As shared by Steve McNew, an MIT trained blockchain/cryptocurrency expert and senior managing director at FTI Consulting, “Online videos are exploding as a mainstream source of information. Imagine social media and news outlets frantically and perhaps unknowingly sharing altered clips — of police bodycam video, politicians in unsavory situations or world leaders delivering inflammatory speeches — to create an alternate truth. The possibilities for deepfakes to create malicious propaganda and other forms of fraud are significant.”
On December 19, 2019, the European Court of Justice (ECJ) Advocate General, Henrik Saugmandsgaard ØE, provided his opinion on the validity of Standard Contractual Clauses (SCCs) adopted by the European Commission for the transfer of personal data from controllers to processors. The rendered opinion confirms that companies relying upon SCCs do not need to consider changing their approach at this time.
In her recent article, “Fighting Fake News with Blockchain,” e-Estonia Briefing Centre Communication Manager Mari Krusten highlights how the innovative use of blockchain can help in ensuring data integrity and serve as a trustworthy tool for addressing challenges ranging from alternative facts to deepfakes.
“It’s now recognized that systems aren’t unbiased. They can actually amplify existing bias because of the historical data the systems train on,” said Ellen Voorhees, a NIST computer scientist. “The systems are going to learn that bias and recommend you take an action that reflects it.”
In this recently published information note (October 2019), the Data Protection Commission (DPC) Ireland shares country-specific statistics and trends related to data breach notifications during the first year of GDPR.
Due to the increasing pressures from external and internal threats, organizations responsible for critical infrastructure need to have a consistent and iterative approach to identifying, assessing, and managing cybersecurity risk. This approach is necessary regardless of an organization’s size, threat exposure, or cybersecurity sophistication today. NIST’s Framework for Improving Critical Infrastructure Cybersecurity may be helpful for organizations seeking to apply the principles and best practices of risk management to improve security and resilience.
Business Email Compromise/Email Account Compromise (BEC/EAC) is a sophisticated scam that targets both businesses and individuals who perform legitimate transfer-of-funds requests. The scam is frequently carried out when a subject compromises legitimate business or personal email accounts through social engineering or computer intrusion to conduct unauthorized transfers of funds. Between June 2016, and July 2019, more than $26B in exposed dollar losses due to BEC/EAC were reported to the Federal Bureau of Investigation (FBI) Internet Crime Complaint Center (IC3).
Ransomware attacks are becoming more targeted, sophisticated, and costly, even as the overall frequency of attacks remains consistent. Since early 2018, the incidence of broad, indiscriminate ransomware campaigns has sharply declined, but the losses from ransomware attacks have increased significantly, according to complaints received by IC3 and FBI case information.
“The federal government can help the U.S. maintain its leadership in AI by working closely with our experts in industry and academia, investing in research, and engaging with the international standards community,” said Under Secretary of Commerce for Standards and Technology and NIST Director Walter G. Copan. “This plan provides a path to ensure the federal government supports AI standards that are flexible and inclusive—and suited for a world of rapidly changing technologies and applications.”
The recently published research paper “Estimating the Success of Re-identifications in Incomplete Datasets Using Generative Models” shows how the likelihood of a specific individual to have been correctly re-identified can be estimated with high accuracy even when an anonymized dataset is heavily incomplete. The presented results reject the claims that, first, re-identification is not a practical risk and, second, sampling or releasing partial datasets provide plausible deniability. Moving forward, the results also question whether current de-identification practices satisfy the anonymization standards of modern data protection laws such as GDPR and CCPA and emphasize the need to move, from a legal and regulatory perspective, beyond the de-identification release-and-forget model.