Monday, March 28, 2022

 March 29, 2022 - What. A Gan? [Fraudulently] Monetizing Fake (GAN) Faces.

Think you can tell the difference? Try this test first: https://www.whichfaceisreal.com/

Then, read the Register about how business are using artificially generated faces:

Excerpt from the article:

NPR looked into DiRestra and Goldstein's claims and found more than 70 businesses linked to the fake profiles. Several of the businesses said they had hired outside marketers, but expressed surprise when told about the fake LinkedIn profiles. The businesses also denied authorizing the campaigns. 

Accounts like Ramsey's are used by companies to pitch software to potential new customers, and whenever a target responds they're redirected to a real person. With this technique, companies are able to greatly broaden their reach without having to hire new people, NPR said.

Wednesday, March 09, 2022

2022-03-09 - President Biden issues executive order on protection of crypto-based assets. From the Fact Sheet issued today:

Outlines First Whole-of-Government Strategy to Protect Consumers, Financial Stability, National Security, and Address Climate Risks

Digital assets, including cryptocurrencies, have seen explosive growth in recent years, surpassing a $3 trillion market cap last November and up from $14 billion just five years prior. Surveys suggest that around 16 percent of adult Americans – approximately 40 million people – have invested in, traded, or used cryptocurrencies. Over 100 countries are exploring or piloting Central Bank Digital Currencies (CBDCs), a digital form of a country’s sovereign currency.

The rise in digital assets creates an opportunity to reinforce American leadership in the global financial system and at the technological frontier, but also has substantial implications for consumer protection, financial stability, national security, and climate risk. The United States must maintain technological leadership in this rapidly growing space, supporting innovation while mitigating the risks for consumers, businesses, the broader financial system, and the climate. And, it must play a leading role in international engagement and global governance of digital assets consistent with democratic values and U.S. global competitiveness.

That is why today, President Biden will sign an Executive Order outlining the first ever, whole-of-government approach to addressing the risks and harnessing the potential benefits of digital assets and their underlying technology. The Order lays out a national policy for digital assets across six key priorities: consumer and investor protection; financial stability; illicit finance; U.S. leadership in the global financial system and economic competitiveness; financial inclusion; and responsible innovation.

Specifically, the Executive Order calls for measures to:

  • Protect U.S. Consumers, Investors, and Businesses by directing the Department of the Treasury and other agency partners to assess and develop policy recommendations to address the implications of the growing digital asset sector and changes in financial markets for consumers, investors, businesses, and equitable economic growth. The Order also encourages regulators to ensure sufficient oversight and safeguard against any systemic financial risks posed by digital assets.
  • Protect U.S. and Global Financial Stability and Mitigate Systemic Risk by encouraging the Financial Stability Oversight Council to identify and mitigate economy-wide (i.e., systemic) financial risks posed by digital assets and to develop appropriate policy recommendations to address any regulatory gaps.
  • Mitigate the Illicit Finance and National Security Risks Posed by the Illicit Use of Digital Assets by directing an unprecedented focus of coordinated action across all relevant U.S. Government agencies to mitigate these risks. It also directs agencies to work with our allies and partners to ensure international frameworks, capabilities, and partnerships are aligned and responsive to risks.
  • Promote U.S. Leadership in Technology and Economic Competitiveness to Reinforce U.S. Leadership in the Global Financial System by directing the Department of Commerce to work across the U.S. Government in establishing a framework to drive U.S. competitiveness and leadership in, and leveraging of digital asset technologies. This framework will serve as a foundation for agencies and integrate this as a priority into their policy, research and development, and operational approaches to digital assets.
  • Promote Equitable Access to Safe and Affordable Financial Services by affirming the critical need for safe, affordable, and accessible financial services as a U.S. national interest that must inform our approach to digital asset innovation, including disparate impact risk. Such safe access is especially important for communities that have long had insufficient access to financial services.  The Secretary of the Treasury, working with all relevant agencies, will produce a report on the future of money and payment systems, to include implications for economic growth, financial growth and inclusion, national security, and the extent to which technological innovation may influence that future.
  • Support Technological Advances and Ensure Responsible Development and Use of Digital Assets by directing the U.S. Government to take concrete steps to study and support technological advances in the responsible development, design, and implementation of digital asset systems while prioritizing privacy, security, combating illicit exploitation, and reducing negative climate impacts.
  • Explore a U.S. Central Bank Digital Currency (CBDC) by placing urgency on research and development of a potential United States CBDC, should issuance be deemed in the national interest. The Order directs the U.S. Government to assess the technological infrastructure and capacity needs for a potential U.S. CBDC in a manner that protects Americans’ interests. The Order also encourages the Federal Reserve to continue its research, development, and assessment efforts for a U.S. CBDC, including development of a plan for broader U.S. Government action in support of their work. This effort prioritizes U.S. participation in multi-country experimentation, and ensures U.S. leadership internationally to promote CBDC development that is consistent with U.S. priorities and democratic values.

The Administration will continue work across agencies and with Congress to establish policies that guard against risks and guide responsible innovation, with our allies and partners to develop aligned international capabilities that respond to national security risks, and with the private sector to study and support technological advances in digital assets.

 

 

 

https://www.whitehouse.gov/briefing-room/statements-releases/2022/03/09/fact-sheet-president-biden-to-sign-executive-order-on-ensuring-responsible-innovation-in-digital-assets/?utm_source=link

 

Friday, February 25, 2022

 2022-02-25

Cyberwar is Kinetic War - A warning from a contributor to CNN Reliable Sources - Relevant to any individual or enterprise:

"This is an evergreen but currently relevant tip for journalists as well as others who may be involved in sharing information about the conflict, from Harvard Shorenstein fellow Jane Lytvynenko: "Make sure your reporters, [editors], photographers, admin staff, and anyone else involved in covering this war has strong cybersecurity hygiene. Vet sources. Check documents. Be aware of phishing attack potential. 2fa everywhere via an app. Password variation. Everything." #cybersecurity #cybervigilance

Wednesday, February 23, 2022

2022-02-23

It's so...2022: New ISO 27002-2022 Published:002:2022

ISO 27002:2022 Considerations for certifiers-in-process (and the certified) for 2022 and beyond:

1. The standard now aggregates information security, cybersecurity into a unitary document
2. Four "Controls" Themes - People, physical, technological and organizational.
3. Relevant new controls are directed to data loss prevention, IoT, and, introducing: threat intelligence.
4. Handy Annex A to 27002:2022 provides means to demonstrate cyber/information, etc. postures

The standard will likely require currently certified entities to update or create new policies.

Important Note: Annex A to ISO27001 is in the final steps of being updated (perhaps as early as Q2 2022) to put it accordance with ISO27002:2022. For re-certifying entities, this will mean a two year compressed certification time frame. Newly certifying entities should become aware of and address their activities to incorporate relevant additional, modified requirements. #cybersecurity #iot #ISO27002


Threat intelligence now includes litigation intelligence.


 
Actions


Tuesday, September 14, 2021

2021-09-14: Update.Your. Apple. Device. Now.

 Well, it's been a while. New firm, all virtual, same practice. Just a quick reminder to update your Apple device - now. Unless you want to donate information to NSO. And I don't mean the National Symphony Orchestra. Seriously, do it.

Tuesday, March 09, 2021

 2021-03-09 CPRA, Sequel to CCPA -

Standardize your notification and opt-out regime - Effective January 2023. Expect other states to follow.

 2021-03-09 - Discovery and the Internet of Things

You know, those formerly mute devices that now communicate. And store lots of ESI. And operate on command. Makes life so much easier, set and forget, clap hands, say the word(s), and voila! But, things can, and will happen.

Consumer IoT devices (which, for brevity's sake will include services) run the connected gamut - from household appliance large and small, wearables, HVAC,  entertainment devices, medical devices, surveillance devices (here's looking at you, Ring), drones, and last but not least, consumer vehicles of all types.

Industrial Devices also run the connected gamut - from infrastructure (utilities, transportation), agriculture, manufacturing, industrial vehicles, and supply chain participants, to name  just a few.

All record, store, and transmit information, and if they don't it's likely the next generation will. What's being recorded, stored and transmitted? It depends on the device, but regardless of data (voice, electronic, etc.) input, its journey will likely take it from the device, send it over the internet (or through 5G)

What if what happens doesn't turn out too well and causes harm, injury, or a cybersecurity event? The universe of IoT devices may be divided roughly into two categories: Consumer and Industrial.

Suppose that one (or all - think class or mass litigation) of a particular model of device malfunctions and causes economic harm or injury to the buyer, or a non-buying user, and that litigation ensues. 

From a Litigation Intelligence perspective the discovery process now becomes even more complex. The parties will need to understand that the nearly-routine tasks of meeting and conferring to ascertain discovery scope, custodians, repositories and formats, is more nuanced for IoT devices and objects. 

Setting aside (but not de-emphasizing) scope and preservation obligations for the moment, some initial questions should be addressed;

1. Custodians - Who "owns" the data? Who programmed the device, the management platform, or the mobile app? Who has custody, control or possession? Who, or what is an IoT ESI custodian to begin with? IoT ESI, which could be output or firmware, or metadata, may be resident in a device, in a web (or 5G) management platform that controls the device, or in a computer backup real or virtualized.

2. Repositories - The IoT Device? Remote Management Platform? Mobile Device Interface? Cloud?

3. Formats - Proprietary formats means usability issues What about legacy or orphaned devices?

Stay tuned.


 

Thursday, December 10, 2020

 2020-12 10 -  Litigation AND Intelligence - The connection frays...

17 states, 100+ Members of Congress, and who knows who else, joined the State of Texas’ lawsuit seeking Motion for Leave to File a Bill of Complaint against the five states that put President Elect Biden over the 270 electoral vote mark. 

A one-in-a-quadrillion chance that Biden won GA, PA, MI and WI? Wow. That’s a big number. 

“The probability of former Vice President Biden winning the popular vote in the four Defendant States—Georgia, Michigan, Pennsylvania, and Wisconsin—independently given President Trump’s early lead in those States as of 3 a.m. on November 4, 2020, is less than one in a quadrillion, or 1 in 1,000,000,000,000,000. For former Vice President Biden to win these four States collectively, the odds of that event happening decrease to less than one in a quadrillion to the fourth power (i.e., 1 in 1,000,000,000,000,0004). See Decl. of Charles J. Cicchetti, Ph.D. (“Cicchetti Decl.”) at ¶¶ 14-21, 30-31. See App. 4a-7a, 9a.”

What the complaint avers:

“Facts for which no independently verified reasonable explanation yet exists...”

What the complaint really asserts:

Explanations for which no independently verified explanation exists.