Monthly Archives: June 2021

On a Saturday morning last December, Bill Ackman was scrolling through Twitter when an article in The New York Times caught his eye. The Children of Pornhub, by Nicholas Kristof, told how unauthorized sex and rape and torture videos were being spread across the internet on a website called Pornhub, one of the most popular in the world.

Ackman, who has four daughters, was outraged when he read how one teenager ended up a Pornhub victim after sending a naked video of herself to a boy she had a crush on. Harassed and humiliated, the young girl attempted suicide.

In your mind replace the victims with your daughter or son, the hedge fund manager and CEO of Pershing Square Capital Management wrote when he retweeted the article. We could fix this problem.

Then he swung into action. Ackmans first step was to call Bradley Myles, the former CEO of antihuman trafficking nonprofit Polaris, whom Ackman had met through his charity, the Pershing Square Foundation.

He was reaching out to me and asking whats a metastrategy for addressing this whole area of nonconsensual intimate images. He was thinking at a strategic level, recalls Myles, who is now a senior adviser at Panorama Global, a not-for-profit social impact platform.

Kristofs piece wasnt about the money behind Pornhub, which is owned by a secretive, private Canadian corporation called MindGeek, or the many corporations that profit from its existence. It focused on the writers moral outrage about the victims and their tragic stories of rape and abuse.

But Ackman had noticed a salient fact buried near the end of Kristofs story: Mastercard and Visa were payment processors for Pornhub, and search engines were also part of the corporate apparatus that allowed the worlds largest porn empire to flourish. MindGeek might be privately owned, but those companies are not.

An influential shareholder activist, Ackman immediately thought about the growing interest in ethical, or ESG, investing.

And thats where the billionaire hedge fund titan who has unseated several corporate CEOs in his career saw an opening. In this case, he wasnt an investor in any of the publicly traded companies that he knew were profiting from Pornhubs content, which is often uploaded from users the same way individuals post videos on YouTube.

But he was friendly with Mastercards then-CEO Ajay Banga, whom he had met through a mutual friend. Ackman texted Banga, providing a link to Kristofs story with his tweet: Amex, VISA and MasterCard should immediately withhold payments or withdraw until this is fixed. PayPal has already done so. (Ackman was unaware that American Express already did not allow its card to be used on adult sites.)

Banga quickly wrote back: Were on it.

Then things began to move. Within days, Mastercard announced it had instructed the financial institutions that connect the site to our network to terminate acceptance of Pornhub charges, saying it had found evidence of illegal activity and was continuing to investigate.

Visa also stopped processing Pornhub payments, at least temporarily, and launched an investigation. Within 24 hours of the credit card companies actions, Pornhub said it had taken down 10 million videos, or 80 percent of those on its site.

Since then the Parliament of Canada and the U.S. Congress both have held hearings, legislation has been proposed, lawsuits have been filed, and there have been calls for a criminal investigation.

As it turns out, the backers of MindGeek come from the pinnacle of the worlds of finance and academia, and Pornhub has had business ties with some of the most well-known corporations on the planet.

Its shareholder money that fuels this activity, says Ackman. He points out that while the environmental and governance efforts of ESG or environmental, social, and governance investing get a lot of attention, the S part has come in third.

He notes, Lots of companies say that theyre really great with ESG issues, but theyve got to look a little deeper.

To be sure, Ackman is only one player in the grand scheme of Pornhubs reckoning which might not have occurred without Kristofs shocking expos. But the involvement of the high-profile financier drew more attention to a campaign for accountability that activists had been waging for almost a year with little success.

Human rights activist Laila Mickelwait had been battling sex trafficking for about 15 years when she came across Pornhub in her research. As she told Institutional Investor recently, The New York Times wasnt the first newspaper to write about its abuses. In November 2019 an investigation by Londons Sunday Times had found dozens of illegal child exploitation videos on the site and called out Pornhub advertisers Unilever and Heinz.

After the Sunday Times story, those advertisers left and PayPal quit processing payments for Pornhub. But Mastercard, Visa, and Discover stuck with it.

Mickelwait launched her own campaign on February 9, 2020, writing a piece in the Washington Examiner titled Time to Shut Pornhub Down. The article led to what she has labeled the Traffickinghub movement, a nonpartisan, nonreligious global effort to hold Pornhub . . . accountable for enabling and profiting from the sex trafficking and criminal sexual exploitation of victims.

Traffickinghub has since gained support from more than 2.2 million people from 192 countries and has been endorsed by more than 300 organizations, according to its website.

One of the movements first efforts last year was to reach out to the credit card companies, which Mickelwait had learned were vital to Pornhubs survival.

On May 6, 2020, she received a promising email from Mastercard European general counsel Thibaut Gregoire, saying that her May 1 letter to CEO Banga (now the firms executive chairman) had been forwarded to him.

We really appreciate that you share your concerns with us, wrote Gregoire in the email, which II has obtained. This is something we take very seriously. Please also know that we view ourselves as always trying to do the right thing and we sincerely appreciate hearing from interested parties about what they observe in our ecosystem that can help us do our job better.

The credit card companies were flooded with emails, says Mickelwait, receiving tens of thousands of comments from advocates through both the Traffickinghub movement and U.K.-based Freedom United, one of the worlds largest anti-trafficking groups.

Mickelwait quickly set up meetings with compliance executives at both Visa and Mastercard. During those meetings, she says, we highlighted again and again the fact that there were these sexual crimes, sex trafficking, on the site, making it clear that they were profiting from that exploitation, enabling that exploitation.

But nothing happened. Basically, what they said was, This is the responsibility of the banks, and so were going to put it on the banks, says Mickelwait.

And whereas Mastercard and Visa at least engaged, she says she never heard from Discover.

Even when theNew York Times article came out, Pornhubs parent didnt back down. MindGeek was digging their heels in and saying it was all flagrantly untrue, Mickelwait notes.

Then Ackman tweeted.

At the time, Mickelwait didnt know who the hedge fund manager was, but she believes his outspokenness took the cause to another level.

Hes an unlikely advocate that you wouldnt normally think of using his platform to push for that change, but I mean, look what that did, she says. Bill pulled the leverage of the Mastercard relationship, and he called out Visa and Discover. And then, suddenly, theres reaction from the card companies, and Pornhub deleted 80 percent of their website.

Mickelwait adds, It just shows the power of finance, of financial pressure. It wasnt until Bill really laid on the pressure and said, Do the right thing, that they did.

Four months later, Mastercard unveiled a new global standard for transactions with the porn industry that went beyond Pornhub.

The banks that connect merchants to our network will need to certify that the seller of adult content has effective controls in place to monitor, block and, where necessary, take down all illegal content, John Verdeschi, Mastercards senior vice president of customer engagement and performance, said in a blogpost.

That statement is the biggest victory yet for the campaign. Mastercard has now enabled this global policy that prohibits their card to be used on any adult site that does not verify age, consent, and ID, explains Mickelwait. To me thats so much more powerful than even the United States enacting such a law, because in that case it would only apply to the United States and then wed have to enact that law in Canada, and in every country in the world.

The credit card companys action inadvertently raises a commonly cited dilemma in ESG investing whether governments are the entities best equipped to force change at companies or whether corporations can adequately regulate themselves, spurred on by investors or others.

The answer, at least in this case, appears to be both.

In the U.S. there is already a law requiring age verification of people whose images are used in pornography to protect children from sexual exploitation. But the new porn entrepreneurs, by going digital, thought they had bypassed the law by only hosting, not creating, the content on their sites.

Mickelwait, however, says there was a fatal flaw in that they put a download button on every video. Under current law, any site that transfers pornographic content is responsible for verifying the age of the people in it.

Because they had a download button that actually transfers from their servers onto the devices of millions I think it was up to 130 million a day in 2020 of visitors to the site, they have been responsible this whole time for record keeping. So what that means is they violated the criminal code of the United States millions of times, tens of millions of times, she says.

Pornhub has now taken the download button off its site.

Even so, in recent testimony before the U.S. Financial Services Committee, Mickelwait recommended amending the law to make such behaviors explicitly illegal.

Shortly after Kristofs article was published, three bills were introduced in Congress to deal with the issues raised. One piece of legislation, proposed by Senators Jeff Merkley, a Democrat from Oregon, and Ben Sasse, a Republican from Nebraska, would specifically require consent and age verification for individuals whose images appear on porn sites, amending the current law. Similar legislation has been proposed in Canadas Parliament.

But new laws likely arent needed for litigation to proceed, or for more financial pressure to be put on MindGeeks owners and Pornhubs many business partners.

The day of The New York Timess bombshell report, another pressure point was brought to bear: Michael Bowe, a veteran litigator with law firm Brown Rudnick, sent the credit card companies whats called an evidence preservation letter, notifying them to preserve their documents essentially alerting them that they may be sued as part of a lawsuit against the many players and people involved.

The Trafficking Victims Protection Act makes them liable, because yes, they did know about it but they didnt do anything about it, argues Mickelwait. (With processing fees of up to 2.5 percent or more charged by Visa and Mastercard, Pornhub likely earned the credit card companies millions of dollars a year.)

The most effective way to change these corporate facilitators of exploitation is to make the risk of exploitation outweigh the rewards that theyre getting from not addressing it, and that is through civil litigation, says Mickelwait.

Bowe became famous in financial circles for a videoed civil lawsuit deposition of hedge fund kingpin Steve Cohen, in which Bowe grilled the thenSAC Capital CEO about insider trading. The video became part of a 2013 PBS documentary, To Catch a Trader.

For more than a year, Bowe has been investigating MindGeek. Earlier this year he testified before Canadas House of Commons Ethics Committee that one of the victims he was representing had expressed concern she was being followed and said her tires had been slashed. After that she disappeared.

Bowe said there were videos of adult women and trafficked women on the site and that one child under ten years old had been sold into trafficking and was the subject of child porn for almost ten years. This is about rape, not porn. Its about trafficking, not consensual adult performance or adult entertainment, he told the committee.

Testimony by the companys executives before the Ethics Committee also revealed, for the first time, that MindGeeks majority owner is 52-year-old Bernd Bergmair, but it did not disclose where he lived.

However, investigative journalist Alexi Mostrous recently tracked down the porn mogul near his London home. Mostrous says his team at Tortoise Media discovered that Bergmair, who had virtually no online presence until this scandal erupted, had attended the University of Chicago Business School and worked for Goldman Sachs and McKinsey in the late 1990s. Soon after that, says Mostrous, Bergmair fell off the grid. Corporate documents in Luxembourg, where MindGeek is domiciled, indicate Bergmair owns 60 percent of it, according to Tortoise.

Bergmair who refused to talk to Mostrous when the reporter confronted him in front of Bergmairs posh London residence could not be reached for comment.

MindGeek had more than $460 million in revenues in 2018, according to the Financial Times. But recovering any of MindGeeks money for victims may be difficult, says lawyer Dani Pinter, senior counsel at the National Center on Sexual Exploitation, which is helping to represent victims in a class action lawsuit against the Canadian company that was filed in February.

She notes that there are 300 shell companies under MindGeek, with 100 of them at the same address. They are moving money around. They start an incorporation; the company doesnt do anything and has no employees.

Pinter adds, Its definitely a concern they are going to try to hide their money. She notes that the company has an operation in Cyprus, reputed to be a haven for laundering illicit money.

MindGeeks obsession with secretiveness went beyond shell companies. Bergmair apparently tried to hide his name for years by using a similar name, Bernard Bergemar, on legal documents. Some execs at MindGeek used fake names in their correspondence with the media, according to Business Insider.

Yet despite its many legal and financial problems, having lost advertisers and business partners while under government scrutiny and facing massive litigation, MindGeek is reportedly in the midst of trying to sell itself. The deal is said to be fairly far along, according to individuals II has spoken with who are familiar with the effort. A potential sale to Canadian cannabis entrepreneur Chuck Rifici, also the former CFO of the Liberal Party of Canada, was first reported by Business Insider. Rifici, who recently formed a private equity firm called Bruinen Investments that promises ethics first investing, did not respond to a request for comment.

I dont know what responsible business person would buy a company under such serious investigation, says Pinter. My sense is that [the owners of MindGeek] see impending criminal investigations coming their way and they want to cut and run.

In the recent hearing of Canadas House of Commons Ethics Committee, MindGeek COO David Tassillo defended the company, saying, Were trying to create a safe environment for people to consume adult content, and we understand there are people out there that are trying to misuse these platforms.

Human rights activists say the evidence belies that statement, noting that the company simply doesnt have enough employees to oversee the content. As Mickelwait tweeted recently: Internal documents show MindGeek had under 10 moderators for Pornhub per shift and 3 moderators per shift for all of their other porn tube sites combined. MindGeek is complicit.

Meanwhile, the National Center on Sexual Exploitation is focusing on getting other Pornhub financial partners like Google to take action.

With a 90 percent market share of the search engine market, Google is de facto advertising for the hard-core porn industry, says Lina Nealon, director of corporate and strategic initiatives for the nonprofit, who says the group first raised the issue with Google in February 2020, when it met with executives there.

Bowe explained in his testimony before the Canadian House of Commons Ethics Committee that Pornhubs goal is to end up number one in Google searches.

To do so meant having more content, more search terms, more descriptions, he said, explaining how any effort to monitor the site for illegal content would hurt that effort. As soon as you somehow try to police the content on your site . . . you start losing content. You start delaying upload time, you start losing the search engine optimization race. So they decided not to do anything about this.

MindGeek bills itself as a tech company, one offering industry-leading exclusive technologies driving unparalleled performance, according to its website. And indeed, Pornhub did master the art of SEO, which means that Google ends up driving people to its sites.

These websites have spent years gaming your algorithm, Pinter says she told the Google executives. You have absolutely no idea whether any of this content is legal or consensual. But now that Google is aware of the illegal activity going on, she admonished them, stop allowing them to use Google to get to their sites.

Google did not respond to a request for comment, but Nealon says the tech giant has told her it is making efforts. In the past, she says, if you googled happy black teen, you would be flooded with images of hard-core porn and torture porn. That is no longer the case.

If you google child pornography now, you dont get any links to porn sites, explains Nealon. But we believe it should be the same for other search terms, like slave porn or rape porn. (MindGeek executives testified in the Ethics Committee hearing that the word teen really means people over 18.)

Google hasnt gone as far as the anti-trafficking group wants. In a recent Google search for slave porn that II conducted, for example, Pornhub comes up second in the ranking.

Its excuse is that they want to have a free and open internet. They dont want to prohibit searches for legal pornography, Nealon says.

The irony is that Google is one of the companies most often found in ESG index funds and exchange-traded funds, which tend to overweight tech companies and underweight those invested in fossil fuels. And Googles top two owners are Vanguard and BlackRock, two institutional investors that say they are committed to the principles of ESG investing.

Nealon has not yet contacted Googles investors she says she is just beginning to look at tapping shareholders in publicly owned companies as a tool for change. They can put pressure, and were looking into it more, especially when we havent heard back from the corporations themselves.

Some investors arent even aware of the situation, she says. If they knew this was happening and their money was going to support it, they would demand change, Nealon says.

Ackman argues that big shareholders have a critical role to play here. CEOs get a zillion emails, but the one group that rises to the top of the line . . . is its biggest shareholders, influential shareholders. An ESG fund can decide not to own a company because it doesnt meet their criteria, he says.

A tweet can move the needle, Ackman adds, prodding other big investors to get involved.

With the ascendance of ESG investing, shareholders may start to move more quickly to demand change at companies profiting from all types of bad behavior. The abuses at Pornhub, however, went on for more than a decade before anything happened to stop them, according to Mickelwait.

These days, with the credit card companies having abandoned Pornhub, the only way to pay for its content is with cryptocurrencies. But problems remain. Visa, for example, is still processing payments for some of MindGeeks porn content, and it has refused so far to meet with victims as part of its investigation, say Mickelwait and Nealon. Nor has it followed Mastercard in adopting a global standard.

Visa did not respond to questions about those claims, but it did send II a statement. Visas suspension of acceptance privileges for Pornhub and other MindGeek content sharing platforms that host user-generated content remains in effect pending the completion of our ongoing investigation. Visa is committed to processing all transactions that are legal. As a global platform, maintaining a neutral stance under the law is vital for the free flow of commerce, a spokeswoman wrote.

Mastercard and Discover did not answer requests for comment.

Recently, the Pornhub campaign had another victory when cable company Comcast said MindGeek content would no longer be shown on its channels. Pornhub is still available via Roku, according to Nealon.

And though Pornhub has taken down 80 percent of its content because the owners arent verified, that has not stopped so-called verified users from uploading nonconsensual images. And all it takes to become verified is to upload a photo of yourself with your user name no ID required, Nealon points out. She argues that many of the reports in news stories like Kristofs came from verified accounts including the girl whose boyfriend posted a video of her nude body indicating that the effort to clean up the site is completely meaningless.

Ackman is still watching events closely. Although he applauds Mastercard for taking the lead in the battle over Pornhub, the hedge fund manager remains incensed that more hasnt been done to stop similar abuses elsewhere.

After Kristof wrote a follow-up piece in April outlining how another site, XVideos, was profiting off Pornhubs woes, Ackman was back on Twitter, shaming every search engine company he could think of and trying to rouse investors ire.

How can ESG investors invest in @google @Bing @Microsoft @Yahoo @Twitter when they facilitate and profit from the distribution of child rape porn? he tweeted.

And then Ackman asked the investment world a simple question: How can this continue?

Link:

Bill Ackman Sent a Text to the CEO of Mastercard. What Happened Next Is a Parable for ESG. - Institutional Investor

Providing toolkits in non-English languages can create better access to telehealth for LEP patients, said Albert Chan of Sutter Health.

She said poor Wi-Fi and lack of devices on the patient side made the switch to telehealth challenging, but Childrens Health found ways to make it work.

Sutter Health in California sees 3.3 million patients at its 24 hospitals annually. Albert Chan, vice president and chief of digital patient experience at Sutter Health, said 10 percent of the organizations patients dont speak English as their primary language. With telehealth visits increasing from 7,410 in 2019 to approximately 1.1 million in 2020, the disparities for LEP patients became more apparent.

Spanish speakers are the largest LEP patient population at Sutter Health, but only 28.3 percent of Spanish-speaking patients were using telehealth, a lower rate than any other language group. Chan said Sutter Health addressed this disparity by uploading toolkits in Spanish on its website so patients could better access the telehealth services. The organization also set up a tech support chat offering Spanish for further accessibility.

Sutter Health had approximately 20,000 interpreter sessions a month, including American Sign Language, using a third-party service.

Its about language equivalency, not just proficiency, said Chan.

A recent survey by market research firm Parks Associates shows that 60 percent of people age 65 and older consider themselves familiar with telehealth. Jennifer Kent, vice president of research at the firm, gave an overview of the findings during a session titled, Lessons Learned While Expanding Access and Care to the Aging Population.

Over the past year weve seen incredible growth in familiarity and use. A third of seniors say theyre extremely familiar with telehealth, said Kent. And 42 percent of consumers 65and older tell us they have used telehealth services in the past 12 months. Thats up from just 6 percent in 2019. Whats even more incredible is that seniors are telling us theyve had pretty positive experiences.

Kent also pointed out that tech companies often design products with young, affluent and tech-savvy consumers in mind because they are usually the early adopters. Products typically arent designed for seniors, but Kent said that is starting to change. Many products now have user interfaces with voice capabilities or are designed for those with impaired dexterity.

READ MORE:Smart technologies create a more connected environment for older adults.

Older adult veterans at VA Puget Sound Health Care System were willing to try telehealth services during the pandemic, according to Amanda Olney, program coordinator for the TeleRehabilitation Enterprise Wide Initiative. She said providers were the hesitant ones, but their reluctance gave way out of necessity.

As people were using FaceTime and Zoom to connect to family and communities, they became more familiar with the technology and more willing to try it out, said Olney.

Luckily, Olney said, the VA already had a service in place before the pandemic to loan out tablets to veterans without devices, which helped her organization pivot quickly. The VA also offered technology training, using telehealth techs to do test calls prior to beginning virtual physical therapy services.

We have a national help desk to do test calls as many times as necessary, said Olney. With physical therapy, the patients have to do multiple visits. The repetition helped.

David Lindeman, director of health at the Center for Information Technology Research in the Interest of Society (CITRIS) and the Banatao Institute at the University of California, said hes seen a fantastic increase in acceptance, willingness and understanding of the benefits of telehealth, especially among those who are homebound or have transportation issues.

Here is the original post:

#ATA2021: Telehealth Is Key to Equity and Access for Every Patient Population - HealthTech Magazine

Confidential computing is needed for AI and also for AI-based self-driving cars.

Lets play a spying game.

A friend of yours wants to write down a secret and pass along the note to you. There is dire concern that an undesirable interloper might intercept the note. As such, the secret is first encrypted before being written down and thus will be inscrutable to anyone that perchance intervenes. All told, the message will look scrambled or seem like gobbledygook.

You have the password or key needed to decrypt the message.

After the note has passed through many hands, it finally reaches you. The fact that many others saw and ostensibly were able to read the note is of no consequence. They could not make head nor tails of what it said.

Upon receiving the encrypted message, you decide to decrypt it. Voila, you can now see what it says. The message successfully and with vital security has been appropriately received and deciphered. The world is saved and everyone can rejoice.

But wait for a second, when you decrypted the message, you wrote it down, and meanwhile, a dastardly spy was looking over your shoulder. The snoop has now seen the entire message, spying it in all its glory and while in plaintext. The gig is up. Sadly, after having gone from hand to hand and being protected that entire time, at this last moment the secret was revealed.

Maybe worse still, you are the one that revealed it (i.e., you being the intended receiver).

What went wrong?

Some might refer to this as the last-mile problem or perhaps more aptly coin it as the last-step problem in this instance.

You see, the catchphrases of last-mile or last-step are often used when describing a situation that has a kind of gap or arduous challenge at the very end of a task or activity. For example, in the telecommunications industry, there is the notion that the hardest and most costly part of providing high-speed networking to homes is the so-called last mile from the main trunk to the actual home of the consumer.

Envision a cable that runs down the middle of a neighborhood street and the last mile would be to make all the offshoot branches that need to extend from the centerline to each specific domicile. The number of such branches is high. It is one thing to simply lay down the center cable, while a hugely costly effort to then string out to each house. Even though the actual distance is not a mile long to get from the center to each house, the notion is that youve overall reached the proverbial last-mile or last step involved in the process.

This last-mile or last-step can be the weak link in a long chain of efforts.

Imagine expending an enormous amount of time and energy toward getting a slew of things done, and at the last stage, the matter is ultimately either untenable or somehow spoiled. This happened indeed in the scenario of you getting the purposely encrypted note. Once it got into your hands, you decrypted it and did not realize that you were being spied upon.

The classic line is to always make sure that you finish what you start. We might wish to definitively augment the line by adding that you need to finish fully and with the proper gusto, else the finish might be undermined and become the exasperating and disappointing point-of-weakness in a long series of otherwise careful steps.

In the cybersecurity field, there are three major ways that data such as the message on the note are usually intended to be protected or secured:

Data at rest (standing still data)

Data in transit (flowing data)

Data in use (when being read or utilized)

Your friends note to you was in transit when it was being passed along from person to person on its way to you. At some point, perhaps the note was sitting on someones desk for a while, waiting for them to pick it up and continue the journey of the note to you. That would be data at rest.

That covers the data at rest and the data in transit instances.

When you opted to decrypt the note and take a look at what it said, the data was considered in use at that time. Per the saga, this is when things went awry and a despicable spy saw the message. Up until that moment, the message was relatively secret and secure. The last mile or last step exposed it.

I bring this up to highlight a hot new trend known as confidential computing.

We will use the tale of the encrypted note to help explore the nature of confidential computing. Admittedly, the parable per se is not wholly precisely on-target with the topic but you will soon see that it does offer a semblance of insightful parallels.

Confidential computing is usually associated with making use of cloud computing.

Cloud computing is the now familiar notion of using unseen computing resources that are available via remote access. Referring to this as cloud computing is an easy way to envision the matter and has fortuitously been an extremely catchy way to denote various computers as being in the cloud and available for use.

When your data is placed into a cloud-based computer, you likely want to feel comfortable that the data is well-protected. If the data is sitting in a database, perhaps a fiendish hacker might try to access the data. You want to prevent the cybercrook from being able to see your precious data, and ergo there are typically cybersecurity locks that seek to keep the bad hackers out of the database.

Suppose though the evildoer cracks through the locks. Aha, by encrypting the data, which is sitting at rest, the ability to do anything untoward with the data is greatly lessened. Though the hacker might be able to see the data, it is scrambled and generally unusable.

Imagine that there is a need to share the data and thus copy it to another database on a different computer. While the data is in this transit from one database to another, it is potentially vulnerable to prying eyes. If the data is encrypted while in transit, the interloper will presumably not gain much since the data is inscrutable.

We now are heading to the last mile or last step.

Assume that at some point the data will be needed for making calculations. The database with the encrypted data is accessed and the data while still encrypted is copied over to a computer that is doing the computations. Alls good so far.

Upon the encrypted data being brought into the CPU (Central Processing Unit) of the computer, at this last-mile or last step, it is now necessary to decrypt it, else the data wont be of much use for making the desired calculations if otherwise remaining in an encrypted format.

Here is the potential loophole in all of this series of carefully encrypted steps. Now that the data is momentarily decrypted for use while inside the CPU, it becomes potentially open for a wrongdoer to peek at it. Akin to the saga of your having gotten the encrypted note into your hands, and then doing the decryption, there is a chance that someone might be spying and able to see the now in-the-clear message.

Your first thought might be that the idea of a cybercriminal hacking all the way into the inner guts of the CPU while it is processing seems nearly unimaginable.

Can they do really that?

The answer is yes, it is possible.

That being said, it is generally a quite difficult trick to pull off. Numerous system protections would have to be overcome. Nonetheless, a very determined and crafty cyber hacker could devise such a devilish scheme (especially when you include the nation-state's elements of cybersecurity, see my coverage at this link here).

This last-mile cybersecurity concern is being partially mitigated by the use of confidential computing.

Within the CPU of a confidential computing arranged computer, there is a special highly secure enclave setup. This is usually done via using a hardware-based environment that governs the execution of CPU running tasks. In industry parlance, this is known as a Trusted Execution Environment (TEE). Some keys or passwords are kept under added protection and used only when the last step occurs.

The enclave tries to hide from any other resources what is going on inside the enclave. Remember how you inadvertently allowed a spy to look over your shoulder? That is the type of intrusion that the enclave is fortress-like constructed to keep at bay.

Heres why this is especially relevant to cloud computing.

Suppose the cloud computer being used has somehow gotten malware on it. If there isnt a provided provision of confidential computing, the risks of the malware peeking at the CPU and also catching the data in an unencrypted format are heightened. Likewise, the OS or operating system of cloud computing could potentially take a peek (perhaps the OS then leaks it elsewhere), and even (sadly) there is a possibility that employees of the cloud provider might have access to take a look.

Via the use of the TEE and the enclave, the notion is that none of those other potential interlopers can see what is going on inside the CPU during the computational efforts. Furthermore, there is typically a feature of confidential computing that upon detecting that perhaps an interloper is trying to do something untoward, whatever CPU action might have been planned or underway is typically canceled and an alert is raised.

This could be likened to you having potentially noticed that a person was spying over your shoulder. Id assume that had you realized the interloper was present, you would have stopped doing the decryption of the secret message. Of course, you might have already started to decrypt it, in which case maybe the interloper saw some of it, but at least you would curtail your activities at that juncture. Plus, you likely would have called for the cops to come and bust the reprehensible spy.

Most of the major cloud providers have made available various flavors of confidential computing, including the biggies such as IBM Cloud, Amazon AWS, Microsoft Azure, Google Cloud, Oracle Cloud, and others. The makers of CPUs are also integral to the confidential computing architecture and thus companies such as Intel, AMD, and the like are involved.

As eloquently stated in a paper by IBM Fellow and CTO for Cloud Security, Nataraj Nagaratnam: As companies rely more and more on public and hybrid cloud services, data privacy in the cloud is imperative. The primary goal of confidential computing is to provide greater assurance to companies that their data in the cloud is protected and confidential, and to encourage them to move more of their sensitive data and computing workloads to public cloud services.

There is a well-known group called the Confidential Computing Consortium (CCC) that has banded together numerous cloud providers, hardware vendors, and software development outfits to focus on confidential computing. Per the posted CCC remarks of Stephen Walli, Governing Board Chair: The Confidential Computing Consortium is a community focused on open source licensed projects securing data in use and accelerating the adoption of confidential computing through open collaboration.

For those readers that are adept at programming, you likely know that your encrypted data while sitting on a database is usually decrypted once you bring the data into the internal memory of the computer system. This is done so that then the CPU can readily use the data for doing computations. In the confidential computing arrangement, the data is not decrypted until the final moment or last-mile or last-step of being placed into the CPU for use. Therefore, even while sitting in internal memory, the data is encrypted and less vulnerable to cyberattack.

One additional quick point is that this scheme for confidential computing does not guarantee that no one can ever hack it. The cybersecurity field is an ongoing game of cat and mouse. Each new protection that is devised will be deviously picked apart until some unforeseen hole or gotcha is discovered. The hole will usually get plugged. Meanwhile, the gambit continues as the cybercrooks try to find a means to undo or overcome the plug or look for other ways to break-in.

This is a never-ending cycle.

In that sense, the confidential computing approach is another added layer of cybersecurity. The more layers that you have, the odds are that it becomes increasingly harder for someone to crack through. At your home, you might have a gated fence around your property (a layer of protection), locks on your doors and windows (another layer of protection), and a motion detector inside the house (yet an additional layer). The belief is that by placing numerous hurdles in the way of a robber, they will be rebuffed in their intrusion efforts.

Having those added layers is not cost-free. For each layer, you need to ascertain the cost of the added protection versus the risks and consequences of someone breaking in. This is of course the same for confidential computing. Whether you require confidential computing is contingent on the type of computing activities you are undertaking, the magnitude of cybersecurity you are desirous of achieving, the risks and adverse consequences if a cyber breach occurs, etc.

Your car might also have various layers of security protection. There are locks on the car doors. The windows are made of materials that are hard to smash. Any motion immediately next to the vehicle might be detected and cause the horn to sound. And so on.

Speaking of cars, the future of cars consists of AI-based true self-driving cars.

Allow me to briefly elaborate on this point and then tie things to the topic of confidential computing.

There isnt a human driver involved in a true self-driving car. Keep in mind that true self-driving cars are driven via an AI driving system. There isnt a need for a human driver at the wheel, and nor is there a provision for a human to drive the vehicle. For my extensive and ongoing coverage of Autonomous Vehicles (AVs) and especially self-driving cars, see the link here.

Heres an intriguing question that is worth pondering: Will confidential computing be useful for the advent of AI systems all told, and particularly for the advent of AI-based true self-driving cars?

Before jumping into the details, Id like to further clarify what is meant when referring to true self-driving cars.

Understanding The Levels Of Self-Driving Cars

As a clarification, true self-driving cars are ones that the AI drives the car entirely on its own and there isnt any human assistance during the driving task.

These driverless vehicles are considered Level 4 and Level 5 (see my explanation at this link here), while a car that requires a human driver to co-share the driving effort is usually considered at Level 2 or Level 3. The cars that co-share the driving task are described as being semi-autonomous, and typically contain a variety of automated add-ons that are referred to as ADAS (Advanced Driver-Assistance Systems).

There is not yet a true self-driving car at Level 5, which we dont yet even know if this will be possible to achieve, and nor how long it will take to get there.

Meanwhile, the Level 4 efforts are gradually trying to get some traction by undergoing very narrow and selective public roadway trials, though there is controversy over whether this testing should be allowed per se (we are all life-or-death guinea pigs in an experiment taking place on our highways and byways, some contend, see my coverage at this link here).

Since semi-autonomous cars require a human driver, the adoption of those types of cars wont be markedly different than driving conventional vehicles, so theres not much new per se to cover about them on this topic (though, as youll see in a moment, the points next made are generally applicable).

For semi-autonomous cars, it is important that the public needs to be forewarned about a disturbing aspect thats been arising lately, namely that despite those human drivers that keep posting videos of themselves falling asleep at the wheel of a Level 2 or Level 3 car, we all need to avoid being misled into believing that the driver can take away their attention from the driving task while driving a semi-autonomous car.

You are the responsible party for the driving actions of the vehicle, regardless of how much automation might be tossed into a Level 2 or Level 3.

AI And Self-Driving Cars And Confidential Computing

For Level 4 and Level 5 true self-driving vehicles, there wont be a human driver involved in the driving task.

All occupants will be passengers.

The AI is doing the driving.

One aspect to immediately discuss entails the fact that the AI involved in todays AI driving systems is not sentient. In other words, the AI is altogether a collective of computer-based programming and algorithms, and most assuredly not able to reason in the same manner that humans can.

Why this added emphasis about the AI not being sentient?

Because I want to underscore that when discussing the role of the AI driving system, I am not ascribing human qualities to the AI. Please be aware that there is an ongoing and dangerous tendency these days to anthropomorphize AI. In essence, people are assigning human-like sentience to todays AI, despite the undeniable and inarguable fact that no such AI exists as yet.

With that clarification, you can envision that the AI driving system wont natively somehow know about the facets of driving. Driving and all that it entails will need to be programmed as part of the hardware and software of the self-driving car.

Lets dive into the myriad of aspects that come to play on this topic.

One overarching point that is worthy of particular attention is that any AI system and especially ones running in the cloud should be potentially making use of confidential computing.

This is regrettably not a top-of-mind consideration for many AI developers.

The typical focus for AI software engineers is primarily on the underlying AI capabilities such as employing advanced uses of Machine Learning (ML) and Deep Learning (DL). Once the AI system is ready to be fielded, the AI builders tend to be less attentive to what happens when the program is placed into operational use. The assumption is that whatever existent cybersecurity is already available in the execution environment will probably be sufficient.

The average AI developer usually wants to get back to their AI bag-of-tricks and continue tweaking the AI-related elements of the system, or perhaps move onward to some other new development that requires their honed skills at crafting AI systems. Concerns about whether or not the prevailing execution environment for their budding AI system is highly secure does not explicitly enter into their mindset and nor is found in their usual toolset.

Some will exhort, hey, Im not a darned cybersecurity expert, Im an AI developer (that line is a heartfelt homage to the classic indication in Star Trek that hey, Im a doctor, darn it, not an engineer).

The thing is, the best AI systems can be readily brought to their knees if the cybersecurity is not topnotch and using all available layers of protection. Up until recently, many AI systems were not necessarily aimed at domains that entailed potentially high risks and pronounced adverse consequences if the AI was undermined at execution.

Nowadays, with AI becoming pervasive across all manner of applications, the idea of treating AI systems as merely experimental or prototypes is now long gone.

Simply stated, any AI developer worth their salt should be seriously giving due consideration to how their AI systems will be deployed, including what kinds of cyberattacks might be launched to undercut the AI system processing. Since the AI developer ought to know what portends for especially vulnerable weaknesses in their AI while executing, they should take a close look at confidential computing as a potential countermeasure and gauge whether this added layer of security is warranted.

Im not saying that it will always be a necessity, just that with AI systems of a sensitive nature running in the cloud, it is prudent and nearly obligatory to consider which of the numerous potential cybersecurity precautions should be undertaken.

Hopefully, that will be a useful call to arms for those AI developers that havent yet taken into account the utility of confidential computing. And perhaps a startling wake-up blaring of trumpets for some.

Moving beyond the overall notion of all types of AI systems that are running in the cloud, lets next take a gander at the use of the cloud for the specific advent of AI-based true self-driving cars. The most commonly anticipated use of the cloud for self-driving cars encompasses the use of OTA (Over-The-Air) electronic communications capabilities.

Via OTA, various patches and updates stored in the cloud for a fleet of self-driving cars can be downloaded into each autonomous vehicle and accordingly installed, doing so automatically. This is handy to be able to remotely push out new features for the AI driving system or possibly provide bug fixes, plus avoiding having to bring the vehicles to a dealer site or some repair shop merely to do needed software updates.

The OTA will also enable the ease of uploading data from the self-driving cars into the fleet-provided cloud. Self-driving cars will have a sensor suite that includes video cameras, radar, LIDAR, ultrasonic units, thermal imagining, and other such devices. The data they collect can be usefully analyzed by collecting together the data across an entire fleet of self-driving cars and then conglomerating it while in the cloud.

For my extensive coverage of the cloud as it pertains to autonomous vehicles and also for self-driving cars, see the link here.

So, you might be wondering, what does this have to do with confidential computing?

Think of it this way, if there are programs and data in the cloud that are going to potentially be downloaded and installed into the AI driving systems, this becomes a handy and sneaky path for a cyber attacker to get their malware into the self-driving cars. The cybercrook merely plants the evil-doing elements into the cloud and then patiently waits until the OTA mechanism does the rest of the work for the wrongdoer by broadcasting it out into the fleet.

Whereas most people tend to be thinking about how an AI driving system might get corrupted or undermined by someone physically accessing the autonomous vehicle, the likely greater threat comes from using the OTA to do so. The innocent beauty of the OTA is that it is an already assumed trusted avenue to directly get something inserted into the AI driving system, and this will happen across an entire fleet of self-driving cars. Imagine that there were hundreds, maybe thousands, perhaps hundreds of thousands of self-driving cars and all of them were using an OTA to get updates from a fleet cloud.

Okay, so we might want to put some devoted attention to what is happening in the fleet cloud.

The more cybersecurity we put there, the lessened the chances that the OTA will become a specter of doom. It could be that the judicious use of confidential computing for the fleet cloud will curtail or at least make much harder the possibility of launching a cyberattack that might inevitably get carried out into the AI driving systems of the fleet.

Conclusion

Another potential use of confidential computing would be for the execution or processing that takes place inside self-driving cars.

When the AI driving system is being executed on the onboard computer processors, this execution obviously needs to be highly secure too. The tough tradeoff is that confidential computing tends to incur a performance hit on the processors and thus presents a somewhat complicated consideration when dealing with real-time systems. Keep in mind that real-time processing is controlling the actions of the self-driving car. Any substantive delay in processing times can be problematic.

Self-driving cars are real-time machines that also just so happen to involve life-or-death matters.

You typically do not have that same life-or-death concern for an everyday cloud-based application. If the cloud processing has any modicum of delay, this might be of little consequence. In addition, because a cloud-based application resides in the cloud, you can readily toss more processors at the application or reallocate to using faster processors available in the cloud.

For a self-driving car, the processors installed into the autonomous vehicle are generally not as readily switched out, since that can be a very physical effort and logistically costly to undertake. Automakers and self-driving tech firms are pretty much stuck once theyve decided which processors to put into their self-driving cars. Theyve got to hope that the choice will last a while.

More:

The Secret Is Out That Confidential Computing Is A Hot Trend And Seriously Crucial To AI And For Self-Driving Cars Too - Forbes

Central Board of Secondary Education (CBSE) issued a public notice yesterday, June 16, 2021, asking schools to conduct practical exams for Class 12 students through the online mode. All affiliated schools are permitted to conduct online assessments in terms of practical, project or internal components. Moreover, there shall be no transfer or change of school for the purpose of online practical exams, as the board sees no purpose behind unnecessarily complicating an already difficult situation. Thus, schools shall be conducting online assessments for their own students, keeping all the COVD-19 guidelines in mind.

Just In: CBSE, ICSE Class 12 Evaluation Criteria Released

CUCET 2021 Application Form

CUCET - 2021 rewards your academic brilliance with global opportunities & extraordinary assistance with Scholarships worth Rs. 33 Crore.

Previously, schools were instructed to submit their practical marks to the board authorities. While submitting these marks, some students were marked as Absent (Ab), Covid (C) or Transfer (T). for such students, online facility for uploading marks shall be added in due course of time in the link already provided to schools. Following this, schools shall be able to upload marks data for such students.

The notification issued by authorities also carried certain additional instructions for the schools to follow. The central education board has appointed certain external examiners at some schools for online practical exams. In such schools, the online assessments shall be conducted by those external examiners only. This is a mandatory rule to be followed by all schools under question. Schools have the responsibility to extend all required assistance to external examiners to ensure that online assessments are conducted smoothly.

In some CBSE-affiliated schools, external examiners have not yet been assigned. Under such cases, schools have to follow the procedures prescribed by the Regional Offices to either replace or re-appoint external examiners. Once these examiners are assigned, schools have to send a blank award list to the examiners. Subsequently, after conduction of online assessments, the external examiners have to send the filled-out award list back to the school. Thereafter, the internal assessment is also required to sign this lost before uploading it on the portal. All these formalities have to be completed by June 28, 2021.

On the other hand, as per the reports, CBSE today, June 17, 2021, announced its objective criteria or scoring plan for Class 12 students. Class 10 and 11 performances shall also be taken into consideration while assessing students. The 12-member committee informed the same to the Supreme Court and further clarified that the results shall be announced on or before July 31, 2021.

According to the informed scoring plan, 40 percent weightage shall be given to Class 12 pre-boards. 30 percent weightage shall be given to Class 11 final exams. The remaining 30 percent importance has been assigned to the best-of-three subjects of Class 10. Furthermore, Practical assessments shall be for 100 marks and the same shall be informed to the board by the respected schools.

Subscribe For Latest Updates

See more here:

CBSE 12th Result 2021: Schools Asked To Hold Practical Exams Online, and Upload Marks by 28 June - AglaSem News