The GDPR proved to be flexible to support digital solutions in unforeseen circumstances such as the Covid-19 crisis. The report also concludes that harmonisation across the Member States is increasing, although there is a certain level of fragmentation that must be continually monitored. It also finds that businesses are developing a compliance culture and increasingly use strong data protection as a competitive advantage. The GDPR has acted as a catalyst for many countries and states around the world – e.g., Chile, South Korea, Brazil, Japan, Kenya, India, Tunisia, Indonesia, Taiwan and the state of California – to consider how to modernise their privacy rules, the EC noted. They also pointed out that it provided data protection authorities many corrective powers to enforce it (administrative fines, orders to comply with data subject’s requests, bans on processing or the suspension of data flows, etc.) There is room for improvement, though. “For example, we need more uniformity in the application of the rules across the Union: this is important for citizens and for businesses, especially SMEs. We need also to ensure that citizens can make full use of their rights,” noted Didier Reynders, Commissioner for Justice.
A coalition of AI researchers, data scientists, and sociologists has called on the academic world to stop publishing studies that claim to predict an individual’s criminality using algorithms trained on data like facial scans and criminal statistics. Such work is not only scientifically illiterate, says the Coalition for Critical Technology, but perpetuates a cycle of prejudice against Black people and people of color. Numerous studies show the justice system treats these groups more harshly than white people, so any software trained on this data simply amplifies and entrenches societal bias and racism. “Let’s be clear: there is no way to develop a system that can predict or identify ‘criminality’ that is not racially biased — because the category of ‘criminality’ itself is racially biased,” write the group. “Research of this nature — and its accompanying claims to accuracy — rest on the assumption that data regarding criminal arrest and conviction can serve as reliable, neutral indicators of underlying criminal activity. Yet these records are far from neutral.” An open letter written by the Coalition was drafted in response to news that Springer, the world’s largest publisher of academic books, planned to publish just such a study.
Bank CEOs know they need to act. In fact, in a global survey by KPMG International in autum last year (before COVID-19), almost three‑quarters of banking CEOs said they believed their future growth will be largely determined by their ability to anticipate and navigate the shift to a low-carbon, clean-technology economy. However, most are struggling to come to grips with what that really means for their bank going forward. Take the transition risk, for example. Bank executives understand the "new reality" will require them to pivot their finance towards greener and more sustainable companies and investments. But they also know they can’t just flick a switch; they still have significant books of business wrapped up in loans and instruments to ‘brown’ assets. As long as those brown assets continue to generate profits for the bank, bank executives will need to balance their duty to finance the ESG transition against their fiduciary duties to shareholders. Banks, regulators and politicians are also struggling to understand all of the potential unintended consequences of their shift towards more ESG-related business strategies. Declining to renew loans on existing coal mines, for example, may improve a banks’ carbon disclosures.
“Confidential computing brings privacy-preserving smart devices to the next level by not only allowing users to own their private data, but also to use it in a privacy-preserving way,” Raullen Chai, CEO of IoTex, told CoinDesk in an email. “This has major implications for consumer-facing industries such as health care and smart homes, as well as enterprise for private multi-party data sharing and interactions.” Chai, based in San Francisco, said there are two immediate use cases where confidential computing could make an impact on everyday people’s privacy. One is facial recognition in public spaces, an area that is under intense debate and scrutiny, particularly as protests against police brutality continue in the U.S. There are traditionally two sides to this debate, said Chai. On one side are privacy-conscious people who don’t want images of their faces scanned and analyzed by governments and other actors. On the other are governments (their supporters) who, broadly, are prepared to sacrifice people’s privacy in the name of public good. Confidential computing has something for each hand.
Now that machines can understand us almost as well as another human, we’ll see the technology take us back to a virtual version of the old days. We’ll be able to walk into an elevator and simply say, in any language, “Tenth floor, please.” Vending machines were invented to automate things such as candy and ticket stands, which were operated by clerks who people could speak to. In the coming years, we’ll again ask for what we want instead of pushing a button, but we won’t be talking to a person. Paris-based Thales, for example, is marketing its Transcity voice-recognition ticket machine to train stations: Travelers speak to tell it where they want to go, and it prints their ticket. Next-generation ATMs will veer toward becoming virtual tellers, according to Doug Brown, an executive at ATM maker NCR, who spoke about the technology in a recent news article. ... The effort to get machines to recognize faces also goes back to the 1960s, when an inventor named Woody Bledsoe, possibly funded by the CIA, laid down some of the field’s foundational research and dreamed of wearing glasses that would tell him the names of everyone he met. But as with speech technology, computers then didn’t have enough power or data or clever enough programming to make facial recognition work.
What will happen once the coronavirus is brought under control, either by a vaccine, or by an effective treatment? Will companies encourage staff to continue working from home and cut the amount of office space they occupy? Recent headlines suggest some companies have already decided to downsize their offices. Companies have a big incentive to cut their office use. Bills for rent, service charges, and utilities are all meaningful costs. Staff also benefit by spending less on commuting and having more time at home. The average one way commute in both the UK and US takes half an hour. Furthermore, even a small fall in the number of cars can lead to a significant improvement in traffic flow, and fewer cars means cleaner air. Yet, if remote working is such an obvious win-win for both businesses and their staff, why were companies so slow to adopt it before the coronavirus? The pressure on companies to economise is nothing new. Email and video conferencing have existed for 25 years, albeit the technology could be unreliable in its early years. Part of the answer may have been to do with control, and concerns that less conscientious staff would take advantage of remote working. Being seen in the office can also help employees.
Moving security hygiene further up the to do list has to be paramount or all the effort to innovate and progress will be wasted. It really won’t take much to be breached. A DDoS attack can create large volumes of ‘garbage’ traffic to saturate the pipe and attack the intricacies of the VPN protocol. A flow as little as 1Mbps can knock a VPN service offline. No business will want to risk a breach that interferes with trading, nor can they afford any data exposure. It’s therefore really important to look back at what has been achieved and fine tune the processes and solutions in play and adapt the associated risk models. Some companies won’t be able to think about this right now such is the urgency to keep the business operating. But they must return to it, or employ the skills to do an audit, before moving on to the more strategic implementations they’ve proven they are capable of delivering. It would be foolish to roll out anymore transformation with emphasis on access and usability yet neglect security. The companies that ride this storm will be the ones that have the right technology, implementations, and skills in place. They will be the ones that deliver new operational models and innovate in ways their competition can’t.
"As these attacks show, Exchange servers are high-value targets. These attacks also tend to be advanced threats with highly evasive, fileless techniques," Hardik Suri, a researcher with the Microsoft Defender ATP Research Team, writes in the blog. "The security update that fixes this vulnerability has been available for several months, but, notably, to this day, attackers find vulnerable servers to target." After gaining access to a vulnerable Exchange server, attackers deploy web shells - malicious code written in common programming languages - into one of the many web accessible paths on the server, Microsoft reports. This enables hackers to steal data or perform malicious actions for further compromise. Microsoft found that common access paths for web shell deployment were ClientAccess and FrontEnd directories, which provide services such as Outlook on the web, the Exchange Admin Center and AutoDiscover. A common web shell being used in the attacks is the credential-stealer China Chopper, which is hidden in the system using common file names, the blog notes.
Quote for the day: