Skip to content Skip to navigation

Friday Cyber News, February 22 2019

Cyber technology-related news and links from around the web, for the week of 2/16 - 2/22:

1. Competition in cyberspace: Tacit, or overt? "an explicit bargaining process for arriving at norms of acceptable behavior in cyberspace is appropriate in the strategic space of armed conflict, but a tacit bargaining approach, supported by persistent engagement, is required in the competitive space short of armed conflict. Tacit bargaining can produce more stable expectations of acceptable and unacceptable behavior in this competitive space. Empirical evidence suggests that states are seeking to advance their national interests without recourse to war, thus their interactions in this cyber strategic competitive space are best approached as a form of tacit agreed competition." [Lawfare]

2. A Federal data privacy law is stalled by worries over the influence of large tech companies, and fears that a weaker federal law would preempt stronger state laws, like California's. [WSJ]

3. Programs that use AI to generate the text of stories that sound like news reports are being examined on ethical grounds, and OpenAI has developed one that it refuses to release for fear of contributing to the deepfake problem (although the generated text isn't perfect). [Axios; OpenAI]

4. An inadvertently exposed Chinese database of real-time location, personal, and biometric information on inhabitants of a majority-Muslim geographic area within China shows the extent of the surveillance state and its preferred targets. [AP]

5. Breaches involving passports, government ID numbers and biometric data will be included in California's data breach notification requirements if a bill introduced Thursday by the state's Attorney General passes. The new categories would strengthen California's already head-of-the-pack data breach protections. And speaking of California data breaches, one involving the company Stanford uses to store its admissions documents and respond to FERPA requests led to the exposure of several students' admissions materials. [Techcrunch; Mercury News]

6. Lest you worry that the right to be forgotten is becoming a staid and respectable norm too quickly, insurer Coalition is now offering GDPR insurance for breaches of the new data protection standard, and a South Korean company is offering "cyber funerals" that will contact social media companies and erase your presence after, presumably, your death. In other cyber insurance news, Mondelez is suing its insurer, Zurich, for refusing to pay claims resulting from NotPetya, because the insurer classifies that cyber attack as an act of war. [Axios; Wired; Lawfare]

7. You can guess which 2020 campaign is the single holdout from a promise not to use or publicize hacked material, and you'll probably be right. [Daily Beast]

8. Led by fines for electronic PHI breaches, 2018 was a record year for HIPAA enforcement activity. Leading the way in 2019, the University of Washington's medical school announced this week that data on 974,000 patients was inadvertently exposed and Googleable for at least three weeks in December. [Inside Privacy; Cyberscoop]

9. Exposing the vulnerabilities of social media data, a NATO red team was able to catfish its own troops on Instagram and Facebook, discovering "the exact locations of several battalions, knowledge of troop movements to and from exercises, and the dates of active phases of the exercises" as well as instilling "certain behaviors such as leaving their positions, not fulfilling duties, etc." [Military Times]

10. Discrimination on 'sharing economy' sites like AirBnB may be eliminated by the provision of more information, including even one rating or positive comment, calling into question platforms' responses to discrimination that aim instead to hide information like names and profile pictures. [HBR] 

Thanks for reading,

Allison
Stanford Cyber Initiative
fsi.stanford.edu/cyber

(To suggest an item for this list, please email aberke@stanford.edu. This email contains links that may not work if HTML is not supported in your mailbox. You can view news from past weeks, subscribe, and unsubscribe at https://tinyletter.com/CyberNewsBytes)