Social Media Analytics Drivers

By Aydin Farrokhi and Dr. Wael Hassan

Today, the public has remarkable power and reach by which they can share their news, and express their opinion, about any product or services or even react to an existing state of affairs, especially regarding social or political issues. For example, in marketing, consumer voices can have an enormous influence in shaping the opinions of other consumers. Similarly, in politics, public opinion can influence loyalties, decisions, and advocacy.

While increasingly organizations are adopting and embracing social media, the motive for each establishment to use social media varies. Some of the key drivers for adopting social media include:

Economic drivers:

Market research and new product
Need for better consumer
Need to gain competitive
Need to improve customer
Need to develop new products and
Need to increase Return on Marketing Investment (ROMI)
Top strategic actions to maximize social media spend
Improve ability to respond to customer’s wants and needs
Build social media measurement into marketing campaigns and brand promotions
Maximize marketing campaign and effectiveness
Align social media monitoring capabilities to overall business objectives

Political drivers:

Public opinion research and new motto
Need for better public
Need to gain competitive
Need to improve public
Need to develop new
Need to increase Return on Campaigning Investment (ROCI)
Top strategic actions to maximize social media spend
Improve ability to respond to the public’s wants and needs
Build social media measurement into political campaign and publicity promotions
Maximize political campaign and effectiveness
Align social media monitoring capabilities to overall political agenda

In general, there are three major categories of methods for analyzing social media data. These analytical tools can be grouped as either Content Analysis tools, Group and Network Analysis tools or Prediction tools.

Overcoming the Challenges of Privacy of Social Media in Canada

By Aydin Farrokhi and Dr. Wael Hassan

In Canada data protection is regulated by both federal and provincial legislation. Organizations and other companies who capture and store personal information are subject to several laws in Canada. In the course of commercial activities, the federal Personal Information Protection and Electronic Documents Act (PIPEDA) became law in 2004. PIPEDA requires organizations to obtain consent from individual whose data being collected, used, or disclosed to third parties. By definition personal data includes any information that can be used to identify an individual other than information that is publicly available. Personal information can only be used for the purpose it was collected and individuals have the right to access their personal information held by an organization.

Amendments to PIPEDA

The compliance and enforcement in PIPEDA may not be strong enough to address big data privacy aspects. The Digital Privacy Act (Also known as Bill S_4) received Royal Assent and now is law. Under this law if it becomes entirely enforced, the Privacy Commissioner can bring a motion against the violating company and a fine up to $100,000.

The Digital Privacy Act amends and expands PIPEDA in several respects:

The definition of “consent” is updated: It adds to PIPEDA’s consent and knowledge requirement. The DPA requires reasonable expectation that the individual understands what they are consenting to. The expectation is that the individual understands the nature, purpose and consequence of the collection, use or disclosure of their personal data. Children and vulnerable individuals have specific

There are some exceptions to this rule. Managing employees, fraud investigations and certain business transactions are to name a few.

Breach reporting to the Commissioner is mandatory (not yet in force)
Timely breach notifications to be sent to the impacted individuals: the mandatory notification must explain the significance of the breach and what can be done, or has been done to lessen the risk of the
Breach record keeping mandated: All breaches affecting personal information whether or not there has been a real risk of significant harm is mandatory to be kept for records. These records may be requested by the Commissioner or be required in discovery by litigant or asked by the insurance company to assess the premiums for cyber
Failure to report a breach to the Commissioner or the impacted individuals may result in significant

Cross-Border Transfer of Big Data

The federal Privacy Commissioner’s position in personal information transferred to a foreign third party is that transferred information is subject to the laws and regulations of the foreign country and no contracts can override those laws. There is no consent required for transferring personal data to a foreign third party. Depending on the sensitivity of the personal data a notification to the affected individuals that their information may be stored or accessed outside of Canada and potential impact this may have on their privacy rights.

Personal Information- Ontario Privacy Legislations

The Freedom of Information and Protection of Privacy Act, the Municipal Freedom of Information and Protection of Privacy Act and Personal Health Information Protection Act are three major legislations that organizations such as government ministries, municipalities, police services, health care providers and school boards are to comply with when collecting, using and disclosing personal information. The office of the Information and Privacy Commissioner of Ontario (IPC) is responsible for monitoring and enforcing these acts.

In big data projects the IPC works closely with government institutions to ensure compliance with the laws. With big data projects, information collected for one reason may be collectively used with information acquired for another reasons. If not properly managed, big data projects may be contrary to Ontario’s privacy laws.

The Necessity of Multi-Scanning

Last Friday, the WannaCry cyberattack effected more than 300,000 computers, impacting thousands of businesses, hospitals and enterprises, across 153 countries by taking advantage of outdated versions of Windows that never had updated Microsoft’s crucial security upgrades.

With the increasing amounts of advance threats by attackers and the overall skyrocketing growth of malware, relying on a single anti-malware engine is no longer sufficient for high-security networks.

Anti-malware, multi-scanning softwares are essential for improving security because they significantly increase the intensification of malware detection rates and consequently, reduce the susceptibilities created by a specific anti-malaware engine’s shortcomings. Multiscanning refers to the process of running multiple anti-malware or antivirus engines concurrently. Multi-Scanning anti-malaware tools also have the added features of meaningfully reducing the number of days of exposure to new malware outbreaks and often can protect systems from malware targeting a variety of system at once, including Windows, Mac, Linux, iOS, and Android operating systems.

No single anti-virus software is perfect. Each product will have it’s own strength and weaknesses when it comes to detecting some threats. Likewise, every emerging threat that has the possibility to be detected, will be detected at a different rate by different engines Studies have found that no single engine detects every possible threat. Thus, it is only by combining multiple engines in a multi-scanning type of solution will all possible threats be detected quickly. One downfall of ‘multi-scanning incorrectly’, is that running multiple engines instantaneously can result in conflicts to your servers that lead to system freezes and application failures. Another downfall is that it increases the amount of false positives you can receive. Lastly, multi-scanning can be very costly, especially for smaller-scale enterprises.

Fortunately, many vendors have come up with technology that is able to conduct a multi-scan, and detect all types of malware in a single tool, without the hassle of licensing and maintaining multiple antivirus engines. Such vendors allow you to improve your malware detection, decrease the detection time of an outbreak and increase resiliency to antivirus engines’ vulnerability. However, determining the right number of tools or which one to select depends on the volume of the data being protected, the value of this data and the severity and frequency of potential attacks.

Security experts are predicting that malware attacks are expected to increase in frequency and severity, multi-scanning anti-malaware solutions can be our best line of defense. Using anti-malware in a multi-scanning process, or tools that automatically multi-scan can be used to ensure the safety of your organization’s servers, the email attachments you open, web searches, sending confidential files securely and much more. Multi-scanning allows users and enterprises to control their early detecting engines to detect spear phishing and other specific types of targeted malware attacks. This in turn, will allow them to take action as quickly as possible.

Political Cyber Security

The daily life and economics of the global citizen depend each time more on a stable, secure, and resilient cyberspace. Even before was elected president, Donald Trump promised to make cybersecurity “an immediate and top priority for [his] administration.” Yet, months into his presidency, Trump and global leaders worldwide have struggled to deal with how policies should use their personal technology.

Cybersecurity has gotten sucked into the inevitable vortex of politicization.

Perhaps things first came into media attention when it was discovered that Hillary Clinton was using a private email server when she was Secretary of State. In response, Clinton has said that her use of personal email was in compliance with federal laws and State Department regulations, and that former secretaries of state had also maintained personal email accounts, though not their own private email servers. In a summary of its investigation into Clinton’s use of private email, the FBI concluded that a username and password for an email account on the server was compromised by an unknown entity, which had logged into the compromised email, read messages, and browsed attachments using a service called Tor. Unique to Hillary’s case is that the FBI had repeatedly noted that if a breach did occur that its agents might not be able to tell, but that there was no evidence previously to indicate that Hillary Clinton’s personal email account was hacked.

More recently, the campaign of the French presidential candidate Emmanuel Macron was hit on May 5^th, 2017 with leaked emails and other documents on a file-sharing website. Security analysts are under the impression that the huge leak of emails Macron’s campaign team might have been coordinated by the same group of individuals behind the Democratic National Committee leak that effected Clinton. In fact, the Macron campaign directly compared the hacking directly to the hacker targeting of Clinton campaign, in a statement that read: “Intervening in the last hour of an official campaign, this operation clearly seeks to destabilize democracy, as already seen in the United States’ last president campaign. We cannot tolerate that the vital interests of democracy are thus endangered.”

However, with the ‘Macron-hack’ emerged as an anonymous poster provided links to documents on Pastebin with the message: “This was passed on to me today so now I am giving it to you, the people.” This serves as an example of how authentic documents can easily be mixed on social media with fakes to perpetuate fake messages that can harm political campaigns. While France’s electoral commission aimed to prevent this hack from influencing the election by warning local media that sanctions can be placed on them if they spread this information, the overall effect this link will have on Macron is unknown.

While we acknowledge that it is difficult to assess the impact of breaches done to a single account on a server, these incidences raise fresh questions about the security of other electronic accounts of politicians.

Politicians are particularly vulnerable to cybersecurity threats for the following reasons:

All politicians use different or even multiple platforms (windows, mobile, app, etc.), different email systems (gmail, Hotmail, corporate exchange, yahoo) and different file sharing systems (dropbox, box, icloud) that makes it harder to employ the strictest security standards on each one
Politicians work with a lot of individuals for temporary amounts of time, such a volunteers. As such, it is hard to know who you’re working with sometimes.
There is also a lack of centralized administration. Cybersecurity tends to ascent traditional political fault lines, making it at best confusing territory for politicians.

Despite which side of the political aisle your ideas land on, there is little debate that cybersecurity continues to be a hot issue. Nowadays, for politicians, ignoring cyber issues could derail their career. Whether it be governments, individuals, or even campaign trails – the political cybersecurity world has experienced resurgence of threats.

Fortunately, the Blockchain’s alternative approach to storing and sharing information provides a way out of this security mess for four very important reasons:

The decentralized consensus nature of Blockchains makes it almost impossible to break into it.
Its platform agnostic, so it runs on any combination of operating system and underlying processor architecture.
Once configured, it does not need an administrator
Malware cannot break into it

A Blockchain is a register of records prepared in data batches called blocks that use cryptographic validation to link themselves together. Publishing keys on a Blockchain instead would eliminate the risk of false key propagation and enable applications to verify the identity of the people you are communicating with. Similarly, using a public Blockchain like Bitcoin would mean your entire system is decentralized with no single point of failure for attackers to target. As of right now, Estonia is one of the first countries to use Blockchain this way, although other governments are slowly warming up to Blockchain technology.

Moreover, there’s a rising tide for big data analytics to help combat cyber-threats and attackers. Social analytics tools can help be the first line of defense for politicians by combining machine learning, text mining modeling to provide an all-inclusive and amalgamated approach to security threat prediction, detection, and deterrence.
The cyberspace is the underlying infrastructure that holds the key to the modernity in technology. These types of threats are real and actively happening. The types of threats that have impacted politicians in the USA and Europe are real and actively happening. Blockchains and analytic tools will not be the golden ticket to fix everything that’s wrong with cybersecurity for politicians, but they can be a place to start. The Blockchain provides innovations that current systems and politicians could embrace.

For more information on how to protect yourself as a politician, please contact Waël Hassan, PhD.

Inappropriate Access detection using Machine Learning

Detecting Inappropriate Access to Personal Health Information

“While PHIPA has served Ontarians well over the last decade, rapid changes in technology and communications are demanding that we keep pace. With the growing use of electronic health records, the province needs a legislative framework that addresses the rights of individuals and the duties and obligations of health care providers in an electronic environment. Modernizing PHIPA will pave the way for a smooth and seamless transition toward 21st century health care while protecting our privacy.” – Brian Beamish, Information and Privacy Commissioner of Ontario

Event: 2016 PHIPA Connections Summit www.phipasummit.ca

Using Machine Learning Healthcare to detect healthcare snoopers

Talk By Dr. Wael Hassan and Dr. Daniel Fabbri

Open Electronic Medical Record (EMR) access environments trade clinician efficiency for patient privacy. Monitoring EMR accesses for inappropriate use is challenging due to access volumes and hospital dynamics. This talk presents the Explanation-Based Auditing System, which uses machine learning to quickly identify suspicious accesses, improving compliance officer efficiency and patient privacy.

Featuring:

Daniel Fabbri
PhD. Assistant Professor of Biomedical Informatics and Computer Science, Vanderbilt University,
Maize AnalyticsDaniel Fabbri, Ph.D., is an Assistant Professor of Biomedical Informatics in the School of Medicine at Vanderbilt University. He is also an Assistant Professor of Computer Science in the School of Engineering. His research focuses on database systems and machine learning applied to electronic medical records and clinical data. He developed the Explanation-Based Auditing System, which uses data mining techniques to help hospital compliance officers monitor accesses to electronic medical records in order to identify inappropriate use. He received a National Science Foundation Innovation Corps award to commercialize this auditing technology at Maize Analytics. Beyond research, he has participated in the A World In Motion program, which teaches elementary and middle school children physics through weekly interactive experiments such as building toy cars powered by balloons. He received his doctorate in computer science from the University of Michigan, Ann Arbor and a bachelor of science in computer science and engineering from the University of California, Los Angeles. Prior to joining Vanderbilt, he interned at Google, Microsoft Research, Goldman Sachs, Lockheed Martin and Yahoo. Students interested in research topics on machine learning, data management and the security of electronic medical records and clinical data? Please consider applying to the Vanderbilt Biomedical Informatics or Computer Science graduate programs. Selected Invited Talks: • The Open Web Application Security Project, Chicago, 2014. • Safeguarding Health Information: Building Assurance through HIPAA Security, U.S. Health and Human Services Department, Washington D.C., 2013. • Archimedes Workshop on Medical Device Security, University of Michigan, Ann Arbor, 2013.

Wael Hassan
Founder: Big Data, Privacy and Risk,
Ki Design MagazineDr. Waël Hassan is one of North Americas leading advisors on privacy and cyber security innovation. He serves as an advisor for both the political and industry organizations to help them better understand privacy and cyber security technology & adoption. He has in-depth knowledge of privacy laws across Canada, EU, and the US, along with, holds the first Canadian PhD in Validation of Legal Compliance. In his role Waël advances his clients’ interests on a range of issues, including internet freedom, cyber security, surveillance, disaster response, product certification, and risk metrics. Dr. Hasan founded KI DESIGN Magazine, http://magazine.kidesign.net, where he writes a regular column. Waël’s highly anticipated book, Privacy in Design: A practical guide for corporate compliance will be released in Spring 2017.

Legal Obligations for Energy Boards

In this guide you will explore:

Obligations of Energy Boards
FTC and Fair Information principle requirements
Smart Grid Data Protection Requirements
Employee Privacy in the Energy Space
Federal and state law requirements

In recent years, news of massive data breaches has become almost commonplace. We are witnessing an unprecedented increase in cyberattacks, with energy utilities and the smart grid in particular under threat.
For directors and their boards, compliance is a vital aspect of governance. Utility boards and management focus attention on NERC’s Critical Infrastructure Protection Reliability Standard. Traditionally “Security” meant securing energy management system or EMS. With the recent regulations it also means securing personal data.

Data Protection in Design

Time for a New Vision

Up until now, we have viewed privacy and security on the same sliding scale, through which it appears to be impossible to have one without hurting the other. Envisioning a country where privacy is prioritized over security and surveillance seems absurd. However, it is time that we disrupt this traditional way of thinking.

How? Through Data Protection in Design. By developing and building data protection into the design of private, public, and political systems, citizens would have the ability to express their desires, change the system, and influence government, all the while minimizing the risk to national or public safety. Instead of pitting the forces for privacy and the forces for security against one another, the two forces should be integrated in order to reap the benefits of both.

It is no longer a balance between privacy freedoms and security, but rather about achieving both outcomes in an effective way

The Best Encryption ceases to work upon the first authorized access

Has encryption protect google and yahoo against NSA snooping, simply not. Was the NSA protected against data extract by an ‘authorized’ user who threatened the nations security? not really. Hence we say that best encryption ceases to work upon the first authorized access.

wael

IAM Maturity Model

Identity and Access Management (IAM) has two seemingly opposed purposes: to enable user access to information, and to block user access to restricted information. In fact, strong security and user-friendly access are by no means mutually exclusive: a mature IAM solution provides both. Read a summary of my IAM Maturity Model.