|
|
 |
They now have 30 billion faces in their database [and] their app identifies people with something like 98.6 percent accuracy.
- Kashmir Hill, author of ‘Your Face Belongs To Us’
|
|
Welcome to Snippets—Facing bankruptcy, an attempted $1 billion crypto heist, and a CEO currently on trial for fraud, now defunct crypto exchange FTX gives new meaning to the phrase 'from bad to worse.' Here’s a quick timeline for those just tuning in:
- The heist occurred on November 11, 2022, the same day FTX filed for bankruptcy and CEO Sam Bankman-Fried was ousted.
- In an all-night scramble, FTX staffers hustled to hide hundreds of thousands from the thieves—minimizing what could have been a $1 billion theft to around $477 million.
- Over the next month, the thieves swapped the stolen stablecoins, which can be frozen by the issuer in case of theft, for Bitcoin and Ethereum—employing decentralized exchanges to muddle the money’s path.
- After this initial flurry of activity, the thieves went quiet for the next 9 months, starting to move money again only a month before ex-CEO Sam Bankman-Fried’s fraud trial began.
The drama continued this week, as a report surfaced tracing part of the stolen money to Russian cybercriminals, as well as a service owned by FTX's sister firm Alameda Research. Read on to learn more.
|
|
|
|
|
Stolen FTX crypto traced to Russia
|
 |
|
Fatido/Getty Images
|
11 months after being stolen from FTX, over $400 million in stolen crypto has taken a series of convoluted paths, as it’s laundered and swapped in preparation for an eventual withdrawal. Blockchain analytics firm Elliptic recently released a report tracing the money’s journey.
|
- According to the report, the money has been funneled through a long list of channels, including one tied to Russian hackers and another called RenBridge—a service owned, ironically, by FTX's sister company Alameda Research.
- The money's renewed movement, as FTX founder Sam Bankman-Fried begins his trial for fraud, has some commentators revisiting the question of whether the heist was an inside job.
- Theories over who's responsible range from North Korean hacking group Lazarus to Bankman-Fried himself, but Elliptic’s report argues the commingling of funds with those linked to Russian criminal groups makes a Russian threat actor the strongest suspect.
|
|
|
|
|
|
|
Data Privacy And AI Governance: An Outlook On Tech Industry Trends
|
Transcend’s CEO Ben Brook believes that, to use AI safely, there needs to be technical guardrails that help organizations:
- limit the sharing of confidential information
- ensure user information is delivered correctly, and
- prevent third-party large-language models (LLMs) from using protected data to train AI and generate content
Ben was recently featured in Forbes, sharing his thoughts on AI governance, privacy, and so much more!
|
|
|
|
|
|
|
|
Decoding Clearview AI’s attempt to ‘end privacy as we know it’
|
 |
|
Photo illustration by Alex Parkin / The Verge
|
New York Times reporter Kashmir Hill sat down with The Verge, to discuss the story of Clearview AI, the controversial startup whose journey Hill documents in her new book, Your Face Belongs To Us: A Secretive Startup’s Quest to End Privacy as We Know It.
|
- Trying to make sense of Clearview’s move to scrape individual photos and make them public – something even Google and Facebook have refrained from – Hill reasoned that, as a startup, Clearview saw it as a means to gain competitive advantage.
- Hill also points to the legal ambiguity around web scraping, saying: "It’s a bit of a gray area. There’s at least one federal court ruling [and] the finding in that case was that scraping was legal.”
- Clearview flagged Hill’s own face for review, so the company would know when she spoke to law enforcement officials about her investigation.
- Though Clearview positions their database of faces as a way to find criminals, Hill countered that stance, asking: “Should we all be in the lineup every time the police are trying to solve a crime…?”
|
|
|
|
|
|
|
|
The federal privacy legislation stalemate
|
 |
|
|
Müge Fazlioglu, IAPP’s principal researcher on privacy law and policy, argues the Democrat-Republican standoff on key privacy matters can be resolved by narrowing the scope of federal legislation.
|
- Congress’ efforts to consolidate privacy legislation at the federal level have been slowed by the uptick in state privacy laws and AI technologies.
- Compounding that, Democrat and Republican opinion is split on the issues of preemption and private right of action.
- Five of the 7 bills containing preemption introduced in the 118th Congress were backed only by Republicans, while Democrats sponsored all 28 bills with a private right of action.
|
|
|
|
|
|
|
|
- Research finds GPT-4 more vulnerable to ‘jailbreaking’ prompts.
- Mozilla partners with Fastly and Divvi Up to improve Firefox.
- The GDPR is slated for a broad evaluation in 2024.
- Federal agencies are lagging on NIST 2018 privacy goals.
- Microsoft is testing glass plates that can store data for thousands of years.
|
|
|
|
|
|
HTTP/2 Rapid Reset threat looms, despite mitigation
|
 |
|
Photo 5963/Getty Images
|
Google, Amazon, Microsoft, and Cloudflare reported record-breaking distributed denial of service (DDoS) attacks between August and September. Patches have been deployed, but the nature of the vulnerability means fixes must be applied to every web server before the threat is fully addressed.
|
- The DDoS attacks stem from hackers exploiting a new zero-day vulnerability in the Rapid Reset specification for the HTTP/2 network protocol, which is used to load webpages.
- While attackers can’t use this type of attack to take over a remote server or withdraw data, it can still cause significant service interruptions.
- Owing to its wide adoption, HTTP/2 vulnerabilities apply to “every modern web server,” according to Cloudfare’s Lucas Pardue and Julien Desgats.
- Though the impacted firms were able to stave off the attacks, patches could take years to implement and prolonged exposure to these vulnerabilities could pose imminent risks.
|
|
|
|
|
|
|
|
Americans concerned about government use of data
|
 |
|
Xavier Lorenzo via Getty Images
|
Americans are increasingly concerned about how the government and tech companies use their personal data, according to a Pew Research Center survey.
|
- 71% of Americans are worried about government use of their data, up from 64% in 2019—with the most notable increase happening among Republicans (63% to 77%).
- About 67% of respondents said they understand little to nothing about what companies do with their personal data, up from 59%.
- A majority of Americans believe they have little to no control over what companies or the government do with their data, with 73% feeling this way about data collected by companies and 79% about data collected by the government.
|
|
|
|
|
|
|
What data brokers need to know about the Delete Act
|
|
Passed by both houses of the California legislature and signed by Gov. Gavin Newsom, the Delete Act (SB 362) represents a significant amendment to the state's existing data broker law.
Introducing fresh registration and disclosure requirements for data brokers, this law also establishes a one-stop-shop for consumers looking to delete personal data held by data brokers and/or request a freeze on future data collection.
Learn more about what this bill requires with our recent guide!
|
|
|
|
|
|
|
|
|
Snippets is delivered to your inbox every Thursday morning by Transcend. We're the platform that helps companies put privacy on autopilot by making it easy to encode privacy across an entire tech stack. Learn more.
|
|
|
|
You received this email because you subscribed to Snippets. Did someone forward this email to you? Head over to Transcend to get your very own free subscription! Curated in San Francisco by Transcend.
|
|
|
|
|
|
