Skip to content Skip to navigation

Friday Cyber News, November 24 2017

Cyber technology-related news and links from around the web, for the week of 11/18 - 11/24:

1.  As foreshadowing for this story, another term for an unlicensed taxi cab is a hack: In 2016, credentials stolen from Uber developers were used to access cloud storage containing addresses, phone numbers, and personal information of 57 million Uber users (50 million riders; 7 million drivers). The hackers contacted Uber and asked for a ransom, and Uber CSO Joe Sullivan, at the time undergoing a separate privacy violation investigation by the FTC, arranged to pay the hackers $100,000 to keep quiet, and then failed to report the breach to California, to the FTC, or to anyone, until an investigation this year by a law firm uncovered both the hack and the cover-up. Sullivan and a deputy of his were fired, and the FTC--as well as international investigatory agencies in other countries where Uber operates--would like to know more. "What is Uber? Why is it a $70-billion-or-whatever company? You could tell a bunch of stories -- it is an app company, a taxi company, a driverless-car company -- but one possibility is that it is a regulatory-evasion company." [Wikipedia; Bloomberg x2]

2. The FCC is planning to remove net neutrality rules and preempt state or local laws regulating broadband service. FCC Commissioner Rosenworcel has resorted to an op-ed in the LA Times asking the public to pressure her own commission not to vote to remove net neutrality. [Ars Technica; LA Times]

3. A new Brookings report on digitization and the American workforce examines how digital skills requirements for various occupations have changed between 2001 and 2016, and the implications for job growth, wages, and the geographic distribution of jobs. [Brookings]

4. On Facebook, user privacy isn't cool, says former Operations Manager Sandy Parakilas. You know what's cool? A $500B company that, Parakilas argues, we shouldn't trust to regulate itself, because it has shown in its management of external developers' use of user data that it is unwilling to enforce strong user privacy rules. Incidentally, despite claiming that it had fixed discriminatory ad-targeting rules, Facebook is still allowing housing ads that exclude Muslims, African-Americans, Spanish speakers, and other protected groups. [NY Times; Sophos; Ars Technica]

5. A Belgian court has issued a fine to Skype for not allowing police to listen in on calls suspected of involving members of an organized crime gang. Skype, appealing the fine, notes that it is technologically impossible for them to allow eavesdropping on the calls. [Sophos]

6.​ Android phones collect the locations of nearby cell towers and send them back to Google servers, even when location services are disabled. [Quartz]

7. Take a guess as to how many adults have made a payment with a mobile phone in Japan, China, the US, and South Korea, and then read the surprising statistics on how, or whether, cash payments will disappear. (Of those four, the lowest is 6%) [NY Times]

8. Robby Mook and Matt Rhoades (Clinton and Romney campaign managers, respectively) teamed up with the Kennedy School to put together a cybersecurity campaign playbook with advice for politicians on using VPNs, mobile device management, setting up guest wifi networks, and other digital basics. [Belfer Center]

9. An indication that corporate perceptions of consumer interest in privacy are, perhaps, lacking: Hilton CEO Christopher Nassetta proposes the following hotel IoT scenario as positive: "'Imagine a world where the room knows you, and you know your room. Imagine a world where you walk in, the TV says, ‘How are you doing, John?'" IoT devices with too much access have run afoul of German privacy protections, and a particular smartwatch marketed toward children has been banned because it allows parents to eavesdrop on their children's surroundings. Geographical privacy discontinuities are going to make travel harder, from a regulatory standpoint and for individual comfort. [Skift; Guardian]

10. "Everyone has been hacked", say (UK) police. I mean, more or less. [The Times]

Thanks for reading,

Stanford Cyber Initiative

(To suggest an item for this list, please email You can view news from past weeks, subscribe, and unsubscribe at