Skip to content Skip to navigation

Friday Cyber News, June 24 2016

Cyber technology-related news and links from around the web, for the week of 6/18 - 6/24:

1. The US and Israel signed a cyber defense cooperation agreement, and Israel plans to "liberalize" its technology transfer and licensing requirements for cyber-related exports. CIA director Brennan called foreign encryption technology a "theoretical capability" last week, so hopefully he gets this newsletter. And it's not just Israel; further negotiations on the Wassenaar agreement, specifically on cyber technology exports, continued this week. (Do cyber cooperation agreements work? Well, one study finds that Chinese hacking of US targets is down since mid-2014, and partially attributes the decline to the US-China agreement to stop cyberespionage.) [Legalinsurrection; Defense News; Lawfare; The Hill; Washington Post]

2. What's the worst-case scenario for a widespread cyber attack? Cars programmed to cause accidents, hospitals shut down by ransomware, and the electric grid taken down--in small, isolated pieces, all of these have already happened. Here's what the Pentagon's preparations for a similar scenario look like. Why aren't we more concerned? For one, a survey study shows that people accept driverless cars programmed to kill when absolutely necessary (but don't really want to ride in them); our risk tolerance is obviously higher than some would assume. [NY Mag; Military Times; Science]

3. Maybe you're only interested in cryptocurrencies for the drama--and who could blame you, with mistaken identities, contested inheritances, bank robberies, and elusive villains, cryptocurrency stories are the modern-day financial Fantomas--so here's a long expose of Craig Wright, pretender to the Satoshi throne, and an explanation of the DAO hack and measures to counter it. [Wiki; London Review of Books; Vessenes;]

4. Danah boyd makes a case for auditing the environmental and social impact of code--no one is providing LEED certification for code that uses massive amounts of electricity, or data centers that require rare earth metals that strip-mine vulnerable environmental niches--and highlights the responsibility of QA testers that goes beyond "does this make the app crash". Similarly, internet archivists have social responsibility to consider whose voices and stories are being archived, and what should be preserved even if its creators delete it. [Datasociety; NY Times]

5. A Federal district court in Virginia ruled this week that individuals have no reasonable expectation of privacy that applies to their personal computers, and that the government does not need a warrant to hack your computer. Other courts have decided differently, including in cases stemming from the same recent high-profile FBI "Playpen" case that this ruling is a part of, but this highlights the contradictory nature of rulings on complicated technology, and the need for better judicial education on cyber technology to establish a common vocabulary. The Senate rejected expanding FBI surveillance capabilities this week (among other measures, the proposal would mean the FBI could access internet browsing history without a warrant, but with a national security letter), pointing in the opposite direction: that even in cases involving national security, internet activity is accompanied by an expectation of privacy. [; The Hill; The Hill]

6. Google, Paypal and the ACLU are campaigning against changes to Rule 41, which would remove the location requirement for warrants to hack computers (as their locations may be unknown or intentionally obscured). [CS Monitor]

7. Algorithms can be taught to anticipate humans' physical interactions by studying TV shows, though hopefully not American Ninja Warrior. In a tripartite interview, AI researchers predict what's next for AI, including effects on labor and human intelligence. Amazon wants Alexa--and presumably, other smart-home devices--to understand when you're annoyed and when you're happy, to adjust its responses accordingly. [MIT News; WSJ; Tech Review]

8. How will Brexit affect the cybersecurity industry? Will tech talent leave the UK? Will the EU still fund technology research in British universities? Will multinational banks and corporations leave the UK, and take their data with them? Will the UK still participate in threat information sharing and the General Data Protection Regulation? As for the actual decision, reported this morning, the EU's Sensei AI/data mining platform may have predicted the swing toward "leave" during the first week of June. [SC Magazine; WSJ; The Conversation]

9. University of Chicago researchers point to problems with running experiments online: subject attrition is abnormally high, and leads to false results. [Chicago Booth]

10. In case you weren't going to tape over your webcam until Mark Zuckerberg was doing it--yes, you should. Mark seems to be using black electrical tape; yours truly enjoys stickers in the shape of vintage cameras (for example). Big banks are moving toward biometrics--fingerprint and eye scans--and away from passwords, so you may want to protect your eyes from being recorded through that webcam, too. [Guardian; Etsy; NY Times]

Thanks for reading,

Stanford Cyber Initiative