Skip to content Skip to navigation

Friday Cyber News, December 4 2015

Cyber technology-related news and links from around the web, for the week of 11/28 - 12/4:

1. Now that self-driving cars are passing road tests and slowing down traffic in Mountain View, it's not whether we'll get them, but when--and who will be first to market. Companies are competing to have the best features, and also have to consider how to get them into the majority of garages, fast. [Atlantic]

2. As the US and China continue to play nice on the internet, the US Attorney General and Secretary of Homeland Security reached an agreement with the Chinese Public Security Minister over when to request assistance, cooperation, and responses regarding cyber crimes, as well as promises of tabletop exercises to practice implementing the new procedures. (Shouldn't we be concerned with more than just the relations of two countries? Yes, and the UN's recently released GGE report on internet security discusses more general norms of behavior). China isn't playing nice with Australia on the internet, though, and has been blamed for a massive hack of Australia's Department of Meteorology, which includes Australia's largest supercomputer. [Reuters; JustSecurity; ABC]

3. HIPAA doesn't cover data generated by home paternity tests, ancestry genetic data, or fitness tracker reports, even when those data are personal and insufficiently secure on the online portals hosting them. The FTC is working with the Department of Health and Human Services to draw up some rules, but notes that cases in which data are exposed--such as when Fitbit reports of sexual activity were part of users' public profiles--are the tip of the iceberg compared to data sold without customers' knowledge. Meanwhile, a group in Sweden has developed "epidermal electronics" that are as unobtrusive to wear as a temporary tattoo, making it easier to track more data on your physical well-being. [Pacific Standard; Nature]

4. The EFF filed a complaint with the FTC that Google Chromebooks and Apps for Education track and store students' browsing data without permission. Currently, the data isn't used for advertising, but educational data falls under strict protections due to FERPA, and Google may have to change its practices. An attack on toymaker VTech that exposed the private information on 6.4M children is also drawing attention and calls for stricter security requirements for toys and electronics that children use directly. [EFF.org; CNBC]

5. A new ruling on the private search doctrine of the fourth amendment deepens the split between "whole computer" and "single file" interpretations. Interlude for an explanation of the issue by someone who's not a lawyer: when a private party conducts a search, finds something incriminating, and reports it to the police, the police are allowed to conduct a search without violating the fourth amendment as long as their search does not overstep the boundaries of the private party's search--that is, the police search should only replicate the private search. On a computer, 2012 rulings defined "replicate" as "searching the entire computer", meaning anything discovered on the machine was fair game, even if the private search only involved certain files. These newer rulings argue instead that individual files are the relevant unit--that the files or data viewed by the private party are the only ones that can be viewed by a replicating police search. [Washington Post]

6. UC Davis Professor Phil Rogaway argues that cryptographers have a moral responsibility to resist mass surveillance, and to attend to the societal consequences of their work. Related to encryption as a public good, the public beta of Let's Encrypt went live this week, and has issued many thousands of certificates, with the goal of making it easy to have better encryption. [UCDavis; LetsEncrypt]

7. Google knows you're going to want your robot butler to interpret your mood--look at the Jetsons--and has released an API that lets your devices learn your preferences from your behavior and expressions. [Fortune]

8. The SEC sued Bitcoin mining startup GAW Miners this week, charging it with $19M of Ponzi-scheme fraud involving the sale of far more mining power than it actually had available. Lest that dampen your enthusiasm for cryptocurrencies, Goldman Sachs has filed a patent for its very own, called SETLcoin, just to keep its toes in the water; Goldman also invests in Bitcoin-based startups. [Ars Technica; Financial Times]

9. Is digital hoarding the same type of affliction as physical hoarding, when it feels so inevitable? Our homes are tidier than our hard drives, but fixing the problem may be impossible as most of our digital detritus is backed up beyond our reach. Back to physical hoarding: Cyber Monday set a new record of $3.07B in sales, and 26% of sales came from mobile devices. And that's the last we'll speak of Cyber Monday for another year. [MEL; TechCrunch]

10. Lifelock allowed a man to open an account on his ex-wife--gaining him access to her financial activity--and Lifelock's data retention policies will only turn records over to law enforcement, not the woman whose identity was the subject of the profile. While this is one example of a company with a security loophole, it's added to a line of cases in which technology developers haven't considered data security from a sociological perspective that accounts for stalking and domestic crimes. [Consumerist]

P.S. In the Bay Area on Dec. 7th? Join us for our last Cyber Seminar of the quarter, 4-5 pm at the Huang Engineering Center's Mackenzie Room (3rd floor), to hear Cyber Initiative co-Director Professor Dan Boneh and author, researcher, and philosopher Jaron Lanier discuss the science, economics, and ethics of personal, corporate, and government data ownership. Jaron's most recent book, "Who Owns the Future?" addresses these issues, which are complicated by end-to-end encryption, tracking technologies, and differing international laws on data ownership. RSVP here:
https://www.eventbrite.com/e/cyber-initiative-seminar-who-owns-your-data-tickets-19587705354

Thanks,

Allison
Stanford Cyber Initiative

(To suggest an item for this list, subscribe, or unsubscribe, please email aberke@stanford.edu. This email contains links that may not work if HTML is not supported in your mailbox. You can also subscribe or view news from past weeks at https://tinyletter.com/CyberNewsBytes)