|
|
 |
Mexican Voter Database Leak and Data Residency
|
Last week, we learned that the entire voter registration database for Mexico had been uploaded to Google without any protection. This can have dire consequences in a country where abductions for ransom are a serious issue. Mexican transparency laws require that the data be made available to political parties for verification, so the "leak" was not the government's fault, it was instead the likely consequence of negligent storage of the data by a party official. Moreover, this seems to be more a privacy than a data residency issue. Still, since the data was placed on Google servers outside of Mexico, this incident fuels the concerns about data residency: should data sets be "tagged" with residency metadata that could be used to restrict its movements? This would not have prevented disclosing the data inside Mexico, but it could have prevented uploading it to Google.
While on the subject of data residency, the recent U.S. Supreme Court decision that confirms broad powers of data access by the FBI is going to complicate the ongoing discussions about adopting the new EU-US Data Privacy Shield. This broad access seems to nullify the commitment that the U.S. made during the negotiations leading to the new pact, whose future in the European Parliament is now even more cloudy than before.
And finally, the recording and slides from the April 14 webinar on data residency are now publicly available here. |
|
Device Identity Management
|
In the brave new world of the Internet of Things, there are many opportunities for mischief if rogue devices (or rogue servers) are introduced into the network. This article in C4ISR & Networks discusses the issue of device identity management from the perspective of battlefield automation, but this is really a much more pervasive need. Moreover, it is not just the device that needs to authenticate itself to the rest of the system; a device also needs to authenticate the server that is sending it commands or requests for data.
The basic technologies (PKI certificates, encryption, LDAP...) are well known in the area of user authentication. It's a matter of applying those solutions to a world in which devices may have extreme resource constraints. We expect to see several solution announcements from companies, large and small, during 2016. |
|
Reminder: Process, Case or Decision? |
| On Thursday, May 12, at 1:00 pm EDT (1700 GMT), the Object Management Group will hold a webinar on "BPMN, CMMN, DMN: An Introduction to the Triple Crown of Process Improvement Standards." Register here for this free webinar, presented by one of the foremost experts in business process management, Denis Gagné of Trisotech. |
|
The OpenAI Gym
|
| When you go to a gym, you get better by repeating exercises that work, and finding alternatives for the ones you're not good at. The same concept will be applied to train AI algorithms. According to the ACM TechNews summary, "The OpenAI Gym platform is a collaborative effort between entrepreneur Elon Musk, Y Combinator's Sam Altman, and former Google research scientist Ilya Sutskever to perform ambitious artificial intelligence (AI) research while publishing and open-sourcing almost all of their output." See the Popular Science article. |
|
Waze Knows Where You Are... And So Can Others
|
| Waze is a popular mobile map and navigation software, which has over Google Maps the advantage that it uses reports from other users to signal traffic jams, objects on the road, stalled cars, construction areas and police presence. But the Israel-made app has a vulnerability, first discovered in 2014 but incompletely fixed, that can allow others to hijack your communication with Waze servers. See the full article in the Times of Israel. |
|
|
Seen Recently... |
|
"A new survey of data scientists found that they spend most of their time massaging rather than mining or modeling data."
-- Blogger and writer
Gil Press, @GilPress, reporting that up to 80%
of the work of a "data scientist" consists of cleaning up data.
|
|
|
