Skip to content Skip to navigation

Friday Cyber News, November 3 2017

Cyber technology-related news and links from around the web, for the week of 10/28 - 11/3:

1. 80,000 Russia-linked political Facebook posts were seen by 126 million Americans before the 2016 election. Senate hearings on Russian social media activity were contentious, particularly because Zuckerberg and others seemed to downplay the extent of Russian influence before they had the chance to dig into the ad data. Expert suggestions for how to fix Facebook range from more transparency about how its algorithms work, to more options for users to toggle how their news feed shows them posts, to removing reaction-based interactions (likes and laughs) and going back to shares or comments. But, if Facebook really wants to be treated as a platform, like a phone company with little ability to control what types of conversations its users have, efforts to restrict what can be posted on Facebook are going after the wrong target. Meanwhile, Facebook, Twitter, and Google declined to back the Honest Ads Act, a bill aimed at introducing a modicum of transparency to the platforms' political ad transactions. [BBC; NY Times; The Hill; NY Times; Bloomberg; The Hill]

2. US Attorney General Rosenstein brought back the "keys under doormats" proposal this week, asking tech companies to retain keys that would allow them to decrypt encrypted messages on their devices if served with a warrant. Aside from the feasibility problems associated with keeping those keys secure, and ensuring they are only available to the US government and not others, the approach would likely only increase support for encrypted applications and software produced in countries that needn't comply with US law enforcement demands. [Naked Security; Lawfare]

3. A bipartisan election cybersecurity bill was introduced in the Senate this week, and includes grants for states to upgrade their infrastructure and bug bounty programs for election equipment manufacturers. [The Hill]

4. Meet the college students doing the bot-identification work that Twitter isn't. Should bots be afforded free speech protections? [Wired; Daily Beast]

5. Here's the AI prediction problem: at some tasks, like playing Go or translating text, AI is moving very fast, making predictors either nervous or excited that full-scale human-brain (and beyond) capabilities are just around the corner. At other tasks, like fully autonomously driving a car, or folding clothes, AI can do pretty well--maybe slower than we'd like--but progress is hindered by a long tail of specialized skills and situations that, while not occurring for the average task, crop up often enough that an AI that freezes or misbehaves in those cases won't be trusted on its own. How quickly, then, should we be preparing for jobs to be automated away? Will those changes happen abruptly enough for millions of people to have a job one year and be unemployed the next, or will they be slowly phased out, with certain workers not being replaced when they retire, and other jobs opening up lower down the pipeline for human workers to manage, program, and troubleshoot robots? We shouldn't let companies make all of those decisions, as ethics often come second to profit. Case in point: US companies are eager to sell surveillance products in China, where they will actually be used--by police--to monitor individuals' faces, identities, and perceived emotions. [Mother Jones; WSJ]

6.​ The Framework on a Joint EU Diplomatic Response to Malicious Cyber Activities, currently circulating in draft form, indicates that particularly damaging or egregious cyber attacks can be considered acts of war, which could be responded to with the use of conventional weapons. Some tricky legal points: what about an unsuccessful attack that was aimed at taking down the electric grid, or otherwise meeting the standards for an armed attack? And, no matter how good you believe attribution to be, what if it's wrong? [SC Magazine; Just Security]

7. The personal information of every mobile phone user in Malaysia was hacked, and found to be circulating on the dark web. [Infosecurity Magazine]

8. Man finds USB stick lying on the sidewalk; plugs it in; instead of malware, finds security documentation for Heathrow airport. This strategy of signals intelligence gathering is still not recommended. [Ars Technica]

9.  The price of a bitcoin topped $7,000 this week, and the increased price is attracting more miners, meaning the Bitcoin network as a whole is using unprecedented amounts of electricity. [Bloomberg; Motherboard]

10. A University of Iowa student, who had been using his professors' login credentials--captured by keylogger--to change his grades more than 90 times, was caught by an FBI investigation. [Sophos]

Thanks for reading,

Allison
Stanford Cyber Initiative

(To suggest an item for this list, please email aberke@stanford.edu. You can view news from past weeks, subscribe, and unsubscribe at https://tinyletter.com/CyberNewsBytes)