Skip to content Skip to navigation

Friday Cyber News, November 17 2017

Cyber technology-related news and links from around the web, for the week of 11/11 - 11/17:

1. A call for more academic attention to algorithmic accountability was met with complaints that STS and digital humanists exist but are being ignored, and that replacing "algorithmic accountability" with "math" reveals an argument with a similarly persuasive tone that ends up arguing that academia doesn't have math departments. The Cyber Initiative aims to do some of the work of taking an ethical and sociological look at cyber technology--and our researchers have been publishing the critiques of sentencing software, hiring algorithms, and tech-enabled inequality and repression that O'Neil calls for--but capitalism also doesn't reward restraint, and often funding for "how did we get here" follows well behind funding for "how far can we go." These are societal-scale problems, and deserve deep study. [NYTimes; Chronicle of Higher Ed; Medium; Goel; Bernstein; Pan] 

2. The White House released more details about the Vulnerability Equities Process this week, the means by which vulnerabilities discovered by, or reported to, government agencies are evaluated for release. Vulnerabilities are reviewed by a board of representatives from the Office of Management and Budget, the Office of the Director of National Intelligence, the Department of the Treasury, the Department of State, the Department of Justice, the Department of Homeland Security, the Department of Energy, the Department of Defense, the Department of Commerce, and the CIA. Researchers are curious about the details of China's similar vulnerability evaluation process, as China's database tends to be faster than the US at publishing new vulnerabilities. [; Cyberscoop]

3. The House Energy and Commerce Commission is asking the Department of Health and Human Services to require medical device manufacturers to include a list of all of the software components in medical devices that they approve for sale. While it's unclear what level of detail would be provided (e.g., just the name of the manufacturer responsible for the code, up to the full text of the code included), better visibility is needed into what vulnerabilities might exist in medical devices that are often difficult to audit by users or physicians. The Department of Health and Human Services is not currently represented on the VEP panel (see above), ostensibly because it's already a crowded panel, but some argue that medical device and health information vulnerabilities are important enough to merit inclusion. [The Hill]

4. Governments in 34 out of 65 countries evaluated in a Freedom House Freedom of the Net report used cyberattacks against critics of their regimes, making cyber repression the second most common form of governmentally-wielded dissident control, after arrests. The report ranked China last in terms of internet freedom, but China is unapologetic, noting that the internet must be orderly, and that Western governments are also facing problems resulting from fake news and online misinformation. [Cyberscoop; Reuters] 

5. American Express has partnered with Ripple to use blockchain-based payments for US customers sending payments to UK businesses using Santander bank. Despite this relatively restricted use case, the acceptance of a blockchain payment system by a major card company is a step forward for general consumer acceptance of blockchain payments. [Fortune]

6.​ Behind Facebook's People You May Know algorithm is a system that creates shadow profiles for individuals who may not even be on Facebook, based on contact information that users have uploaded to find friends. [Gizmodo]

7. Perhaps wanting something to say in response to panel moderators who follow every reasonably detailed description of a cybersecurity threat with "well, now I'm terrified", Motherboard has released a conversational Guide to Not Getting Hacked and an accompanying video on How Hacking Works. [Motherboard; Documentcloud]

8. At least a dozen US states now have cyber insurance policies; Montana was the first, in 2011, and Georgia's policy may be the largest, at $100M. Overall, cyber insurance policies have increased in dollar amounts by 35% since 2015. [Insurance Journal]

9. Uber drivers in Nigeria have found that using an app that generates a fake GPS itinerary allows them to overcharge riders, as the real and fake GPS routes are added up to calculate the final fare. [Quartz]

10. You can now volunteer your spare processing power to mine cryptocurrency to be used to pay bail for New Yorkers awaiting trial. [Bailbloc] 

Thanks for reading,

Stanford Cyber Initiative

(To suggest an item for this list, please email This email contains links that may not work if HTML is not supported in your mailbox. You can view news from past weeks, subscribe, and unsubscribe at