Archive for July 2019

Your Latest IT News Update

Brain Implants That Link Humans To Computers

Head of SpaceX and Tesla, Elon Musk, has announced that human brain implants that can link directly to devices could be a reality within a year.

<More>

London Underground To Get 4G Next Year

Transport for London (TfL) has announced that from March 2020, 4G rollout will begin across the London Underground network, thereby allowing customers, for the first time, to check emails and travel information, use social media, and stream music and video uninterrupted.

<More>

Lancaster University Hit By “Sophisticated and Malicious Phishing Attack”

Lancaster University, which offers a GCHQ accredited cyber-security course and has its own Cyber Security Research Centre has been hit by what it has described as a “sophisticated and malicious phishing attack”, resulting in the leak of the personal data of new university applicants.

<More>

£80,000 Fine For London Estate Agency Highlights Importance of Due Diligence in Data Protection

The issuing of an £80,000 fine by the Information Commissioner’s Office (ICO) to London-based estate agency Parliament View Ltd (LPVL) highlights the importance of due diligence when keeping customer data safe.

<More>

MPs Call To Stop Police Facial Recognition

Following criticism of the Police use of facial recognition technology in terms of privacy, accuracy, bias, and management of the image database, the House of Commons Science and Technology Committee has called for a temporary halt in the use of the facial recognition system.

<More>

Tech Tip – The F-Secure Data Discovery Portal

The free online Data Discovery Portal from F-Secure shows you what personal information you have given to tech-giant free services Facebook, Google, Amazon, Snapchat, Twitter and Apple over the years.

<More>

Brain Implants That Link Humans To Computers

Head of SpaceX and Tesla, Elon Musk, has announced that human brain implants that can link directly to devices could be a reality within a year.

Neuralink

The implanted brain-computer interface (BCI) that Mr Musk talked about recently to the California Academy of Sciences audience in San Francisco will be known as a ‘Neuralink’.  Mr Musk believes that the operation to insert such an implant could be low risk and as affordable and non-invasive as laser eye surgery and would only require a short visit to a doctor rather than a hospital stay.

Why?

The main reason why Mr Musk has developed the Neuralink implant is as a possible way to counter the threat of Artificial Intelligence (AI) becoming so far ahead of human thinking that it could pose a real threat to the existence of the human species.

Mr Musk believes that although humans now have access to large amounts of information via our devices, limitations such as the speed at which we can type could see us fall behind AI.  The ability to have a near-instantaneous, wireless communication between brain and computer via an implant would, therefore, give humans the chance to keep up with AI and, eventually, merge with AI to create access to superhuman intelligence and allowing a symbiotic relationship with AI.  The implant would, therefore, be a kind of ‘upgrade’ to enable our brains to compete with AI.

Another practical reason for the Neuralink implant and its ability to interface with computers could be to help tackle diseases.  For example, the version one Neuralink is capable of around 10,000 electrodes, which is 1,000 times more than the current FDA-approved systems for helping patients with Parkinson’s Disease.

AI Already Trusted

People are now getting more used to the benefits of AI which has led to increased trust in the technology in recent years.  For example, back in September 2017, research from US CRM and strategic applications company Pegasystems found that 60% of UK people would use more AI if it saved them time and money and that 68% of UK consumers would use software robots for banking services. Many consumers in the survey found that the ‘artificial’ aspect was, in fact, a positive because it meant that there was impartiality.

Chip Implants

The idea of implants to humans with technology is not new.  For example, back in 2018 the UK firm BioTeq revealed that it had already fitted 150 implants to people in the UK (between their thumb and forefinger) to enable them to quickly carry out tasks such as open doors, access offices or start cars with a wave of their hand, and also to store important medical data.

What Does This Mean For Your Business?

AI brings many time and money-saving benefits to businesses, which is one of the reasons why, for example, Microsoft is investing $1bn in San Francisco-based company OpenAI (of which Elon Musk was an investor) for its work on artificial general intelligence (AGI). However, the threat of AI becoming too intelligent to the point of endangering its creators is, in fact, a real one.

For the time being, however, there are other concerns for businesses and individuals related to the possible threat of AI.  For example, the threat of how to effectively counter AI cyber-attacks should be a concern to businesses. Also, this month, the SB 1001 bot law comes into effect in California which means that it is now unlawful for a person or entity to use a bot to communicate or interact online with a person in California in order to incentivise a sale or transaction of goods or services or, indeed, as a way to influence votes in an election without disclosing that the communication is via a bot.

AI is, therefore, an evolving area with many possible opportunities and threats, the largest and perhaps most obvious of which has been highlighted by Elon Musk and others who would like to ensure that AI becomes our harmless problem-solving servant rather than our unstoppable master and enemy.

London Underground To Get 4G Next Year

Transport for London (TfL) has announced that from March 2020, 4G rollout will begin across the London Underground network, thereby allowing customers, for the first time, to check emails and travel information, use social media, and stream music and video uninterrupted.

First Section

The first section of the network to get a trial of full mobile connectivity within station platforms, tunnels, ticket halls and corridors from March 2020 will be the eastern half of the Jubilee line (between Westminster and Canning Town).  This will help to remove one of the most high-profile mobile ‘not-spots’ in the UK, and to fulfil an important ambition of Mayor Khan to improve digital connectivity in public spaces, stations and right across London’s transport network.

Although free Wi-Fi is already offered by TfL within more than 260 Wi-Fi-enabled London Underground stations and on TfL Rail services, the trialling of 2G, 3G and 4G mobile services along this first section will mark the beginning of a push to boost digital connectivity across London and to tackle the city’s main areas of poor connectivity.  TfL also hopes that the trial work on connecting this first section of the Underground will also give TfL and mobile operators valuable experience of delivering mobile connectivity there ahead of awarding a concession to deliver mobile coverage across the whole underground network, starting from summer 2020.

What’s Been The Problem?

One of the main reasons why mobile connectivity in the London Underground network has been challenging is because of the many old and narrow tunnels, which weren’t built to allow space to install mobile connectivity equipment, and have twists that can make it more difficult for signals to pass through them. The fact that there are now 24-hour tube services may also prove to be a challenge to any engineering staff who need access to the tunnels.

Benefits

The benefits of having mobile (4G) connectivity across the London Underground will include potentially boosting the capital’s productivity and improving the experience of those living and working in and visiting London.

Work

It is estimated that the work to provide connections across the London Underground network could involve the use of over 1,200 miles of cabling. It has been reported that the engineers working on the project will work weeknight shifts in order to minimise any disruption to passengers.

What Will This Mean For Your Business?

The London Underground handles an estimated 5 million passenger journeys per day, and the fact that the network has suffered from a lack of connectivity may have come at a huge cost to businesses over the years as workers can’t receive travel updates and suffer frequent delays, and working people have been simply unavailable and essentially cut-off while travelling through one of the world’s leading modern capital cities. The connectivity work, beginning in key areas from March 2020 should improve the productivity of London and of businesses based there, as well as improving the experience of those living and working in London.

For mobile networks, this represents a significant business opportunity as, once the equipment installed, they will be able to pay the private operator for access to that network. TfL will also benefit from adding connectivity infrastructure by receiving a cut of the profits.

Lancaster University Hit By “Sophisticated and Malicious Phishing Attack”

Lancaster University, which offers a GCHQ accredited cyber-security course and has its own Cyber Security Research Centre has been hit by what it has described as a “sophisticated and malicious phishing attack”, resulting in the leak of the personal data of new university applicants.

12,000+ Affected?

On the University’s website, even though it states that only “a very small number of students” actually had their records and ID documents accessed as a result of the attack, other estimates published by IT news commentators online, and based on statistics compiled by UCAS suggest that possibly over 12,000 people may have been affected.

Who?

The attack appears to have been focused on the new student applicant data records for 2019 and 2020.

What?

According to the university, the new applicant information which may have been accessed includes names, addresses, telephone numbers, and email addresses.

There have also been reports that, following the attack, fraudulent invoices have been sent to some undergraduate applicants.

Why?

Although very little information has been divulged about the exact nature of the attack, universities are known to be particularly attractive targets for phishing emails i.e. emails designed to trick the recipient into clicking on malicious links or transferring funds.  This is because educational institutions tend to have large numbers of users spread across many different departments, different facilities and faculties, and data is moved between these, thereby making admin and IT security very complicated.  Also, universities have a lot of valuable intellectual property as well as student and staff personal data within their systems which are tempting targets for hackers.

When?

Lancaster University says that it became aware of the breach on Friday 19th July, whereupon it established an incident team to handle the situation and immediately reported the incident to the Information Commissioner’s Office (ICO).

A criminal investigation led by the National Crime Agency’s (NCA) National Cyber Crime Unit (NCU) is now believed to be under way, and the university has been focusing efforts on safeguarding its IT systems and identifying and advising any students and applicants who have been affected.

US Universities & Colleges Hit Days Before

Just days before the attack on Lancaster University came to light, The U.S. Department of Education reported that a vulnerability in the Ellucian Banner System authentication software led to 62 colleges or universities being been affected.

What Does This Mean For Your Business?

For reasons already mentioned (see the ‘Why?’ section), schools, colleges and universities are prime targets for hackers, and this is why many IT and security commentators think that the higher education sector should be looking to take cyber-security risks very seriously, and make sure that training and software are put in place to enable a more proactive approach to attack prevention.  Users, both students and staff, need to be educated about threats, and how to spot and what to do with suspicious communications by email or social media.  Students, for example, need to be aware that during summer months when they are more stressed, and when they are awaiting news of applications they may be more vulnerable to phishing attacks, and that they should only contact universities through a trusted, previously tried method, and not rely upon the contact information and links given in emails.

For Lancaster University, which has its own Cyber Security Research Centre and offers a GCHQ approve cybersecurity course, this attack, which has generated some bad publicity and may adversely affect some victims, is likely to be very embarrassing and may even deter some future applicants.

Lancaster University has advised applicants, students and staff to make contact (via email or phone) f they receive any suspicious communications.

£80,000 Fine For London Estate Agency Highlights Importance of Due Diligence in Data Protection

The issuing of an £80,000 fine by the Information Commissioner’s Office (ICO) to London-based estate agency Parliament View Ltd (LPVL) highlights the importance of due diligence when keeping customer data safe.

What Happened?

Prior to the introduction of GDPR, between March 2015 and February 2017, LPVL left their customer data exposed online after transferring the data via FTP from its server to a partner organisation which also offered a property letting transaction service. LPVL was using Microsoft’s Internet Information Services (IIS) but didn’t switch off an Anonymous Authentication Function, thereby giving anyone access to the server and the data without prompting them for a username or password.

The data that was publicly exposed included some very sensitive things which could be of value to hackers and other criminals including addresses of both tenants and landlords, bank statements and salary details, utility bills, dates of birth, driving licences (of tenants and landlords) and even copies of passports.  The ICO reported that the data of 18,610 individual users had been put at risk.

Hacker’s Ransom Request

The ICO’s tough penalty took into account the fact that not only was LPVL judged to have not taken the appropriate technical and organisational measures to prevent unlawful processing of the personal data, but that the estate agency only alerted the ICO to the breach after it had been contacted by a hacker in October who claimed to possess the personal data of LPVL’s, and who had requested a ransom.

The ICO judged that LPVL’s contraventions of the Data Protection Act were wide-ranging and likely to cause substantial damage and substantial distress to those whose personal data was taken, hence the huge fine.

Marriott International Also Fined

The Marriott International hotel chain has also just been issued with a massive £99.2m fine by the ICO for infringements of GDPR, also related to matters of due diligence.  Marriott International’s fine related to an incident that affected Starwood hotels from 2014 to 2018 (which Marriott was buying).  In this case, the ICO found that the hotel chain didn’t do enough to secure its systems and undertake due diligence when it bought Starwood.  The ICO found that the systems of the Starwood hotels group were compromised in 2014, but the exposure of customer information was not discovered until 2018 and by this time, data contained in approximately 339 million guest records globally had been exposed (7 million related to UK residents).

What Does This Mean For Your Business?

We’re now seeing the culmination of ICO investigations into incidents involving some large organisations, and the issuing of some large fines by the ICO e.g. British Airways and Marriott International, and also some lesser-known, smaller organisations – LPVL. These serve to remind all businesses of their responsibilities under GDPR.

Personal data is an asset that has real value, and therefore, organisations have a clear legal duty to ensure its security.  Part of ensuring this is carrying out proper due diligence when e.g. making corporate acquisitions (as with Marriott), when transferring data to partners (as with LPVL), and in all other situations.  Systems should be monitored to ensure that they haven’t been compromised and that adequate security is maintained.  Staff dealing with data should also be adequately trained to ensure that they act lawfully and make good decisions in data matters.

MPs Call To Stop Police Facial Recognition

Following criticism of the Police use of facial recognition technology in terms of privacy, accuracy, bias, and management of the image database, the House of Commons Science and Technology Committee has called for a temporary halt in the use of the facial recognition system.

Database Concerns

Some of the key concerns of the committee were that the Police database of custody images is not being correctly edited to remove pictures of unconvicted individuals and that innocent peoples’ pictures may be illegally included in facial recognition “watch lists” that are used by police to stop and even arrest suspects.

While the committee accepts that this may be partly due to a lack of resources to manually edit the database, the MP’s committee has also expressed concern that the images of unconvicted individuals are not being removed after six years, as is required by law.

Figures indicate that, as of February last year, there were 12.5 million images available to facial recognition searches.

Accuracy

Accuracy of facial recognition has long been a concern. For example, in December last year, ICO head Elizabeth Dunham launched a formal investigation into how police forces use facial recognition technology (FRT) after high failure rates, misidentifications and worries about legality, bias, and privacy.  For example, the trial of ‘real-time’ facial recognition technology on Champions League final day June 2017 in Cardiff, by South Wales and Gwent Police forces was criticised for costing £177,000 and yet only resulting in one arrest of a local man whose arrest was unconnected.

Also, after trials of FRT at the 2016 and 2017 Notting Hill Carnivals, the Police faced criticism that FRT was ineffective, racially discriminatory, and confused men with women.

Bias

In addition to gender bias issues, the committee also expressed concern about how a government advisory group had warned (in February) that facial recognition systems could produce inaccurate results if they had not been trained on a diverse enough range of data, such as types of faces from different races e.g. black, asian, and other ethnic minorities.  The concern was that if faces from different races are under-represented in live facial recognition training datasets, this could lead to errors.  For example, human operators/police officers who are supposed to double-check any matches made by the system by other means before acting could defer to the algorithm’s decision without doing so.

Privacy

Privacy groups such as Liberty (which is awaiting a ruling on its challenge of South Wales Police’s use of the technology) and Big Brother Watch have been vocal and active in highlighting the possible threats posed to privacy by the police use of facial technology.  Also, even Tony Porter, the Surveillance Camera Commissioner,  has criticised trials by London’s Metropolitan Police over privacy and freedom issues.

Moratorium

The committee of MPs has therefore called for the government to temporarily halt the use of facial recognition technology by police pending the introduction of a proper legal framework, guidance on trial protocols and the establishment of an oversight and evaluation system.

What Does This Mean For Your Business?

Businesses use CCTV for monitoring and security purposes, and most businesses are aware of the privacy and legal compliance aspects (GDPR) of using the system and how /where the images are managed and stored.

As a society, we are also used to being under surveillance by CCTV systems, which can have real value in helping to deter criminal activity, locate and catch perpetrators, and provide evidence for arrests and trials. The Home Office has noted that there is general public support for live facial recognition in order to (for example) identify potential terrorists and people wanted for serious violent crimes.  These, however, are not the reasons why the MP’s committee has expressed its concerns, or why ICO head Elizabeth Dunham is launched a formal investigation into how police forces use FRT.

It is likely that while businesses would support the crime and terror-busting, and crime prevention aspects of FRT used by the police,  they would also need to feel assured that the correct legal framework and evaluation system are in place to protect the rights of all and to ensure that the system is accurate and cost-effective.

Tech Tip – The F-Secure Data Discovery Portal

The free online Data Discovery Portal from F-Secure shows you what personal information you have given to tech-giant free services Facebook, Google, Amazon, Snapchat, Twitter and Apple over the years.

If you visit https://data-discovery-portal.f-secure.com/en/ and click on the logo of each of those companies you will be taken straight to the page where you can download a copy of the information that they have collected about you (Apple requires a login).  With Amazon, for example, you can even discover the way to review, listen to, and delete any voice recordings associated with your account.

The F-Secure Data Discovery Portal is, therefore, one easy way in which you can take steps to protect your identity and guard your personal data going forward.

Your Latest IT News Update

Alan Turing To Feature on £50 Note

Alan Turing, head of the Enigma code-breaking team at Bletchley Park in World War 2, mathematician and father of computer science who was driven to suicide over the treatment of his sexuality is finally being honoured by the featuring his image on the new £50 note.

<More>

Scientists Discover How To Store Data On Matter Smaller Than DNA

Scientists from Brown University are reported to have discovered how to store data on metabolic molecules, which are pieces of matter that are even smaller than DNA.

<More>

Security Flaw Discovered In NHS Anaesthetic Machines

Cybersecurity firm CyberMDX has reported the discovery of a security flaw in some Internet-connected GE Healthcare anaesthetic machines which could leave them vulnerable to hacks.

<More>

Microsoft Criticised By UK’s Cyber Security Agency Over Dmarc

The UK’s National Cyber Security Centre (NCSC) has complained that it has been unable to compile meaningful statistics and draw meaningful conclusions about email security in its latest report because Microsoft stopped sending Dmarc reports two years ago.

<More>

Facebook Launches Martin Lewis Anti-Scam Service

Facebook has launched a new anti-scam service using the £3m that it agreed to donate to the development of the programme in return for TV consumer money champion Martin Lewis dropping his legal action over scam ads.

<More>

Tech Tip – Citymapper

If you’re out and about on business in a city at home or abroad, the Citymapper app provides trip planning, real-time information about departures, offline maps, alerts about delays and disruptions, and much more.

<More>

Alan Turing To Feature on £50 Note

Alan Turing, head of the Enigma code-breaking team at Bletchley Park in World War 2, mathematician and father of computer science who was driven to suicide over the treatment of his sexuality is finally being honoured by the featuring his image on the new £50 note.

Chosen By Committee

The UK Bank of England’s Banknote Character Advisory Committee advises the Governor on the characters that appear on new banknotes. In December, members of the committee were given summary biographies of 989 dead scientists, put forward by more than 225,000 members of the public, from which one would need to be chosen to feature on the new polymer £50 note when it enters circulation at the end of 2021.  The committee chose Alan Turing.

Mathematician & Scientist

Alan Turing 1912 – 1954, born in born in West London and educated in Frant, East Sussex and Sherborne, Dorset, displayed a natural ability for maths and science.  He is reported to have been able to solve complex and advanced maths problems in 1927 (aged 15) without having studied even elementary calculus, and in 1928 (aged 16) he was able to deduce Einstein’s questioning of Newton’s laws of motion from a text in which this was never made explicit.

Father of Computer Science

After studying at King’s College Cambridge, in 1936 Turing published his paper “On Computable Numbers, with an Application to the Entscheidungsproblem”, with which Turing proved that his “universal computing machine” could perform any mathematical computation if it were representable as an algorithm. This, plus his work developed at Bletchley Park is why Turing is widely thought of as the father of modern computer science.

WW2 Bletchley Hero

Alan Turing is perhaps best known for heading the codebreaking operation during WW2 at top-secret Bletchley Park, where it is estimated that the incredible breaking of U-boat Enigma codes may have shortened the war in Europe by as many as two to four years, and potentially saved millions of lives.  Part of this work involved creating and building the electromechanical machine called the bombe, which could break Enigma more effectively than the Polish bomba kryptologiczna (from where it got its name).

Conviction, Chemical Castration and Suicide

In 1952, Turing was prosecuted and convicted of “gross indecency” over his relationship with another man. In order to avoid a prison sentence, Turing chose to be chemically castrated through injections of synthetic oestrogen.

Alan Turing committed suicide with cyanide poisoning two years later, aged only 41.

Apology and Pardon

In 2013, Alan Turing was given a posthumous apology and royal pardon for his conviction for gross indecency.

What Does This Mean For Your Business?

Alan Turing’s incredible mind, aptitude for maths and science, and his work in cracking the Enigma code at Bletchley Park have resulted in millions of lives being saved through the shortening of the war in Europe, and in the rapid evolution of computer science that has fed directly into the digital world and workplace that we know today. Despite being a national hero, how Turing was treated was widely regarded as shameful, and the posthumous pardon and apology, along with being honoured on a banknote have been ways in which the UK has been able, in some small but public ways, to right some the wrongs of the past, honour a truly great scientist, and contribute to a greater understanding and acceptance of sexual differences.

Scientists Discover How To Store Data On Matter Smaller Than DNA

Scientists from Brown University are reported to have discovered how to store data on metabolic molecules, which are pieces of matter that are even smaller than DNA.

Storage In Artificial Metabolomes  

The results of the recent research announced on the Brown University website and published in the PLOS ONE journal describe how researchers have discovered a way to store/encode and retrieve kilobyte-scale image files from artificial metabolomes which are arrays of liquid mixtures containing sugars, amino acids and other types of small molecules.  Some of these small molecules are smaller and have greater information density than DNA.

According to the researchers, although DNA is best for encoding larger datasets, the small molecule metabolite data method has low latency so that data sets can be written and read quickly.  The small molecule method is, however, still slower than traditional computers.

DNA Storage Research Not New

Research into storing data in DNA is not new.  For example, back in 2013 scientists in Cambridge spelt out a collection of Shakespeare’s 154 sonnets in DNA.

Also, last September UK scientists developed a technique to enable them to store computer files on DNA.  Scientists from the European Bioinformatics Institute developed a method whereby the basis of digital data, which is made up of ones and zeros, is changed into their own code as Cs, Gs, and Ts.

This converted code was sent to a US laboratory, which turned the letter code into physical DNA so that it could act like an incredibly small hard drive. The laboratory used DNA synthesis machines to transform the code into physical material in a similar way to how an inkjet printer lays down ink on paper. The physical result was a tiny piece of dust with the vital digital data stored inside. An estimated 215 petabytes (215 million gigabytes) of data could be stored in a single gram of DNA.

Why?

The reasons for developing ways to store data in DNA and even smaller molecules are that we are generating vast quantities of data with no practical and cost-effective way to store it for the future.  For example, it is estimated that there are now 3 zettabytes (3000 billion bytes) of digital data, with more being generated all the time. Storage media such as hard disks are expensive and require a constant supply of expensive electricity, and even the best ‘no-power’ archiving materials e.g. magnetic tape degrade within a decade.

The advantages of DNA and smaller molecules for storage are that:

  • Sensitive data stored in DNA and other small molecules won’t be vulnerable to hacking.
  • Data stored in this way could survive in harsher climates and environments where traditional hardware can’t.
  • DNA provides a highly effective, ultra-compact space-saving solution, that doesn’t require large amounts of costly electricity.
  • DNA can keep for hundreds of thousands of years if kept in a cool, dry place. Data stored in DNA won’t degrade over time, and it can be decoded relatively easily.
  • DNA won’t become obsolete, and unlike other high-density approaches, new technologies can write and read large amounts of DNA in one go.

What Does This Mean For Your Business?

The incredible science involved in this could give businesses a way to store and back up vast amounts of data in a very convenient and secure way (safe from hackers) with dramatically reduced space, equipment, and electricity costs, and with the assurance that the data could be stored, without decay, for many thousands of years.  Some tech commentators have estimated that commercial DNA storage devices may be on shelves in the next few years.

You could be forgiven for thinking, however, that DNA storage of data sounds (and probably will be) expensive, and it may be the case that most businesses will be sticking to cloud storage for quite some time yet.