Skip to content Skip to navigation

Friday Cyber News, August 12 2016

Cyber technology-related news and links from around the web, for the week of 8/6 - 8/12:

1. Imprecise metaphors, names, and analogies for cyber technologies and techniques are making their way into our laws, to the detriment of their future accuracy and applicability. Even seemingly obvious chains of logic (e.g., "if one person can discover a zero-day vulnerability, others can and will", or "the government must have thousands of zero-days given how many cybersecurity professionals are employed by the NSA") lack the underlying research to back them up (perhaps most zero-days have never been exploited before they are turned in by a scrupulous discoverer; researchers estimate the NSA maintains a stockpile of around 50 zero-day exploits) and these lapses can lead to bad policy, and confusion over what "cyber weapons" and "cyber war" mean in practice. [Lawfare; The Hill; Threatpost]

2. Cyber Initiative researcher and SLS professor Nate Persily warns about the growing volume of political communication and advertising taking place on Facebook, YouTube, and elsewhere on the internet. These types of political messaging are not regulated in the same way as television ads--that is to say, by the government--but they are regulated by the private companies that own the apps--Facebook, Google, Twitter--which means less public scrutiny, and more room for potential discrimination. [Washington Post]

3. A new Secure Data Exchange protocol allows third parties to run computations on encrypted data without decrypting it or learning anything beyond the results of their computation. This adds a layer of protection to data in the cloud, even when queried by malicious third parties. It doesn't protect against a malicious cloud, though (can we call those "thunderclouds"?). [Microsoft Research]

4. If you have an implanted medical device, accessing the software running on that device, or even the raw data it's collecting, may be impossible, partly due to the DMCA. Do patients have the right to oversee the software running inside their bodies? Can they check it for bugs? [Backchannel]

5. The FCC is anticipating a fight over "pay for privacy" plans--Comcast has one in the works--that would offer lower prices for internet service when a user agrees to receive targeted advertising based on browsing activity. [The Hill]

6. No one is saying Delta's system-wide outage earlier this week was the result of a hack (yet?) but it does underscore the importance of a backup system, and of network resiliency for all industries, including but not limited to critical infrastructure. This is a problem for the internet as a whole, a bandwidth bottleneck that struggles to accommodate all of our IoT devices and simultaneous Netflix streaming--or the Australian online census, which ran into serious server capacity problems. It's a catch-22; without the census, they don't know how many Australians they need to plan the online census for... [Tech Policy Daily; The Hill; Nature; News.com.au]

7. Twitter's growth is stagnating, and it's looking to rent out some of its downtown SF office space; another sign of trouble is its inability to curb harassment on the site. [Buzzfeed]

8. If you missed going to DEFCON and Black Hat last week, you can still read through the presentations; check out "How to Overthrow a Government", or Lorrie Cranor on how the FTC addresses new technology, or how to inject malware into a digitally signed file without altering its hash, and definitely hear advice from the kids at r00tz asylum.  [Defcon.org; Blackhat.com; CSM Passcode]

9. Google Maps doesn't label Palestine, despite international variance in the recognition of Palestine's existence as a separate state. Google generally has a policy of displaying different maps in different countries, so as not to stake a position on disputed territories. How important is Google's geopolitical silence, or compromise? [Guardian]

10. If you have a common name reflected in your email address, you likely get email that wasn't meant for you--or was meant for a better you: "a lot of the messages I get that are meant for her are about how inspirational her life story is, or how something she said or wrote really touched a nerve with the sender. It's always VERY easy to tell they are not for me, as I've never inspired anyone in my life." [The Week]

P.S. Interested in how to evaluate cyber threats, and want to learn more at SXSW? Vote for a panel with the Cyber Initiative, R Street, the Mercatus Center, and TechDirt: http://panelpicker.sxsw.com/vote/63185

Thanks for reading,

Allison
Stanford Cyber Initiative

(To suggest an item for this list, please email aberke@stanford.edu. This email contains links that may not work if HTML is not supported in your mailbox. You can view news from past weeks, subscribe, and unsubscribe at https://tinyletter.com/CyberNewsBytes)