Lifeboat Foundation: Safeguarding Humanity
Toggle light / dark theme

Blog

Category: policy – Page 76

I wish the CA AG a lot of luck; however, her approach is very questionable when you think about downstream access and feed type scenarios. Example, Business in Boston MA has an agreement with a cloud host company in CA, and Boston also has data that it pulls in from Italy, DE, etc. plus has a service that it offers to all of users and partners in the US and Europe that is hosted in CA.

How is the CA AG going to impose a policy on Boston? It can’t; in fact the business in Boston will change providers and choose to use someone in another state that will not impact their costs and business.

BTW — I didn’t even mention the whole recent announcement from China on deploying out a fully Quantum “secured” infrastructure. If this is true; everyone is exposed and this means there is no way companies can be held accountable because US didn’t have access to the more advance Quantum infrastructure technology.

https://lnkd.in/b9xXVAN

Feb. 17 — California Attorney General Kamala Harris (D) has released the state’s data breach report, laying out the legal and ethical responsibilities of businesses to keep information safe and perhaps most importantly outlining what the state believes is “reasonable security” that companies must employ to avoid possible enforcement actions.

Under the state’s information security statute, businesses must use “reasonable security procedures and practices” that “protect personal information from unauthorized access, destruction, use, modification, or disclosure,” the report said.

Under the guidelines in the report released Feb. 16, failing to implement all 20 of the Center for Internet Security’s Critical Security Controls that apply to an organization’s environment constitutes a lack of reasonable security. The controls define a minimum level of information security all organizations that collect or maintain personal information should meet.

Read more

Here is a question that keeps me up at night…

Is the San Bernardino iPhone just locked or is it properly encrypted?

Isn’t full encryption beyond the reach of forensic investigators? So we come to the real question: If critical data on the San Bernardino iPhone is properly encrypted, and if the Islamic terrorist who shot innocent Americans used a good password, then what is it that the FBI thinks that Apple can do to help crack this phone? Doesn’t good encryption thwart forensic analysis, even by the FBI and the maker of the phone?

iphone-01In the case of Syed Rizwan Farook’s iPhone, the FBI doesn’t know if the shooter used a long and sufficiently unobvious password. They plan to try a rapid-fire dictionary attack and other predictive algorithms to deduce the password. But the content of the iPhone is protected by a closely coupled hardware feature that will disable the phone and even erase memory, if it detects multiple attempts with the wrong password. The FBI wants Apple to help them defeat this hardware sentry, so that they can launch a brute force hack—trying thousands of passwords each second. Without Apple’s help, the crack detection hardware could automatically erase incriminating evidence, leaving investigators in the dark.

Mitch Vogel is an Apple expert. As both a former police officer and one who has worked with Apple he succinctly explains the current standoff between FBI investigators and Apple.

The iPhone that the FBI has is locked with a passcode and encrypted. It can only be decrypted with the unique code. Not even Apple has that code or can decrypt it. Unlike what you see in the movies, it’s not possible for a really skilled hacker to say “It’s impossible“” and then break through it with enough motivation. Encryption really is that secure and it’s really impossible to break without the passcode.

What the FBI wants to do is brute force the passcode by trying every possible combination until they guess the right one. However, to prevent malicious people from using this exact technique, there is a security feature that erases the iPhone after 10 attempts or locks it for incrementally increasing time periods with each attempt. There is no way for the FBI (or Apple) to know if the feature that erases the iPhone after 10 tries is enabled or not, so they don’t even want to try and risk it.

oceans_of_data-sSo the FBI wants Apple to remove that restriction. That is reasonable. They should, if it is possible to do so without undue burden. The FBI should hand over the iPhone to Apple and Apple should help them to crack it.

However, this isn’t what the court order is asking Apple to do. The FBI wants Apple to create software that disables this security feature on any iPhone and give it to them. Even if it’s possible for this software to exist, it’s not right for the FBI to have it in their possession. They should have to file a court order every single time they use it. The FBI is definitely using this situation as an opportunity to create a precedent and give it carte blanche to get into any iPhone without due process.

So the answer to your question is that yes it is that secure and yes, it’s a ploy by the FBI. Whether it’s actually possible for Apple to help or not is one question and whether they should is another. Either way, the FBI should not have that software.

Many know that who ultimately lands in the US White House can impact how US Tech Companies respond as well as their investors. This article discusses some of the potential impacts resulting in a GOP President for Apple and Google https://lnkd.in/bxWft89

Equity markets tend to overreact to the potential for major political policy changes, but a new report by UBS analyst Steven Milunovich indicates that some of the biggest U.S. companies could be facing a real possibility of major tax bills if a Republican is elected president in 2016.

According to Shane Lieberman, Federal Affairs Manager in the U.S. Office of Public Policy for UBS Americas, companies with large hordes of cash overseas, such as Apple Inc. (NASDAQ: AAPL) and Alphabet Inc (NASDAQ: GOOGL) (NASDAQ: GOOG) may have a lot more riding on the election than investors realize.

Related Link: New Apple Supplier Data Are Highly Correlated With Revenue.

Read more

At Singularity University, space is one of our Global Grand Challenges (GGCs). The GGCs are defined as billion-person problems. They include, for example, water, food, and energy and serve as targets for the innovation and technologies that can make the world a better place.

You might be thinking: We have enough challenges here on Earth—why include space?

We depend on space for telecommunications, conduct key scientific research there, and hope to someday find answers to existential questions like, “Are we alone in the universe?”. More practically, raw materials are abundant beyond Earth, and human exploration and colonization of the Solar System may be a little like buying a species-wide insurance policy against disaster.

Read more

Tough to be a doctor these days — Could be bad news for Providers with limited or no Cyber Risk Coverage.

Providers are focusing on cybersecurity with increased urgency. Cyberattacks on health-care organizations reached an all-time high in 2015 and aren’t expected to slow down in 2016, Harry Greenspun, director for Deloitte’s Center for Health Solutions, told Bloomberg BNA. One element of a comprehensive strategy to address data security is customized cyber risk insurance. Recent case law supports standing for class action litigants alleging future injuries, which may not be covered by some policy forms. We urge providers to review their cyber risk coverage with the increasing risks and this new case law in mind.

Specifically, it is critical that cyber risk insurance is designed to both: adequately mitigate future harm to those whose private information is compromised as a result of a data breach; and satisfy the full array of damages sought by such third parties, including damages for future injuries resulting from the anticipated improper use of data. These considerations are increasingly important because the policies available in today’s market are not standardized. While many absorb some of the costs associated with notification and fraud monitoring, existing forms may not protect against damages sought for susceptibility to identity theft.

The Remijas decision

Continue reading “Are you covered? Emerging issues for health care providers under cyber risk insurance” | >

The game of Go has long been viewed as the most challenging of classic games for artificial intelligence due to its enormous search space and the difficulty of evaluating board positions and moves.

Google DeepMind introduced a new approach to computer Go with their program, AlphaGo, that uses value networks to evaluate board positions and policy networks to select moves. These deep neural networks are trained by a novel combination of supervised learning from human expert games, and reinforcement learning from games of self-play. Without any lookahead search, the neural networks play Go at the level of state-of-the-art Monte-Carlo tree search programs that simulate thousands of random games of self-play. DeepMind also introduce a new search algorithm that combines Monte-Carlo simulation with value and policy networks. Using this search algorithm, our program AlphaGo achieved a 99.8% winning rate against other Go programs, and defeated the European Go champion by 5 games to 0. This is the first time that a computer program has defeated a human professional player in the full-sized game of Go, a feat previously thought to be at least a decade away.

Read more