The IT Privacy and Security Weekly update Feeling Good for the week Ending January 2nd. 20241/2/2024 Episode 172 This week we focus on our amazing kids. From the effect the phone we send them off with “to keep them safe” has, to an amazing 13 year old crushing a 34 year old arcade game. We even end with advice from a Nobel prize winner about what you might not want to study. From, the kids, we turn to Apple and what is going on between them and the world’s biggest democracy. We then follow Apple to a researcher who thinks he has found the perfect way to keep Apple Air tags from being used for tracking people. We get an update on the failure of the open source GPL (General Public License) and what one key figure thinks could replace it. The Google gets some bad news as it is denied a request to have a court case thrown out and then some great news on the safety record of it’s Waymo subsidiary. It’s a new dawn, it’s a new day it’s a new life… and we’re feeling good! - Click on the pic to hear the podcast- Global: Is the mobile phone making students dumber? https://www.oecd.org/publication/pisa-2022-results/ https://www.theatlantic.com/ideas/archive/2023/12/cell-phones-student-test-scores-dropping/676889/ The Programme for International Student Assessment (PISA) is a worldwide study by the Organisation for Economic Co-operation and Development (OECD) in member and non-member nations intended to evaluate educational systems by measuring 15-year-old school pupils' scholastic performance on mathematics, science, and reading. PISA found a few interesting phone related stats in its review of the 2022 data: First that students who spend less than one hour of “leisure” time on digital devices a day at school scored about 50 points higher in math than students whose eyes are glued to their screens more than five hours a day. This gap held even after adjusting for socioeconomic factors. Second, screens seem to create a general distraction throughout school, even for students who aren’t always looking at them. Andreas Schleicher, the director of the PISA survey, wrote that students who reported feeling distracted by their classmates’ digital habits scored lower in math. Finally, nearly half of students across the OECD said that they felt “nervous” or “anxious” when they didn’t have their digital devices near them. (On average, these students also said they were less satisfied with life.) This phone anxiety was negatively correlated with math scores. Hanging a big thesis like “phones are making kids dumber” on any particular survey is generally inadvisable. In fact, this would be a fair time to point out that PISA scores do not enjoy universal praise among education experts. As the saying goes, "Intelligence is whatever a test measures." But the latest PISA survey isn’t the only evidence that phones in schools are weapons of mass distraction. Studies have shown that students on their phone take fewer notes and retain less information from class, that “task-switching” between social media and homework is correlated with lower GPAs, that students who text a lot in class do worse on tests, and that students whose cellphones are taken away in experimental settings do better on tests. So what's the upshot for you? Could better grades be as simple as banning phones from the classroom? Results from a decade of observational research have now repeatedly shown a negative relationship between device use and life satisfaction, happiness, school attention, information retention, in-class note-taking, task-switching, and student achievement. And the cognitive and emotional costs are highest for those with the most “device dependence.” - Click on the pic to hear the podcast- US: 34 years and Tetris has finally been beaten https://www.thegamer.com/tetris-beaten-34-years/ https://youtu.be/uh5hRtEFwQI We're just two days into 2024 and already gaming history is being made. 13-year-old, Willis Gibson, has beaten the original NES Tetris, previously thought to be an impossible task, after 34 years. The assumption was that Tetris went on forever and ever until you finally run out of space. While that's mostly true, as the game has no story, levels, or any form of progress beyond high scores and increasing speed, you "beat" the game by crashing it, AKA reaching the "True Killscreen". It's called the "True Killscreen" because, for decades, it was assumed that level 29 was the Killscreen. For context, the longer you play Tetris, the faster the blocks fall, upping the ante as you're forced to think in split-second moments about where each piece should drop. The speed caps at level 29, making it near impossible to reach the sides. So, the community believed that was the 'end' of the game. It isn't. The end comes when you reach a level so high, Tetris simply crashes. So what's the upshot for you? Apparently Willis has not had much time for his phone (see previous story). What an uplifting start to 2024! IN: Amnesty International Confirms Apple's Warning to Journalists About Spyware-Infected iPhones https://techcrunch.com/2023/12/27/india-pressed-apple-on-state-sponsored-warnings-report-says/ Apple's warnings in late October that Indian journalists and opposition figures may have been targeted by state-sponsored attacks prompted a forceful counterattack from Prime Minister Narendra Modi's government. India has never confirmed nor denied using the Pegasus tool, but nonprofit advocacy group Amnesty International reported Thursday that it found NSO Group's invasive spyware on the iPhones of prominent journalists in India, lending more credibility to Apple's early warnings. "Our latest findings show that increasingly, journalists in India face the threat of unlawful surveillance simply for doing their jobs, alongside other tools of repression including imprisonment under draconian laws, smear campaigns, harassment, and intimidation," said the head of Amnesty International's Security Lab, in the blog post. The Pegasus spyware has existed for a significant amount of time, and is advertised and sold for use on high-value targets for multiple purposes, including high-level espionage on iOS, Android, and Blackberry. So what's the upshot for you? It feels wrong that the those elected into power in the world's largest democracy have to start adopting so many of the tools that autocrats use. Global: Researchers Come Up With Better Idea To Prevent AirTag Stalking https://www.wired.com/story/apple-airtag-privacy-stalking-cryptographic-solution/ https://eprint.iacr.org/2023/1332.pdf Apple's AirTags, designed for convenience, face misuse as potential tracking tools by abusers and criminals. Apple recently implemented alerts for iPhone and Android users, notifying them of nearby AirTags without the owner's iPhone, hinting at potential stalking. Researchers from Johns Hopkins and UC San Diego devised a cryptographic scheme to enhance detection of malicious AirTags while preserving user privacy. The solution combines "secret sharing" to protect static device identity and "error correction coding" to manage the influx of data in real-world scenarios. This innovation aims to mitigate the dark side of AirTags, addressing concerns about privacy invasion and misuse. So what's the upshot for you? “What I love about this problem is it seems like there are two competing requirements that can't be reconciled,” says Johns Hopkins cryptographer Matt Green. “But in cryptography, we can get full privacy and then, magically, the puzzle pieces click into place, or a ‘chemical reaction’ happens, and we phase-transition to a point where suddenly it’s obvious that this is a stalker, not just a benign AirTag. It's very powerful to be able to go between those two moments.” We hope it works! Global: What Comes After Open Source? Bruce Perens Is Working On It https://www.theregister.com/2023/12/27/bruce_perens_post_open/ Bruce Perens, a key figure in the Open Source movement, is spearheading the Post-Open Source movement. In an interview, he highlights issues with existing licenses, citing GPL circumvention by major players like Red Hat Enterprise Linux (RHEL), now under IBM. Perens emphasizes the failure of Open Source to benefit the common person, often serving proprietary systems. He introduces "Post-Open," proposing a fair corporate-developer relationship, free use for individuals and nonprofits, and simplified licensing. Post-Open aims to incentivize user-friendly applications by paying developers, funded by companies. So what's the upshot for you? Perens writes, " The problem is that Open Source has completely failed to serve the common person. For the most part, if they use us at all they do so through a proprietary software company's systems, like Apple iOS or Google Android, both of which use Open Source for infrastructure but the apps are mostly proprietary. The common person doesn't know about Open Source, they don't know about the freedoms we promote which are increasingly in their interest. Indeed, Open Source is used today to surveil and even oppress them." Free Software, Perens explains, is now 50 years old and the first announcement of Open Source occurred 30 years ago. "Isn't it time for us to take a look at what we've been doing, and see if we can do better? Perens acknowledges challenges but questions if this shift is even achievable. US: CBS, Paramount Owner National Amusements Says It Was Hacked https://techcrunch.com/2023/12/26/cbs-paramount-owner-national-amusements-hacked/ National Amusements, the cinema chain and corporate parent giant of media giants Paramount and CBS, has confirmed it experienced a data breach in which hackers stole the personal information of tens of thousands of people. The private media conglomerate said in a legally required filing with Maine's attorney general that hackers stole personal information on 82,128 people during a December 2022 data breach. Details of the December 2022 breach only came to light a year later, after the company began notifying those affected last week. According to Maine's notice, the company discovered the breach months later in August 2023, but did not say what specific personal information was taken. The data breach notice filed with Maine said that hackers also stole financial information, such as banking account numbers or credit card numbers in combination with associated security codes, passwords or secrets. So what's the upshot for you? With the US Securities and Exchange commission (SEC) updating breach notification requirements to 96 hours it will be interesting to see how discoveries like this are handled going forward. Taking a year to discover your client data was stolen may mean big fines for those making the discoveries. US: Someone's going to make some money over Google's tracking in Incognito mode, but it won't be you! https://arstechnica.com/tech-policy/2023/12/google-agrees-to-settle-in-chrome-incognito-mode-class-action-lawsuit/ Google has indicated that it is ready to settle a class-action lawsuit filed in 2020 over its Chrome browser's Incognito mode. Arising in the Northern District of California, the lawsuit accused Google of continuing to "track, collect, and identify [users'] browsing data in real time" even when they had opened a new Incognito window. The lawsuit, filed by Florida resident William Byatt and California residents Chasom Brown and Maria Nguyen, accused Google of violating wiretap laws. It also alleged that sites using Google Analytics or Ad Manager collected information from browsers in Incognito mode, including web page content, device data, and IP address. The plaintiffs also accused Google of taking Chrome users' private browsing activity and then associating it with their already-existing user profiles. Google initially attempted to have the lawsuit dismissed by pointing to the message displayed when users turned on Chrome's incognito mode. That warning tells users that their activity "might still be visible to websites you visit." Judge Yvonne Gonzalez Rogers rejected Google's bid for summary judgment in August, pointing out that Google never revealed to its users that data collection continued even while surfing in Incognito mode. "Google’s motion hinges on the idea that plaintiffs consented to Google collecting their data while they were browsing in private mode,” Rogers ruled. “Because Google never explicitly told users that it does so, the Court cannot find as a matter of law that users explicitly consented to the at-issue data collection." According to the notice filed on Tuesday, Google and the plaintiffs have agreed to terms that will result in the litigation being dismissed. The agreement will be presented to the court by the end of January, with the court giving final approval by the end of February. So what's the upshot for you? We would love to know what the settlement amounts were, but no doubt there are NDAs (non-disclosure agreements) in place that prevent revealing that detail. US: 7.1 million miles, 3 minor injuries: Waymo’s safety data looks good https://arstechnica.com/cars/2023/12/human-drivers-crash-a-lot-more-than-waymos-software-data-shows/ Last Wednesday Waymo released new crash data based on the company's first 7.1 million miles of fully driverless operations in Arizona and California. The data shows that human-driven cars are more than twice as likely to get into a crash that is reported to the police. And depending on how you do the math, human-driven cars are four to seven times more likely to get into crashes that lead to an injury. Through October 2023, driverless Waymo vehicles have had only three crashes with injuries—two in the Phoenix area and one in San Francisco. Waymo says all three injuries were minor. If those same miles had been driven by typical human drivers in the same cities, we would have expected around 13 injury crashes. Waymo partnered with Swiss Re, a reinsurance company that has access to a comprehensive database of insurance claims. The Swiss Re study was based on 3.8 million miles of driving between Phoenix and San Francisco up through August 1. And it came to conclusions similar to Waymo’s new study. Swiss Re found that human-driven vehicles got into crashes involving property damage four times as often as Waymo vehicles. Fatal crashes only occur on the road about once every 100 million miles. This means that we’re going to need to test driverless vehicles for hundreds of millions—if not billions—of miles before we can be sure whether they cause fewer fatal crashes than human drivers. So what's the upshot for you? We suggest that in 10 years time you will look back and think how crazy it was to go out onto a public road with random drivers in 1,949 kg. (2.15 ton) vehicles and nothing more than supposed good judgement protecting you. It might take a few more years of real road tests, but automated driving is coming. UK: Nobel Prize Winner Cautions on Rush Into STEM https://www.bloomberg.com/news/articles/2024-01-02/nobel-prize-winner-cautions-on-rush-into-stem-after-rise-of-ai A Nobel Prize-winning labor market economist has cautioned younger generations against piling into studying science, technology, engineering, and mathematics (STEM) subjects, saying as "empathetic" and creative skills may thrive in a world dominated by artificial intelligence. Christopher Pissarides, professor of economics at the London School of Economics, said that workers in certain IT jobs risk sowing their "own seeds of self-destruction" by advancing AI that will eventually take the same jobs in the future. While Pissarides is an optimist on AI's overall impact on the jobs market, he raised concerns for those taking STEM subjects hoping to ride the coattails of the technological advances. He said that despite rapid growth in the demand for STEM skills currently, jobs requiring more traditional face-to-face skills, such as in hospitality and healthcare, will still dominate the jobs market. "The skills that are needed now -- to collect the data, collate it, develop it, and use it to develop the next phase of AI or more to the point make AI more applicable for jobs -- will make the skills that are needed now obsolete because it will be doing the job," he said in an interview. "Despite the fact that you see growth, they're still not as numerous as might be required to have jobs for all those graduates coming out with STEM because that's what they want to do." He added, "This demand for these new IT skills, they contain their own seeds of self destruction." So what's the upshot for you? Take every suggestion with a grain of salt as you prepare your resources for your forward career path. The most important thing to success in a career is to find something you love. So to recap: This week we focused on our amazing kids. We sank with the discovery of our children’s grades doing the same with the addition of that phone in their back pockets. Is it time to transfer the phone to a different school? It would seem so. From, the kids, we turned to Apple and the flack they are taking from the Modi Government in India, as confirmed by Amnesty International. Then, we got a new two part recipe to reduce the risk from Apple air tag stalking that Google, Samsung and Apple can implement. We learned of IBM’s brazen disregard for the Redhat’s general Public License, and the replacement licensing that Bruce Perens thinks we need to have corporate players compensate open source developers for their time and efforts. The Google quietly settles with three people outside of court over tracking while in incognito mode, and then rather less quietly informs us of Waymo’s excellent driverless safety record. It’s a new dawn, it’s a new day it’s a new life… and we’re feeling good! And our quote of the week - "I never lose. Either I win, or I learn." - Nelson Mandela Leave a Reply. |