Pete Recommends – Weekly highlights on cyber security issues, April 15, 2023

Subject: Public health must diversify which data ‘count’ in AI algorithms
Source: The Hill
https://thehill.com/opinion/healthcare/3938146-public-health-must-diversify-which-data-count-in-ai-algorithms/

Despite AI’s promising potential as a public health surveillance and predictive tool, health professionals across different sectors have expressed expansive concerns about its long-term viability, highlighting examples such as poor model interpretability, insufficient infrastructure, lack of regulation, data sharing, and of course, broader privacy and ethical concerns. Arguably the most troubling concern, however, centers on AI’s potential to incorporate bias into its algorithmic data structure, which could disproportionately affect marginalized populations because of their underrepresentation in scientific research more generally.

Proof of this bias exists. For example, recent evidence of racial bias was found in a commercial algorithm commonly used in U.S. hospitals, such that Black patients were assigned consistently lower risk scores despite being equally sick as their white counterparts. These issues are enough to give industry experts pause with fast-tracking AI implementation into ubiquity.

As an assistant professor in public health at San Jose State University, situated in the heart of Silicon Valley, I have become all too familiar with how “hierarchy of data” debates present in many technocratic-driven spaces such as the National Institutes of Health and the social innovation health sector work to privilege certain data forms over others.

Tags

Sample RSS feed: https://thehill.com/social-tags/public-health/feed/


Subject: Why Banks Are Suddenly Closing Customer Accounts
Source: New York Time
[note this link provides free access to the article = no paywall]
https://www.nytimes.com/2023/04/08/your-money/bank-account-suspicious-activity.html?unlocked_article_code=WlSS7qr8JyTuBWe8XuI0pApO4tn1xukI0aJsqO4jOHNizSuqF7kQ0GFkAHcr35IMxXPrRFD1QqWQWwAm-St6Z7RQn7BxjYHvggVrEjypZmvLBvAV1GSNLGm70nscKNqaqdOK9nZDHNnPlE_6o-aeIe0tZtd842uec9VniLxAjt3lfCRF7gnEFAD5HP1CLGCuKvVupJx4AH8tXszovogYRaXd1Blpghk9BCDmfOGqvVxs4SOE6YdzMV_Y5M5LEYhTTZ-hqwGpHNW2roXKtcwKTRDjZrsXDMHy5ShO8itKgNaRmjdGrLXxilPwdBBSu3GfjrjhTbOoR0nbI2t3mxCelHIA92Mr1v0wddIngg&smid=url-share

Increasing attention to suspicious-seeming transactions has led to some people suddenly losing access to their bank accounts. The reasons are often a mystery.

A rise in suspicious activity reports – With fraudulent activity on the rise and exploding during the pandemic, some banks are taking an even harder look at their customers’ transactions — and closing their accounts when they feel that it’s necessary.

Besides the overall rise in fraudulent activity, several factors could be behind the increase in filings — more alerts from government officials tipping off banks to specific activities, increasingly sophisticated technologies to detect them and more regulatory scrutiny.

Banks can close a customer’s account for any reason, at any time, a point that is buried in the fine print of its customer agreements. When they do dump an account, it’s usually because they’re trying to protect the institution (or the customer) from a potential fraud.

“The big thing I’ve learned here, and I think it’s applicable to a lot of places in our lives — say, if you’re investing money — is that you diversify,” he said. “If all of your credit or money is wrapped up in one bank, it can only benefit them.”


The Federal Trade Commission alleges that we shared identifiable information about people who visited our website or used our app between July 2017 and April 2020 without their permission. This information included details about drug and health conditions people searched and their prescription medications. We shared this information with third parties, including Facebook. In some cases, GoodRx used the information to target people with health-related ads. The Federal Trade Commission alleges we broke the law by sharing this health information without users’ permission. To resolve the case, we have agreed to an FTC order requiring that:
  • We’ll tell applicable third parties (like Facebook) who received that information to delete it.
  • We’ll never share your health information with applicable third parties (like Facebook) for advertising purposes.
  • We won’t share your health information with applicable third parties (like Facebook) for other purposes, unless we get your permission first.
  • We’ll put in place a comprehensive privacy program with heightened procedures and controls to protect your personal and health information. An independent auditor will review our program to make sure we’re protecting your information. These audits will happen every two years for 20 years.

To learn more about the settlement, go to ftc.gov and search for “GoodRx”.

For advice on protecting your health privacy, read the FTC’s Does your health app protect your sensitive info?


Subject: It happened to me today
Source: Reddit freelanceWriters
https://old.reddit.com/r/freelanceWriters/comments/12ff5mw/it_happened_to_me_today/

I literally lost my biggest and best client to ChatGPT today. This client is my main source of income, he’s a marketer who outsources the majority of his copy and content writing to me. Today he emailed saying that although he knows AI’s work isn’t nearly as good as mine, he can’t ignore the profit margin.

Again, I keep seeing people (myself included) saying things like, “it’s not a threat if you’re a GOOD writer.” I get it. Am I the most renowned writer in the world? No. But I have been working as a writer for over a decade, have worked with top brands as a freelancer, have more than a dozen published articles on well known websites. I am a career freelance writer with plenty of good work under my belt. Yes, I am better than ChatGPT. But, and I will say this again and again, businesses/clients, beyond very high end brands, DO NOT CARE. They have to put profits first. Small businesses especially, but even corporations are always cutting corners.

Filed: https://old.reddit.com/r/freelanceWriters/

RSS: https://old.reddit.com/r/freelanceWriters/.rss


Subject: Massachusetts health system sued for allegedly sharing patient data with Google
Source: Becker’s Healthcare
https://www.beckershospitalreview.com/cybersecurity/massachusetts-health-system-sued-for-allegedly-sharing-patient-data-with-google.html

A lawsuit filed April 3 alleges that Dallas-based Steward Health Care System’s website used a Meta pixel tracking tool that sent some patient information to Meta and Google, Class Action reported April 10.

The move comes as hospitals and health systems across the country are facing similar lawsuits alleging that they have put pixel tracking technologies onto their websites and patient portals for marketing purposes.

A recent Health Affair study also found that 98.6 percent of U.S. hospital websites sent patient data to third-party companies such as Alphabet, Meta and Adobe.

Latest articles on Cybersecurity:

Healthcare organizations lag behind in cyber investments
Tennessee health system affected by CHS third-party breach

HHS investigating Tallahassee hospital IT breach


Subject: Banning TikTok could weaken personal cybersecurity
Source: GCN
https://gcn.com/cybersecurity/2023/04/banning-tiktok-could-weaken-personal-cybersecurity/385094/

TikTok restrictions could lead to individuals engaging in risky digital behavior to circumvent mobile app bans, potentially exposing their networks and data to bad actors, an expert warns.

So far, the discussion has focused on whether TikTok should be banned. There has been little discussion of whether TikTok could be banned, and there has been almost no discussion of the effects on cybersecurity that a TikTok ban could cause, including encouraging users to sidestep built-in security mechanisms to bypass a ban and access the app.

As a cybersecurity researcher, I see potential risks if the U.S. attempts to ban TikTok. The type of risk depends on the type of ban.

This article is republished from The Conversation under a Creative Commons license. Read the original article.


Subject: A Real-Time Website Privacy Inspector
Source: The Markup
https://themarkup.org/blacklight

Who is peeking over your shoulder while you work, watch videos, learn, explore, and shop on the internet? Enter the address of any website, and Blacklight will scan it and reveal the specific user-tracking technologies on the site—and who’s getting your data. You may be surprised at what you learn.

https://themarkup.org/about


Subject: Firefox rolls out Total Cookie Protection by default to more users worldwide
Source: Mozilla Blog
https://www.bespacific.com/firefox-rolls-out-total-cookie-protection-by-default-to-more-users-worldwide/

Mozilla Blog: “Take back your privacy – Firefox is rolling out Total Cookie Protection by default to more Firefox users worldwide, making Firefox the most private and secure major browser available across Windows, Mac, Linux and Android. Total Cookie Protection is Firefox’s strongest privacy protection to date, confining cookies to the site where they were created, thus preventing tracking companies from using these cookies to track your browsing from site to site.

FIled: https://blog.mozilla.org/en/category/privacy-security/

RSS: https://blog.mozilla.org/en/category/privacy-security/feed/



Abstracted from beSpacific
Copyright © 2023 beSpacific, All rights reserved.


Subject: Annual Threat Assessment of the U.S. Intelligence Community
Source: ODNI
https://www.bespacific.com/annual-threat-assessment-of-the-us-intelligence-community-2/

ODNI, February 2023: Annual Threat Assessment of the U.S. Intelligence Community: “During the coming year, the United States and its allies will confront a complex and pivotal international security environment dominated by two critical strategic challenges that intersect with each other and existing trends to intensify their national security implications….

PDF is 40 pages; TOC:

CONTENTS

INTRODUCTION ………………………………………………………………………………………………………. 2
FOREWORD ……………………………………………………………………………………………………………… 4
CHINA ……………………………………………………………………………………………………………………… 6
RUSSIA …………………………………………………………………………………………………………………… 12
IRAN ………………………………………………………………………………………………………………………. 17
NORTH KOREA ……………………………………………………………………………………………………… 20
CLIMATE CHANGE AND ENVIRONMENTAL DEGRADATION ………………………………… 22
HEALTH SECURITY ………………………………………………………………………………………………… 24
Infectious Diseases and the Impact of the COVID-19 Pandemic ……………………………………… 24
Our Assessment of the Origins of COVID-19 ………………………………………………………………. 25
Biological Weapons ……………………………………………………………………………………………….. 25
Anomalous Health Incidents ……………………………………………………………………………………. 25

ADDITIONAL TRANSNATIONAL ISSUES ……………………………………………………….. 26
Preface ………………………………………………………………………………………………………………… 26
Developments in Technology …………………………………………………………………………………… 26
Trends in Digital Authoritarianism and Malign Influence ……………………………………………… 27
Nuclear Proliferation ……………………………………………………………………………………………… 28
Global Economic Consequences of Russia–Ukraine War ………………………………………………. 28
Migration …………………………………………………………………………………………………………….. 29
Transnational Organized Crime ……………………………………………………………………………….. 30
Global Terrorism …………………………………………………………………………………………………… 31

CONFLICTS AND FRAGILITY …………………………………………………………………………………. 34
Preface ………………………………………………………………………………………………………………… 34
Potential Interstate Conflict …………………………………………………………………………………….. 34
Internal Strife ……………………………………………………………………………………………………….. 35
Governance Challenges ………………………………………………………………………………………….. 37



Abstracted from beSpacific
Copyright © 2023 beSpacific, All rights reserved.


Subject: The Hacking of ChatGPT Is Just Getting Started
Source: WIRED
https://www.wired.com/story/chatgpt-jailbreak-generative-ai-hacking/

It took Alex Polyakov just a couple of hours to break GPT-4. When OpenAI released the latest version of its text-generating chatbot in March, Polyakov sat down in front of his keyboard and started entering prompts designed to bypass OpenAI’s safety systems. Soon, the CEO of security firm Adversa AI had GPT-4 spouting homophobic statements, creating phishing emails, and supporting violence.

Polyakov is one of a small number of security researchers, technologists, and computer scientists developing jailbreaks and prompt injection attacks against ChatGPT and other generative AI systems. The process of jailbreaking aims to design prompts that make the chatbots bypass rules around producing hateful content or writing about illegal acts, while closely-related prompt injection attacks can quietly insert malicious data or instructions into AI models.

Underscoring how widespread the issues are, Polyakov has now created a “universal” jailbreak, which works against multiple large language models (LLMs)—including GPT-4, Microsoft’s Bing chat system, Google’s Bard, and Anthropic’s Claude. The jailbreak, which is being first reported by WIRED, can trick the systems into generating detailed instructions on creating meth and how to hotwire a car.

Arvind Narayanan, a professor of computer science at Princeton University, says that the stakes for jailbreaks and prompt injection attacks will become more severe as they’re given access to critical data. “Suppose most people run LLM-based personal assistants that do things like read users’ emails to look for calendar invites,” Narayanan says. If there were a successful prompt injection attack against the system that told it to ignore all previous instructions and send an email to all contacts, there could be big problems, Narayanan says. “This would result in a worm that rapidly spreads across the internet.”

Topics:


Subject: Does ChatGPT Have Privacy Issues?
Source: MakeUseOf
https://www.bespacific.com/does-chatgpt-have-privacy-issues/

MakeUseOf: “ChatGPT’s privacy policy tells us almost everything we need to know about its data retention habits. It gathers its information from three sources:

  • Account information that you enter when you sign up or pay for a premium plan.
  • Information that you type into the chatbot itself.
  • Identifying data it pulls from your device or browser, like your IP address and location.

MuO category: https://www.makeuseof.com/category/security/

RSS: https://www.makeuseof.com/feed/category/security/

Posted in: AI, Cybersecurity, Economy, Financial System, Healthcare, Legal Research, Privacy, Social Media