 Coming up on DTNS, Apple recreates MTV. Is that a good idea? Two tech publications want to collect your data to reveal how algorithms work. Is that a good idea? And David Spark is here coincidentally to play the What's Worst Game. This is the Daily Tech News show for Monday, October 19th, 2020 in Los Angeles on Tom Merritt. And I'm Roger Chang, the show's producer. Sarah Lane has the week off, but as I mentioned, David Spark, producer of the CISO series is here. David, welcome back to the show. It is great to be back here. I've been on for a number of years and it usually was always around the RSA conference. Right. But I'm coming back to play a game with you this time and we'll see how well you play and whether I'll be challenging you again. By the end of the show, I will know whether the only choice was not to play. We were just talking about kids and all kinds of fun stuff on Good Day Internet. If you want that wider conversation, we were even speculating about whether Intel's becoming IBM. You gotta become a member at patreon.com slash DTNS. Let's start with a few tech things you should know. Facebook claims its new M2M 100 translation model is the first multilingual machine translation model that can translate directly between any set of a hundred languages. Many automated machine translation systems actually translate a language first to English and then into another language. Facebook claims the new model doesn't need to do that. It can just go straight from one language to the other and outperforms English-centric approaches by 10 points on bilingual evaluation understudy metrics. Ireland's data protection commissioner announced it was investigating Instagram over its use of children's personal data. The investigation comes from a complaint that Instagram users that were younger than 18 are easily able to convert personal accounts to business accounts, publicly displaying phone numbers and email addresses which might run afoul of GDPR privacy rules. The Pakistan Telecommunications Authority announced it lifted its 11-day ban on TikTok. After TikTok senior management agreed to moderate the platform in accordance with quote, societal norms and the laws of Pakistan. TikTok also committed to block users who continually published content that regulator deems unlawful. So that's a rare recent win for TikTok. A closed beta of Facebook's updated Messenger API now supports sending Instagram messages that'll allow business accounts to build pre-configured automatic responses to common questions and then plug-in communications to the CRM systems. The Messenger API itself doesn't support cross-app communication and the European Union antitrust regulators extended the deadline to decide on Google's $2.1 billion acquisition of Fitbit from December 23rd to January 8th of 2021. So Fitbit users who don't wanna be part of Google got a little more time. The deal was originally announced November 1st, 2019. So it will be more than a year by the time it gets approved if it gets approved. All right, let's talk a little more about that Apple Music channel. Apple launched Apple Music TV in the United States. It's a free live stream channel. You don't have to be a subscriber to any of Apple's services to get it. It's curated music videos. You can play it out of the Apple Music or Apple TV apps either one. They do have a link to apple.co slash Apple Music TV. That just takes you to the Apple TV app though. So you really need one of those two apps. Though it doesn't matter what platform you're on as long as you have one of those apps doesn't have to be an Apple platform. The channel premieres new videos every Friday at noon Eastern time with Apple saying the channel will feature special curated music video blocks, live shows and events as well as chart countdowns and guests. In fact, this week has examples of all of those things. On Monday, the channel launched with Apple Music's all time top 100 songs not played in order to my own silly chagrin but they were just kind of put them on shuffle. They would tell you what number it was before they played it though. Thursday will be all Bruce Springsteen day with videos playing most of the day then an interview with Zane Lowe and the release of a new album from Bruce Springsteen along with a launch of a documentary on Apple TV and a virtual event with a thousand fans. Besides those event programming though they'll have just regular programming where they just play the hits, Blackpink, Dua Lipa, Cardi B, that kind of stuff. That is what you'll get most of the time. David, I don't know, stuff like this to our generation sounds like MTV from the 80s being recreated for the modern age, right? Well, here's what I like about this as I was looking through and as you kind of described it is actual programming. There is, yes, plenty of music videos you can get online via Vivo and via YouTube music and stuff but they are actually programming content and I must say kudos to them. I love the fact that there's program music content and I'm guessing here they're gonna have kind of a VJ characters all that time. Now, back in the day when we watched MTV these music videos drove record sales my guess making this free is gonna hopefully drive subscriptions for Apple because they need it given that they were the kings of the music scene that just essentially got displaced by Spotify. Yeah, and they've been gaining that ground back but they've needed to gain it back. Spotify and Apple Music are now the two top popular worldwide, not popular in every region necessarily. Spotify's I think popular in more regions than Apple Music is, which is part of it. I'm skeptical about this. I know that they still do Apple Music One which used to be Beats One and they must find it worthwhile because they pour all that money into DJs and Zane Low and all of that stuff. I was very into listening to that when it launched but I haven't listened to it in a long, long time. This feels like the same thing but for videos. Like it's a lean back experience. It seems cool. I put it on, was watching. I was like, all right, yeah, this has got that old MTV vibe. Just play me some videos, play me some music but it had no interactive features. I couldn't tell what music was playing unless I already knew the song or waited till the end when they told me. Well, just look at that in version 1.0. My feeling is that something like that will be updated over time. But I don't know how many people will really use this. I suppose, like I said, Apple Music One may not be used in large amounts but it's used enough. And yeah, I think you're absolutely right that they're trying to sell something. I see people watching it like they watch MTV. They turn it on, they leave it on like they leave the radio on. Will they turn it on though? I get the sense they will because I just like the idea of music programming and they're having some type of, you know, video jockey, disc jockey, whatever to make that all happen. Yeah, that's what I liked about Beats One when it launched was, oh, this is going to expose me to things that I wouldn't. But I kind of fell off of that. Maybe it's just- I agree. Yeah. Google announced it will discontinue its emergency location sharing app, Trusted Contacts. That will stop working December 1st. You can keep working on it till then. However, you can't get it from the Play Store. They already removed it. The app launched back in 2017, if you're not aware of it, it lets you designate trusted contacts who are allowed to request to see your location at any time. So you say, okay, I have my wife and David Spark. Are the only people who could find out where I am at any time. This sounds like a good pod. The only people I trust. So you, David, could ping me and like, hey, are you okay? Where are you at? I could decline and say, I'm fine, but I'm not going to tell you where I am. But if I didn't respond, it would automatically send you my location. And again, this is because you're a trusted contact. Only a trusted contact would get to do that. I could also preemptively share my location. If it's like, hey, I'm headed home now. I'm going to share my location while I'm headed home. Here you go. Google suggests- Which my wife does that via Google Maps all the time. And that's perfect because Google suggests that real-time location in Google Maps is the replacement for trusted contacts because you can do that like, here I'm going to share my location with you for an hour because I'm headed home. But that function can only be set for specific time periods. The default is an hour or it's on all the time, not just by request. Trusted contacts wasn't on all the time unless one of the trusted contacts or you, the user, activated it. So trusted contacts wouldn't show your location every single moment. Although, and it would also show if you moved locations or if your phone was online or not. Again, Google Maps doesn't do that. Well, so it's very interesting. I just want to sort of back up and say it's very interesting. We're having this sort of concern of privacy and you're speaking the nuances between trusted contact and Google Maps. And I remember exactly, just excuse me, 10 and a half years ago, I was in an event at the Ritz Carlton in Lake Tahoe and Eric Schmidt, the then CEO of Google was speaking. And he said, and this was 10 years ago, that we can predict with very good certainty where you are going to go next. Now, if you said something like that today, everyone's privacy alerts would shoot through the screen or through the roof. Yeah. Back then, I don't think anyone blinked. Yeah, everyone was like, that sounds cool. The subject of privacy didn't even come up. Right. Like, oh, think of all the things you could do then, like get my order ready at the Starbucks without me even having to do anything. Yeah, it was all. Didn't I hit anybody's radar privacy? It was all sunshine and rainbows back then. And to that point, I imagine the reason they're getting rid of trusted contacts is they want fewer exposures to privacy violations. And every one of these apps that they have to monitor and file privacy filings under California law, European law, et cetera, is more overhead. So they're probably like, you know what? Let's just do it for Google Maps. Let's work on Google Maps, something we can manage and let's get rid of some of these extraneous things that probably aren't used as often. Well, the other thing is Apple is doing this big play where they're making privacy a differentiator and that it's a competitive differentiator and Google is seeing this and they're realizing, oh, maybe we should do this because then that will make our product more attractive. Non-profit tech news publication, The Markup, announced a joint project with the New York Times called Citizen Browser. It aims to create a custom web browser that it would use to audit information-sharing algorithms from social media platforms. The idea is to find out what do these algorithms actually do? How do they work? So the focus will be on YouTube and Facebook, looking at what information is served to users, how news is shown on the platforms and why communities users are encouraged to join. To do this, The Markup is putting together an academic panel. So they are getting 1,200 people to install the browser and then share the real-time data. The panel is going to be made up of a statistically valid sample of the US population across age, race, gender, geography, and political affiliation with all personally identifiable information removed and discarded before the analysis begins. This is different. If you remember last September, or just this past September, we talked about Regrets Reporter. That's an extension launched by Mozilla last month that lets any user report a regrettable recommendation made by the YouTube algorithm. The Markup is going to work with the New York Times to analyze data and determine a broader question, which is, what content are the platforms choosing to amplify and to whom are they amplifying it? And this is something people have said they think they know. The social networks are always amplifying content to the people I don't like, and they're always amplifying the content I don't like. But this is actually going to try to get to the bottom of that and say, but are they really? And for people who like different kinds of content, what is the stuff that actually gets amplified and to whom? How do these algorithms actually work? And because these companies aren't part of Facebook and YouTube, they will be doing that independently. So I will clarify that we were discussing beforehand that I thought this stunk of the Facebook issue with you. Remember they had that app where, unfortunately they got 13 year olds, they were paying them to watch their usage. This is not the case then. And the fact that the point of this exercise, and they're making it very clear that this limit of it is we just want to know how information gets in, how it gets out, and who's consuming it pretty much. I'm going to those say 1200 people to sample the entire country. That seems really, really small, doesn't it? It depends on how it's made up. There's over 350 million people. I mean, 1200 does not seem representative at all. My research scientist in the audience, please write in feedback at dailytechnewshow.com with your most concise explanation of representative sampling. So polls used, someone said polls used 1,000 to 1,500, which is in that range, okay. I mean, it's all about how you do it. If you select it properly, you get a very statistically valid result and you can actually calculate how valid it is, like within a margin of error, right? So 1200 seems reasonable. Well, according to S. Kelly 2909, that is reasonable. Yeah, I don't know that S. Kelly 2909 has a citation for that. No, I don't know. Well, I'm just starting to trust. But yeah, I mean, I would agree with them based on my answer. I'm just literally guessing that that seems so small for such an enormous population. It always does. Anybody who's never done these kinds of statistical analyses, it always sounds ridiculous, right? But there's also plenty of examples where you've used a population of that size and not gotten correct results because the methodology was wrong. So there's also that to look at. But if the methodology is right, you can get a pretty fair approximation and nobody pays attention to those studies because they were done right. And so it's no fun to point out. Anyways, S. Kelly is citing his stats class from 10 years ago. There we go. Okay, I like that. Good citation. So yeah, I do think this is a potentially good study. But let's just talk about the end result for a second. Your point is well taken. The devil's in the details, right? I'm not seeing what statistical researchers they have. What disciplinary people they have. I'm seeing the markup in the New York Times which are journalists. That doesn't necessarily mean it'll be done right, right? Well, I don't know, but I'm just saying at the end result, I would love to know this end result. I think we all would. Yeah, I'm hoping it's done right. I'm hoping there's some reliable people on board that aren't in the press release that they issued today and that it does shed some light to say like, here's what it really does and here's what it doesn't. Cause I've always said, it's not that they have no effect. It's that they may not have the effect we all guess they do. And if we end up basing congressional policy and laws and court cases and public pressure on the wrong things, we're not gonna get the result we want. We're not gonna fix the problems we wanna fix. Hey, folks, you can join in this conversation in our Discord, which happens 24 seven. There's always folks in there talking about tech. You can join that by linking to a Patreon account at patreon.com slash D T N S. All right, folks, this is a D T N S first. We have never before played an avowed game to my knowledge. I may be forgetting something, but I think this is the first time we've actually ever played a game on Daily Tech News Show and it is a tech related game and it is a content oriented game. David, you play this on your own shows, right? I play it on my show. In fact, here, let's get the intro music. It's time to play What's Worse. All right, let me explain how this works. The title pretty much says it all. I'm gonna give you a couple of scenarios and Roger's gonna join in and play as well. And most of these scenarios are submitted by listeners of the podcast. The main podcast I do is called the CISO Security Vendor Relationship podcast. I have four shows on the CISO series, but this show is hands down our most, or this game is hands down our most popular game. We actually play a lot of games on our shows. And so I will give you two scenarios. They're both awful. That's the key thing here. They're both scenarios that a cybersecurity professional might run into or not. Maybe kind of a silly, fictational thing. But what you have to do is determine which of these two is not the preferable, but the worst. And so what it really is, it's a risk management game. You are just managing risk here, all right? It's like voting. Exactly, very good. All right, so here's the first one. This comes from Phil Huggins of GoCardless. And here's the scenario. You work for a global business with offices in China. Your global CEO is in China and has dropped her phone, smashing the screen. She does not fly for 36 hours. Should she get the screen replaced at a local phone shop in China? She asked, which is good, but you would be really annoyed if she can't talk to anyone for an entire day. Do you let her get it replaced and clean up the risk that may be on that phone? Or just fly out, tell her no, and take the angry CEO. We'll start with you, Tom Merritt. What do you think? Which one is worse? What scenario is worse? I say, I will, this is easy because I'm not actually a security professional who has that CEO to deal with, but I'm gonna say deal with the angry CEO. I'm not gonna risk the data being out there away. In fact, I'm gonna tell her to like, you know, crack the phone in half and buy a new one, come on. All right, Roger, what do you say? Do you agree or disagree with? I would say, I would say, I would go with the, get the phone screen replaced. So get it replaced and deal with the security issues and what's your rationale for that, Roger? You wanna have a CEO that's in the right frame of reference, especially when dealing with any number of corporate related tasks. You want them to be in a good mood and not to be out of it, to kind of be focused on the task at hand. All right, so I'm gonna say, Roger, you were closest to the answers of the other CISOs that we got, but not right on it. Tom, you were very much off target and I'll explain why. So most of the CISOs that we interviewed on this one and my guess, they opted for let her just go and replace it and deal with it when you come back. And for this reason, security works for the business. Having a CEO out of communication for an entire day is not good for the business. So the worst scenario would be to not let her have her phone and use it, which is not what you chose. You actually chose. Well, and it makes sense. It makes sense because you're talking about trade-offs here. You're like, we think it's properly encrypted. We're not too worried. Maybe she's got a trusted repair shop that she goes to. Like in practice, I can see why that is the proper answer. My head was going more towards like, pull that SIM card out, wipe that thing, get a new phone, which isn't an option, right? But again, there can be security that disables the business and there's a security that enables the business. Now, I want to know, there are no right or wrong answers here, but it's more the, it's your rationale for your decision. Okay, so there's no right or wrong answers, but I'm O for one, got it. More or less. Actually here, I'll give you the. All right, sorry about that. Okay, so here we go. Let's go to the next one. This is an actual real story. This actually happened. All right, so what you'll do is you'll answer it and I'll tell you what actually happened, what the choice was. All right, so this actually comes from Karen Worstel of the WRISC group and it happened back in 1992 at the world's largest aerospace company and her team was responsible for providing analysis and recommendations to management. Okay, what's worth? You've got a security incident underway via unknown vector and it is daily popping your servers across your environment one by one. Every single one of these UNIX servers supports mission critical operations and they eventually will all be compromised. Tracing it has proven fruitless, so has stopping it. Of the half a dozen or so possible entry vectors, you could pull the plug on all of them and break their point of entry, but that would compromise law enforcement's efforts who are moving at a snail's pace in order to get the necessary court orders. You just discovered today that your servers are being used to crack password files for multiple companies in the US and you just found a successfully cracked password file for the third US district court residing in your service. All right, very long setup here. So here are your options. Do you pull the plug and contain and limit the damage or leave the door open and allow additional machines to be cracked in order to continue to gather data that the FBI wants to use in prosecution? I'll start with you, Roger. Oh, I say let the cracking continue because you need to have enough information to build the prosecutable case in court. All right, and Tom, what did you say? No, pull those plugs, shut it down. The risk of when it got to the court having a cracked password, it became too far. I would be with Roger until you're actually starting to endanger other entities outside your own and you need to stop that liability and stop it in its tracks. All right, well, once again, I'm gonna have to say this for Roger, he got the answer that was the actual true story and that was they did not pull the plug. They were able to actually catch the criminals operating out of a Seattle location and they charged a perpet with conspiracy to defraud the US government. But I should mention that Karen always thought that might have been the better outcome to do what you said, Tom, that maybe they, well, they should have pulled the plug and saved themselves. Why didn't she listen to me from the future? You got one left. All right, let me give you one more. This one's a silly one. And I'm gonna just tell you right now, you're both gonna get in trouble for this one, all right? And I'll give you, I forgot to give you answer music last time, okay? Here you go. Which one of your family members would be the worst at being a CISO, as Chief Information Security Officer? Who would it be? Uh, my mother would be the, be the worst. And I say that because all she has is an iPhone. She doesn't have a computer? No, she doesn't. Yeah, so that'd be really bad. Especially if her screen got cracked, right? All right, Roger, who would you pick? I would say my wife because she knows enough about technology, but also enough to get things wrong, like how things work. She understands the broad concept of how security works. She doesn't understand the- She knows enough to be dangerous? Would she be good at managing others? No, because she would know all the tendrils. Like she wouldn't know, like, yeah. All right, all good answers, by the way. I said an answer that is similar to one I saw in the chat room, my seven-year-old son. He would not be good. He would probably be the worst member. I was assuming my dogs were not on the table, or I would have chosen one of them. You could have chosen the dogs. Actually, Ray would be a very good CISO. She's a German Shepherd, very good with security. Actually, yes. Border Collie, maybe not so much. They are very, they're actually trained for security. Yeah, yeah, exactly. That was so much fun, David. So you do this regularly on your show then. On the CISO Security Vendor Relationship Podcast, we play it around every single time. We play other games, too, on the shows. We have a game on our, we have a weekly video chat. We play a game called Best Bad Idea, where people come up with the worst ideas given whatever the topic is. And then I force my guest to play a game called the Department of Yes, which I don't know if you know, Security Department to refer to as the Department of No, because they keep projecting the things a business one. So I flip the tables and our guests are forced to say yes to really bad ideas and explain why they're gonna deploy them. And that actually, it's some really creative out-of-the-box thinking there, it's fun. All right, before we wrap this up, we've got one more story to talk about 4G in space, specifically the moon. NASA announced last week that it has given Nokia-owned Bell Labs a $14.1 million grant to build out the first 4G LTE network on the moon as part of plans to create a human presence. That begins with the Artemis mission to send the first woman and next man to the moon in 2024 and a lunar base be established by 2028. The network will use radiation-hardened portable cell sites so they can be moved around and reconfigured. They have lower power use, but that also means smaller range, but that lets astronauts control lunar rovers, navigate geography in real time, stream videos to each other. It's not so much about being connected to the earth as being connected to each other as they rove around on the moon. The 4G network is alongside other similar lunar surface innovations, including fast wireless charging and a chemical heat and electrical power source that can survive extreme temperatures. The network is also designed to be upgraded to 5G in the future so they can take advantage of some of that extra capacity once they build it up enough that they need it, and some of the low-latency features of 5G as well. No word on whether Y-Max will reach the moon, although I imagine some people may have ejected their Y-Max phones skyward, and those might have landed on the moon accidentally. Will you be excited to use your 4G phone on the moon, David? I have no plans to go to the moon right now. You never know. We had a hard time driving to Half Moon Bay, so... Yeah, well, do they have 4G service in the Half Moon, then? Oh, that's a good point. Let's check out the mailbag too. Christopher Ashmore wrote in and said, Tom and crew, I recently listened to an episode of a podcast called Brave New Planet. Aldous Huxley referenced anyone. They discussed deepfakes, and I was surprised to realize that I had heard almost everything they had to talk about. Gans, CDA section 230, et cetera, on DTNS. I love how up to date I am, thanks to you all. I even scoffed when they mentioned GPT-2, because I know about GPT-3, because we had Andrew Main on, talking about that not too long ago. That's great, Chris, I'm very glad to hear that. That is always our aim here, to give you a wide variety of things to help you understand the technology world better as you move around in it. So thank you, Christopher, for that email. Keep those emails coming, folks. Feedback at DailyTechNewsShow.com. Also, a big shout out to the patrons at our top levels. Master and Grandmaster levels provide the most support. We're really appreciative of those folks, Daniel Dorado, Craig Meyer, and Phillip Les. And of course, we're very appreciative of David Spark. What do you got going on, man? Tell folks about your projects. So for those of you, especially if you're in cybersecurity or have any interest in cybersecurity or wanna connect with the cybersecurity community, I welcome you to come to CISOseries.com. That is where we have four shows. We have three podcasts. One is the CISO Security Vendor Relationship Podcast. We talk about the relationships between buyers and sellers of security products. And then we have Defense and Depth, where we pick one topic in security and go in depth on it. And we have another show of which we have one of your great reporters is a part of called Cybersecurity Headlines, which I lovingly lifted from you some of the format and also lovingly lifted one of your reporters, Rich Strafilino. So thank you very much. So if you're one of these people loves hearing Rich Strafilino give you the tech headlines, you're like, how could I give more Rich Strafilino among a few other reporters as well? But giving me cybersecurity headlines, I suggest you listen to that. Just six minutes every day, similar to format to you, eight great cybersecurity stories, just hear it every morning, 6 a.m. And then the very last thing I wanna mention is that every Friday at 10 a.m. Pacific, we do a CISO series video chat. We play that game, The Best Bad Idea, and the Department of Yes, among other things, and we have a different topic each week. This Friday is the build versus buy decision, specifically around automation. And then we also do a really fun meetup at the end as well, a virtual meetup. Very cool. Go check that out. CISOseries.com. There you go. Hey, folks, DTNS is also available as a video podcast. You can get the video RSS feed at dailytechnewshow.com slash subscribe. We're live Monday through Friday, 4 30 Eastern, 20 30 UTC. Find out more at dailytechnewshow.com slash live back tomorrow with Lamar Wilson and Allison Sheridan. Talk to you then. This show is part of the Frog Pants Network. Get more at frogpants.com. Time in the club hopes you have enjoyed this program.