STE WILLIAMS

What is Facebook?

To most people, it’s something called a “social network”, a thriving digital hub that conveniently also packages news, secure messaging, live video streaming and even a jobs marketplace.

For naysayers, it’s more like an unregulated surveillance system people might not be so keen on if they were to think about the extent to which it is constantly mining their online lives for commercial gain.

Yesterday, we learned in a report from the company itself that there is a third and even more alarming possibility: Facebook is being quietly manipulated by nation states to act as a gigantic “information operations” platform tuned for near-invisible political subversion.

Facebook has endured a lot of flak over fake news recently but what it describes goes a lot further than click-fraudsters writing a few bogus stories which end up being believed by gullible readers.

Take the recent US presidential election, the crucible for this strange new world. Looking back, Facebook now admits:

Malicious actors engaged in false amplification using inauthentic Facebook accounts to push narratives and themes that reinforced or expanded on some of the topics exposed from stolen data.

The way these accounts were used as raw material for information war encompassed not only fake news (lies), but false amplification (directing debates), and planting false flags (sowing confusion so people start disbelieving all sources).

This subverted debate but discouraged it, flooding people with a tide of carefully timed spam, argument, and intimidation.

Highly organised, it can be hard to stop for a simple reason:

We have observed that most false amplification in the context of information operations is not driven by automated processes, but by coordinated people who are dedicated to operating inauthentic accounts.

The actors, then, were real people with time on their hands rather than easily blocked machines. Directed by whom?

Facebook strongly hints at Russia, the culprit most will suspect anyway. But seeing this as Russia v the West/Facebook would be to miss the point: if the Russians can do it, anyone can.

If the country really is behind the chicanery then all its intelligence services are doing is making use of the information possibilities created by the design of Facebook itself. Which brings us to what the company plans to do about it.

It has already announced the Facebook Journalism Project, which it hopes will enable it to counter fake news with a new more Facebook-aware type of journalism. Likewise, it’s supporting a number of initiates to expand the news literacy of its users, although it’s far from the first to try such solutions.

Meanwhile, it will try to detect subversion from within its walls using algorithms, although Facebook’s record of coping with the chaotic ingenuity of the forces ranged against it has been patchy – or it wouldn’t be publishing reports explaining itself in the first place.

And yet, that Facebook is explaining itself at all is progress. Gone, we assume, are the days of denial and make do. The company now seems to accept it risks being colonised from within by people intent on weaponizing it for their own ends.

Knowing a lot about its users, Facebook has set itself the challenge of knowing itself.

Follow @NakedSecurity
Follow @JohnEDunn

Article source: http://feedproxy.google.com/~r/nakedsecurity/~3/zU3FgZrtobY/

Your daily round-up of some of the other stories in the news

Social media blocked in Kashmir

ISPs in the Indian states of Jammu and Kashmir have been ordered by the government to block access to 22 social networking services including Facebook, Twitter and WhatsApp for a month. Authorities in Indian-administered Kashmir (pictured) said the ban, which also includes YouTube, Skype, Telegram, Snapchat and Reddit, was because they were “being misused by anti-national and anti-social elements” to incite violence.

The Hindustan Times criticised the “utter uselessness” of the ban, which follows a wave of student protests in the disputed region.

Meanwhile, a lawyer for Facebook, which is fighting a court challenge in India to changes to its privacy policy that allow it to share user data between WhatsApp and Facebook, has told the Supreme Court that users who don’t like the changes are free not to use the services.

KK Venugopal, representing Facebook, told the court in New Delhi: “Those who find the new privacy policy irksome or violative of their fundamental rights can quit. We’ve given full freedom to users to withdraw from Facebook and WhatsApp.”

Google and Facebook revealed as ‘whaling’ victims

Back in March we reported on how a Lithuanian man, Evaldas Rimasauskas, had been charged with a “whaling” attack on two big technology companies that had allegedly cost them $100m.

It wasn’t known at the time of the charge which big tech companies had been hit, but yesterday Fortune revealed that Facebook and Google had been the targets of the alleged heist by Rimasauskas. Both Facebook and Google have confirmed that they had been the targets of the alleged attack.

Fortune said it had unravelled the mystery of which companies had been attacked thanks to “interviews with sources close to law enforcement and other figures”.

Rimasauskas, who denies the charges, is facing extradition proceedings in Lithuania.

TalkTalk could have been fined £59m under GDPR

British companies that were penalised for breaches last year could have faced fines totalling £69m under GDPR, the forthcoming EU-wide data protection laws, rather than the £880,500 they collectively had to pay up.

GDPR, which comes into force across the EU – and which also applies to non-EU businesses that handle the data of EU citizens – brings with it much bigger fines. The maximum fine under existing data protection law in the UK is £500,000; under GDPR the most serious breaches could incur fines of up to €20m, or 4% of global turnover, whichever is the greater.

NCC Group came up with a model that extrapolated from the fines actually imposed for breaches by the Information Commissioner’s Office and calculated what they might be under GDPR. TalkTalk, which last year was slapped with the biggest fine ever in the UK for a data breach – of £400,000 – would have faced a bill of £59m, calculated NCC, while Pharmacy2U, which was fined £130,000, would have faced a bill of £4.4m.

Catch up with all of today’s stories on Naked Security

Follow @NakedSecurity
Follow @katebevan

Article source: http://feedproxy.google.com/~r/nakedsecurity/~3/FqgfeWF9Ue8/

A newly uncovered cyber-espionage campaign targeting Israeli organisations relies on “fileless” malware hidden in Microsoft Word documents, a hacker tactic that’s becoming a growing menace.

The attack was delivered through compromised email accounts at Ben-Gurion University and sent to multiple targets across Israel.

Malware from a “fileless” attack is so-called because it resides solely in memory, with commands delivered directly from the internet. The approach means that there’s no executable on disk and no artefacts (“files”) for conventional computer forensic analysis to pick up, rendering the attacks stealthy, if not invisible. Malware infections will still generate potential suspicious network traffic.

Investigators at Israeli cybersecurity startup Morphisec reckon the attack originated in Iran and was the handiwork of the same hackers responsible for the OilRig malware campaign.

The attack was delivered via Microsoft Word documents that exploited a former zero-day vulnerability in Word, CVE-2017-0199, by actually reusing an existing PoC that was published immediately after the patch release. Microsoft released the patch for the vulnerability on April 11, but many organizations have not yet deployed the update. The delivered documents installed a fileless variant of the Helminth Trojan agent.

Such fileless attacks are on the rise. Security vendors Carbon Black recently reported a 33 per cent rise in severe non-malware attacks in Q4 2016 compared to Q1. In-memory attacks doubled in comparison to the infection rates of file-based vectors, according to a study by another end point security vendor SentinelOne.

Use of the fileless malware tactic, first spotted more than five years ago but only becoming really fashionable over the last year, extends beyond state-sponsored cyber-espionage. For example, Kaspersky Lab warned earlier this month about of fileless attacks against banking networks. The attack was geared towards robbing money from cash machines (ATMs).

“Fileless malware is being used in attacks by both targeted threat actors and cybercriminals in general – helping to avoid detection and make forensic investigations harder. Kaspersky Lab’s experts have found examples in the lateral movement tools used in the Shamoon attacks, in attacks against Eastern European banks, and in the hands of a number of other APT actors,” Kaspersky Lab said earlier this week in a review of the cyber-threat landscape. ®

Article source: http://go.theregister.com/feed/www.theregister.co.uk/2017/04/28/fileless_malware_menace/

A paranoid Welsh Muslim who wore gloves while typing on his laptop, admitted being part of Islamic State, and, gasp, harbored a copy of Linux Mint, has been described as a “new and dangerous breed of terrorist.”

Samata Ullah, 34, who also used voice modulation software to disguise his thick Welsh accent while making instructional videos about encryption, pleaded guilty to five terrorism charges at Cardiff Crown Court. He was due to be sentenced Friday afternoon.

The former pensions administrator had bought 30 sets of cufflinks containing tiny USB sticks from eBay, the court was told. On one of those was a copy of harmless open-source operating system Linux Mint, while others contained military manuals for guided missiles, which Ullah was said to have been preparing to translate for the Islamic State terrorist organization, as reported by Court News UK.

Prosecutor Brian Altman QC branded Ullah a “cyber terrorist” and said he was part of a “new and dangerous breed of terrorist.” Ullah admitted to five charges:

• Membership in the Islamic State
• Terrorist training
• Preparing for terrorist acts
• Two charges of possessing terrorist material

Another charge, of directing terrorism for Islamic State by hacking information from its enemies, was left to lie on file.

Altman added: “We say [Ullah] employed his not-inconsiderable self-taught internet technology skills to further the cause of terrorism … all this he did from the relative security of his bedroom where he lived alone.”

The court heard that the FBI picked up messages sent between Ullah and alleged Islamic State terrorist Abu Fidaa, who is awaiting trial in Kenya. He was also alleged to have encrypted his blog, though The Register understands this means he hosted it on the anonymizing network Tor, a corner of the internet commonly referred to as the “dark web.”

Ullah, of Rennie Street, Riverside, Cardiff, gave 13 no-comment interviews to police and two prepared statements claiming he only wanted to gain an “understanding of the troubles of the Muslim world.” He was first arrested in September last year, with his trial taking place this March. Reporting restrictions were in force for the duration of the trial, though Judge Gerald Gordon lifted those at the conclusion of the trial, adjourning sentencing to 28 April.

Speaking after the March trial, Metropolitan Police Counter Terrorism Commander Dean Haydon said: “Just because Ullah’s activity was in the virtual world we never underestimated how dangerous his activity was. He sat in his bedroom in Wales and created online content with the sole intention of aiding people who wanted to actively support ISIS and avoiding getting caught by the authorities.”

“This is just the sort of information that may have helped people involved in planning devastating, low technical level attacks on crowded places as we have seen in other cities across the world,” added the policeman. ®

Article source: http://go.theregister.com/feed/www.theregister.co.uk/2017/04/28/welsh_linux_terorrist/

About 40% of small- and midsized businesses hit with ransomware paid their attackers, but less than half got their information back.

Ransomware, ironically, is a crime based on trust. Victims pay attackers who compromise their data with an expectation it will be returned to them.

Unfortunately, a growing number of ransomware targets pay thousands of dollars to get their data back, but receive nothing. This was the most surprising result to come from a Bitdefender survey of 250 IT pros working in small and medium businesses (SMBs), says senior threat analyst Bogdan Botezatu.

The survey, conducted by Spiceworks, discovered one in five SMBs was hit with a ransomware attack within the past 12 months. Of the 20% targeted, 38% paid attackers an average of $2,423 to release their data. Less than half (45%) got their information back.

“Until now, ransomware was a business where honesty was key,” Botezatu explains. “Everyone paid the ransom expecting they would get their data back … the ransomware space is continuously changing. Honor among criminals is no longer there.”

He says this reflects a broader trend across cybercrime as attackers’ boundaries change. Many used to avoid healthcare attacks because they could potentially harm patients. Now, healthcare organizations are frequently targeted, and lack the tech and best practices to defend themselves.

Similarly, SMBs represent a growing pool of victims as attackers seek weaker targets. Ransomware had mostly hit consumers until now, says Botezatu. Businesses weren’t targeted as often because cybercriminals likely knew about their strong security tools and data backups. 

“They’re not going to the consumer or enterprise that much,” he continues. “They found their sweet spot in the middle.”

Researchers found SMBs are appealing targets for ransomware because they handle the same sensitive business information (customer data, financial records, product info) as larger organizations, but lack the strong security measures to protect it.

Attackers know they’re more likely to receive payment from SMBs, which have more sensitive data than consumers. An individual may be willing to pay about $1,000 for ransomed files. A business with hundreds of customers will pay far more because they need that information, Botezatu says.

Email, cited by 77% of SMBs, is the most popular vector of attack. Cybercriminals use email to compel victims to open or download attachments, or click malicious links, reported 56% and 54% of SMBs, respectively. Nearly one-third (31%) of attacks occurred via social engineering.

“This is serious,” says Botezatu. “Whatever you do, you cannot block email in a company – and hackers have a wide assortment of file extensions they can squeeze ransomware into.”

Most SMBs hit with ransomware attacks were able to mitigate the attack by restoring data from backup (65%), or through security software or practices (52%). One-quarter of those targeted could not find a solution to address the problem and lost their data as a result.

Botezatu advises SMBs to “strongly consider” complementing their security strategy with a backup security solution. Ransomware is a highly volatile type of attack, he explains, and it only needs to run once to be effective. Criminals don’t need to be persistent to encrypt all your data.

If you are attacked? “Don’t pay up,” he says. “Try to do without the data.”

An attack should serve as a lesson learned, he continues. If people continue paying to get their information, ransomware attacks will continue as a means of easy money for cybercriminals. While Botezatu thinks ransomware is here to stay, he urges victims to avoid paying up.

“Every payment you make keeps the ecosystem alive,” he emphasizes.

Related Content:

• Web Attacks Decline, Ransomware Attacks Surge
• Verizon DBIR Shows Attack Patterns Vary Widely By Industry
• Microsoft App Aims to Delete the Password

Kelly Sheridan is Associate Editor at Dark Reading. She started her career in business tech journalism at Insurance Technology and most recently reported for InformationWeek, where she covered Microsoft and business IT. Sheridan earned her BA at Villanova University. View Full Bio

Article source: http://www.darkreading.com/endpoint/ransomware-payout-doesnt-pay-off-/d/d-id/1328762?_mc=RSS_DR_EDT

Behind the scenes with a security researcher as we follow her through a typical day defending the world against seeming boundless cyberthreats and attacks.

Some days it can seem like cybersecurity is an endless line of attacks and breaches, wrought by powerful adversaries from down the street or around the globe, not unlike a superhero movie. Security teams are kept busy dealing with the latest threats, disclosures and patches, aided by increasingly powerful tools to detect threats, correct compromised systems and generally protect the organization.  

For me and my researcher colleagues in the industry, defense is a boundless task, fighting against more than 600 million pieces of malware, ransomware and other cyberattacks.  But like other professions, my day typically starts with a meeting.

7:00 – 9:00 AM: Morning Sync up with Team
The team that I lead is largely remote, so first thing in the morning is an online sync up with them. What is going on, what have they seen? Sometimes the meetings are 15 minutes, other times they can take a whole hour – it depends on what is going on and what needs to be addressed.

We work with machine learning and other analytics to identify changes in traffic patterns, pulling in various threat intelligence data and identifying any correlating events in our customer traffic. These morning meetings are focused on uncovering reasons for changes and interesting anomalies, as well as identifying and classifying new threats.

There is too much for any one person to keep track of, so collaboration is vital as threats appear, grow, and evolve. This enables the team to identify which areas are of concern, what we should dig into and what we need to escalate to other teams for further action and investigation. I generally collaborate with other internal researchers – there are dedicated URL researchers, file researchers, threat intel researchers. However, for McAfee, the spheres of collaboration have grown from our internal team to encompass customers, external threat researchers, other security vendors, law enforcement organizations, and government agencies.

Threat intelligence sharing, which began with academic researchers and high-threat industries such as finance and information technology, today has expanded into most major industries. In the U.S., the National Council of Information Sharing and Analysis Centers (ISACs) has 24 members who collect, analyze, and disseminate actionable threat information to their members and provide tools to mitigate risks and enhance resiliency. More recently, we helped found the Cyber Threat Alliance, a group of cybersecurity practitioners working together to share threat information and improve defenses. Intelligence sharing and collaboration across boundaries are now essential components of cybersecurity.

9:00 – 9:30 AM: Catchup on the latest Security News
Unless there is a major security breach, massive new threat or other emergency, I spend some time reviewing the latest internal and external news from security researchers. I’m also interested in understanding what our research teams are seeing, responding to questions from our customers, reviewing new security exploits being posted, and hearing updates on the ongoing battle with ransomware and how this impact our customers.

I will do my own investigations over the course of the day into how this new information changes how we look at the overall picture, and how new tools, techniques or procedures impact our existing models. This is not something I just take on by myself; I partner with members of my team and other researchers. But I definitely get hands-on, which means diving into the data, analyzing an attack to find out where intruders were going, how they got in, and what additional data we need to answer questions about where our protection strategies fell short. My research also examines the geographic range of the threat to see if it is limited to just a few customers or more widespread.

9:30 AM – 4:00 PM Collaboration Planning
The bulk of my workday is spent with other researchers around the company. This is a mix of meetings, less formal discussions, and in-person or online collaboration. We typically discuss whether product features and capabilities are adequate to the job at hand, and whether we have the technical skills to meet the evolving challenges. This is also when we plan for the future, answering questions such as how do we scale the system to handle the new amount of data that we need, how do we ensure that our data is protected and meets customers’ privacy expectations, and what missing data do we need to collect from our point products, or from our threat intelligence sharing activities?

Daily Challenges Rewards
The most frustrating part of my day is knowing that when we miss something someone else will have a very bad day. Every hour we are protecting people worldwide from over 600 million pieces of malware, seven million types of ransomware, and a wide range of other attack types. Still, every day I think about how I can do better, how my department can do better, and how we can help our customers do better. And then I get to apply my skills and experience, keeping the world safe from hackers!

[Check out the two-day Dark Reading Cybersecurity Crash Course at Interop ITX, May 15 16, where Dark Reading editors and some of the industry’s top cybersecurity experts will share the latest data security trends and best practices.]

Related Content:

• So You Want to Be a Security Rock Star?
• The Road Less Traveled: Building a Career in Cyberthreat Intelligence
• To Gain Influence, CISOs Must Get Security’s Human Element Right

 

Paula Greve has over 20 years of experience within the field of cybersecurity. She has extensive knowledge of web threats and how they are used to infiltrate systems at the workplace, in the home, and on the mobile devices. She is currently leading the data science team … View Full Bio

Article source: http://www.darkreading.com/threat-intelligence/a-day-in-the-life-of-a-security-avenger-/a/d-id/1328761?_mc=RSS_DR_EDT

Endpoint woes grow as fileless attacks grow in prevalence and file-based attacks remain largely undetected by AV engines.

New research shows that attackers are increasingly beating security detection at the gateway and on the endpoint by initiating attacks that don’t drop malicious files at all, thus evading file-based detection. And even when they do use malicious files, once they get past the gateway filtering, the typical detection mechanisms aren’t picking them up. 

The most recent study comes by way of SentinelOne, which published its Enterprise Risk Index today. This report examines attacks that made it past the gateway and onto endpoints. One of the most damning statistics from the study is the fact that once file-based malware has been filtered by the gateway, it’s largely undetectable by AV. 

“One of the more interesting findings from this study is how few pieces of malware actually have signatures within AV engines. Our research team found that only half of file-based attacks had been submitted to malware repositories and, of those, only 20 percent made it to AV engines,” says Jeremiah Grossman, chief of security strategy at SentinelOne. “This is yet another data point illustrating how incredibly quickly malware evolves and the impossibility for any signature-based AV solution to keep up.”

It’s startling considering how many of today’s enterprise compromises start at the endpoint and traditional endpoint protections can’t even keep up with the file-based malware attacks we’ve seen for years now. And now the landscape is getting even more complicated, as file-less malware attacks start to rise in prominence. File-less malware attacks evade detection by avoiding the drop of malicious files in favor of methods such as storing information in system memory, leveraging PowerShell or Windows registry, or using malicious macros.

According to SentinelOne’s risk index, nearly two in 10 attacks that reach the endpoint start as in-memory attacks that are virtually undetectable to AV systems, no matter how quickly they update signatures.

“In-memory attacks don’t leave detectable artifacts on the file system, and as such, modern anti-malware solutions must watch what processes are actually running, not just what is saved on the system,” explains Grossman. “If enterprises don’t have solid protections in place to address in-memory attacks, they’ll get infected; it’s just that simple.”

The four months’ worth of data from last fall that was compiled for this report, the percentage of endpoint attacks instantiated as in-memory attacks doubled. Last month, Carbon Black released a study among security researchers that showed that close to two-thirds of them have seen an increase in non-malware attacks since the beginning of 2016. This figure includes not only in-memory attacks, but also PowerShell-based attacks, remote logins, WMI-based attacks, and macro attacks. 

[Check out “Rise of the Machines: How Machine Learning Can Improve Cyber Security” during Interop ITX, May 15-19, at the MGM Grand in Las Vegas. To learn more about this presentation, other Interop security tracks, or to register click on the live links.]

Many organizations only look to identify threats at a single point in time – when a file is written to disk. Malicious files are only part of the problem.

“Cybercriminals are increasingly leveraging non-malware attacks because they provide the path of least resistance and are designed to evade traditional prevention approaches,” says Mike Viscuso, co-founder and CTO of Carbon Black. “Once an attack has gained foothold on an enterprise, an attacker will move laterally leveraging existing tools on the operating system. For organizations not prepared to sniff out this kind of behavior, the attack will remain virtually invisible and cause a number of problems.” 

Viscuso says that practitioners need to have non-malware attacks on their radar because at this point, more than half of successful breaches come at the hands of these types of attacks. Anecdotal evidence continues to mount to support the worries of researchers like Grossman and Vicuso. For example, today security start-up Morphisec published details about a politically-motivated attack campaign against Israeli organizations that leans heavily on file-less attack techniques.

In this example, attackers compromised email accounts for high-profile individuals at Ben-Gurion University and sent malformed Word documents in reply to legitimate emails that were designed to take advantage of a Word vulnerability that was patched earlier this month. The documents weaponized with malicious macros installed a fileless variant of the Helminth Trojan agent.

“With many organizations taking high-risk vulnerabilities seriously and patching them as fast as possible, attackers can no longer exploit them,” writes Michael Gorelik, vice president of research and development for Morphisec. “We therefore expect that the pendulum will swing back from vulnerability exploits to marco-based campaigns.”

Related Content:

• Fileless Malware Takes 2016 By Storm
• 7 Ways Hackers Target Your Employees
• PowerShell Increasingly Being Used To Hide Malicious Activity
• US-CERT Warns Of Resurgence In Macro Attacks

 

Ericka Chickowski specializes in coverage of information technology and business innovation. She has focused on information security for the better part of a decade and regularly writes about the security industry as a contributor to Dark Reading.  View Full Bio

Article source: http://www.darkreading.com/endpoint/fileless-malware-attacks-continue-to-gain-steam/d/d-id/1328758?_mc=RSS_DR_EDT

ID theft victims can report their cybercrime attack to the Federal Trade Commission, without having to file a police report in most cases.

ID theft victims now have an alternative to filing a police report, a self-service online reporting tool from the Federal Trade Commission (FTC).

The FTC’s IdentityTheft.gov link offers a form that asks victims questions about the breach. The then provides a personal recovery plan, template letters that can be submitted to banks, merchants, and other entities that were affected by the victim’s identity theft. It also creates an identity theft report that serves as the official record for the crime and could be used if needed in place of a police report.

Under certain circumstances, an ID theft victim will still need to contact the police to submit a report. Those cases include if the victim knew the ID thief, the ID thief used the victim’s identity in any encounters with police, or a debt collector, creditor, or other entity affected by the crime demands a police report, the FTC stated. 

The FTC said the goal of the online self-service form is take the pressure off of local police and help ID victims speed their recovery process after the crime.

Read more about the FTC’s ID theft reporting tool here.

Dark Reading’s Quick Hits delivers a brief synopsis and summary of the significance of breaking news events. For more information from the original source of the news item, please follow the link provided in this article. View Full Bio

Article source: http://www.darkreading.com/endpoint/ftc-offers-id-theft-victims-online-crime-reporting-tool/d/d-id/1328763?_mc=RSS_DR_EDT

The push to weaken net neutrality that began shortly after President Trump took office took another step forward this week, with Federal Communications Commission chairman Ajit Pai announcing plans to demolish the 2015 rules former President Obama used to implement net neutrality with Title II classification.

Pai outlined those plans yesterday during a speech at The Newseum in Washington (click here for a full text of his remarks). He called Obama’s directives “heavy handed” and “all about politics”.

He claims the rules have hurt investment and clobbered small internet providers with mandates they can’t afford.

He said the internet has been the greatest free-market success story in history because of the landmark agreement between former President Clinton and a Republican Congress that resulted in the Telecommunications Act of 1996. In that legislation, he said, both parties decided “to preserve the vibrant and competitive free market that presently exists for the internet, unfettered by federal or state regulation”.

Until two years ago, that is, when he said the FCC decided to impose a set of heavy-handed regulations upon the internet in what he called a partisan action. He said:

[Obama and the Democrats] decided to slap an old regulatory framework called Title II – originally designed in the 1930s for the Ma Bell telephone monopoly – upon thousands of internet service providers, big and small. It decided to put the federal government at the center of the internet. Why? It was all about politics. Days after a disappointing 2014 midterm election, and in order to energize a dispirited base, the White House released an extraordinary YouTube video instructing the FCC to implement Title II regulations. This was a transparent attempt to compromise the agency’s independence. And it worked.

Pai’s proposal is to:

1. Return the classification of broadband service from a Title II telecommunications service to a Title I information service. This would be a return to the “light-touch regulation” from the Clinton Administration, he said.
2. Eliminate the so-called Internet Conduct Standard. Pai said the 2015 rule gave the FCC a roving mandate to micromanage the internet. Eliminating the standard would end that.
3. Seek comment on how to approach the so-called bright-line rules adopted in 2015. 

The FCC will vote on the plan at a May 18 meeting. Months of debate will surely follow as the matter is opened up for public comment. The commission will revise the rules based on that feedback, Pai said.

Though Pai describes the actions of two years ago as a politically motivated case of government overreach, it’s worth noting that in 2014 more than 4m public comments supporting net neutrality were sent to the FCC. A lengthy debate ensued then as well, and the Obama-era FCC agreed with the majority.

Speaking for the minority, Pai, a free-market conservative, wrote a scathing 67-page dissent saying net neutrality was a response to “anecdote, hypothesis, and hysteria… not just a solution in search of a problem – it’s a government solution that creates a real-world problem”.

Follow @NakedSecurity
Follow @BillBrenner70

Article source: http://feedproxy.google.com/~r/nakedsecurity/~3/wGH6Aop5bHM/

Football fans have not taken kindly to being treated like a bunch of criminals by law enforcement grabbing their mugshots via automated facial recognition (AFR).

Hibs fans protest against SPFL plans to bring in facial recognition cameras for football supporters. pic.twitter.com/3LutNMFWk3

— FCKolektivoVictoria (@fckv2010) February 7, 2016

Nonetheless, and despite the technology’s failings, British police are planning to scan each and every fan’s face with a new surveillance system at the UEFA Champions League final on June 3. Their images will be compared to those in a police database that contains some 500,000 persons of interest.

The final will take place at National Stadium of Wales, in Cardiff. According to a government contract issued by South Wales Police, they plan to pilot the use of AFR in and around the stadium and Cardiff’s main train station on the day of the game.

The pilot will build on London Metropolitan Police’s pilot of AFR in August 2016, during the Notting Hill Carnival.

Tony Porter, the UK government’s surveillance camera commissioner, told Motherboard that the recent bombing of a Borussia Dortmund team bus before a Champions League quarter-final match is an example of why law enforcement is looking at AFR.

Porter said that his office has been in touch with South Wales Police to ensure they comply with a code of practice when using AFR:

I have seen the use of AFR increase [over] the past few years and a recent report by the National Institute of Standards and Technology indicated that facial recognition is a difficult challenge. Getting the best, most accurate results for each intended application requires good algorithms, a dedicated design effort, a multidisciplinary team of experts, limited-size image databases, and field tests to properly calibrate and optimize the technology.

He was referring to NIST’s Face In Video Evaluation program report (PDF), which found that when subjects fail to face a camera or when their faces are obscured, accuracy of AFR drops.

How accurate is facial recognition?

Not so much. Besides the NIST report, studies have found that black faces are disproportionately targeted by facial recognition. They’re over-represented in face databases to begin with: according to a study from Georgetown University’s Center for Privacy and Technology, in certain states, black Americans are arrested up to three times their representation in the population. A demographic’s over-representation in the database means that whatever error rate accrues to a facial recognition technology will be multiplied for that demographic.

Beyond that over-representation, facial recognition algorithms themselves have been found to be less accurate at identifying black faces.

During a recent House oversight committee hearing in the US that was scathing on the FBI’s use of the technology, it emerged that 80% of the people in the FBI database don’t have any sort of arrest record. Yet the system’s recognition algorithm inaccurately identifies them during criminal searches 15% of the time, with black women most often being misidentified.

That’s an enormous number of people wrongly identified as persons of interest to law enforcement. According to a Government Accountability Office (GAO) report from August 2016, the FBI’s massive face recognition database has 30m likenesses.

In the UK, controversy has arisen recently over police’s retention of images. According to Biometrics Commissioner Paul Wiles, the UK’s National Police Database holds 19m images: a number that doesn’t even include all police forces. Most notably, it lacks those of the largest police force, the Metropolitan Police. A Home Office review was bereft of statistics on how those databases are being used, or to what effect, Wiles said.

As Motherboard notes, the limitations of facial recognition are corroborated by how useless it was in the Notting Hill Carnival operation. Out of 454 arrested people, not a single one of them had been pre-identified as a person of interest by the technology, as Met Police has reported.

Follow @NakedSecurity
Follow @LisaVaas

Image courtesy of imagestockdesign / Shutterstock.

Article source: http://feedproxy.google.com/~r/nakedsecurity/~3/-UohMmy9vBA/