• CRYPTO-GRAM, November 15, 2024 Part 6

    From Sean Rima@21:1/229.1 to All on Fri Nov 15 16:13:32 2024

    This is worth fighting for. We need a public AI option, and open source --
    real open source -- is a necessary component of that.

    But while open source should mean open source, there are some partially
    open models that need some sort of definition. There is a big research
    field of privacy-preserving, federated methods of ML model training and I
    think that is a good thing. And OSI has a point here:

    Why do you allow the exclusion of some training data?

    Because we want Open Source AI to exist also in fields where data
    cannot be legally shared, for example medical AI. Laws that permit
    training on data often limit the resharing of that same data to protect
    copyright or other interests. Privacy rules also give a person the
    rightful ability to control their most sensitive information like
    decisions about their health. Similarly, much of the world’s Indigenous
    knowledge is protected through mechanisms that are not compatible with
    later-developed frameworks for rights exclusivity and sharing.

    How about we call this “open weights” and not open source?

    ** *** ***** ******* *********** ************* Criminals Exploiting FBI Emergency Data Requests

    [2024.11.12] I’ve been writing about the problem with lawful-access
    backdoors in encryption for decades now: that as soon as you create a
    mechanism for law enforcement to bypass encryption, the bad guys will use
    it too.

    Turns out the same thing is true for non-technical backdoors:

    The advisory said that the cybercriminals were successful in
    masquerading as law enforcement by using compromised police accounts to
    send emails to companies requesting user data. In some cases, the
    requests cited false threats, like claims of human trafficking and, in
    one case, that an individual would “suffer greatly or die” unless the
    company in question returns the requested information.

    The FBI said the compromised access to law enforcement accounts allowed
    the hackers to generate legitimate-looking subpoenas that resulted in
    companies turning over usernames, emails, phone numbers, and other
    private information about their users.

    ** *** ***** ******* *********** ************* Mapping License Plate
    Scanners in the US

    [2024.11.13] DeFlock is a crowd-sourced project to map license plate
    scanners.

    It only records the fixed scanners, of course. The mobile scanners on cars
    are not mapped.

    ** *** ***** ******* *********** ************* New iOS Security Feature
    Makes It Harder for Police to Unlock Seized Phones

    [2024.11.14] Everybody is reporting about a new security iPhone security feature with iOS 18: if the phone hasn’t been used for a few days, it automatically goes into its “Before First Unlock” state and has to be rebooted.

    This is a really good security feature. But various police departments
    don’t like it, because it makes it harder for them to unlock suspects’ phones.

    ** *** ***** ******* *********** *************

    Since 1998, CRYPTO-GRAM has been a free monthly newsletter providing
    summaries, analyses, insights, and commentaries on security technology. To subscribe, or to read back issues, see Crypto-Gram's web page.

    You can also read these articles on my blog, Schneier on Security.

    Please feel free to forward CRYPTO-GRAM, in whole or in part, to colleagues
    and friends who will find it valuable. Permission is also granted to
    reprint CRYPTO-GRAM, as long as it is reprinted in its entirety.

    Bruce Schneier is an internationally renowned security technologist, called
    a security guru by the Economist. He is the author of over one dozen books
    -- including his latest, A Hacker’s Mind -- as well as hundreds of
    articles, essays, and academic papers. His newsletter and blog are read by
    over 250,000 people. Schneier is a fellow at the Berkman Klein Center for Internet & Society at Harvard University; a Lecturer in Public Policy at
    the Harvard Kennedy School; a board member of the Electronic Frontier Foundation, AccessNow, and the Tor Project; and an Advisory Board Member of
    the Electronic Privacy Information Center and VerifiedVoting.org. He is the Chief of Security Architecture at Inrupt, Inc.

    Copyright © 2024 by Bruce Schneier.

    ** *** ***** ******* *********** *************

    Mailing list hosting graciously provided by MailChimp. Sent without web
    bugs or link tracking.

    * Origin: High Portable Tosser at my node (21:1/229.1)