Four short links: 25 October 2019
A Human Tale, Algorithm Regulation, ASCII Game, Security Research
- A Security Tale: A Timeline — the story of, and consequences of, one chap’s insane workload being the NZ security person for Equifax during the fallout from the breach. Perfect storm of remote management, global demands, outsourced team, outsourced cloud providers…and 18-hour days spent trying to cover your employer’s ass. He talks about the logistic challenges, and then the personal costs. The phrase “giant pit of despair” is appropriate. Look after yourself. A Kawaiicon talk. (via Fobski)
- Opinion of the Data Ethics Commission — proposing a sliding scale of regulation. For algorithmic systems, they propose a five-level model: no special measures for applications with zero or negligible potential for harm; measures such as formal and substantive requirements (e.g., transparency obligations, publication of a risk assessment) or monitoring procedures (e.g., disclosure obligations toward supervisory bodies, ex-post controls, audit procedures) for applications with some potential for harm; additional measures such as ex-ante approval procedures for applications with regular or significant potential for harm; additional measures such as live interface for “always on” oversight by supervisory institutions for appplications with serious potential for harm; and complete or partial ban of an algorithmic system for applications with an untenable potential for harm. The diagram is Figure 2 on page 19. (via Haydn Belfield)
- ASCIIdent — open-world sci-fi game with a design completely made by text characters. Commercial game with clever idea.
- A Data-Driven Reflection on 36 Years of Security and Privacy Research — Figure 1 is worth checking out. Interesting how no topic is as prevalent today as formalism or trust were in their heydays. Their research considers things like whether new topics are introduced by new authors or by old authors (most started by existing authors, but some important topics were started by new authors—e.g., crypto protocols, side-channels, data privacy). (via Bruce Schneier