TechLetters #41 - hacked telecoms, bad breach notification, China's new data protection law, collisions in Apple's neural hash
Éditorial
Security
Bad Investor breach information. “Securities and Exchange Commission said Monday that Pearson Plc agreed to pay $1 million to settle charges that it misled investors about a 2018 cyber intrusion involving the theft of millions of student records, including dates of births and email addresses, and had inadequate disclosure controls and procedures” (link)
Telecom hacked. US T-mobile, a major telecommunication operator, has been breached. Data of around ~47 million of users stolen. And a few days later it was updated to report that the breach was much worser. The perils/joys of cybersecurity PR.
Privacy
China’s data protection reform. Personal Information Protection Law of the People's Republic of China. “…When one of the following circumstances is present, personal information handlers shall conduct a personal information protection impact assessment in advance…”. Max fines of 50 million Yuan (€6M), or 5% of annual revenue (link)
Neuralhash and collisions. Apple said that the photo scanning tech will come to iOS 15. But neuralHash is implemented since iOS 14.3. We already know how it works. There are also first image collisions of neuralHash reported - these images are different but they have the same hashes (59a34eabe31910abfb06f308) and would constitute as false positive.
Predictably, tools to create colliding images are being created and this only improves. Very fast. Collisions of Apple's neuralHash also occur naturally in big datasets. "false-positive rate on pairs of ImageNet images is plausibly similar to what Apple found between their 100M test images". But what happens in natural dads-or-mums-picturing-their-children settings? Because this a likely real risk.
In case you feel it's worth it to forward this letter further, I leave this thingy below:
You may also share here: