Pete Recommends – Weekly highlights on cyber security issues, December 19, 2021

Subject: A Proposal to Block Companies From Using Biased Algorithms
Source: Route Fifty [nothing here about bail or sentencing guidelines … ]

Washington, D.C.’s Attorney General Karl Racine is billing the legislation as groundbreaking and says he wants to prevent artificial intelligence from contributing to discrimination in areas like housing, lending and education.Legislation that Washington, D.C.’s attorney general proposed this week seeks to shield district residents from discriminatory and biased computer algorithms, setting guidelines that companies and other organizations would need to follow when using the technology and imposing penalties on those that run afoul of the rules.

The proposal—which Attorney General Karl Racine’s office described as the first comprehensive bill of its kind in the U.S.—would make it illegal for businesses and other organizations to use discriminatory algorithms in areas such as education, employment, housing, and with providing services like credit, health care, and insurance. “Algorithmic decision-making computer programs have been convincingly proven to replicate and, worse, exacerbate racial and other illegal bias in critical services that all residents of the United States require,” Racine said in a statement.He pointed to mortgage lending, auto financing, student loans, credit applications, health care and school admissions as examples of where these problems can arise.

The legislation aims to block the use of traits like race, sex and disability status in automated decisions in ways that are discriminatory. It would also require businesses to audit the algorithms they use, with an eye towards determining whether they show signs of troubling patterns of bias and to report their findings to the AG’s office.


Subject: Professional maintainers: a wake-up call
Source: Filippo Valsorda via beSpacific

Filippo Valsorda: “I work on the Go team at Google, but this is my personal opinion as someone who built a career on Open Source both at and outside big companies. Open Source software runs the Internet, and by extension the economy. This is an undisputed fact about reality in 2021. And yet, the role of Open Source maintainer has failed to mature from a hobby into a proper profession. The catastrophic consequences are almost a daily occurrence. Less than a couple months ago, the United States Cybersecurity & Infrastructure Security Agency issued an alert about the hijacking of a popular NPM package named ua-parser-js. That project has 6.5k stars on GitHub and has raised a total of $41.61 on OpenCollective. Earlier this week, a severe RCE in a logging library called Log4j2 got everyone, from Apple to Minecraft. As of yesterday, the maintainer who patched the vulnerability had three sponsors on GitHub: Michael, Glenn, and Matt. I could go on and on and on.

Subject: Facebook bans seven companies accused of surveillance for hire

Dec. 16 (UPI) — Facebook’s parent company Meta on Thursday banned seven surveillance-for-hire companies from the social media platform over concerns about spying that could affect close to 50,000 users.

The Facebook users across 100 countries may have been targeted by the surveillance companies working for both government agencies and private clients.

“We alerted around 50,000 people who we believe were targeted by these malicious activities worldwide, using the system we launched in 2015. We recently updated it to provide people with more granular details about the nature of targeting we detect, in line with the surveillance chain phases framework we shared above” states the report.

“Given the severity of their violations, we have banned them from our services. To help disrupt these activities, we blocked related internet infrastructure, putting them on notice that their targeting of people has no place on our platform.”

Subject: SEC gives JPMorgan Chase record fine for using WhatsApp, other unapproved methods to conduct business

Dec. 17 (UPI) — JPMorgan Chase has agreed to pay a $125 million penalty for allowing employees on Wall Street to use smartphone apps to get around federal record-keeping laws, regulators announced Friday.

The Securities and Exchange Commission said the violations occurred between 2018 and 2020, during which some JPMorgan employees used WhatsApp and personal email accounts to conduct official business.

Under federal law, banking firms must keep detailed records of official business between brokers and clients so that regulators can inspect the transactions.

The SEC said the practice of using third-party communication apps was widespread at JPMorgan Chase.

Another regulator, the Commodity Futures Trading Commission, also said Friday that it fined JPMorgan $75 million for using unapproved communications.

Subject: The best way to protect personal biomedical data from hackers could be to treat the problem like a game
Source: GCN

By accounting for the value of the shared data, the game-based approach finds strategies that strike the right balance between utility and privacy.

Game theory, which tries to predict how the behavior of competitors influences the choices the other players make, can help researchers find the best ways to share biomedical data while protecting the anonymity of fthe people contributing the data from hackers.

Modern biomedical research, such as the National COVID Cohort Collaborative and the Personal Genome Project, requires large amounts of data that are specific to individuals. Making detailed datasets publicly available without violating anyone’s privacy is a critical challenge for projects like these.

To do so, many programs that collect and disseminate genomic data obscure personal information in the data that could be exploited to re-identify subjects. Even so, it’s possible that residual data could be used to track down personal information from other sources, which could be correlated with the biomedical data to unearth subjects’ identities. For example, comparing someone’s DNA data with public genealogy databases like can sometimes yield the person’s last name, which can be used along with demographic data to track down the person’s identity via online public record search engines like PeopleFinders.


Posted in: AI, Big Data, Cybersecurity, Financial System, Legal Research, Open Source, Privacy, Social Media, Spyware, Technology Trends