CRYPTO-GRAM, November 15, 2024 Part 6
From
Sean Rima@618:500/14.1 to
All on Fri Nov 15 16:13:38 2024
This is worth fighting for. We need a public AI option, and open source --
real open source -- is a necessary component of that.
But while open source should mean open source, there are some partially
open models that need some sort of definition. There is a big research
field of privacy-preserving, federated methods of ML model training and I
think that is a good thing. And OSI has a point here:
Why do you allow the exclusion of some training data?
Because we want Open Source AI to exist also in fields where data
cannot be legally shared, for example medical AI. Laws that permit
training on data often limit the resharing of that same data to protect
copyright or other interests. Privacy rules also give a person the
rightful ability to control their most sensitive information like
decisions about their health. Similarly, much of the world’s Indigenous
knowledge is protected through mechanisms that are not compatible with
later-developed frameworks for rights exclusivity and sharing.
How about we call this “open weights” and not open source?
** *** ***** ******* *********** ************* Criminals Exploiting FBI Emergency Data Requests
[2024.11.12] I’ve been writing about the problem with lawful-access
backdoors in encryption for decades now: that as soon as you create a
mechanism for law enforcement to bypass encryption, the bad guys will use
it too.
Turns out the same thing is true for non-technical backdoors:
The advisory said that the cybercriminals were successful in
masquerading as law enforcement by using compromised police accounts to
send emails to companies requesting user data. In some cases, the
requests cited false threats, like claims of human trafficking and, in
one case, that an individual would “suffer greatly or die” unless the
company in question returns the requested information.
The FBI said the compromised access to law enforcement accounts allowed
the hackers to generate legitimate-looking subpoenas that resulted in
companies turning over usernames, emails, phone numbers, and other
private information about their users.
** *** ***** ******* *********** ************* Mapping License Plate
Scanners in the US
[2024.11.13] DeFlock is a crowd-sourced project to map license plate
scanners.
It only records the fixed scanners, of course. The mobile scanners on cars
are not mapped.
** *** ***** ******* *********** ************* New iOS Security Feature
Makes It Harder for Police to Unlock Seized Phones
[2024.11.14] Everybody is reporting about a new security iPhone security feature with iOS 18: if the phone hasn’t been used for a few days, it automatically goes into its “Before First Unlock” state and has to be rebooted.
This is a really good security feature. But various police departments
don’t like it, because it makes it harder for them to unlock suspects’ phones.
** *** ***** ******* *********** *************
Since 1998, CRYPTO-GRAM has been a free monthly newsletter providing
summaries, analyses, insights, and commentaries on security technology. To subscribe, or to read back issues, see Crypto-Gram's web page.
You can also read these articles on my blog, Schneier on Security.
Please feel free to forward CRYPTO-GRAM, in whole or in part, to colleagues
and friends who will find it valuable. Permission is also granted to
reprint CRYPTO-GRAM, as long as it is reprinted in its entirety.
Bruce Schneier is an internationally renowned security technologist, called
a security guru by the Economist. He is the author of over one dozen books
-- including his latest, A Hacker’s Mind -- as well as hundreds of
articles, essays, and academic papers. His newsletter and blog are read by
over 250,000 people. Schneier is a fellow at the Berkman Klein Center for Internet & Society at Harvard University; a Lecturer in Public Policy at
the Harvard Kennedy School; a board member of the Electronic Frontier Foundation, AccessNow, and the Tor Project; and an Advisory Board Member of
the Electronic Privacy Information Center and VerifiedVoting.org. He is the Chief of Security Architecture at Inrupt, Inc.
Copyright © 2024 by Bruce Schneier.
** *** ***** ******* *********** *************
Mailing list hosting graciously provided by MailChimp. Sent without web
bugs or link tracking.
---
* Origin: High Portable Tosser at my node (618:500/14.1)