Skip to content Skip to navigation

Friday Cyber News, May 25 2018

Cyber technology-related news and links from around the web, for the week of 5/19 - 5/25:

1. Happy GDPR Day! As you can tell from the flood of privacy policy update notices in your inbox, the European General Data Protection Regulation has gone into effect, and companies will have to track and justify how they request, store, and use customer data, as well as provide the option for customers to request a copy of all of their data, or request its deletion. Many firms projected they would not be in full compliance by today's deadline, and some services have chosen to simply block visitors from the EU rather than change their data-sharing policies. The first claims under the new regulation have already been filed, against Google, Facebook, and their subsidiaries, for using consent to advertising practices as a condition for accessing their services at all. The European Parliament recently questioned Mark Zuckerberg over user privacy, political ads, and various questionable Facebook practices, and intimated that regulation was forthcoming. [WSJ; The Register; Washington Post]

2. The FBI has seized control of a Russian-controlled botnet of 500,000 servers. But how sure are we that's the actual number of servers involved? The Washington Post reported this week that the FBI's stated numbers of encrypted devices they have been unable to access--supposedly 7,800 in the last fiscal year--were overstated by a combination of miscounting encrypted apps, double counting devices on multiple lists, and failing to check a contractor's counting work. While the FBI's general point remains--that they'd like to access encrypted devices, whether it's the new number (1,200) or more--this error casts serious doubt on the agency's ability to handle and analyze sensitive information like, say, the data on encrypted devices. [Daily Beast; Stanford CIS]

3. An Alexa device misinterpreted three parts in a row of a couple's private conversation in their home, and sent a recording of the conversation to a contact in their address book, all without their knowledge. Amazon admitted the device's malfunction, calling it a rare occurrence, implying this has happened more than once. Amazon was also scrutinized this week for selling AI-based facial recognition tools to US police departments. [Kiro7; The Verge] 

4. Algorithmic credit scores are building in antiquated biases reflected by training set data, and China's implementation of a country-wide social credit score has been used to block passengers from 11 million flights and 4 million high speed rail trips thus far. The UK Parliament's recently-released report about the use of algorithms in decision-making includes a section on algorithmic bias and associated concerns, and recommends better oversight of algorithms that use public sector datasets. [Quartz; Business Insider; UK Parliament]

5. A Federal judge in New York ruled that the President's Twitter account is a public forum, and individuals cannot be blocked from communicating with it. The phone the President uses only for tweeting, as well as his other, "call-capable" phone, lack security precautions like a disabled camera and microphone that were strongly recommended for Presidential devices. [USA Today; Politico]

6.​ Comcast's website was leaking customers' wifi passwords through a portal requesting only an account number and partial street address. [Ars Technica]

7. A Brookings Institution survey shows that a group of 1,535 respondents representing adult internet users believe that AI will have negative effects on job availability and on privacy, but will improve our lives overall--and should be governmentally regulated. [Brookings]

8. The DOJ and the CFTC have opened an investigation into digital currency price manipulation tactics and misleading trading practices. [The Hill] 

9. A recent decision by the US Circuit Court of Appeals for the 9th Circuit implies that companies' communications after a breach--such as suggesting that users change their passwords--implies standing to sue in a data breach class-action for risk of fraud. [Ropes & Gray]

10. An attack ad in California's 45th Congressional District goes after Brian Forde's bitcoin donors for supposedly supporting human trafficking. Finally, someone is addressing the needs of single-issue cryptocurrency voters. [Axios] 

Thanks for reading,

Stanford Cyber Initiative

(To suggest an item for this list, please email You can view news from past weeks, subscribe, and unsubscribe at