Plan to Protect Private Data, Restore ‘Do Not Track,’ and Jail Reckless CEOs “Wyden introduces new data-protection bill – big companies would have to submit annual data-protection report certified by executives; execs who knowingly mislead in report could face prison sentence (up to 20 yrs) and fines up to 4% of annual revenue.
How EU Regulation Affects You https://labs.ripe.net/Members/suzanne_taylor_muzzin/how-eu-regulation-affects-you
Intel Corporation project to develop a U.S. privacy law
We have drafted a proposed privacy bill and have asked for both experts and the public to comment on it at http://usprivacybill.intel.com . This is an experiment in participatory democracy to use technology to bring out some of the discussion that normally happens behind closed doors and let everyone take part. I have included below some background on the project and an overview of the bill. I am interested to know what members of the list think of our proposal.
Why Pass a US Federal Privacy Law?
Effective privacy regulation is critical to allow technologies like artificial intelligence to help solve the world’s greatest challenges. The combination of advances in computing power, memory and analytics create the possibility that technology can make tremendous strides in precision medicine, disease detection, driving assistance, increased productivity, workplace safety, education and more. At Intel we are developing many of these technologies and are focused on integrating artificial intelligence capability across the global digital infrastructure. At the same time, we recognize the need for a legal structure to prevent harmful uses of the technology and to preserve personal privacy so that all individuals embrace new, data-driven technologies. At Intel we know that privacy is a fundamental human right and robust privacy protection is critical to allow individuals to trust technology and participate in society.
What the US needs is a privacy law that parallels the country’s ethos of freedom, innovation and entrepreneurship. That law needs to protect individuals and enable for the ethical use of data. As noted above, the use of data by new technologies such as artificial intelligence will help us solve some of the most vexing global problems while spurring economic growth. That ethical use of data will be critical as we use the data to train artificial intelligence algorithms to detect bias and enhance cyber security. In short, it takes data to protect data. The US needs a law that promotes ethical data stewardship, not one that just attempts to minimize harm. A non-harmonized patchwork of state legislation will cause companies to default to restrictive requirements and the result will decrease the likelihood of realizing technology’s great potential to improve lives.
How is the proposal structured?
The law uses the Fair Information Practice Principles (FIPPs) from the Organization for Economic Cooperation and Development’s (OECD) Guidelines Governing the Protection of Privacy and Transborder Flows of Personal Data. The OECD FIPPs are “the Global Common Language of Privacy” and many of the privacy laws around the world are based on them. For the past few years, Intel has worked on a “Rethinking Privacy” initiative to take the OECD FIPPs and show how they can be implemented in law differently to promote the innovative and ethical use of data.
Collection Limitation
The law encourages organizations to create new mechanisms for individuals to provide meaningful consent for data use. Most uses of data will require a risk/benefit analysis that will restrict an organization from using data in a way that creates undue risk for individuals. However, in many situations, individuals may be ok with these risks, and will want to have the benefits of the use of the data. This bill encourages organizations to create mechanisms where those individuals can make informed choices.
Data Quality
As artificial intelligence tools are deployed across more industry sectors, it will be critical that the data used to train those algorithms has adequate diversity and volume. For example, for precision medicine, it is critical that the algorithms are trained with sufficient data from ethnic and racial minorities. This is one reason that international data flows are so important. This bill allows for the access to the data that creates better quality in the algorithms, while also requiring organizations to measure that data quality and adjust for any deficiencies.
Purpose Specification
It is critical that organizations state their purposes for collecting and processing data. The law makes clear those purposes must be described narrowly and specifically.
Use Limitation
Our proposal requires organizations to analyze the risks and benefits from the use of data. It also requires organizations to control the uses of data from the entities to which it transfers data.
Security Safeguards
The bill requires organizations to adopt reasonable measures to protect personal data.
Openness
Research shows that for the most part people do not read privacy policies. However, privacy policies can play a useful role to describe how an organization uses personal data. Our proposal requires three types of policies to foster that understanding: 1. An explicit notice when particularly sensitive data is being collected, which will enable better informed consent, 2. A thorough report of the organization’s use of personal data, to enable regulators and advocates to better understand the entity’s practices, and 3. Publication of the traditional privacy policy, but with more detailed information on the purposes of data collection.
Individual Participation
It is critical to understand when organizations have data, and for the individuals to whom that data relates to have an ability to object when that data is either incorrect or when its use will disproportionately cause harm.
Accountability
The law encourages organizations to implement robust privacy programs that will decrease the risk of data misuse and security breaches.
How will the law be enforced?
Robust, harmonized and predictable enforcement is necessary. The US Federal Trade Commission (Commission) has decades of experience protecting privacy. What the Commission needs are: 1. More resources, 2. Authority to oversee all industry sectors, 3. A clear mandate to develop guidance and regulations to communicate to organizations how they should implement the FIPPs, and 4. The ability to enforce meaningful but fair sanctions. Our proposal provides all four of those elements, while also preserving a role for State Attorneys General to apply sanctions in situations where the Commission declines to start an enforcement action. The law uses those sanctions as a way to further encourage organizations to demonstrate their accountability, by allowing those entities that adopt robust privacy programs to have a safe harbor from civil penalties.
To view the complete text and participate in the discussion go to http://usprivacybill.intel.com
David A. Hoffman
Associate General Counsel and Global Privacy Officer
Intel Corporation
202-330-3945
Intel Public Policy Blog: http://blogs.intel.com/policy
Twitter: @hofftechpolicy
ELECTION TECHNOLOGY FAIL
The great American traditions of vote stealing, and accusations of vote stealing.
Citing No Evidence, Brian Kemp Accuses Georgia Democrats of Hacking https://www.wired.com/story/brian-kemp-georgia-democrats-hacking-claim/
Voting Device Manufacturer Encourages Users To Use (And Re-Use) Easily-Guessed Passwords https://www.techdirt.com/articles/20181106/11000340992/voting-device-manufacturer-encourages-users-to-use-re-use-easily-guessed-passwords.shtml
File-sharing software on state election servers could expose them to intruders https://arstechnica.com/tech-policy/2018/11/file-sharing-software-on-state-election-servers-could-expose-them-to-intruders/
BOARDER FAIL – Reality TV Show staged Photo Ops wasting tax payer money and man/women power for the show!
Donald Trump’s Tough Talk About The Border Deployment Doesn’t Match What’s Really Taking Place https://www.buzzfeednews.com/article/verabergengruen/migrant-caravan-trump-tough-talk-reality
Meet the 200 Twitter accounts that will try and sell America on voter fraud: https://www.dailydot.com/layer8/voter-fraud-twitter-network/
Russian trolling ahead of the midterm elections is a mixture of the weird and the pathetic A new website tracks back to a Russian company cited in one of Robert Mueller’s indictments. https://thinkprogress.org/usaira-russian-trolling-ahead-of-the-midterm-elections-is-a-mixture-of-the-weird-and-the-pathetic-c64b0d120ae5/
Texas election official resigns after video shows her screaming at black voter https://thehill.com/homenews/campaign/415194-texas-election-official-resigns-after-video-shows-her-screaming-at-black
Edu-CyberPlayGround 