Pete Recommends – Weekly highlights on cyber security issues, July 22, 2023

Subject: How NIST is helping to guide the government conversation on AI
Source: Nextgov/FCW

Industry, technologists, policymakers and members of Congress are watching what the U.S. standards-setting agency is doing to understand the risks of AI.

The agency, which focuses on voluntary, stakeholder-driven measurement standards, is drilling in on the risks posed by the emerging technology in a series of guidance documents including the AI Risk Management Framework published earlier this year.

“We’re not a regulatory agency, but our work is being used by a very broad…community, from industry to academia, but also policymaking,” Elham Tabassi, the chief of staff of the Information Technology Laboratory at NIST told Nextgov/FCW. “What we do is work with the community to develop guidance that are clear, that are implementable, that are actionable and they become the basis for good policymaking.”

“Guardrails and regulation are going to be incredibly important to the adoption of AI in a very innovative and safe way,” Lefaivre Škopac told Nextgov/FCW. “The reason that regulation and guardrails are so critical is we won’t be able to foster the competitive advantage and also the innovation that harnesses the benefits of AI, unless we put some of this structure in place.”

“Congress should require federal agencies to use the NIST AI risk management framework during the design, development, procurement, use and management of AI,” Parker told Senate lawmakers at a May hearing. “Beginning with the standardized assessment of the risks posed by use cases of AI is a key step that can be taken now by all federal agencies without needing to wait for additional OMB guidance.”




Subject: Commerce launches EU-US data privacy framework certification website
Source: FedScoop

American companies have until Oct. 10 to certify their compliance with the new privacy framework. The Department of Commerce has launched a website to help American companies certify their participation with the recently adopted EU-U.S. Data Privacy Framework.

The new site follows protracted negotiations between the United States and the EU to re-establish a mechanism for the transfer of European citizens’ personal data to the United States following a previous decision by a European court to invalidate the previous EU-U.S. Privacy Shield Framework.

U.S. companies transferring data to and from the EU can begin relying on the new landmark agreement but must certify their participation by Oct. 10 at

Through the new website, they can also certify compliance with the U.K. extension to the data privacy framework and Swiss-U.S. data privacy principles.

Subject: 81% of Americans unaware digital health apps can sell personal data
Source: Becker’s Health IT

Eighty-one percent of Americans inaccurately assume that all health data protected on digital health platforms are also protected under HIPAA, according to a July 13 report from ClearData, an information services and technology platform.ClearData commissioned the Harris Poll to survey more than 2,000 adults from May 24-26 to reveal how informed Americans are when it comes to the protection of their health data.

Here are some [4] things to know, according to the report:

Subscribe to the following topics:

digital health
health data

Subject: Common typo causes millions of emails intended for members of the US military to be sent to accounts in Mali
Source: CNN Politics

Millions of emails intended for Pentagon employees were inadvertently sent to email accounts in Mali over the last decade because of typos caused by the similarity of the US military’s email address and the domain for the West African country, according to a Dutch technologist who discovered the problem.In some cases, sensitive information like hotel reservations for senior US military officials were revealed.

The emails were intended for owners of “.MIL” email accounts – the internet domain owned by the US military – but because of typos they were instead sent to the .ML domain, which handles email accounts in the West African country of Mali.

This isn’t the first time this year that the US military has had to deal with an inadvertent email leak. A trove of internal US Special Operations Command emails were publicly available online for about two weeks in February because of an IT misconfiguration. The Pentagon fixed the issue after a private security researcher discovered the leak.

Subject: You may deactivate anyone’s WhatsApp account with a simple email
Source: gHacks Tech News

WhatsApp users who lose access to their phones may request a deactivation of their account. The entire process requires just an email and the phone number and it appears that WhatsApp is not using any other form of verification to make sure that they don’t deactivate the accounts of third-parties. Twitter user Jake Moore discovered that anyone may email WhatsApp to get an account deactivated. WhatsApp explains the workflow on its Help Center website. There, the Meta-owned company reveals the steps that users need to take to protect the Whatsapp account against access by others.

WhatsApp recommends that users contact their mobile provider to get the device’s SIM card locked. This is a necessary step, as it will prevent third-parties from re-registering the account on the phone once it has been deactivated by WhatsApp. WhatsApp will only reactivate accounts if they can receive SMS or phone calls; both options are unavailable if the SIM card is locked. Third-parties may still use WhatsApp on Wi-Fi though.

Subject: The scary world of online behavioral advertising
Source: Lifehacker

Lifehacker: “Instead of eavesdropping and storing your voice as many assume, your apps, phone, watch, game system, computer, and probably your oven are greedily collecting every data point they possibly can, including but not limited to your:

  • Location information (both through your device’s location settings and IP address)
  • Search history
  • Browsing history
  • Purchase history
  • Physical interactions (that is, how you physically use your device)

This information, taken as a whole, is way more valuable and useful than whatever you talk about, and basically anyone who wants to can buy it.

Abstracted from beSpacific
Copyright © 2023 beSpacific, All rights reserved.

Posted in: Big Data, Cybersecurity, Data Mining, E-Government, Email, Government Resources, Healthcare, Privacy, United States Law