Global Internet Forum to Counter Terrorism: An update on our progress two years on | Microsoft on the Issues

Global Internet Forum to Counter Terrorism: An update on our progress two years on | Microsoft on the Issues

The following announcement was jointly written by Facebook, YouTube, Twitter, and Microsoft and posted to our respective online properties.

In summer 2017, Facebook, YouTube, Microsoft, and Twitter came together to form the Global Internet Forum to Counter Terrorism (GIFCT).

The objective of the GIFCT has always been to substantially disrupt terrorists’ ability to promote terrorism, disseminate violent extremist propaganda, and exploit or glorify real-world acts of violence on our services. We do this by joining forces with counterterrorism experts in government, civil society and the wider industry around the world. Our work centers around three, interrelated strategies:

  • Joint tech innovation
  • Knowledge sharing
  • Conducting and funding research

Today, building on the commitments we made as part of the Christchurch Call to Action, we are adding a fourth pillar to our work that will focus on crisis response. Specifically, we are introducing joint content incident protocols for responding to emerging or active events like the horrific terrorist attack in Christchurch, so that relevant information can be quickly and efficiently shared, processed and acted upon by all member companies. We are also releasing our first GIFCT Transparency Report and a new counterspeech campaign toolkit that will help activists and civil society organizations challenge the voices of extremism online.

And as we head into our third year as GIFCT, we are pleased to welcome Pinterest and Dropbox as members. We will continue to add new members, particularly smaller companies that could benefit from the collective experience of GIFCT members.

More than 200,000 unique hashes now in our joint database

When terrorists misuse the internet, they often upload the same piece of content to multiple platforms to maximize their reach. To disrupt this behavior, we jointly developed a shared industry database of “hashes” — or digital fingerprints — that allows us to safely share known terrorist images and video propaganda with partner companies. This enables us to more quickly identify and take action against potential terrorist content on our respective platforms…

First GIFCT Transparency Report

We have heard loud and clear from government and civil society that we need to be more transparent about what we are working on as an industry. As a result, today we are releasing our first-ever GIFCT Transparency Report. The report goes into detail about the GIFCT’s primary work streams, providing greater insight into how the Hash Sharing Consortium has defined terrorist content, and the volume and types of content included in the database. The full transparency report, which is available here, will complement the transparency reports put out by individual GIFCT member companies.

A toolkit to counter violent extremism

When we committed to the Christchurch Call to Action and issued a nine-point plan outlining concrete steps we plan to take as an industry, we said, “We come together, resolute in our commitment to ensure we are doing all we can to fight the hatred and extremism that lead to terrorist violence.” Never has that commitment been more important. As industry partners, we continue to prioritize and deepen engagement with governments, civil society, and smaller tech companies around the world…

Enabling and empowering companies to respond to crises like Christchurch

Perhaps most importantly, today we are adding a fourth pillar to the GIFCT’s core mission: enabling and empowering companies to respond to crises like Christchurch. The horrific terrorist attack highlighted the importance of close communication between members, and between government and the wider industry, which is why we are introducing joint content incident protocols to enable and empower companies to more quickly and effectively respond to emerging and active events…

We are grateful for the support of and collaboration with governments, international organizations, and NGOs around the world, including the EU Internet Forum and the UN Counter-Terrorism Executive Directorate. We look forward to sharing more updates in the coming months.

The post: Global Internet Forum to Counter Terrorism: An update on our progress two years on appeared first on Microsoft on the Issues.

from Microsoft on the Issues https://ift.tt/2JQrGpc via IFTTT

Protecting political campaigns from hacking | Microsoft on the Issues

Protecting political campaigns from hacking | Microsoft on the Issues

This is very much a step in the right direction. A challenge to open-source advocates to do something similar (LibreOffice are you listening!)

Today, at Microsoft’s Build Developer Conference, Microsoft CEO Satya Nadella announced a new service from our Defending Democracy Program called Microsoft 365 for Campaigns, which brings the high-end security capabilities of our Microsoft 365 Business offering to political parties and campaigns.

 

The majority of security breaches faced by political campaigns originate from malicious phishing attacks and target email and filesharing systems. But many campaigns are ill-equipped to deal with these threats from nation-states and criminal scammers. We talked with campaign staffers and leaders in campaign technology and heard repeatedly that security solutions for email often were too hard to configure and too expensive. M365 for Campaigns addresses both issues by making it easy to deploy advanced security features at a much lower price.

 

Starting today, campaigns can sign up to be notified when the service becomes available in June by visiting https://m365forcampaigns.microsoft.com.

 

M365 for Campaigns will be available in June to all federal election campaigns, federal candidate committees, and national party committees in the United States, and we are exploring ways to bring the service to other countries in the future.

 

As we said when we announced the Defending Democracy Program, threats to our democratic processes from cyber-enabled interference have become a critical concern. We must all partner and do more to protect free and fair elections, and securing campaigns is an important part of this work.

 

The post Protecting political campaigns from hacking appeared first on Microsoft on the Issues.

from Microsoft on the Issues http://bit.ly/2V1COln via IFTTT

An important step toward peace and security in the digital world | Microsoft on the issues.

An important step toward peace and security in the digital world | Microsoft on the issues.

Today, French President Emmanuel Macron launched a global effort among governments, businesses and civil society to protect and defend against threats to the digital infrastructure that runs our daily lives. We’re proud to be one of the 370 signatories of The Paris Call for Trust and Security in Cyberspace. This includes 51 governments from around the world, including all 28 members of the European Union and 27 of the 29 NATO members. It also includes key governments from other parts of the world, including Japan, South Korea, Mexico, Colombia and New Zealand.

 

The Paris Call is an important step on the path toward digital peace, creating a stronger foundation for progress ahead. It calls for strong commitments in support of clear principles and strong norms to protect citizens and civilian infrastructure from systemic or indiscriminate cyberattacks. Similarly, it calls for governments, tech companies and nongovernmental organizations (NGOs) to work together to protect our democracies and electoral processes from nation-state cyberthreats.

 

The Paris Call breaks new ground by bringing together to support these steps an unprecedented and broad array of supporters. Its signatories include more than 200 companies and business associations, including leading tech companies such as Microsoft, Google, Facebook, Intel, Ericsson, Samsung, Accenture, Fujitsu, SAP, Salesforce and Hitachi. Importantly, it also includes leading financial services institutions such as Citigroup, Mastercard, Visa, Deutsche Bank, as well as industrial leaders such as Nestle, Lufthansa and Schneider Electric. And it includes almost 100 critical NGOs that span groups across civil society.

 

All of this is important for a reason. Success in advancing cybersecurity requires an approach that is not only multinational, but multistakeholder in nature. This is because cyberspace, unlike the traditional planes of warfare like land, sea and air, is typically privately owned. Cyberspace in fact consists of concrete elements in the real world, such as datacenters, undersea cables, and laptops and mobile devices. These are designed and manufactured by private companies. And often they are owned and operated by tech companies and others in the private sector.

The post An important step toward peace and security in the digital world appeared first on Microsoft on the Issues.

EHRs, BSBCNC, Ransomware

Healthcare EMRs [personal]

I had the misfortune to sprain my wrist recently that required a medical facility visit. After lengthy waits and treatment, discharge papers (handout with no digital option) disclosed the usual suspects such as purpose of visit and treatment, meds given and prescribed, and follow up procedures. Here is where the follow-up gets hairy approaching fubar. At the left is the first page of an actual discharge paper given out by the Emergency Department. It touts their secure access to your health records and provides a way to contact your doctors and allied professionals. Near the bottom are follow-up instructions, who to see, address info, phone number, and timeframe. The mistake I made was depending on the forms in the service to set up an appointment for today. Their system did not work and when a call was made late Thursday about it, the staff was unapologetic and less than helpful about. This is but one example of how Electronic Medical Records (EMR) failed in real world applications, the kind that drives costs up and reduces outcomes. A copy of the record that I was given was sent to the specialists’ office, which they acknowledged; made its way to the digital equivalent of the circular filing cabinet, the “ignore” bin. An education about how EMR’s are not really what is needed for healthcare reform and cost containment sheds light on the subject. There is the concept of Electronic Health Records (EHR). EMR is a digital version of paper charts in the Doctor’s office, scanned for archival and supposedly sharing purposes among vetted parties. Right answer, wrong question. A move to EHR takes these digitized documents and facilitates sharing throughout the whole system by design. “The EHR represents the ability to easily share medical information among stakeholders and to have a patient’s information follow him or her through the various modalities of care engaged by that individual” (Peter Garrett & Joshua Seidman PhD, 2011, para. 6). This was five years ago little action taken on this. The facility certainly dropped the ball with the information passing with the patient suffering negative outcomes because someone did not think through a system promoted by “suits” who generally do not have a clue on what happens on the front lines of care. This leads us to the present. National Coordinator for Health IT Karen DeSalvo wants to move forward with public access of their own data with a measure of control that is anathema to the profitable business of “blocking” data. the Office of the National Coordinator (ONC) said its 2016 goals include continuing to “build the economic case for interoperability,” coordinate with industry stakeholders to increase enhance consumer access to data, and to discourage health information blocking (Hall, 2016, para. 8). There are many avenues to making dollars in the corporate world; I do not understand how blocking data allows happening beyond a potential lock-in similar to Windows lock in for personal computing back in the day.

BCBSNC Shakeup

A recent media report has the #2 person at Blue Cross Blue Shield of North Carolina (BCBSNC) has resigned leaving behind a mess of a computer system tied to mistaken billing of customers and other software issues.

nameAlan HughestitleChief Operating Officer (COO)compensation$1.77M (2014)
(John Murawski, 2016)

I was a customer of BCBSNC during my “interim” period prior to Medicare [long story] and based on most of my interactions with them on the phone and in person, no surprise of their flawed systems. Someone has to fall on their sword and there is usually a severance associated with this, which was not disclosed in the piece, but I do not think he will visit the poor side of Durham County anytime soon. When your background is the Chief Information Officer (CIO) and the information system does not work properly, it happens. The Department of Insurance has reported 11,162 customer calls as of April 1, including 2,346 complaints against the insurer. The agency’s investigation could result in fines against Blue Cross up to $1,000 per violation per day (John Murawski, 2016). That has to leave a mark, but it is election year in North Carolina, so “stay tuned”.

Ransomware

UPDATED: Symantec said, “The 2007 and 2010 fixes referenced in the article were not contributing factors in this event” (Ann C Nickels, 2016). Further comment will not emanate from MedStar concurrent to the advice of IT, cybersecurity and law enforcement experts.

This topic will not go away. The hackers that penetrated MedStar Health in the Maryland/DC region came in through a 9 year exploit named JBoss, an application server courtesy of Red Hat Inc. (Tami Abdollah, 2016). As night turns into day, the hospital chain denies this. It must be stated that part of the mission of hackers is to expose weak spots where found. This time, it is the Samas or “samsam” vector specifically for JBoss middleware and other Java based servers. More details can be found here and here. When an IT person in charge of security ignore application threats from the writers of such software and the government on at least 2 other occasions, that would fit the definition of maleficence. MedStar is in deep doo doo, but admitting it would bring more of the wrong kind of attention in a competitive marketplace. Never mind these breaches are not specific to this chain.

Bibliography

Ann C Nickels. (2016, April 6). MedStar Response to Incorrect Media Reports. MedStar Health. Retrieved from http://www.medstarhealth.org/mhs/2016/04/06/medstar-response-incorrect-media-reports/

Susan D Hall. (2016, April 7). Karen DeSalvo: Tech can improve patients’ access to health data. Retrieved April 7, 2016, from http://www.fiercehealthit.com/story/karen-desalvo-tech-can-improve-patients-acesss-health-data/2016-04-07

John Murawski. (2016, April 5). Blue Cross executive resigns amid technology fiasco | News & Observer. The News and Observer. Raleigh, NC. Retrieved from http://www.newsobserver.com/news/business/article70020192.html

Peter Garrett, & Joshua Seidman PhD. (2011, January 4). EMR vs EHR — What is the Difference? Retrieved from https://www.healthit.gov/buzz-blog/electronic-health-and-medical-records/emr-vs-ehr-difference/

Tami Abdollah. (2016, April 5). Hackers broke into hospitals despite software flaw warnings. AP The Big Story. Washington DC. Retrieved from http://bigstory.ap.org/article/86401c5c2f7e43b79d7decb04a0022b4/hackers-broke-hospitals-despite-software-flaw-warnings