The KIT ─ Knowledge & Information Technology
No. 167 - 2 May 2016
Was this forwarded to you?
In This Issue
Mexican Voter Database Leak and Data Residency
IoT Device Identity Management
BPMN, CMMN and DMN
OpenAI Gym
Waze Vulnerability
Seen Recently
Claude Baudoin

Consulting Services
  • IT Strategy
  • Enterprise Architecture Roadmap 
  • Business Process Modeling & Analysis 
  • Enterprise Software Selection 
  • IT Innovation Briefings
  • IT Due Diligence
  • Executive IT Seminars
  • Cloud Computing
  • Security Maturity
  • Software Process 
  • Knowledge Strategy
  • Technical Communities
  • Knowledge Capture
  • Taxonomy development 
  • Enterprise Social Media 
Contact Us:
cébé IT and Knowledge Management
info@cebe-itkm.com

+1 281 460 3595
Twitter: @cbaudoin
Forward this issue to colleagues and friends: use the "forward email" link below at left, rather than "Forward" in your email software, to preserve your privacy, give the recipient more options (their own unsubscribe link, etc.) and to give us better click-through data. Thanks!
Mexican Voter Database Leak and Data Residency
Last week, we learned that the entire voter registration database for Mexico had been uploaded to Google without any protection. This can have dire consequences in a country where abductions for ransom are a serious issue. Mexican transparency laws require that the data be made available to political parties for verification, so the "leak" was not the government's fault, it was instead the likely consequence of negligent storage of the data by a party official. Moreover, this seems to be more a privacy than a data residency issue. Still, since the data was placed on Google servers outside of Mexico, this incident fuels the concerns about data residency: should data sets be "tagged" with residency metadata that could be used to restrict its movements? This would not have prevented disclosing the data inside Mexico, but it could have prevented uploading it to Google.

While on the subject of data residency, the recent U.S. Supreme Court decision that confirms broad powers of data access by the FBI is going to complicate the ongoing discussions about adopting the new EU-US Data Privacy Shield. This broad access seems to nullify the commitment that the U.S. made during the negotiations leading to the new pact, whose future in the European Parliament is now even more cloudy than before.

And finally, the recording and slides from the April 14 webinar on data residency are now publicly available here.
Device Identity Management
In the brave new world of the Internet of Things, there are many opportunities for mischief if rogue devices (or rogue servers) are introduced into the network. This article in C4ISR & Networks discusses the issue of device identity management from the perspective of battlefield automation, but this is really a much more pervasive need. Moreover, it is not just the device that needs to authenticate itself to the rest of the system; a device also needs to authenticate the server that is sending it commands or requests for data.

The basic technologies (PKI certificates, encryption, LDAP...) are well known in the area of user authentication. It's a matter of applying those solutions to a world in which devices may have extreme resource constraints. We expect to see several solution announcements from companies, large and small, during 2016.
Reminder: Process, Case or Decision?
On Thursday, May 12, at 1:00 pm EDT (1700 GMT), the Object Management Group will hold a webinar on "BPMN, CMMN, DMN: An Introduction to the Triple Crown of Process Improvement Standards." Register here for this free webinar, presented by one of the foremost experts in business process management, Denis Gagné of Trisotech.
The OpenAI Gym
When you go to a gym, you get better by repeating exercises that work, and finding alternatives for the ones you're not good at. The same concept will be applied to train AI algorithms. According to the ACM TechNews summary, "The OpenAI Gym platform is a collaborative effort between entrepreneur Elon Musk, Y Combinator's Sam Altman, and former Google research scientist Ilya Sutskever to perform ambitious artificial intelligence (AI) research while publishing and open-sourcing almost all of their output." See the Popular Science article.
Waze Knows Where You Are... And So Can Others
Waze is a popular mobile map and navigation software, which has over Google Maps the advantage that it uses reports from other users to signal traffic jams, objects on the road, stalled cars, construction areas and police presence. But the Israel-made app has a vulnerability, first discovered in 2014 but incompletely fixed, that can allow others to hijack your communication with Waze servers. See the full article in the Times of Israel.
Seen Recently...
"A new survey of data scientists found that they spend most of their time massaging rather than mining or modeling data."
-- Blogger and writer Gil Press, @GilPress, reporting that up to 80%
of the work of a "data scientist" consists of cleaning up data.