I gave the keynote presentation at the ISACA San Francisco chapter annual conference, October 28th. It was an honor and a privilege to be asked to share my thoughts on auditing artificial intelligence:
“Whose AIs Are On Your Data” (PDF).
The audience gave me some really tough questions, which I hope were sufficiently addressed.
I also presented a more technical session with the rather bland title “Auditing AI” (PDF).
File this one under detecting insider threats: high-trust government employee accessed an investigations databases without authorization to undermine the investigations, and use that for leverage to get himself hired to a company being investigated.
When Cohn left the SEC to join GPB, he left with more than his own career ambitions. The proprietary information he allegedly retrieved—from databases he wasn’t authorized to access—included compromising information about a GPB investigation and sensitive details related to the same.
…as a Securities Compliance Examiner and Industry Specialist in the SEC’s Enforcement Division, where he assisted investigations into violations of securities laws. In approximately October 2018, Cohn left the SEC to join GPB, a private equity firm based in Manhattan and Garden City, New York, that manages over $1.5 billion in assets. However, prior to leaving the SEC, Cohn accessed information on SEC servers relating to an Enforcement Division investigation into GPB. Cohn was not authorized to access this highly sensitive material, which included confidential information, privileged attorney-client work product and contacts with law enforcement and other regulatory agencies. During discussions with GPB personnel about obtaining a job there, Cohn advised them that he had inside information about the SEC’s investigation, and on several occasions he disclosed information to members of GPB’s senior management about that investigation.
That interview process sounds like GPB has some very serious deficiencies in the department of information security let alone HR.
The SEC also reported a database breach in 2016.
In this modern age of surveillance technology where everyone discusses how hard it is to hide, a tragic story from West Point points us in an opposite direction.
For several days 130 soldiers searched 6,000 acres, as police dive teams ran sonar scans on water, with no results.
At some point an investigator pointed out the lack of outside digital evidence meant the missing cadet may never have left, so the search was redirected back on campus, where he was discovered.
A 20-year-old West Point cadet who had been missing for four days was found dead Tuesday evening on the campus, school officials announced…[with] no cellphone or financial activity since he had been reported missing.
This comes at the same time researchers announced drones have been able to distinguish live people from mannequins at distances up to 26ft by monitoring chest movements.
During research for my new book I often run into artificial intelligence promises of the 1950s that by the 1960s meant tests of the sort of thing people today talk about as new technology.
For example I’ve given several presentations on how driverless cars were promised to be on roads by the mid-1970s, and why such automation dreams for our civilian lives instead fizzled and failed (i.e. fears stemming from the Cuban Missile Crisis).
Another example of this nature is the optical character recognition (OCR) work that by 1966 was considered good enough to read license plates. For some reason I often find people claiming that this was a development in the 1980s, specifically Automated License Plate Readers (ALPR).
Archives easily confirm the 1980s are decades late. I’ve even found some evidence of late 1960s NYPD plans for racist profiling (“wanted car” surveillance) with bridges outfitted with ALPR. Such surveillance seems far more real and sinister than even the infamous New York “Jim Crow bridge story“.
Here’s a taste of what I’ve found in the U.S. Senate Committee on Appropriations record about innovations at that time:
Perhaps New York should consider celebrating their surveillance state history by issuing a commemorative license plate for automated license plate readers? 2016 would have been the 50th anniversary of the kind of research grant that nobody seems to remember.
The $180K grant for New York in 1966 is the equivalent of a $1.4M grant today. It seems to be a significant amount for surveillance technology development and evaluation. Today is a different story, however.
ALPR cost has deflated over the same time, so now anyone can run free OpenALPR themselves on inexpensive hardware.
“Get an alert the moment any license plate is seen by your security cameras. Monitor suspicious activity with simple database searches that reveal the full history of any vehicle that drove past a camera on your property.”
The shift in surveillance market economics was highlighted a couple years ago by an Australian hobbyist with the click-bait headlines: “How I replicated an $86 million [Victoria police] project in 57 lines of code” and “I caught someone with it“.
BlueNet only has to meet a 95% accuracy target. So if $1 million gets you to 80% accuracy, and maybe $10 million gets you to 90% accuracy — when do you stop spending?
The answer appears to be in the question. Spending could stop when you hit that 95% accuracy target, assuming you don’t run into the privacy and ethical problems that have plagued ALPR for 50 years now, such as this extortion case in 1997…
The D.C. police lieutenant in charge of investigating extortion plots was arrested yesterday and charged with carrying out his own extortion plot against men who frequented a gay bar…Stowe used a law enforcement computer system to identify the man and at least two others who visited the club through their automobile license plates.
…or this public shaming case in 2015
Los Angeles is considering sending “Dear John” letters to the homes of men who [drive through neighborhoods where prostitutes are alleged to be] hoping the mail will be opened by mothers, girlfriends or wives.