RE: https://infosec.exchange/@patrickcmiller/116162934900485808

#Colorado is running a bill this session, titled SB26-051 (leg.colorado.gov/bills/SB26-051), which will require "general computing platforms" (laptops and phones) to build a form of locally-stored age attestation into the onboarding process for a new user on the device. The data about the user would then be categorized into one of three age brackets, stored locally, and then passed to various apps/platforms/social media at registration time.

In the bill's committee hearing last week, I and several other people told the bill sponsors that we understand the problem you're trying to solve, but that this is a terrible way to solve it. Many speakers offered to help advise the bill authors on implementing a less fragile, more secure, less susceptible system, but they wouldn't budge. Not a single committee member voted no on a motion to advance the bill to the "committee of the whole" - i.e., the full legislature for a final vote.

The only hope now is for people to reach out to legislators to ask them to vote no on the final bill draft. Otherwise, we're going to get stuck with a really dumb bill that gets signed into law on a "but...think of the children!" appeal, with no hope of being implemented properly.

It's notable that this Apple system would not satisfy the requirements the bill sets up.

#COpolitics #ElectMoreHackers #ageAttestation #childsafety #onlinesafety

Last night I attended the #Boulder BVSD school district's District Accountability Committee meeting. I am the representative to my kids' high school at the DAC, that advises the school board on policy matters. It's a commitment I made to staying involved in local school operations, regardless of the outcome of the election last year.

The DAC is considering updates to policies surrounding the searches of and interrogations of students on school grounds. The DAC policy subcommittee made several positive changes that strengthen the protections this policy gives to students, who under these kind of circumstances are obviously in a power-imbalance situation.

But there was one change that I couldn't abide, and when I brought it up, it started a nearly hourlong debate in which many other DAC representatives chimed in with their own concerns.

The change was to give schools the permission to search students' mobile devices and laptops. It was a one-line insertion into an existing policy that gives school officials permission to search student lockers.

I made the point that phones/laptops often contain highly sensitive, personal information that falls outside the scope of any legitimate investigation, and that the language was overbroad and failed to take into account the need for student data privacy and limiting the scope of the search, and raises significant civil rights issues.

Another DAC member raised the issue that the policy seems to lay the responsibility for students maintaining the security of their devices on the students, even when an adult has access to those devices, which seemed weirdly out of sync.

Yet another DAC member was concerned that there was no guidance about how such searches would be conducted, and under what circumstances. Doesn't changing a policy like this lead to potential 'fishing expeditions' on specious evidence or even just allegations of misbehavior without evidence?

In the end, the DAC thought this policy would sail through and be passed along to the BVSD board for their approval next week. I think the policy needs significant rework and there's no way the board should pass it in its current form. I will speak at the school board meeting next week to get that point across, because the way it looks right now, I would not want my name connected to this policy.

#COpolitics #BVSD #SchoolBoard #policy #electmorehackers #4thAmendment #PolicyHackers #education #USPol

The Aspen Tech Policy Hub is organizing some training in how hackers can engage in tech policy by learning how to speak and write effectively to communicate with lawmakers. They're calling it "The Cyber Civil Defense Policy Training Series"

The first one starts next Tuesday.

Sign up for one, or all three, here: https://aspenpolicyacademy.org/short-courses#cybersecurityseries

#ElectMoreHackers #TechPolicy #Policy #engage #engagement #fightforthefuture #AspenTech #AspenTechPolicyHub

My local Colorado assembly representative, Junie Joseph, went to the #DNC this week to represent our state as an elector and delegate for Kamala Harris. I had given her a stack of stickers to hand out to fellow delegates and attendees. I did not expect that she would write about it in her newsletter and send me pictures!

#ElectMoreHackers

Greetings, hacker family. Today, the Elect More Hackers project launched its updated website and is initiating the process of registering as a 501(c)4 nonprofit for political organizing and advocacy purposes.

(Are you a lawyer who is willing to help with this? We can't pay you right now, but we'd still love your help!)

I'm @andrewbrandt and decided to spearhead this project after my experience running for office in 2023. I was not successful in my campaign to run for a local school board here in Colorado, but the experience taught me two things: I made a lot of allies and friends -- more than 25,000 people voted for me in that election -- and people really want their elected officials to listen to them, and to respond to the myriad issues that we all face.

Everywhere I go, I still run into people who recognize me, thank me for having run and tell me that they voted for me. ❤️ Thank you!

When I ran, I put my experience as a journalist and information security analyst front and center of my campaign. In schools (as everywhere else), the accelerating volume of challenges posed by the internet and modern technology has outpaced the ability of more traditional political actors to address them.

I made the idea of electing hackers central to my campaign. Voters were surprisingly receptive to this idea. Even I had no idea how valuable that background is when nobody else in politics knows how to answer questions about the risks of generative AI, or how cybercriminals operate.

I also made it a priority to show up and participate in local events - caucuses with my neighbors; door-knocking and flyer distribution; public comment to the school board, city council, and state assembly; collecting petition signatures; making calls; writing postcards.

And now I'm using what I learned to encourage others in my field to get out there to run for office and be their whole, authentic selves doing it. I hope you'll take up the challenge yourself, or encourage that one person you know who's super politically interested (but has never run for anything, or even considered it) to toss their hat in the ring.

Because you can't win if you don't play, and right now, at this point in history, none of us can afford to sit back and hope someone else will take care of our problems for us. Most of the people in power today already haven't (and some have made things demonstrably worse).

It's time for us to lift up the best hackers among our number -- and we are LEGION -- and start bringing up a new progressive, tech-savvy, and enthusiastic team downballot to give everyone someone to cheer for.

Because yes, it's entirely possible that you may be the person who rolls that snowball down the hill and begins a landslide.

I hope you'll join us for the ride. It's going to be wild. 🖖

#COpolitics #Boulder #ElectMoreHackers #USPol #politics #grassroots #campaign

Exciting news, #hackers: the #KamalaHarris campaign will be hosting a reception to support her candidacy at #Defcon on August 8.

If you're interested in protecting our democracy and supporting a candidate who understands what a future looks like that hasn't been captured by corporate tech interests, I encourage you to join me in donating and attending this special event.

The donation link is https://secure.kamalaharris.com/a/mid-a-bvf

#ElectMoreHackers #COpolitics #politics #USPol #hacking #cyberspace

This week in the #AIpocalypse, Google's #Gemini #AI scrapes the content of #Google #Drive storage without asking permission. The feature cannot be turned off and it has already resulted in the leak of one user's tax return information.

https://www.tomshardware.com/tech-industry/artificial-intelligence/gemini-ai-caught-scanning-google-drive-hosted-pdf-files-without-permission-user-complains-feature-cant-be-disabled

#ElectMoreHackers #ThereOughtaBeALaw