- 2017, September 5, ZDNet, “Cybersecurity specialisation status up for grabs with new ACS accreditation program” — it would be so great to see IT become like an apprenticeship. Coding and security are like trades – it is a craft and takes time to develop. If there is a ‘skills crisis’ why not implement a program that provides a level of assurance of employment and on-the-job training?
- 2017, September 5, SSRN, “When Machines Learn to Collude: Lessons from a Recent Research Study on Artificial Intelligence“
- 2017, September 5, SSRN, “Algorithmic Risk Assessment Policing Models: Lessons from the Durham Hart Model and ‘Experimental’ Proportionality” — interesting. A UK version of the COMPAS program. I think the authors have covered a good range of governance issues, and ask the right questions. The model is not as opaque as they suggest (I think they conflate machine learning with neural networks) – it is a random forest model that can be validated (which they accurately describe the trade-offs of bias). A more interesting question is to ask: a) how the model would be constructed as a deep learning model, and b) if it would perform ‘better’?
- 2017, September 5, SSRN, “Are Robo-Advisors Fiduciaries?“
- 2017, September 5, SSRN, “How Should Robo-Advisors Be Regulated? Unanswered Regulatory Questions“
- 2017, September 5, SSRN, “Regulatory Focus on Robo-Advisors“
- 2017, September 5, SSRN, “How are Robo-Advisors Regulated?” — these are interesting issues. Just like it is hard to attribute any consciousness or ‘blame’ to a machine learning model, it is hard to say that a model has a person’s best interests ‘in mind’ when producing its output. So I think the question will fall back to assurance: what controls has the developer put in place to ensure the output is as accurate as possible? Has the customer been informed of its limitations? What monitoring does the developer do to ensure the model remains valid? Well, there is an endless list of questions to ask … I think it comes down to the customer making an informed decision and some measure of oversight of developers.
- 2017, September 4, SSRN, “The Forthcoming General Data Protection Regulation in the EU: Higher Compliance Costs Might Slow Down Small and Medium-Sized Enterprises’ Adoption of Infrastructure as a Service” — I’m not that I understand the true concern of the author. She refers to an Article 29 Working Party paper that a cloud provider may be deemed a data processor. This is from 2012 and I assume a newer interpretation exists for GDPR. But, even if this older opinion remains, how does it deter SMEs from using a cloud provider (IaaS)? The bulk of this compliance cost resides with the provider, not the SME. Perhaps there is a slight increase in cost to use IaaS services because the provider has an added compliance burden; but I am sure the increase will not be prohibitive. Nevertheless, it’s an interesting issue to consider given the popularity of cloud services.
- 2017, September 2, Government of Canada, “Breach of Security Safeguards Regulations“
Other Interesting Items
The Commonwealth Bank is hiring a ‘Cryptographic Services Specialist’. Looks like they are taking enterprise security seriously. The recent episodes (particularly Part 2) of ‘Snake Oilers’ that is part of the Risky Business podcast highlight some vendors in this space. I am very impressed with what Yubico is up to. I already use their Yubikey and it is a great 2FA option.
The Yubico HSM sound brilliant. Not long ago I wrote a post about how it would be great to store encryption keys on a hardware module. Well, this is it!