Pete Recommends – weekly highlights on cyber security issues – April 23 2018

Subject: Since Boston bombing, terrorists are using new social media to inspire potential attackers
Source: The Conversation

The Boston Marathon bombing marked the beginning of a new trend that is almost impossible to prevent. Before, individuals would receive guidance and training from terrorist organizations in person. Now, these same groups simply inspire individuals to carry out attacks on their own, for which the group can claim credit if they are successful. We call that “self-radicalizing.”

Shift to encrypted platforms. As technology evolves, new online platforms provide avenues for terrorist organizations to share information. Platforms have gone from an open interface model, in which anyone can observe what is occurring, to closed and encrypted platforms in which privacy and security settings are protected. These platforms are not readily accessible nor can they be viewed without already being a member of the chat room or channel. When used by terrorist groups, encrypted platforms are harder to police and monitor.


One of many RSS feeds e.g., Social Media:

Subject: Mark Zuckerberg’s Congressional testimony showed that a bedrock principle of online privacy is a complete and utter fraud (was: Mark Zuckerberg Congressional hearings show flaws in informed consent)
Source: Business Insider

  • Companies have been relying for years on the notion of informed consent, the idea that they can dictate the terms of their interactions with customers and do what they want with customers’ information as long as they disclose what they’re doing.
  • But that notion came into serious question at Facebook CEO Mark Zuckerberg’s hearings on Capitol Hill this week.
  • Lawmakers noted that Facebook’s terms of service are long and filled with legalese, and got Zuckerberg to acknowledge that few users likely read them completely.
  • The interactions exposed just what a fiction the notion of informed consent is.
  • The frustrations raised by the lawmakers could result in regulatory changes.

If Mark Zuckerberg’s appearances before Congress this week did nothing else, they should have made absolutely clear to policymakers of all stripes that one of the bedrock assumptions long made in privacy law and contracts is a complete and utter fraud.

But as several members of Congress illustrated in their interactions with Facebook’s CEO, when it comes to the social network, that notion is a joke. Facebook’s terms of service document is more than 3,200 words long and includes 30 links to supplemental documents, noted Sen. Brian Schatz, D-Hawaii. Its data policy is another 2,700 words and includes more than 20 links.

Many Facebook users were surprised to find out that the developer of an app they’d never heard of, much less installed, was able to get access to their personal information from the site — even though the company disclosed that in a previous version of its terms of service. It likely wasn’t apparent to many Facebook users that the company can view the conversations they have with their Facebook friends over its Messenger chat service — until Zuckerberg publicly acknowledged that recently.

But just about every product or service you deal with relies on the notion of informed consent

But the problem with the notion of informed consent goes way beyond Facebook. Every website you use, every app or piece of software you install, every service you sign up for, and pretty much every device you buy relies on the notion of informed consent.

Worse, companies can change their terms of service at any time, so even if you’re aware of and understand the basis of your interactions with a particular website or service at one point, it doesn’t mean you’ll fully comprehend it going forward. Companies only need to give notice of the change — typically via an email or a written letter or a notice on their site. It’s your tough luck if you miss the note.

Subject: How To Spot A DeepFake Like The Barack Obama-Jordan Peele Video
Source: BuzzFeed

This “deepfake” video starring Jordan Peele as Barack Obama shows how easy it’s getting to create convincing audio and video fakes. Here’s how to fight back. You’re looking at the future of fake news and propaganda. Don’t be embarrassed if you were fooled, even if only briefly. Technology to trick our eyes and ears is advancing rapidly. Teams in Germany are working on Face2Face, the type of face-/voice-swapping technology used to create the video above. Software giant Adobe is creating a “Photoshop for audio” that makes it easy to edit and manipulate what someone has said, as is a Montreal startup called Lyrebird. After you’ve selectively edited someone’s words, you could take that audio and use tech developed at the University of Washington to generate a video of the very same person speaking those words, just to make it fully convincing.

This is why experts in computer science have been warning that an age of ubiquitous deep fakes could help usher in an “Infocalypse.”

Subject:  Protecting Email Privacy—A Battle We Need to Keep Fighting
Source: EFF via beSpacific

EFF: “We filed an amicus brief in a federal appellate case called United States v. Ackerman Friday, arguing something most of us already thought was a given—that the Fourth Amendment protects the contents of your emails from warrantless government searches. Email and other electronic communications can contain highly personal, intimate details of our lives. As one court noted, through emails, “[l]overs exchange sweet nothings, and businessmen swap ambitious plans, all with the click of a mouse button.” In an age where almost all of us now communicate via email, text, or some other messaging service, electronic communications are, in effect, no different from letters, which the Supreme Court held were protected by the Fourth Amendment way back in 1878. Most of us thought this was pretty uncontroversial, especially since another federal appellate court held as much in a 2010 case called United States v. Warshak. However, in Ackerman, the district court added a new wrinkle. It held the Fourth Amendment no longer applies once an email user violates a provider’s terms of service and the provider shuts down the user’s account…”

Subject: Kaplan Test Prep Survey Finds Colleges And Applicants Agree: Social Media is Fair Game in the Admissions Process
Source: Kaplan Test Prep

Note to editors: Kaplan is a subsidiary of Graham Holdings Company (NYSE: GHC)

More than two-thirds of college admissions officials believe it is “fair game” to check on applicants’ social media accounts as part of the process of deciding whom to admit, according to a survey Kaplan Test Prep is releasing today. Only a small share of admissions officers routinely look at social media, the survey found. Among reasons given by those who support the practice of checking out social media:

  • “Employers do it all the time. Colleges can do it as well.”
  • “I think if things are publicly accessible without undue intrusion, it’s OK. If it’s searchable, it’s fair game.”
  • “We don’t do this, but we could. I think high school seniors make poor choices sometimes when they put stuff online.”

Subject: There’s No Better Time to Pass Privacy Laws, Experts Say
Source: Nextgov

Tech policy experts urged lawmakers to cash in on the current buzz around data privacy and enact broad, baseline standards for protecting personal information online. “If there’s ever a moment … to do something about privacy that would protect all Americans and ensure innovation for all Americans that benefits consumers going forward, it’s probably now,” former Federal Trade Commission Chairman Jon Leibowitz said Monday at a panel hosted by the Internet Innovation Alliance.

In the past, the vast majority of tech companies advocated for self-regulation over legislation, arguing it’s in their best interest to protect user data because they’d lose customers if they didn’t. But because their money comes from helping advertisers best target users, those incentives aren’t always aligned, said Internet Innovation Alliance co-Chair Kim Keenan.

He commended a handful of recent proposals, such as the CONSENT Act, that would enact into law many of the FTC’s privacy best practices, including mandatory opt-in policies for certain types of data collection.


Subject: How web trackers hijack ‘login with Facebook’ data
Source: Business Insider

  • Security researchers found a way for hidden trackers to abuse the “login with Facebook” feature that many websites use.
  • The trackers can harvest user data like profile picture, name, email address, age, and gender — probably much more than people intend to give away when they log into sites using Facebook.
  • Facebook said it is investigating the issue.
  • It’s yet another example of how hard it is for users to keep tabs on who has their Facebook data.

Many people use the “login with Facebook” feature to sign into different websites. It simplifies the login procedure and means you don’t have to remember a whole bunch of new usernames and passwords.

But according to security researchers at Freedom to Tinker, the shortcut might mean users are handing over considerably more information than intended. We first saw the news via TechCrunch.

The numbers show the data syphoning isn’t particularly widespread, but it’s yet another example of how difficult it is for users to understand where their Facebook information might be going.

Subject: It didn’t take long for Facebook to secretly exploit a loophole in huge new privacy laws — which it claims is actually in users’ best interests
Source: Business Insider

  • Facebook quietly moved 1.5 billion of its users out of reach of important new EU privacy regulations.
  • It says the tweak is better for users outside the US, Canada, and the EU, and gives them more power to deal with data breaches.
  • Users will hope Facebook is genuinely prioritising their interests — and not just minimising its risk to huge financial penalties from the EU.

Reuters spotted Facebook’s tweak to its terms and conditions, which will mean that users outside the US, Canada, and the EU will not be protected by Europe’s new General Data Protection Regulation (GDPR) laws, due to come into force on May 25.

With trust in Facebook plummeting, users will hope that the social network is genuinely prioritising their interests — and not just minimizing its risk to huge financial penalties from lawmakers in Brussels.


Subject: No boundaries for Facebook data: third-party trackers abuse Facebook Login
Source: Freedom to Tinker

So far in the No boundaries series, we’ve uncovered how web trackers exfiltrate identifying information from web pagesbrowser password managers, and form inputs.

Today we report yet another type of surreptitious data collection by third-party scripts that we discovered: the exfiltration of personal identifiers from websites through “login with Facebook” and other such social login APIs. Specifically, we found two types of vulnerabilities [1]:

  • seven third parties abuse websites’ access to Facebook user data

  • one third party uses its own Facebook “application” to track users around the web.

NB Freedom to Tinker
RSS feed:

Other PRIVACY articles:

Subject: The Second Amendment comes first in teaching constitutional law
Source: The Conversation

The Second Amendment used to be absent from constitutional law classes. No more. Twenty years ago, when I was a law student taking constitutional law, the Second Amendment did not even come up in class. Today, as a law professor, I teach the Second Amendment as the very first case in my constitutional law class. The emergence of the Second Amendment in law school classrooms is a lesson in the ways politics and society drive constitutional debates, breathing meaning into our Constitution. The dormant amendment. The Second Amendment says, “A well regulated Militia, being necessary to the security of a free State, the right of the people to keep and bear Arms, shall not be infringed.” The only reference to this right in my law school casebook was tucked into a 1997 case where the court ruled that the federal government could not commandeer local officials to enforce federal law.

Posted in: Cybersecurity, Legal Education, Legal Research, Privacy, Social Media