Category: Technology

Blockchain Used To Reduce Child Labour

Posted on by Rob Burdett

Blockchain Used To Reduce Child Labour Blockchain, the same technology that powers the Bitcoin cryptocurrency, is being tested in a pilot project between car-maker BMW and start-up Circulor with a view to eliminating battery minerals produced using child labour.

What Is Blockchain?

Blockchain is an incorruptible peer-to-peer network (a kind of ledger) that allows multiple parties to transfer value in a secure and transparent way. Blockchain’s Co-Founder Nic Carey describes Blockchain as being like “a big spreadsheet in the cloud that anyone can use, but no one can erase or modify”.

Battery Mineral Problem

The pilot between BMW and Circulor is focusing on reducing child labour by finding a way to avoid using any cobalt that is mined in unregulated artisanal mines in Democratic Republic of Congo. At the moment one fifth of cobalt is mined in a way that often uses child labour.

How Can Blockchain Help?

The pilot project is using Blockchain to help provide a way to prove that artisanal miners are not using child labour in their cobalt mining activities.

Each bag of cobalt produced by an artisanal miner will be given a digital tag. This tag will be entered into Blockchain using a mobile phone. The details of the digital tag will then be entered by each link in the chain of buyers, thereby providing a clear, verifiable trail, all the way from miner to smelter. Since Blockchain is ‘incorruptible’, provided all organizations throughout the supply chain will be involved in the project, the Blockchain evidence should be accurate.

Challenges

Challenges to the system being tested in the pilot could include cobalt mined by a child could simply being mixed in with ‘clean’ cobalt prior to processing.

Used In Similar Industries

There is every reason to think that Blockchain could help with ethical cobalt mining and supply because it has been used in a similar way by the diamond industry to provide a forgery-proof record of a diamond’s lifecycle.

What Does This Mean For Your Business?

The Blockchain technology has always shown huge promise, beyond simply being used in digital currencies. One of its key strengths is that trust is embedded into the incorruptible system. This means that businesses can use it to categorically prove a certain source and route for e.g. delivery, raw materials or production. This could be particularly valuable to businesses where provenance of some kind is necessary to add to the monetary, ethical or other value of a product or service.

After first being used in the financial, legal and public sectors, Blockchain is now being used by businesses and organisations around the world in many other different ways such as:

  • Using the data on a Blockchain ledger to record the temperature of sensitive medicines being transported from manufacturers to hospitals in hot climates. The ‘incorruptible’ aspect of the Blockchain data gives a clear record of care and responsibility along the whole supply chain.
  • Using an IBM-based Blockchain ledger to record data about wine certification, ownership and storage history. This has helped to combat fraud in the industry and has provided provenance and re-assurance to buyers.
  • Shipping Company Maersk using a Blockchain-based system for tracking consignments that addresses visibility and efficiency i.e. digitising a formerly paper-based process that involved multiple interactions.
  • Start-up company ‘Electron’ building a Blockchain-based system for sharing information between those involved in supplying energy which could speed up and simplify the supplier switching process. It may also be used for smart grid processes, such as local load-balancing of supply and demand.
  • Australian start-up Zimrii developing a Blockchain-based service that allows independent musicians to sell downloads to fans, distribute the proceeds between collaborators, and allow interaction with managers.

Blockchain still has huge untapped potential for all kinds of businesses and could represent a major opportunity to improve services, and effectively tackle visibility, transparency and efficiency issues.

Tech Tip – Prevent Travel Bag Laptop Battery Wake-Up

Posted on by Rob Burdett

Sometimes your laptop can spring into life while still in your travel bag. This can drain the battery. Here’s how to prevent it from happening.

On a PC running Windows 10, change the behaviour of the system so that closing the lid causes the system to hibernate instead of sleeping. This means that the system won’t start-up until you instruct it to.

  1. Open Control Panel (or use the search box on the taskbar).
  2. Search for Power Options – this will open the dialog box.
  3. From the list of links on the left, click ‘Choose what closing the lid does’. Every modern laptop should have the option to define settings for ‘When I close the lid’.
  4. Change the behaviour under ‘On Battery to Hibernate’ and then save your changes.

Amazon’s $1 Billion ‘Smart Doorbell’ Purchase

Posted on by Rob Burdett

Amazon has paid $1 billion for ‘Ring’, a smart doorbell company, so that it can improve how it delivers parcels, and compete with Google and Apple in expanding the opportunities for their digital assistants and app ecosystems.

What Is Ring?

Ring, run by CEO Jamie Siminoff, is a US company that primarily manufactures ‘smart doorbells’. These doorbells work by recording live videos of customers’ doorsteps, then sending the videos to their smartphones.

Filming Couriers

There are obvious security benefits for customers from an innovative IoT product of this kind. In this case however, there is also a big benefit for Amazon in helping its customers trust its new service which allows couriers open people’s front doors and put deliveries inside. The new service, which was first announced in October last year, requires a leap of faith from customers, as they have to trust couriers to enter their premises unaccompanied to deliver parcels (while being filmed).

In the original plans for the service, smart locks and Cloud Cam cameras were to be used to monitor couriers who would scan a package barcode outside the door, and once the delivery has been verified online, the camera would record the delivery person unlock the door (using an app) and making the delivery. The purchase of ‘Ring’ enables Amazon to acquire the system to operate this service effectively in the marketplace very soon.

Part Of A Bigger Battle

The purchase of Ring for $1 billion is further serious evidence of Amazon competing with multiple rivals for all aspects of our homes, and invariably, our business premises.

For example, back in September 2017, Nest (owned by Alphabet / Google) released an internet-connected intruder alarm, a video-streaming doorbell, and a door lock system that was developed in collaboration with Yale. Nest has also just announced that it will be incorporating Google Assistant into its products so that they will work with Google Home.

It is, therefore, not just the lure of the lucrative and growing smart home security market that Amazon has been interested in, but also the competition among the big players – Google, Apple and Amazon – to link up their digital assistants with many different smart home devices e.g. to control the lighting, heating, and now the security.

What Does This Mean For Your Business?

Many businesses receive frequent parcel deliveries during the day, and this type of service may, therefore, be a useful one (particularly for smaller businesses), and could minimise disruption and help efficiency. Amazon has the parcel delivery network, the services e.g. Amazon Business (its online trade counter), and now its point of delivery security system.

This product is an example of how multiple technologies have linked together to provide another new business opportunity in a new and growing market. Some critics have, however, pointed out that this service requires some serious faith and trust from customers, and that it would only take a few incidents to kill that trust and to force the expensive idea onto the back burner. There is still, of course, the broader, general problem of IoT security, which has not been fully addressed in many other products, and could still prove to be the Achilles Heel in this one.

This story is also an example of how Amazon is expanding and diversifying into many different aspects of our home and business lives e.g. parcel delivery, groceries, and now smart security. The story is also an example of how the big home digital assistant manufacturers are now locked in competition to expand the number of products and services that link up to their devices e.g. Amazon Echo, and this market could provide many business opportunities for many other tech companies and manufacturers in the along the way.

Facebook Shooting Game Gaffe

Posted on by Rob Burdett

Facebook has faced criticism this week after news that it promoted a virtual reality shooting game set in a public train station, on its stand at a US conservatives’ event.

Bad Timing

Clearly, in the light of the latest mass school shooting incident in Florida where a gunman killed 17 victims, it appeared to be a poor decision by Facebook to take the ‘Bullet Train’ game to the event.

The game, which Facebook says is a free title first unveiled in 2015, and was bundled with a number of other VR demos at the event, allows the player to shoot imaginary weapons against enemies in the setting of a public train station.

NRA

Adding to the weight of Facebook’s criticism for the game being aired is the fact that the event was a rightwing, CPAC conference where the National Rifle Association (NRA) has promoted gun rights. It has also been reported that CPAC featured speeches attacking gun control advocates, and a much criticised call from Donald Trump to give guns to school teachers.

It is darkly ironic that at a conference that had been dominated by discussions over gun control following a school shooting, delegates were then able to play a VR game which involved shooting people in a public place.

Exposed Via Twitter

News of the use of the game at the event was made public when a journalist at CPAC took to Twitter to post footage of the game being played.

Facebook has since expressed regret for promoting that particular game at the conference, and has announced that it has removed Bullet Train and any other action games that include violence from the VR demo.

Bad Few Weeks For Facebook In The Media

This latest gaffe is another in series of stories in the media that have generated some bad publicity for Facebook over the last couple of weeks.

For example, last week Facebook faced criticism for allegedly using registrations to 2 factor authentication as an opportunity to send out spam SMS notifications. Any requests to stop the texts were also reported to have been posted onto the user’s Facebook profile page. In the same week, a court in Belgium told Facebook to stop using tracking code to follow and record internet use by people who weren’t even Facebook users, until it complies with Belgium’s own privacy laws.

Facebook has also received some very bad publicity since it released figures showing that Russia-based operatives uploaded 80,000 posts to Facebook in the last 2 years, and thereby may have been able to have influenced the outcome of the last US election.

Not Allied To Any Political Party

Even though this latest shoot-em-up game gaffe took place at a rightwing event, Facebook has also been quick to stress that it routinely participates in events hosted by organizations across the political spectrum.

What Does This Mean For Your Business?

At the very least, this is an example of how it’s worth reviewing and checking every aspect of anything you’re presenting and promoting at a high profile event, coupled with a final reality-check is always worthwhile if you want to avoid any unnecessary bad publicity.

This story is also a reminder that we live in an age where we are constantly connected to a worldwide news network where social media can be used to instantly broadcast any errors that companies, organisations and governments make.

This story also reminds us that the activities of powerful internet companies are now under scrutiny by campaign and other interest groups, and in today’s environment, the stories of individuals rather than governments about their experiences with big internet companies can become quite powerful in keeping those companies in check and holding them to account once those stories gain momentum and mass on social media.

Intel Didn’t Reveal Chip Flaws To Authorities First

Posted on by Rob Burdett

It has been revealed that US authorities found out about the Spectre and Meltdown chip flaws from media reports rather than being informed directly by US computer chip manufacturer Intel.

What Chip Flaws?

Back in January, researchers from Google’s Project Zero, the Technical University of Graz in Austria and the security firm Cerberus Security in Germany, discovered that two major security flaws are present in nearly all modern processors / microchips. The hardware flaws were dubbed ‘Spectre’ and ‘Meltdown’.

Meltdown affects all Intel, ARM and most other processors on the modern market. It is believed that Meltdown could affect every processor since 1995, except for Intel Itanium and Intel Atom before 2013. The flaw could, for example, leave passwords and personal data vulnerable to attacks.

Found Out Via The Media

In this latest revelation, news has emerged that Intel didn’t inform US cyber-security officials about the flaw in its processors until after the news had been leaked to the media.

Google’s parent company Alphabet has said it informed Intel, AMD and ARM about the chip flaws in June 2017, and the three semiconductor / chip manufacturers were given 90 days to fix the flaws before disclosing the discovery of the flaws and the fix to the public. According to Alphabet, and in keeping with ‘standard practice’, it had left it up to the companies to decide whether they should inform government officials about the security flaws.

Extended

In response, Intel gives a slightly different version of events. According to Intel, Google Project Zero had chosen to extend the 90-day timeframe to 9 January 2018, and Intel had agreed to keep the information confidential until that date.

No Exploits Anyway

Even though there is general agreement that the security flaws are now present in nearly all modern devices, including all iPhones, iPads and Macs, Intel has been quick to stress that there have been no known exploits to date.

What Does This Mean For Your Business?

It is worrying that ‘standard practice’ in the industry is to be allowed to keep quiet about a security problem for 3 months from government cyber-security officials, and from the public. It is also worrying that it took journalists to uncover the problem, particularly when you consider the sheer scale of the flaws i.e. that they’re present in almost all modern processors.

There have been far too many stories of large, well-known companies choosing to keep quiet as long as possible about cyber / data security risks or breaches, and these episodes all serve to undermine confidence that companies will act responsibly themselves, without the threat of new regulations and huge fines (such as those that GDPR will bring).

The best advice to businesses is now to install all available patches for the flaws without delay, and to make sure that you are receiving updates for all your systems, software and devices.

Regular patching is a good basic security habit to get into anyway. Research from summer 2017 (Fortinet Global Threat Landscape Report) shows that 9 out of 10 impacted businesses are being hacked through un-patched vulnerabilities, and that many of these vulnerabilities are 3 or more years old, and there are already patches available for them.

Fight For DPOs With Introduction of GDPR

Posted on by Rob Burdett

Technology and employment commentators are predicting that with the already high demand for skilled and talented Data Protection Officers (DPOs), the introduction of GDPR may see businesses having to compete to recruit the right one.

What’s A Data Protection Officer?

A DPO’s role is essentially that of looking after any legal and ethical issues related to handling customer data. They are required to have specialist knowledge in matters relating to data and information privacy and security.

What Is Demand For DPOs Like Now?

According to figures from the Indeed job search site, DPO job listings posted in the UK have increased by no less than 700% over the past 18 months. That’s the equivalent of an increase from 12.7 listings per 1 million in April 2016 to 102.7 listings per 1 million in December.

Triggered An Increase In Training

The huge increase in the demand for DPOs has led to a corresponding increase in the demand for GDPR training, as individuals spot a potentially lucrative career, and companies seek to bring their in-house DPOs up to speed.

Some GDPR training providers have reported selling out of courses for the next six months as demand for GDPR-Ready training programs for DPOs have increased by as much as one-third.

Even Bigger Demand With Introduction of GDPR

The International Association of Privacy Professionals (IAPP) estimates that, with the introduction of GDPR in May this year, 28,000 DPOs will be needed in Europe and U.S. and perhaps as many as 75,000 around the globe.

Why?

GDPR requires that companies must have a DPO to help with tasks such as data audits for compliance with privacy laws, training employees on data privacy, and to be the main point of contact in the company for European regulators.

With its 99 articles, under the guidance of 6 privacy principles, General Data Protection Regulation (GDPR) is long, and complicated, and it needs as well as requires someone within the business to understand it, and how it should be practically applied. Failure to comply with GDPR, and data breaches resulting from non-compliance can bring large fines and other potentially disastrous consequences for businesses and organisations e.g. loss of customers, and damage to brand and reputation.

Legal and business commentators are also predicting that companies may only want to deal with suppliers who are GDPR compliant in order to maximise their own compliance and avoid the penalties.

What Does This Mean For Your Business?

For those who are already, or are currently training to be DPOs, the immediate future looks bright in terms of their choice of employment, the massive (and growing) demand for their services, and the bargaining power that this may give them with employers e.g. for their salary.

For businesses that are already trying to get to grips with the complications and costs of complying with GDPR, and who already know that they will need somebody in the DPO’s role, they may not have anticipated the extra complication of having to compete with other businesses to get one. With the demand for good DPOs looking like continuing to out-strip supply, the situation may arise where some businesses attempt to poach DPOs from others.

With X-day already past, and the introduction of GDPR just 3 months away, the clock is now ticking loudly for businesses that may not yet have given any serious thought to the role of DPO, or where to get GDPR training.

Google Acted On Less Than Half Of Requests To Remove URLs

Posted on by Rob Burdett

Google’s latest Transparency Report reveals that of the 2.4 million requests made since 2014 to remove certain URLs from its search results, Google has only complied with less than half.

Removal Requests

The removal requests relate to a ruling by the European Union’s Court of Justice in May 2014 which said that Google and other search engines can be held responsible for personal data that appears in its search engine results pages – they are considered to be ‘Data Controllers’. Google and other search engines can, therefore, be asked to remove links to some web pages that are published by third parties, and any EU citizen can ask Google to remove information about them from their search results.

Doesn’t Have To Comply

The problem with the ruling for individuals who want their data removed is that Google doesn’t actually have to comply with the request, and can refuse to take links down if can demonstrate that there is a public interest in the information remaining in the search results. Google can also re-instate links that it has already taken down in a previous request if it can show that it has grounds to do so.

One example highlighted in Google’s Transparency Report concerns the UK man who managed to get Google to delist 239 (of 300) URLs that linked him to a fraud conviction where he was later found to be innocent. Following a 2nd request by the same man to remove pages relating to a benefits case linked to him, Google refused this request AND re-instated the previously de-listed URLs because it said that he provided forged documents with his 2nd request.

Two Main Reasons

The statistics appear to indicate that the two most likely reasons why Google would be asked to consider de-listing URLs are when they relate to personal information being shown in social media and directory services, and when aspects of a requester’s legal history from news outlets and government websites are shown in the search engine results.

What If Google Refuses Your Request?

Examples of why Google may refuse to take URLs down include when they give business information that might be useful for potential customers, or if the content about a violent crime could be of interest to the general public.

If Google refuses your request to take down certain URLs, you can then still take your complaint to the national data watchdog. This, of course, takes time.

Less Than Half Of Requests

The Transparency Report shows that, since May 2014, Google has not delisted 56.7% of URLs, and in the UK, 60.2% of requests to remove certain URLs were not complied with by Google.

What Does This Mean For Your Business?

This story appears to show that despite an EU ruling, Google is still really in charge of making the decision about whether your personal details appear in its search engine results, based on its own research rather than your reasons in your request. For businesses wanting to hide certain information from public view, this is clearly an obstacle. Many businesses and individuals may have arguably suffered a much longer lasting punishment for any wrongs or from any bad publicity simply because they now operate in the age of the Internet, where things take a long time to be forgotten.

It will be interesting to see what difference GDPR makes to this situation because with GDPR, any EU citizen has the ‘right to be forgotten’ (all data held about them is to be removed), and GDPR can be enforced with the help of substantial fines for companies failing to comply with requests from individuals.

Google has long appeared to take the position that it sees some requests to remove certain URLs from its search engine results as a kind of censorship, and it remains to be seen just how much influence individuals will be able to exert over the big internet companies in the coming years.

Tech Tip – Find Files By Date

Posted on by Rob Burdett

If you have produced and stored many files on your computer over time, in multiple folders, it can sometimes be difficult to find the file you need. One way to narrow the search in Windows 10 is to search by date. Here’s how:

  1. Choose the folder, drive, or library you want to search.
  2. Click in the search box (upper right corner of the File Explorer window).
  3. Type datemodified: operator (doesn’t matter if there’s a space after the colon), followed by a date / date range.

The format for the date range can be e.g. a single date in any standard date format, a range of dates e.g. 20/1/2018 .. 20/2/2018, a month or year or both, or a relative term e.g. last week, last month. Alternatively :

  1. Click in the search box to bring up the Search Tools tab on the ribbon.
  2. Click the Date Modified button.
  3. Choose one of the available options.

A Quarter Of Councils Have Been Hacked

Posted on by Rob Burdett

The ‘Cyber Attacks In Local Authorities’ report from Big Brother Watch shows that local governments are subject to cyber attack attempts at the staggering rate of 37 per minute!

Thankfully, only a tiny fraction of the attacks launched are successful although this still represents a serious problem. For example, 114 councils experienced at least one incident between 2013 and 2017.

High Stakes

The nature of the work of UK Councils is such that they hold a large amount of up-to-date personal data for people in their areas, so one successful breach can have very serious consequences.

Not Disclosing Breaches

One particularly worrying aspect of council behaviour exposed by the report is that, from the data gathered, few seem to have reported losses and breaches of data, which is something that organisations will be required to do within 72 hours under GDPR when it comes into force in May.

Human Error – Training Needed

As in so many companies and organisations, human error is often a factor in breaches. In 2015, for example, Big Brother Watch has exposed how local authorities committed 4 data breaches a day, all thought to be predominantly caused by human error.

Big Brother Watch has also revealed that that, despite the number and seriousness of the breaches, little action has been taken by UK councils to increase staff awareness and education in matters of cyber security and data protection. For example, it has been disclosed that 75% of local authorities do not provide mandatory training in cyber security awareness for staff, and that16% do not provide any training at all!

What Does This Mean For Your Business?

Some commentators have been quick to point out that bearing in mind how much sensitive data councils hold about citizens, and the incredible amount of attempted cyber attacks against them, they could be making more of an effort and an investment to beef-up security.

Other commentators have noted that cuts to council budgets e.g. with austerity measures may have played their part in limiting cyber security effectiveness in UK councils.

After the shocking findings of the report, Big Brother Watch issued some recommendations to local authorities which could very well apply to other businesses and organisations. These are:

  • Cyber security should be prioritised, and that rather than investing too much in surveillance technologies, more should be invested in cyber security strategies and in the training of staff.
  • Cyber security incidents should be consistently reported, and that a protocol needs to be established so that incidents are reported quickly and to the right authorities e.g. the police, the ICO, and the National Cyber Security Centre.
  • All staff should receive mandatory training in cyber security because Cyber attacks are not only designed to breach computer systems, but also to exploit humans who are often the weakest cyber security link.

GDPR Extortion Prediction

Posted on by Rob Burdett

A report by Security Company Trend Micro has predicted that, as cyber-criminals are now focusing more on maximising financial return, the introduction of GDPR this year could give them potentially lucrative extortion opportunities.

How?

The point that this report is making is that with the prospect of massive fines under GDPR e.g. fines up to €20 million, or 4% of their global turnover, criminals could extort large sums of money from companies with the threat of a cyber-attack that could lead to data security breach, which could, in turn, lead to a fine under GDPR. It has been suggested that criminals could first determine the penalty under GDPR that could result from an attack, and then demand a ransom of slightly less than that fine.

What’s Happening?

The recent trends in cyber-crime are what have led to this latest chilling prediction. For example, the fact that cyber-criminals appear to be abandoning exploit kits and indiscriminate attacks in favour of more strategic attacks with maximised financial gain is a trend that has become more apparent. This trend coupled with the fact that, although the number of reported breaches in 2017 was lower than in 2016, the amount of data compromised by cyber attacks increased, have led security commentators to believe that criminals will seek to exploit GDPR as a money-making weapon.

Predictions Started Last Year

Predictions that the threat of GDPR fines could be exploited by criminals first surfaced in the media last November when researcher Mikko Hypponen made the point that GDPR fine figures could give cyber-criminals who are using ransomware, or hackers stealing data, a price point to set the ransom at because now they know how much money they should be asking.

Hypponen argued that because the criminals know what data is worth / what covering-up a data breach may be worth to some companies (probably large, well-known ones), these companies may be actually willing to pay anything less than the full amount of the fine to avoid serious damage to their reputation, loss of customers and more.

According to Hypponen, ransoms could, therefore, be set at up to 2% or 3% of the targeted organisation’s global annual turnover. This could equate to millions of dollars in some cases.

Threat Of Reporting Too

As well as the threat of a ransom to avoid a direct, deliberate attack that would result in a fine, security commentators have also suggested that hackers / scammers could steal data with advanced ransomware and then blackmail the victims with the threat of reporting them to the data protection commissioner. This is because ransomware can affect the availability, access, and recovery of personal data.

Other Trends

Other Trends uncovered in the recent Trend Micro Report include:

  • A 32% increase in new ransomware families from 2016 to 2017.
  • A doubling of business email compromise (BEC) attempts between the first and second half of 2017.
    Rapidly rising rates of cryptocurrency mining malware (100,000 detections in October).
  • A 22% increase from 2016 in BEC attempts to trick company employees into approving money transfers to criminal accounts, mostly targeting the chief financial officer (CFO).
  • More attacks on vulnerable internet of things (IoT) devices, with software vulnerabilities also continued to be targeted (1,009 new flaws discovered and disclosed in 2017).

What Does This Mean For Your Business?

As well as being an opportunity to get the (data) house in order and to enhance competitiveness (GDPR compliant companies are more likely to want to deal with other compliant companies), the size of the fines and now the potential activities of extortionists are risks for the coming years for UK businesses. Even though these predictions relate to more daring and sophisticated crimes, companies should still make sure that they are at least covered against more basic attempts e.g. by keeping up to date with software patching, and covering all known vulnerabilities.

Ways that companies could protect themselves against hacking / ransomware threats include only giving users access to what they need and taking away admin privileges, backing up all critical files effectively and securely, and testing those backups to make sure that information can be restored in a usable form. Training of staff e.g. chief financial officers (CFOs) or anyone involved in payment, and establishing a clear process for checking and chain of command could reduce the risk of BEC attempts and socially engineered attacks. Businesses would also be wise to make sure that their Business Continuity and Disaster Recovery Plans are kept up to date in the light of emerging threats.