Skip to content Skip to navigation

Friday Cyber News, November 25 2016

Cyber technology-related news and links from around the web, for the week of 11/19 - 11/25:

1. For the sixth year in a row, internet freedom has declined. 67% of users live in countries where online criticism of the government, ruling family or the military is subjected to censorship and can lead to arrests. 24 countries have blocked social media apps over the past year, some even shutting down internet access entirely to prevent traffic to apps. [Freedom House; Helpnet Security]

2. Facebook wants back into China, and has built a censorship tool that allows a Chinese intermediary using the tool to remove posts from news feeds that mention unwanted topics (like Tiananmen Square?) Note that Facebook can develop this type of news-vetting tool but finds suppressing fake news more difficult and apparently a lower priority. [NYT; Mark Zuckerberg]

3. The US internet freedom agenda presupposes that the entire world wants access to the same internet that we have today: that is to say, an internet dominated by US tech firms and brands, and filtered through US-based surveillance organizations. Not every country shares this vision, which is why internet governance is a thorny issue. [Slate]

4. The only way to confirm that election results weren't hacked--in an election season marred by a targeted, nation-state-driven influence campaign that involved hacking and online propaganda--is to audit the paper trail. Audits should become standard practice for one of our country's most important processes. (Similarly, a call for independent oversight of algorithms that pose public safety threats when they fail). [Medium: Alex Halderman; Washington Post; PNAS]

5. A study from Stanford's Graduate School of Education shows that students (middle-, high-school, and college-aged) have trouble identifying fake news, determining whether an article provides strong evidence for its claims, and identifying conflicts of interest in stories presented as news. Could it be because they're distracted? A new book by UCSF researcher Adam Gazzaley investigates the effect of digital distractions on a number of cognitive functions involved in school performance. [Wall Street Journal; NPR]

6. Reasonable question, complicated accounting: how much does a cyber weapon cost? [Council on Foreign Relations]

7. The DoD published a vulnerability disclosure policy, as it opens its networks to collaborative hackers as part of bug bounty programs like Hack the Pentagon. Basically, you can't publicly reveal a vulnerability you discover unless the DoD expressly permits you to do so. [Hacker One]

8. Local-level police departments around the US have spent $4.75M collectively on tools to track social media posts and hashtags. The police claim it's because people brag about crimes on social media, but protestors are worried the surveillance is meant to target activists. Cal Newport advises you to quit social media because it hurts your career; it may also hurt your freedom of assembly. [Washington Post; NY Times]

9. The IRS is catching on that bitcoins are worth money and people might not be paying taxes on their holdings: they've asked trading platform Coinbase for the identities of all account-holders over a three-year period. [Motherboard]

10. This week in cyber dystopia: an AI study on the benefits of using phrenology to predict crime, Obama says he can't pardon Snowden until Snowden has faced a court, despite the fact that in 1866, the Supreme Court ruled in Ex parte Garland that the pardon power "extends to every offence known to the law, and may be exercised at any time after its commission, either before legal proceedings are taken, or during their pendency, or after conviction and judgment." (That quote comes from a 2008 article on who Bush could pardon. Remember 2008?) Hackers have programmed ATMs in Thailand and Taiwan to empty their cash-carrying cassettes, and the FBI is determining whether US ATMs are vulnerable. The Catholic Church launched an app to match users with the closest confessional--Tinder for sinners. [The Intercept; Ars Technica; Slate; Wall Street Journal; Time]

11. Update to last week's newsletter: the article I shared on NIST and DHS guidelines lumped both documents together as IoT advice, but NIST's offering is actually much broader and covers a systems engineering approach to building security into information systems including--or not including--IoT. [; Thanks Sean!]

Thanks for reading,

Stanford Cyber Initiative

(To suggest an item for this list, please email This email contains links that may not work if HTML is not supported in your mailbox. You can view news from past weeks, subscribe, and unsubscribe at