Blog‎ > ‎

Smart Traffic Control, Insurance, Statistics, Big Data, Bias, Probability, Discrimination, Phishing

posted May 13, 2016, 10:54 PM by Sami Lehtinen   [ updated May 13, 2016, 10:55 PM ]
  • Many smart traffic control systems just only get data from 3rd party, without proper authentication. That makes all kind of interesting attacks very easy if data isn't properly validated. Data quality can be also very bad, if there's no someone responsible for it. Yet using integrated data for stuff like logistics, would bring enormous changes and cost savings. - Mobility as a Services (MaaS). What kind of centralized control systems are used for in city UAV traffic etc? Can data be trusted? As example some systems like transponder systems used on airplanes are vulnerable to multitude of different attack vectors. Yet also the promises and additional value, cost savings and so on are really awesome for these future technologies if things are just done right. What is right, I guess nobody knows right now.
  • One Finnish insurance company is now using application to collect data about your driving behavior and reduce your insurance fees based on that. I wonder if it only collects driving data, or something else too. But this has been one of the topics being discussed about big data for a long time. Insurance companies are very keen to get that data, because even if it wouldn't be 'highly accurate' having any data is better than no data at all. I think they would love to collect: Financial records, criminal history, drivers license history, driving history, travel history, medical history, purchase history, social media posts and likes, social network analysis and so on. List goes on. It's also easy to forget that usually these activities are highly interlinked, so even if you wouldn't have all data, you can assume some areas based on some other data pretty reliably. It's interesting question if that can count as discrimination? If 98% of things with feature X are 'flagged'. Should that be called discrimination or accuracy? Yes, that will probably lead you getting flagged if you have feature X. But that's totally reasonable. I don't like some things about these talks, they always claim that something can be used against women or minorities. What about straight Caucasian males? Who's going to defend them? What if statistics show that Tibetan Buddhist Monk has lower probability to engage anti-social behavior that drunk Caucasian males? Is that wrong? Or is it again accuracy and just something that normal people could be biased about?
  • Because some features are interlinked (information leak), it might be possible to feed all data collected from your luggage by security scan and pass it for automated analytics. Even if it wouldn't reveal any contraband, it still could reveal "some combination of things" which might indicate that it's better to engage in additional checks. Using machine learning for this kind of analytics would probably be very efficient. It would be interesting question if it would be ethical? Maybe it would be a good idea to just feed features in and get true or false indication. Then pass back the result if anything bad was found or not. In this case the process would be complete black box, but at least it wouldn't discriminate anyone... I mean based on non-statistical reasons, ahem. But I'm pretty sure this is something which much smarter than I groups have been thinking for a long time. Statistical analytics and data processing isn't anything new at all. Actually when it's not being used efficiently makes me usually wonder more, don't they really get what they're missing when they're not using data analytics? - Related 32c3 talk: Say hi to your new boss: How algorithms might soon control our lives.
  • I'm just wondering if Nordea Bank's payments network being down is related to the massive phishing campaign which did run a few days before the bank's systems went down? In those phishing #emails they require you to send your long information by email to their #security #department,or they'll block access to the bank. I guess it's reasonable to first make that threat and then crash the bank. So even if people didn't react to the email immediately they'll remember it and might still act on it later. News didn't say anything about the phishing campaign, but I don't think it's random even. Because I received several (5+) scam mails from 'Nordea Bank' to give over my banking credentials a few days earlier. Afaik, that makes perfect sense. - Similarly sending first "security update to be installed" and telling users that site won't work without it and then DNS hijacking or DDoSing it would make perfect sense. First people don't install the packet, but when things go haywire they're stupid and try to fix it by installing the malware package.