See here: https://notes.nicfab.it/en/pages/about/
- 508 Posts
- 26 Comments
Joined 1Y ago
Cake day: May 11, 2022
EU lawmakers are due to deliberate on how artificial intelligence (AI) systems should be classified in terms of the actual or potential risks they pose under the auspices of the new AI Act.
The AI Act is a flagship EU proposal to regulate AI technology based on its potential risks. At the proposal’s core is the high-risk category, which implies stricter requirements in terms of robustness and risk management on the side of the AI developer.
The MEPs involved in the file will discuss this critical aspect of the proposal at a political meeting on Wednesday (1 February). According to an agenda obtained by EURACTIV, the provision defining the AI risk classification process will be at the centre of the debate.
The Nigeria Data Protection Bureau (NDPB) said that it has identified a wide gap in the country’s data protection needs.
According to the Bureau, Nigeria needs over 500,000 data processors and controllers but currently has about 10,000.
The National Commissioner of the NDPB, Dr Vincent Olatunji, who disclosed during a capacity-building workshop for data protection officers in the public sector, said the 490,000 jobs gaps have to be filled urgently.
We’re launching a classifier trained to distinguish between AI-written and human-written text.
Following action by the Irish Council for Civil Liberties (ICCL), the European Commission will start regularly checking the progress of all “large-scale” GDPR cases across the EU.
ICCL has previously criticised the lack of GDPR enforcement against Big Tech, and the European Commission’s failure to monitor how the GDPR is applied.
The European Commission [has now committed](https://www.iccl.ie/wp-content/uploads/2023/01/FOLLOW_UP_202200097_20230124_122005.pdf) to examining every large-scale GDPR case, everywhere in Europe. It will measure how long each procedural step in a case is taking, and what the relevant data protection authorities are doing to progress the case. The Commission will do this six times per year.
It’s well established that the European Union has some of the strictest privacy laws in the world, threatening fines of up to 4% of a company’s annual turnover. A lesser-known fact, and one which large tech firms would like to keep quiet, is that the EU hasn’t enforced those rules very strictly.
The Nigeria Data Protection Bureau (NDPB) said it has launched an investigation into allegations of data breach by Zenith Bank and Guaranty Trust Bank.
The Head of Legal Enforcement and Regulations of NDPB, Mr. Babatunde Bamigboye, said the investigations were triggered by allegations of unlawful disclosure of banking records to a third party, unlawful access, and processing of personal data.
The Russian government has blocked another encrypted email provider, according to a Russian digital rights organization and the email provider.
Last Wednesday, Roskomsvoboda, which describes itself as “the first Russian public organization active in the field of protecting digital rights and expanding digital opportunities,” [reported](https://roskomsvoboda.org/post/block-skiff/) that an unknown Russian state organization ordered the block of [Skiff](https://www.skiff.com/), an email and cloud service provider [launched last year](https://techcrunch.com/2022/03/30/skiff-series-a-encrypted-workspaces/). Since then, Skiff’s chief executive Andrew Milich shared evidence of the block with TechCrunch.
The professor who predicted that computers would change our lives demands a right to sanctuary from data ‘theft’
**Through the looking glass: Sometimes unfortunate or sometimes deadly incidents involving self-driving cars happen. However, recent occurrences with autonomous vehicles in San Francisco have been downright bizarre. Not only does the software controlling the cars struggle to negotiate the real world, but companies and authorities are still learning about how humans behave around self-driving vehicles.**
Recent formal complaints to California regulators reveal strange incidents that have occurred since fully-autonomous taxis started operating in San Francisco and Los Angeles. The cases mainly involve robotaxis disrupting first responders or otherwise wasting their time.
...
(Reuters) - Microsoft Corp, Microsoft's GitHub Inc and OpenAI Inc told a San Francisco federal court that a proposed class-action lawsuit for improperly monetizing open-source code to train their artificial-intelligence systems cannot be sustained.
The companies said in Thursday [court filings](https://tmsnrt.rs/3kDVJFo) that the complaint, filed by a group of anonymous copyright owners, did not outline their allegations specifically enough and that GitHub's Copilot system, which suggests lines of code for programmers, made fair use of the source code.
Happy Data Privacy Day! Yes, it's a completely made-up holiday, but it's as good a time as any to take a hard look at your online life and shore up your efforts to protect your personal digital privacy.
The annual occasion, feted by cybersecurity and digital privacy enthusiasts around the world, began in the US and Canada back in 2008. It's an extension of a European commemoration marking 1981's [Convention 108](https://www.coe.int/en/web/data-protection/convention108-and-protocol#link=%7B%22role%22:%22standard%22,%22href%22:%22https://www.coe.int/en/web/data-protection/convention108-and-protocol%22,%22target%22:%22%22,%22absolute%22:%22%22,%22linkText%22:%22Convention%20108%22%7D), the first legally binding international treaty on protecting privacy and data.
The United States Department of State and the Directorate-General for Communications Networks, Content and Technology (DG CONNECT) of the European Commission signed an “Administrative Arrangement on Artificial Intelligence for the Public Good” at a virtual ceremony held simultaneously on 27 January 2023 at the White House in Washington DC and in DG CONNECT, Brussels.
To celebrate the European Data Protection Day on 28 January 2023, ENISA publishes today its report on how cybersecurity technologies and techniques can support the implementation of the [General Data Protection Regulation (GDPR)](https://eur-lex.europa.eu/EN/legal-content/summary/general-data-protection-regulation-gdpr.html) principles when sharing personal data.
This report attempts to look closer at specific use cases relating to personal data sharing, primarily in the health sector, and discusses how specific technologies and considerations of implementation can support the meeting of specific data protection. After discussing some challenges in (personal) data sharing, this report demonstrates how to engineer specific technologies and techniques in order to enable privacy preserving data sharing. More specifically it discusses specific use cases for sharing data in the health sector, with the aim of demonstrating how data protection principles can be met through the proper use of technological solutions relying on advanced cryptographic techniques. Next it discusses data sharing that takes place as part of another process or service, where the data is processed through some secondary channel or entity before reaching its primary recipient. Lastly, it identifies challenges, considerations and possible architectural solutions on intervenability aspects (such as the right to erasure and the right to rectification when sharing data).
As generative AI enters the mainstream, each new day brings a new lawsuit.
Microsoft, GitHub and OpenAI are currently being [sued](https://www.theverge.com/2022/11/8/23446821/microsoft-openai-github-copilot-class-action-lawsuit-ai-copyright-violation-training-data) in a [class action motion](https://www.theverge.com/2022/11/8/23446821/microsoft-openai-github-copilot-class-action-lawsuit-ai-copyright-violation-training-data) that accuses them of violating copyright law by allowing Copilot, a code-generating AI system trained on billions of lines of public code, to regurgitate licensed code snippets without providing credit.
On the occasion of Data Protection Day, we invite you to take a look back at GDPR enforcement over the last few years and explore how the EDPB helps all EEA DPAs act as one to safeguard your rights, today and tomorrow.
Join us to see how European data protection authorities (DPAs) work together to make sure that your data protection rights are protected and that the companies handling your data are held accountable.
**SearXNG è un motore di meta-ricerca.**
Abbiamo già descritto SearXNG nell’articolo intitolato “[**Sei consapevole dell’impatto sulla privacy delle ricerche online e quindi della giusta scelta del motore di ricerca? (aggiornato)**](https://notes.nicfab.it/en/posts/privatesearchengine/)” relativo ai motori di ricerca o meta-motore di ricerca che rispettano la privacy.
Riportiamo di seguito, da quell’articolo, alcune informazioni su SearXNG.
**SearXNG is a meta-search engine.**
We already described SearXNG in the article entitled “[**Are you aware of the privacy impact of online searches and thus the right choice of search engine? (updated)**](https://notes.nicfab.it/en/posts/privatesearchengine/)” related to the search engines or meta-search engines which respect privacy.
We recall below, from that article, some information about SearXNG.
On 28 January each year, member states of the Council of Europe and EU institutions celebrate Data Protection Day. It marks the anniversary of the Council of Europe’s data protection convention, known as “Convention 108”. It was the first binding international law concerning individuals’ rights to the protection of their personal data.
[Watch](https://edps.europa.eu/press-publications/press-news/videos/data-protection-day-2023_en) the European Data Protection Supervisor's video to mark Data Protection Day 2023.\
[Read](https://www.euractiv.com/section/all/opinion/it-is-time-to-tear-down-this-wall/) the op-ed by Wojciech Wiewiórowski published in Euractiv.
**From the EDPS website**
All European Union (EU) institutions, bodies, offices and agencies (EUIs) process personal data in their day-to-day work.
Discover more about your rights.
# Creation of an Artificial Intelligence Department (AID)
Five CNIL’s agents will work in the Artificial Intelligence Department, including lawyers and specialized engineers. This department will be attached to the CNIL's Technology and Innovation Directorate, whose director, Bertrand PAILHES, was previously the national coordinator for the Artificial Intelligence strategy in the French Interministerial Directorate of Digital and Information Systems of the State.
Cookie consent banners that use blatant design tricks to try to manipulate web users into agreeing to hand over their data for behavioral advertising, instead of giving people a free and fair choice to refuse this kind of creepy tracking, are facing a coordinated pushback from the European Union’s data protection regulators.
A taskforce of several DPAs, led by France’s CNIL along with Austria’s authority, has spent many months on a piece of joint-work analyzing cookie banners. And in a [report](https://edpb.europa.eu/system/files/2023-01/edpb_20230118_report_cookie_banner_taskforce_en.pdf) published this week they’ve arrived at some consensus on how to approach complaints about certain types of cookie consent dark patterns in their respective jurisdictions — a development that looks set to make it harder for deceptive designs to fly around the EU.
La nuova convenzione internazionale sul crimine informatico a cui l'Onu sta lavorando si è rivelata un terreno più insidioso del previsto. Perché quello che sulla carta è nato come un trattato universale per rafforzare le difese e la prevenzione contro la criminalità cyber, secondo una [risoluzione delle Nazioni Unite del 26 maggio 2021](https://documents-dds-ny.un.org/doc/UNDOC/GEN/N21/133/51/PDF/N2113351.pdf?OpenElement), si sta trasformando in un assalto alla diligenza dei diritti su internet. Lo dimostrano alcune delle proposte presentate a Vienna, dove si chiude il 20 gennaio la quarta sessione del comitato dell'Onu incaricato di scrivere una bozza del trattato, che dovrebbe arrivare sui banchi dell'assemblea generale nel 2024.
[Twitterrific](https://twitterrific.com/beyond), one of the most iconic third-party Twitter clients, said today that it has removed the iOS and Mac apps from the App Store. Iconfactory, the company that made Twitterrific, said in a [blog post](https://blog.iconfactory.com/2023/01/twitterrific-end-of-an-era/) that under Elon Musk’s management, the social media network has become “a Twitter that we no longer recognize as trustworthy nor want to work with any longer.”
The app has had a rich association with Twitter. It was one of the first mobile and desktop clients for the platform, and it helped form the [word “Tweet”](https://furbo.org/2013/06/28/the-origin-of-tweet/). In fact, Twitterrific was built back in 2007 — even before Twitter made its own iOS app.
Twitterrific’s demise comes after Twitter intentionally [started blocking third-party clients last Friday](https://techcrunch.com/2023/01/16/twitters-third-party-client-issue-is-seemingly-a-deliberate-suspension/) without any explanation. Earlier this week, the TwitterDev account posted that the company had been suspending these apps in breach of “its longstanding API rules.” But it didn’t specify what rules were broken.
After [cutting off](https://techcrunch.com/2023/01/16/twitters-third-party-client-issue-is-seemingly-a-deliberate-suspension/) prominent app makers like Tweetbot and Twitterific, Twitter today quietly updated its developer terms to ban third-party clients altogether.
[Spotted](https://www.engadget.com/twitter-new-developer-terms-ban-third-party-clients-211247096.html?src=rss) by Engadget, the “restrictions” section of Twitter’s 5,000-some-word [developer agreement](https://developer.twitter.com/en/developer-terms/agreement) was updated with a clause prohibiting “use or access the Licensed Materials to create or attempt to create a substitute or similar service or product to the Twitter Applications.” Earlier this week, Twitter said that it was “enforcing long-standing API rules” in disallowing clients access to its platform but didn’t cite which specific rules developers were violating. Now we know — retroactively.
Another bill has come in for Meta for failing to comply with the European Union’s General Data Protection Regulation (GDPR) — but this one’s a tiddler! Meta-owned messaging platform, WhatsApp, has been fined €5.5 million (just under $6M) by the tech giant’s lead data protection regulator in the region for failing to have a lawful basis for certain types of personal data processing.
Back in December, Meta’s chief regulator, the Irish Data Protection Commission (DPC), was given orders to issue a final decision on this complaint (which dates back to May 2018) — via a binding decision from the European Data Protection Board (EDPB) — along with two other complaints, against Facebook and Instagram.
PayPal is sending out data breach notifications to thousands of users who had their accounts accessed through credential stuffing attacks that exposed some personal data.
Credential stuffing are attacks where hackers attempt to access an account by trying out username and password pairs sourced from data leaks on various websites.
This type of attack relies on an automated approach with bots running lists of credentials to "stuff" into login portals for various services.
Credential stuffing targets users that employ the same password for multiple online accounts, which is known as "password recycling."
***
credits @avoidthehack@mastodon.social
Brussels, 18 January - Commissioner for Justice Didier Reynders participated in the Plenary meeting. He presented the draft adequacy decision for the EU-U.S. Data Privacy Framework to the Board and had an exchange of views with its Members. The Board is currently working on its opinion on the draft decision, which will be finalised in the coming weeks.
The EDPB has adopted a report on the findings of its first coordinated enforcement action, which focused on the use of cloud-based services by the public sector. The EDPB underlines the need for public bodies to act in full compliance with the GDPR and includes recommendations for public sector organisations when using cloud-based products or services. In addition, a list of actions already taken by data protection authorities (DPAs) in the field of cloud computing is made available.
The Data Protection Commission (DPC) has fined WhatsApp Ireland an additional €5.5 million over breaches of Europe’s data protection framework and substantively revised its original ruling under instruction from Europe’s overarching privacy regulator.
On Thursday, the DPC – Meta and its platforms’ main supervisory authority in Europe – announced it has adopted a binding resolution of the European Data Protection Board (EDPB). The board found that contrary to the DPC’s original 2021 ruling, WhatsApp is not entitled to rely on the legal basis it currently use to justify data collection within the European Union.
19th January 2023
The Data Protection Commission (“DPC”) has today announced the conclusion of an inquiry into the processing carried out by WhatsApp Ireland Limited (“WhatsApp Ireland”) in connection with the delivery of its WhatsApp service, in which it has fined WhatsApp Ireland €5.5 million (for breaches of the GDPR relating to its service). WhatsApp Ireland has also been directed to bring its data processing operations into compliance within a period of six months.
creator
to
Certamente chi espone servizi self-hosted dovrebbe sapere qualcosa in materia di sicurezza. Tuttavia, i temi della NIS 2 sono altri, soprattutto quello contenuto nel contributo. A fronte di una dichiarata volontà delle istituzioni europee di avere una sovranità digitale europea e di intervenire in ambito cybersecurity, l’impianto della Direttiva NIS 2 sembra coprire qualsiasi ambito, inclusi quelli relativi a privati che mettono a disposizione gratuitamente servizi, correndo così il rischio di imporre pesanti limitazioni. Ci sarebbe molto da discutere …
# La nostra indagine
Il nostro obiettivo è di valutare se la direttiva in esame coinvolga anche soggetti privati i quali abbiano deciso di mettere volontariamente e gratuitamente a disposizione di chiunque servizi online.
In sostanza, ci proponiamo di approfondire se la direttiva NIS 2 si applichi anche a privati (persone fisiche, giuridiche, associazioni, fondazioni) che, dai server che amministrano, espongano pubblicamente su Internet servizi (o determinati servizi) gratuitamente, rendendoli così fruibili a chiunque ne abbia interesse.
Sono esclusi dalla presente indagine i soggetti che siano qualificabili come impresa nelle diverse configurazioni (piccola, media e grande), così ogni altro soggetto che svolga le attività individuate dalla direttiva NIS 2 a scopo di lucro.
# Our investigation
Our objective is to assess whether this directive involves private entities that have decided to voluntarily and freely make online services available to anyone.
In essence, we propose to investigate whether the NIS 2 directive also applies to private individuals (natural persons, legal entities, associations, foundations) who, from the servers they administer, publicly expose services (or specific services) on the Internet free of charge, thus making them available to anyone with interest.
Excluded from this survey are entities that qualify as businesses in their configurations (small, medium, and large), so any other entity that carries out the activities identified in the NIS 2 directive for profit.
Today, two key directives on critical and digital infrastructure will enter into force and will strengthen the EU's resilience against online and offline threats, from cyberattacks to crime, risks to public health or natural disasters
image of people working on screens in a computer centre
Recent threats to the EU's critical infrastructure have attempted to undermine our collective security. Already in 2020, the Commission had proposed a significant upgrade to the EU's rules on the resilience of critical entities and the security of network and information systems.
The 2 Directives entering into force are:
* [Directive on measures for a high common level of cybersecurity across the Union (NIS 2 Directive)](https://eur-lex.europa.eu/eli/dir/2022/2555)
* [Directive on the resilience of critical entities (CER Directive)](https://eur-lex.europa.eu/eli/dir/2022/2557/oj)
The NIS 2 Directive will ensure a safer and stronger Europe by significantly expanding the sectors and type of critical entities falling under its scope. These include providers of public electronic communications networks and services, data centre services, wastewater and waste management, manufacturing of critical products, postal and courier services and public administration entities, as well as the healthcare sector more broadly. Furthermore, it will strengthen the cybersecurity risk management requirements that companies are obliged to comply with, as well as streamline incident reporting obligations with more precise provisions on reporting, content and timeline. The NIS2 Directive replaces the [rules on the security of network and information systems](https://eur-lex.europa.eu/legal-content/EN/TXT/?uri=uriserv:OJ.L_.2016.194.01.0001.01.ENG&toc=OJ:L:2016:194:TOC), the first EU-wide legislation on cybersecurity.
**Over the past 30 years the single market has brought unity and opportunities to Europeans. MEPs believe it has to be adapted further to respond to current challenges.**
During the plenary session in mid-January the European Parliament will look at how the single market has transformed Europe since its launch in 1993 and what else should be done to make full use of its potential.
Homebrew è arcinoto e va considerato un “must have”, tanto che ne abbiamo già parlato più volte su questo taccuino digitale ma solo incidentalmente per descrivere alcuni comandi.
Homebrew è un gestore di pacchetti open source scritto in Ruby (su GitHub) che consente l’installazione di quelli mancanti nel sistema operativo di Apple (o Linux).
Homebrew is well known and should be considered a “must have”, so much so that we have already mentioned it several times on this digital notebook but only incidentally to describe some commands.
Homebrew is an open-source package manager written in Ruby (on GitHub) that allows the installation of packages missing from Apple’s operating system (or Linux).
Thousands of Norton LifeLock customers had their accounts compromised in recent weeks, potentially allowing criminal hackers access to customer password managers, the company revealed in a recent data breach notice.
creator
toI think there are some real dangers of having non-humans involved with court proceedings.
First there’s the obvious slippery slope of first your lawyer is an AI, then the prosecutor is an AI, then the judge is an AI and suddenly we’re living entirely off the dictates of an AI system arguing with itself.
Second, there’s the fact that no AI is a human. This might not seem important, but there’s a lot of truth that a human can perceive that an AI can’t. The law isn’t computer code, it’s extremely squishy and that fact is important to it being just but it’s also important because you can’t just enter text into a prompt and expect to get the results out of the system you want. There’s a big difference between the same question asked by a judge who appears to be convinced by your argument and a judge who appears to be skeptical of your argument.
You might make an argument that it’s just traffic violations, but there’s a slippery slope there as well. First it’s traffic violations, eventually you might have poor people making use of the AI for serious crimes because through degrees you go “oh, it’s just a traffic violation, oh it’s just a low level possession charge, oh it’s just for crimes with a guilty plea anyway, oh it’s just a tort claim, oh it’s just a real estate case…”
Another thing is as AI expands, suddenly you get a potential risk with hackers. If you have a really important court case, it might be justifiable to pay someone to break into the AI and sabotage it so you win the case.
I agree with you. The topic is complex ad would deserve much more space to be deepened. Some issues are related, for example, to biases; there are several misdefined cases due to AI biases, especially in the USA.
Next month, AI will enter the courtroom, and the US legal system may never be the same.
An artificial intelligence chatbot, technology programmed to respond to questions and hold a conversation, is expected to advise two individuals fighting speeding tickets in courtrooms in undisclosed cities. The two will wear a wireless headphone, which will relay what the judge says to the chatbot being run by DoNotPay, a company that typically helps people fight traffic tickets through the mail. The headphone will then play the chatbot's suggested responses to the judge's questions, which the individuals can then choose to repeat in court.
Quando Apple presenta le nuove generazioni dei suoi processori, che adesso muovono praticamente tutti i prodotti di Apple, viene sempre evidenziato il ruolo dei “core”, i nuclei di calcolo. Prendiamo ad esempio il SOC A16 Bionic usato sui nuovi iPhone 14 Pro e Pro Max. Costruito da TSMC con il processo di produzione N4 (cioè a 5 nanometri), lo A16 Bionic è un SOC con un processore a 64 bit e sei nuclei di calcolo basato su Armv8.6-A. Due nuclei di calcolo “Everest” a 3.46 GHZ per la maggiore performance e quattro “Sawtooth” a 2.02 GHz per l’efficienza. Ha una GPU integrata con cinque nuclei che portano il tutto a un totale di 16 miliardi di transistor. Ma ha anche integrato un Neural Engine con sedici nuclei di calcolo capace di 17mila miliardi di operazioni al secondo (17 Tops).
***
#privacy #apple
Il Consiglio dell’Autorità per le Garanzie nelle Comunicazioni ha adottato all’unanimità, con delibera n. 422/22/CONS, un’ordinanza ingiunzione nei confronti della società Meta Platforms Ireland Limited (Meta) di un importo pari a 750.000,00 euro per la violazione del divieto di pubblicità del gioco d’azzardo sancito dal c.d. “decreto Dignità” (art. 9 D.L. n. 87/218).
Si tratta del primo provvedimento emanato dall’Autorità nei confronti di una piattaforma di social media per aver consentito la diffusione di contenuti, in violazione del citato divieto.
creator
toIt has not escaped your notice. I usually talk about app-related issues. The choice for one or the other solution is based on trust, and personally, after several trials with different solutions, I trust Apple. I am certainly aware that Apple is one of the biggies and that it is not exempt from criticism, but the policy adopted in recent years is user-friendly. It is only worth mentioning that in 2018, during the international conference of Data Protection and Privacy Commissioners, Tim Cook wished that the U.S. had a privacy regulation like the GDPR. This is not the appropriate venue, but your comment will allow me to post something on the point you arise.
creator
toIt is really unbelievable how people continue to use wa, especially for work (which is very serious), without bothering to check whether data protection regulations are being followed, especially by the controller (that is WhatsApp). What has happened shows how high the risks are for users’ personal data who are not given control over their data. Join our awareness campaign on the conscious and correct use of IM apps that respect data protection and privacy.
creator
toI think the prerequisite is to comply with the law. Corporations have to revere the laws like everyone else. It can be considered “normal” for lawyers or consultants to identify pathways to achieve possible goals of a company without violating the legislation. This is legal. Stating that behavior is illegal is up to the judge based on evidence.
creator
toAll companies collect data and personal data. They should respect privacy legislation (in the EU, the GDPR) and users’ rights. Notably, the processing of personal data should be according to the purposes of the information provided to clients. I think that Apple doesn’t expose to risks simply of misusing personal data.
From my perspective, Matrix (https://notes.nicfab.it/en/posts/matrix/matrix/) or XMPP (https://notes.nicfab.it/en/posts/xmpp/xmpp/ - https://notes.nicfab.it/en/posts/snikket/) are the best solutions. I also used Session (https://notes.nicfab.it/en/posts/session/).
I think that it will be quite difficult in Europe, but we should pay attention to it.\ https://mastodon.nicfab.it/@nicfab
Hello @filobianco@community.nicfab.it!
Thank you for being here.
A warm welcome in this community.
We hope to receive your authoritative contribution. 👏
There are several issues with the generated content from AI systems and copyright aspects. In the USA, someone already filed a lawsuit with a class action on the most relevant issues related to Ai generated content concerning art representations. See https://stablediffusionlitigation.com