Security

How to be behind the eight-ball in Davos.

Phillip Nones Economics, Government, Security, Social Commentary , , , , ,

Can the World Economic Forum be any less useful or relevant?

Most people in business and politics have heard of the World Economic Forum (WEF), best known for holding its annual meeting for the world’s glitterati every January in Davos, Switzerland.

Beyond that international confab, WEF provides a set of “Transformation Maps” on its website which are described as “a constantly refreshed repository of knowledge about global issues, from climate change to the future of work.” 

“Transformation Maps are the World Economic Forum’s dynamic knowledge tool,” the website declares. “They help users to explore and make sense of the complex and interlinked forces that are transforming economies, industries and global issues.”

The maps present insights written by so-called experts along with machine-curated content. Together, “the information allows users to visualise and understand more than 250 topics and the connections and inter-dependencies between them, helping in turn to support more informed decision-making by leaders.”

… And it’s all provided as free content!

Taking a current topic of interest as an example, if one wishes to find out about Ukraine, he or she can click on a link beneath a Transformation Map labelled “Fourth Industrial Revolution” which brings up a new page: https://intelligence.weforum.org/topics/a1Gb0000001RIhBEAW?tab=publications. From there, select Discover All Topics from the top menu which brings up this new page: https://intelligence.weforum.org/topics.

That page displays 293 different topics. Scrolling down a good ways finally brings up “Ukraine” … and here’s what is displayed after clicking on the “Security” issue:

Explaining how the chart was developed, the website reports:

“This Transformation Map explores key issues for Ukraine based on its rankings in the most recent edition of the World Economic forum’s Global Competitiveness Index.”

For the record, those six “key issues” are Financial System, Innovation Capability, Health, Macroeconomic Stability, Transparency and Security.

The Security issue then links to five other topics (Public Finance and Social Protection, Justice and Law, Cities and Urbanization, International Security and Civic Participation).

Curious to see what content would be displayed, I clicked the International Security topic, which causes the International Security Transformation Map to appear. Only then did I finally learn that:

“The return of great power competition has been accompanied by the outbreak in Ukraine of Europe’s largest ground war since World War II.”

I must admit that I am quite impressed with how these Transformation Maps have helped me to visualize and understand the connections and inter-dependencies between Ukraine and International Security … and it is now completely clear to me how these tools support more informed decision-making by leaders. [Feel free to insert snark emoji here.]

Have we finally reached “peak oil”?

Phillip Nones Business, Economics, Manufacturing, Security, Social Commentary , , , , ,

Likely not in crude oil consumption, but the IEA is now projecting that demand for gasoline will never return to its pre-COVID level.

This past week the International Energy Agency (IEA) issued an intriguing forecast about future of gasoline consumption.  If true, it means that the world will have reached its peak demand for gasoline back in 2019, and won’t ever again return to that level.

Of course, with the advent of electric vehicles, the day when gasoline demand would begin to decline was bound to come sooner or later.  But the COVID-19 pandemic has hastened the event. 

During the widespread restrictions on work and travel imposed by most governments in 2020, daily gasoline demand dropped by more than 10%. Some of that demand is expected to return, but the global shift towards electric vehicles — not to mention continuing improvements in fuel efficiency in conventional gasoline-powered vehicles themselves — means that any growth in demand for gasoline within developing countries will be more than offset by these other forces.

In 2019, only around 7 million electric vehicles were sold worldwide, but that number is expected to grow steadily, reaching 60 million annually just five years from now.  Several major car manufacturers have committed to selling electric vehicles exclusively in future years, including Volvo (committed to all-electric vehicle sales by 2030) and GM (by 2035).

As for the demand for crude oil, it is expected to rebound from 2020’s dip to reach as much as 104 million barrels per day by 2026, which would be around 4% higher than the usage that was recorded in 2019.  Asian countries – particularly China and India – will be responsible for all of that increase and more, even as some developed nations are expected to see a drop in their demand for crude.

The implications of these forecasts are far-reaching – as are the questions they raise.  How well will the legacy car companies perform in comparison to the new all-electric car company upstarts?  Can they remake themselves quickly enough to preserve their market position vitality? 

What will the effects of lower demand for gasoline – and a lower pace of growth in demand for crude – be on global climate change?  Dramatic? … or only minimal?

What do the prospects of lessening demand for crude do to the economies (and politics) of countries like Saudi Arabia, Iran, Venezuela and other key OPEC nations?  Will lowered demand lessen geopolitical tensions? … or contribute to even bigger ones?

If you have thoughts or perspectives on these points, please share them in the comment section below.

In its legal altercation with poultry processor Wayne Farms, LinkedIn gets its wings clipped.

Phillip Nones Business, Security, Social Media , , ,

Ignoring complaints of a fake LinkedIn profile turned out to be a costly miscalculation.

We hear a lot about fake Facebook profiles and fake Twitter accounts.  We don’t hear so much about fake LinkedIn accounts – but they can be just as problematic. 

In fact, it may be that the potential financial implications of faux LinkedIn accounts are sometimes more consequential.  The revelation last week that LinkedIn has settled a lawsuit brought by Wayne Farms, a multi-billion dollar poultry company with 13 U.S. processing facilities, helps paint the picture.

The facts of the case are interesting.  In the summer of 2020, a sales manager for Wayne Farms noticed that someone had created a fake LinkedIn profile of him.  The sales manager also determined pretty quickly that the faux persona was using the profile to reach out to customers and set up deals. 

More specifically, the imposter was attempting to engage one customer in the United States and another in Italy in phony product purchase transactions.

As David Brezina, a Chicago-based attorney representing Wayne Farms, explained, “LinkedIn was used to make more credible some scams that were basically to buy a container load of product.  It was a great deal – but you had to submit 20% down.” 

“The fraudster was looking to collect $5,000 or $10,000 from potential customers of my client upfront,” Brezina continued.  “LinkedIn was a valuable tool to make the scam more credible.”

What did LinkedIn do to address the problem?  It took the correct action – at first.  Contacted by the Wayne Farms sales manager about the fake profile, the social platform took down the offending account.

But barely a month later another fake profile of the same sales manager reappeared on LinkedIn.  Wayne Farms promptly submitted two notifications to LinkedIn asking for the account to be removed once again.

This time around, LinkedIn’s response was … crickets. 

It was only after Wayne Farms filed a federal lawsuit against LinkedIn in early December, seeking compensatory damages for trademark counterfeiting, federal trademark infringement and reputational harm, that the fake profile was removed.

David Brezina (Ladas & Parry LLP)

Regarding LinkedIn’s failure to act in the second occurrence, Brezina pointed out, “You need to be responsible; you need to have procedures where if fraud is being committed … victims can contact you.” 

In this case, LinkedIn chose to ignore such entreaties – or the request got hung up in its internal bureaucracy.  Either way, it turned out to be a costly blunder for the social platform.  This past week, LinkedIn settled the Wayne Farms lawsuit out of court.  Financial terms of the settlement are confidential, but you can be sure that the costs involved are more than merely symbolic.

Interestingly, during the discovery phase of the lawsuit, LinkedIn let it be known that it restricted more than two million fake accounts in just a six-month period last year, so this isn’t an isolated occurrence.

But what it also means is that users of LinkedIn need to be as vigilant in policing that platform as they are with any other social media outlet.  That revelation came as a bit of a surprise to me, frankly.

What about you?  Have you or someone you know ever been the victim of any monkey business or questionable activity pertaining to your LinkedIn profile?  If so, please share your experiences with other readers here.

The (Very) Real Privacy Concerns Raised by Contact Tracing

Phillip Nones Government, Security, Social Commentary , , , , , , ,

Last week, I linked to a “guest” blog post about the challenges of contact tracing as part of the way out of the worldwide coronavirus pandemic.  The piece was authored by my brother, Nelson Nones, who heads up a company that has developed software capabilities to support such functions. One reader left a thoughtful response citing the personal privacy concerns that any sort of effective contact tracing regimen inevitably raises.

It’s an important issue that deserves an equally thoughtful response, so I invited Nelson to share his own thoughts on the issue. Here’s what he wrote to me:

The introduction of new contact tracing apps for smartphones has raised quite a few privacy fears around the globe. This is a very hot topic right now which deserves attention. However, to keep my original article about the ability to conduct effective contact tracing on point, I purposely sidestepped the privacy issue — other than mentioning privacy fears briefly in the ‘Technology Limitations’ section of the article. 

Here I’ll expand a bit. Naturally, the coronavirus pandemic has raised a lot of concern about Orwellian “big brother” surveillance and government overreach, but what many people may not realize is that it’s not about expanding “the target population of surveillance and state control” as the commenter notes. When it comes to public health, governments – including state governments in the United States – have possessed these powers for a long time. 

I first discovered this in my own personal life about 20 years ago. I was at work in Long Beach one day when I received a call from the California Department of Health, informing me that I was confirmed to have a highly contagious gastrointestinal infection and ordering me to submit regular stool samples until my tests came back negative. I was informed that if I did not do so, I could be forcibly quarantined — and fined or even jailed — if I refused to cooperate. 

My first question to myself was, “How the h*ll and why the h*ll did they target me?”  

I had recently returned from a trip to Thailand and started having GI issues, so I went to my doctor and gave a stool sample. They performed a lab analysis which confirmed a particular type of infection that was listed on the Department of Health’s watch list, so I was informed that my doctor was obliged by law to report my case to the Department of Health.  

The Health Department, in turn, was obliged by law to contact me and issue the orders given to me – and by law I was obliged to comply with their orders. 

The reason that nations, states and provinces have such powers is to contain and control the spread of infectious diseases. This means that governments have the power to forcibly isolate people who are confirmed to be infected — and they also have the power to forcibly quarantine people who are suspected (but not yet confirmed) to be infected.  

Whether or not, and how, they choose to exercise those powers depends on the nature of the disease, how it’s transmitted, whether or not an epidemic or pandemic has been declared, and whether or not proven cures exist. Moreover, rigorous protocols are in place to protect people against the abuse of those powers.  

But the bottom line is: in most countries, including the United States, if you are unfortunate enough to catch an infectious and communicable disease, you have no constitutional right to prevent the government from identifying you and potentially depriving you of your civil liberties, because of the risk that you could unknowingly infect other people. 

Think of it as a civic duty — just as you have no constitutional right to prevent the government from ordering you to perform jury service. 

Medical science is so advanced these days that most diseases can be contained and controlled without having to inconvenience more than a relatively small number of people, which is why most people have no idea that governments possess such vast powers. But COVID-19 is a once-in-a-century outbreak that’s so novel, so poorly understood, and so communicable that nearly everyone in the world is being deprived of their civil liberties right now out of an abundance of caution.  

Realistically, one could expect these restrictions to remain in place unless and until COVID-19 vaccines and/or therapies are invented, proven and made available to the public – at which time it will (hopefully) be possible to manage COVID-19 like the seasonal flu, which doesn’t require draconian public health measures.    

As for the new smartphone apps, have a look at this recent article that appeared in Britain’s Express newspaper which will give you a good idea of how “hot” this topic has become.  

The key question here is whether or not the database backend (which is the software that my company Geoprise makes) is “centralized” or “decentralized.” A “centralized” backend follows the Singapore model and contains personally-identifiable information (PII) about everyone who registers the app with a public health authority and/or is confirmed to be infected.  

Conversely, some researchers are proposing a “decentralized” backend which serves only as a communications platform, and only ever receives anonymized and nonlinkable data from the smartphones.  

This is the privacy and security model that Apple and Google are following, but there is no way that such a “decentralized” backend could ever serve as a contact tracing database in the traditional sense. That’s because a traditional contact tracing database, by definition, always contains linkable PII. (Incidentally, our Geoprise software could be used in either a “centralized” or “decentralized” manner.) 

The key thing to understand about even the most “centralized” of the smartphone apps, such as Singapore’s TraceTogether app, is that they contain numerous privacy and security safeguards. Here’s a short list: 

  • The data which is captured and retained on individual devices identifies a particular smartphone only by an encrypted “TempID” which changes periodically (Singapore’s recommendation is to change the TempIDs every 15 minutes). This makes it impossible for a smartphone owner or eavesdropper to reconstruct complete histories of encounters held on the devices in a personally-identifiable way.
  • As my original article states, the contact tracing apps don’t use or store geo-location data (i.e. “where your smartphone was”) because GPS measurements are too unreliable for proximity-sensing purposes. Instead they use the device’s Bluetooth radio to sense other Bluetooth-enabled devices that come within very close range (i.e. “devices that were near your smartphone”).
  • The apps are opt-in. You can’t be compelled to download the app or register it with the public health authority (unless you happen to live in Mainland China — but that’s yet another story!).
  • Only people who are confirmed to be infected are ever asked to share their history of encounters with the public health authority.
  • Sharing your history of encounters is voluntary. You can’t be compelled to upload your contact tracing history to the public health authority’s backend server.

Apple and Google appear to be taking this a step further by: 

  • Allowing smartphone owners to “turn off” proximity sensing whenever they wish (such as when meeting a secret lover during trysts, or for more innocuous occasions).
  • Allowing smartphone owners to delete their history of encounters on demand, and to erase all data when uninstalling the app.
  • “Graceful dismantling” – to quote one researcher:“The system will organically dismantle itself after the end of the epidemic. Infected patients will stop uploading their data to the central server, and people will stop using the app. Data on the server is removed after 14 days.”  

The bottom-line on privacy and government overreach, I think, is for everyone to step back a safe distance from one another, and take a deep breath …

Contact Tracing: The giant obstacle smack in the middle of the road to COVID-19 recovery.

Phillip Nones Business, Economics, Security, Social Commentary , , , , ,

… But we’ve got to figure out how to do it right.

In recent days, news reports about the coronavirus pandemic have gravitated from a shortage of ventilators and possible overcrowding in the nation’s hospitals to how best to reopen the economy (and society).

The challenge, of course, is how to “reopen” in responsible ways that don’t result in a new flare-up of COVID-19 cases.

Governors, medical professionals and governmental personnel have been cogitating about this issue for a number of weeks now, and it appears that some “baby steps” are starting to be taken in some states, with other jurisdictions to follow in the coming days and weeks.

One of the biggest obstacles in the way of bringing the economy – and life – back to some semblance of “normal” is being able to know who has, or has had, the coronavirus — and beyond that identifying who the people are that each affected person has interfaced with in the previous weeks.

There’s the old-fashioned way of doing contract tracing: undertaking in-depth interviews with patients to learn who they have interfaced with for 15 minutes or longer over a period of 2-3 weeks … and then interviewing those persons plus the people they’ve interfaced with … and so on down the line.

Those suspected of being exposed can then be directed to quarantine themselves for the requisite two-week period so as to arrest the spread of the virus.

This is a hugely costly undertaking.

Moreover, it’s labor-intensive — to the tune that a state like Massachusetts is attempting to hire 1,000 new workers to undertake these duties. And that’s just to get through Phase 1 of the recovery effort.

The other challenge with traditional contact tracing is that the data being collected is based on memory and recollections, which as we all know are prone to fallibility.

In our tech-savvy world, some giants are “on the case” – entities like Google and Apple that have teamed up to use cellphone tracking technology to “keep tabs” on people’s movements and thereby know what people may have been exposed to the COVID-19 virus.

Of course, this solution is also prone to gaps in coverage, as phones aren’t turned “on” at all times, not to mention that significant swaths of the population – particularly the elderly – aren’t using cellphones equipped with the types of location information functionalities that can be tracked.  (Surprisingly perhaps, smartphone penetration worldwide still languishes at only around 45% of cellphone users.)

And then there’s always the issue of “privacy” lurking the background – a factor which can’t be ignored in a world where many people are already suspicious of governments snooping into their private lives.

But there could be other methods to employ by which contact tracing can be made more efficient, and more accurate – and at a more reasonable price tag.

Recently my brother, Nelson Nones, whose company, Geoprise Technologies Corporation, specializes in encrypted data management, outlined just such a practical solution that can accomplish this trio of disparate-yet-important goals.

His article on the topic, titled “Call to Action: Recovering from the COVID-19 Pandemic,” has been published and can be read here.

I find the article as persuasive as it is understandable to a technology layperson like myself. Moreover, it seems as though the solutions proposed could become an essential software-as-a-service (SaaS) solution not just for government agencies but for private business organizations, too.

Action is already happening, but so far, the results have been somewhat mixed despite strong support from governments, private businesses and end-users. Functionalities need to continue to build.

But it looks like we may be on our way … and that’s extremely good news for anyone who has an interest in reopening the economies of the world – and going back to living life the way humans were meant to live it.

COVID-19: Whither the Pandemic?

Phillip Nones Security, Social Commentary , ,

Last week, I published a post about the burgeoning spread of Coronavirus infections, based on the perspectives of my brother, Nelson Nones, who lives and works in East Asia.

I’ve now received an updated analysis from him which is quite interesting.  It’s based on plotting COVID-19 infection rates against average February temperatures for 123 countries.

Here are his findings:

  • The world’s worst COVID-19 hotspots (China, Italy, Iran, South Korea, France, Spain, Germany and Switzerland) are clustered in a February temperature band ranging from -9 to +7 degrees C.
  • The world’s least contagious COVID-19 countries are clustered in a February temperature band ranging from +10 to +28 degrees C. Among those, the poorest countries are the least contagious; the richest (Singapore, Australia and Malaysia) are the most. Presumably this is because international travel is more common in richer countries.
  • Finland, the US, Japan, UK, Taiwan and Thailand lie near the best-fitting trend.
  • With the progression of the seasons, mean temperatures in the US will climb from -4C in February to +20C in July. Following the best-fitting curve, this means the US infection rate would be 63% (nearly two-thirds) lower in July than the present 4 cases per million.

Nelson’s conclusion:  “The pandemic won’t last!”

In conducting his analysis, Nelson used COVID-19 case data and country populations come from the worlometers.info news feed. Average February temperature data come from the World Bank.

These are interesting stats, to be sure — and interesting prognostications as well.  Caution should be the watchword in these times.  But the Coronavirus news may be uniformly brighter as the seasons warm.

What are your thoughts?  Feel free to share your views in the comment section below.

The Coronavirus Threat: A view from East Asia.

Phillip Nones Economics, Government, Security, Social Commentary , , , , , , , ,

Regular readers of Nones Notes Blog know that my brother, Nelson Nones, has lived and worked outside the United States for nearly 25 years – much of that time in East Asia. So naturally I was curious about his perspectives on the spread of the Coronavirus from its epicenter in Wuhan, China, what precautions he is taking in the face of the threat, and his perspectives on how the actions of Asian countries affected by the outbreak may be mitigating the potential effects of the virus.

Here is what Nelson wrote to me in response to my query:

The Coronavirus has not affected my business here in Bangkok to date. I did make a trip to Singapore during the last week of January and to Taiwan during the first week of February, after arriving back in Thailand from the U.S. on January 12th.  I haven’t been sick at all – before or since.

However, in an abundance of caution I am keeping myself at home as much as possible, and I have decided not to travel anywhere until the current hullabaloo dies down.

As for the situation here in Thailand, this country is actually the location of the first COVID-19 (Coronavirus) case ever recorded outside Mainland China. This was back on January 13th, just two weeks after China first notified the World Health Organization (WHO) of the new disease, and only two days after China recorded its first COVID-19 death.  

The patient here in Thailand was a Chinese woman who had traveled from Wuhan, the epicenter of the pandemic.

Since then, Thailand has recorded 42 additional cases for a total of 43 patients, of whom only one died (on Sunday March 1st), and 31 have recovered.  This leaves 11 active cases – all considered mild.

The first case of human-to-human virus transmission within Thailand was recorded on January 16th, affecting a taxi driver. Of the 43 cases confirmed so far, 25 affected Chinese citizens; seven affected Thai citizens with travel histories to China, Japan or South Korea; seven affected Thai citizens who work in the tourism or healthcare industries; and the remaining four were other domestic cases (of which only two potentially represent “community spread”).  Thailand’s infection growth factor peaked on January 26th.

Being one of the world’s most popular tourist destinations (especially from China), Thailand has never imposed any travel restrictions, even from China (nor has the U.S. ever imposed any COVID-19 travel restrictions on Thailand), but all arriving international passengers are screened by an initial body temperature check. Those who fail the initial screening are required to disclose their travel histories within the past 14 days, in detail.  If they have travelled to or from any affected areas, and exhibit any COVID-19 symptoms, they are immediately quarantined at a specially-designated hospital for isolation and treatment.

Under the circumstances, and considering its geographic proximity to China as well as the normal volume of Chinese tourist travel, I think Thailand’s containment efforts so far have been successful and offer some lessons for the United States. Containment in India, Indonesia and Bangladesh so far is even more impressive (Indonesia reported its first two cases only on March 2nd).

Displayed below is a listing of South, Southeast and East Asian countries, ranked by population (together with the U.S. for comparison purposes), showing the number of cases and deaths reported so far:

* Excludes Diamond Princess cruise liner cases.

Sources:

Case data are from https://www.worldometers.info/coronavirus/#countries

Populations are from https://en.wikipedia.org/wiki/List_of_countries_by_population_(United_Nations)

The countries shaded in green, above, are those which did not require advance visas for Chinese citizens holding ordinary passports, prior to the imposition of temporary COVID-19 travel restrictions. These countries were either visa-free or allowed “visa on arrival.”

The countries in red typeface, above, are those which had imposed temporary COVID-19 travel restrictions as of early February 2020. These include “entry bans on Chinese citizens or recent visitors to China, ceased issuing of visas to Chinese citizens and re-imposed visa requirements on Chinese citizens or countries that have responded with border closures with China.” (See https://en.wikipedia.org/wiki/Visa_requirements_for_Chinese_citizens for source data.)

It’s quite clear from the data above that, excluding Mainland China itself, there is little or no correlation between the incidence of COVID-19 cases or deaths and the leniency of a country’s previous or current travel restrictions in so far as Mainland Chinese are concerned.

Indeed, all of the four countries having a higher number of cases than Thailand (Japan, South Korea, Hong Kong and Singapore) required advance visas before the COVID-19 outbreak, and all but one (Hong Kong) had imposed COVID-19 entry bans as of February 2nd

Conversely, apart from Thailand, the countries which did not require advance visas before the COVID-19 outbreak have averaged fewer than one case per country (although all of them except Cambodia and East Timor had imposed temporary COVID-19 travel bans by February 2nd).

The countries shown in bold typeface above are those which are geographically closest to the COVID-19 epicenter. An average of 570 COVID-19 cases have been reported within each of these 10 countries; only Laos has been immune so far. Conversely, an average of 6 COVID-19 cases have been reported within each of the remaining 26 countries (excluding China itself).

From these data, I’ve drawn the following four generalizations:

  • Outside of Mainland China, international travel bans and visa restrictions are not effective tools for controlling the spread of COVID-19 disease within a country.
  • Geographic proximity to Mainland China is well-correlated to the historical spread of COVID-19 disease in South, Southeast and East Asia.
  • Vigilant screening and disposition of suspected cases is vital to containing the spread of COVID-19 disease, as Thailand’s experience demonstrates.
  • Allowing high concentrations of suspected cases to form without treatment, such as Wuhan (China), the Diamond Princess docked at Yokohama (Japan) and Shincheonji church at Daegu (South Korea), is a recipe for disaster.  

Of course, the virus and its spread is an evolving narrative, and Nelson’s observations may soon be overwhelmed by new developments. Still, I was somewhat surprised to read that the situation is not quite as dire as the news reporting here in the U.S. would seem to indicate.

Have you heard from overseas friends or colleagues about how they are responding to the Coronavirus outbreak? Please share their perspectives with other readers here.

Facial Recognition Faceoff

Phillip Nones Business, Government, Security, Social Commentary, Social Media , , , , , , , ,

Facebook has been resisting outside efforts to rein in its “faceprints” facial recognition initiative – and mostly losing.

I’ve blogged before about the concerns many people have about facial recognition technology, and the troubling implications of the technology being misused in the wrong hands.

Facebook would claim to be the “right hands” rather than wrong ones when it comes to the database of “faceprints” it’s been compiling over the past decade or so. But its initiative has run afoul of an Illinois biometric privacy law passed in 2008.

The Illinois measure, which prohibits companies from collecting or storing people’s biometric data without their consent, is one of the strongest pieces of legislation of its kind in that it also allows individual consumers to sue for damages – to the tune of up to $5,000 per violation.

And that’s precisely what’s happened.  A class-action suite was filed in 2015 by a group of Illinois residents, alleging that Facebook has violated the Illinois privacy law through its photo-tagging function which draws on a trove of “faceprint” photos to recognize faces and suggest their names when they appear in photos uploaded by friends on Facebook.

Facebook has vigorously resisted efforts to rein in its faceprint initiative, arguing that any such lawsuits should be dismissed because users haven’t actually been injured by any alleged violations of the state law.

That stance has been rejected – first in U.S. district court and then in the court of appeals. Undaunted, Facebook appealed to the U.S. Supreme Court which turned down the appeal in late January.

Rebuffed at all legal levels, Facebook has now decided to settle the suit for a reported $550 million, including payments of ~$200 each to claimants in the Illinois class-action suit.

Facebook has lost, but the whole notion of facial recognition technology could well be like playing a game of whack-a-mole. As it turns out, another firm has developed similar functionality and is busily selling facial recognition data to police departments across North America.  According to a recent investigative article publishing in The New York Times, a company called Clearview AI has mined billions of photos from Twitter, Facebook and other social platforms.  (Clearview is now being sued in Illinois for allegedly violating the same biometric privacy law that was at the center of the Facebook suit.)

And indeed, the efforts to rein in facial recognition activities may be a little too little, a little too late: According to a recent report from Business Insider, the faces of more than half of all adults in America have already been logged into police or government databases.

… Which brings us to a parallel response that appears to be gaining traction: figuring out ways to fool facial recognition software.  A number of entrepreneurs are developing intriguing methods to beat facial recognition software.  Among them are:

  • Clothing designers have begun to target weaknesses in the ability of facial recognition software to process overlapping or unusual shapes, as well as deciphering multiple similar images appearing in close proximity. One such example is a pair of goggles fitted with near-infrared LEDs that interfere with the ability to scan facial features.
  • Headscarves decorated with different faces “confuse” the software by overloading it with excessive amounts of data in the form of numerous facial features.
  • So-called “adversarial patches” – a graphic print that can be added to clothing – exploit the vulnerabilities in facial recognition scanning by making a person “virtually invisible for automatic surveillance cameras,” according to creators Simen Thys, Wiebe Van Ranst and Toon Goedemé.

Will the two-front attack on facial recognition technology from the legal as well as technology standpoint succeed in putting the facial recognition genie back in the bottle? It’s debatable.  But it’s certainly making things more of a challenge for the Facebooks and Clearviews of the world.

The unintended “open book” company … opens a can of worms.

Phillip Nones Business, Manufacturing, Security , , , , , ,

Transparency is usually considered a good thing. But when it means your company is an open book, it’s gone too far.

Unfortunately, some companies are making far too much of their information visible to the world without realizing it. Clean laundry, dirty laundry – the works.

One of these instances came to light recently when vpnMentor, a firm that bills itself as an “ethical hacking group,” discovered an alarming lack of e-mail protection and encryption during a web-mapping project regarding an international piping, valve and fitting manufacturing organization.

I’m going to shield the name of the company in the interest of “discretion being the better part of valor,” but the company’s data that was found to be visible is amazingly broad and deep. Reportedly it included:

  • Project bids
  • Product prices and price quotations
  • Discussions concerning suppliers, clients, projects and internal matters
  • Names of employees and clients
  • Internal e-mail addresses from various branch offices
  • Employee IDs
  • External/client e-mail addresses, full names and phone numbers
  • Information on company operations
  • Travel arrangements
  • Private conversations
  • Personal e-mails received via company e-mail addresses

Basically, this company’s entire business activities are laid out for the world to see.

The vpnMentor research team was able to view the firm’s “confidential” e-mail communications. Amusingly, the team saw its own e-mails it had sent to the firm warning about the security breach (that the company never answered).

“The most absurd part is that we not only know that they received an e-mail from one of the journalists we work with, alerting them to the leak in this report, but we [also] know they trashed it,” as one of the team members noted.

The company in question isn’t some small, inconsequential entity. It operates in 18 countries including the biggies like Germany, France, Germany, the United States, Canada and Brazil.  So the implications are wide-ranging, not just for the company in question but also for everyone with which they do business.

The inevitable advice from vpnMentor to other companies out there:

“Review your security protocols internally and those of any third-party apps and contractors you use. Make sure that any online platform you integrate into your operations follows the strictest data security guidelines.”

Are you aware of any security breaches that have happened with other companies that are as potentially far-reaching as this one? It may be hard to top this particular example, but if you have examples that are worth sharing, I’m sure we’d all find them interesting to to hear.

The promise — and peril? — of microchip implants for people.

Phillip Nones Business, Manufacturing, Security, Social Commentary , , , , , , , , , ,

In 2017, when employee volunteers at Three Square Market, a Wisconsin-based technology company, agreed to have microchips implanted in their wrists so that they could access the company’s lunchroom vending machines without exchanging money, some people tittered.

At best, it was viewed as a publicity effort to draw attention to the firm and its work in the microchip industry.

So where are we with human microchip implants two years later? Well … not so far along in some ways, and yet things may be poised for a sea change in the not-too-distant future.

And actually, it has less to do with human microchip implants as a convenience as it does with their potential to revolutionize health monitoring and medical diagnoses.

Biohax International, a Swedish-based company founded more than five years ago, is further along on the development curve than most other developers in the field. According to a report from Thomas Industry Insights, thousands of Swedes now have microchip implants, and the number is expected to continue growing at a robust pace.

At present, Biohax chip implants can house anything from emergency contact information to FOB and other access capabilities for cars, homes and even public transportation.

But the next frontier looks to be in healthcare. At present, prototype microchips are being developed that will enable continual monitoring of a person’s vital signs – things like glucose monitoring and blood pressure monitoring.

It isn’t difficult to imagine a day when certain patients are prescribed potentially lifesaving microchip implants that will serve as “early warnings” to nascent health emergencies.

Is this the future?

There could be a downside, of course – there nearly always is with these sorts of things, it seems. What does a world look like where physicians, insurance companies, employers or credit card companies make implants a mandatory condition for service or employment?

How far of a line is it to go from that to being part of a “surveillance state”?

And even if the situation never came to that, would people who demur from participating voluntarily in the “microchip revolution” be somehow walled off from the benefits microchips could deliver – thereby becoming “second-class citizens”?

The ethical questions about human microchip implants are likely to be with us for some time to come — and it’s certainly going to be interesting to see how it all plays out.

Do you have particular opinions about the “promise and peril” of microchip implants? Please share your thoughts with other readers here.