Weekend Reads ‭188A6‬

The security skills gap is real, and it is a problem. But what if you could replace the most basic security jobs with an AI? According to Gunter Ollmann @CircleID, this is possible today. The next question you might want to ask is this: if AI’s replace all the entry level positions, then how are we going to train up senior level engineers? Remember that every hiring manager wants someone with ten years of experience on a product that has only been out for two years…

US customers pay some of the highest prices for broadband in the developed world, and broadband availability is sketchy at best for millions of Americans. But instead of tackling that problem head on, the FCC is increasingly looking the other way, relying on ISP data that paints an inaccurately rosy picture of Americans’ internet access. And as long as regulators are relying on a false picture of US broadband access, actually solving the problem may be impossible. —Karl Bode @The Verge

American businesses are in for a rude awakening. Sweeping new privacy regulations, such as the EU’s landmark GDPR law and California’s Consumer Privacy Act, along with the ongoing SEC probe of Facebook’s data privacy practices, signal a major shift: Data handling processes that were formerly considered “best practice” are now the expectation. —Karen Schuler and Taryn Crane @Information Week

The Internet community has been working on securing BGP since the 1990’s. What has been done? According to Geoff Huston, a lot of talk and very little in the way of practical solutions. Geoff considers the problem, the history, and the current situation in this IETF Journal article.

Earlier this September, law enforcement officials from the Five Eyes intelligence alliance—made up of Australia, Canada, New Zealand, the United Kingdom, and the United States—met in Australia and issued a Statement of Principles on Access to Evidence and Encryption. The statement is strongly worded, concluding with a warning that if industry does not make it easier for governments with lawful access to content to acquire decrypted versions, the nations “may pursue technological, enforcement, legislative or other measures to achieve lawful access solutions.” Though the statement has garnered much public attention, there are a number of curiosities about it, and I believe there is much less here than it seems. —Susan Landau @Lawfare

Did you just get a call from your bank telling you your card has been compromised? It might actually be a compromising call, as voice phishing scams are getting real. Krebs on Security has a great article up on the topic.

After months of repairing its public image, Facebook sent shockwaves through the privacy world last week when it acknowledged that it had inadvertently introduced a set of security bugs more than a year ago and then failed to notice as attackers exploited those bugs to mass access and potentially harvest the private information of more than 50 million users. —Kalev Leetaru @Forbes

Cybersecurity is full of hard problems, but perhaps none so difficult as securing the supply chain for our electronic devices. That’s why the report published this week by Bloomberg about Chinese spies secretly planting microchips in American electronics in order to conduct espionage is so deeply unsettling. There is no way to address the threat of foreign governments compromising our hardware that does not require fundamentally and radically rethinking how we manufacture our devices and lead to more expensive, less ubiquitous electronics at exactly the moment when the internet of things seems to be pushing us in the opposite direction. —Josephine Wolff @Slate