Friday, December 31, 2010

No doubt the Privacy Foundation will have to come up with a “Top Ten” list...

The Top 10 Privacy Stories of 2010

December 30, 2010 by Dissent

Declan McCullagh of CNET published a round-up of some of the stories that made privacy news in the U.S. this past year. But what were the top stories or the most important ones? Over on Liminal States, Jon Pincus posted his list, inspired by a Twitter privacy chat two weeks ago. A subsequent poll on Twitter drew 59 responses as to top story. Yours truly forgot to vote in time, but that’s okay.

As I mentioned in a previous blog post and on Jon’s blog, my priorities seem to be somewhat different than many of those who are also deeply concerned about privacy. In some respects, the Top 5 Privacy Violations of 2010 by Jeffrey Evans come closer to what I see as important privacy stories or developments.

So after giving it a bit more thought, here’s my list of the Top 10 Privacy Stories of 2010 for the U.S., in no particular order and for better or worse:

  • Tyler Clementi’s suicide

  • Karen Owens’ “paper” on sexual encounters goes viral and names names

  • Facebook changes everyone’s privacy settings

  • Homeland Security in Pennsylvania and their contractor surveill environmental protesters like terrorists

  • TSA introduces “enhanced” patdowns and backscatter machines that trample privacy, dignity, and civil liberties

  • Schools start fingerprinting school children and putting tracking devices on them

  • Lower Merion School District sued for recording students in their homes via webcam

  • Some courts rule that GPS surveillance and cell phone location records require warrants

  • Don’t Ask Don’t Tell repealed

  • Arizona enacts “papers, please” law

Yes, I know I don’t have most of the online tracking and regulatory stories listed. Frankly, those issues are just not as important to me. Your mileage, of course, may vary.

They will. They won't. They will. They won't.

BlackBerry denies India email access deal as struggle continues

December 30, 2010 by Dissent

Earlier today, I referenced a story from December 21 and indicated that Research in Motion had caved in to India’s demands to provide an encryption key to Blackberry email services. I’ve corrected that post in light of additional information. A story in today’s Economic Times of India resulted in a strong response from Research in Motion to set the record straight on exactly what RIM agreed to – and didn’t agree to. Josh Halliday reports:

BlackBerry-maker Research In Motion has hit back at reports that it is ready to allow Indian authorities access to customers’ highly-secure corporate emails.

The Canadian manufacturer slammed as “false and technologically infeasible” an Economic Times of India report which said that it will allow the Indian government access to all messages and emails sent by its 400,000 BlackBerry customers in the country. An internal home ministry memo, apparently seen by the paper, suggested that RIM would automatically make readable all BlackBerry communications, including encrypted enterprise emails.

RIM quickly refuted the charges, saying that only an account holder has the necessary key to decrypt the messages. But it confirmed that security authorities and mobile operators will be granted “lawful access” to the popular BlackBerry Messenger chats.

Read more in the Guardian.

My apologies to Research in Motion for misunderstanding earlier reports.


India Cracks Down on Unauthorized Communication Snooping

December 30, 2010 by Dissent

Maybe this should be filed under “irony” in light of governmental attempts to increase its own surveillance capabilities, but John Ribeiro reports:

The Indian government on Thursday said that it has discovered that private vendors, detective agencies and companies have imported equipment that is capable of illegally monitoring mobile and other communications.

In a statement through the country’s Press Information Bureau (PIB), the government has warned that under the law, no equipment can be used for unauthorized communication network monitoring, intercepting and surveillance of communications.

Read more on PCWorld.

Implications for Health Records in the Cloud?

Iowa Supreme Court upholds right to privacy of medical records

By Dissent, December 30, 2010

Michael J. Crumb of Associated Press reports on a case where grandparents seeking their adult child’s mental and physical health records as part of a visitation dispute concerning their grandson were turned away by the Iowa Supreme Court. The grandparents had sought their daughter’s records after she refused to allow them to have contact with her young son. Crumb reports that the court overturned a lower court’s ruling requiring production of the records:

A district court ordered Mulligan to produce her physical and mental health records to her parents, because the Ashenfelters had to prove their daughter was unfit to make a decision regarding grandparent visitation.

Mulligan appealed and the Supreme Court reversed the district court’s decision, deciding that the records were protected by Mulligan’s constitutional right to privacy.

Importantly, the court did not have to rule in this case if it chose not to, as a change in state law made the grandparents’ case moot.

But justices moved forward with ruling on the case, because “we believe individual privacy interests in medical and mental health records presents an issue of great public interest. We foresee this issue arising in the future, in the context of grandparent visitation as well as other civil contexts.”

Read more in the Chicago Tribune.


Information Sharing in Criminal Justice-Mental Health Collaborations: Working with HIPAA and Other Privacy Laws

Understanding the legal framework of information sharing is the crucial first step for jurisdictions seeking to design and implement effective criminal justice-mental health collaborations. This guide supports that first step by introducing how federal and state laws are likely to influence practitioners’ responses.

Gaming the system. “On the Internet, nobody knows you're a Democrat.”

Democrats Crowdsourcing To Vote Palin In Primaries

"In what could be the most extreme and influential crowdsourcing project ever, Democrats are beginning to organize to purposely vote for Palin in the 2012 Republican primaries. Their theory is by having Palin as an opponent, Obama will have the best odds at winning reelection. Recent polls have shown that Obama comfortably leads Palin by 10-20 points, but Obama is statistically tied with Romney and barely ahead of Huckabee. They even have a state-by-state primary voting guide to help Democrats navigate various states' rules for voting Palin in Republican primaries."

Considering Amazon's success, this isn't a surprise but I wonder about the percentages...

Study: So people do pay for online content

It's a long-standing truism that people won't pay for online content, but a new study from Pew Internet suggests otherwise.

Among the 750 Internet users in the U.S. surveyed by Pew for a study out today, 65 percent said they've paid for online content.

… Digital music and software proved to be the most popular items, with 33 percent of those questioned willing to pay for them online. Mobile apps were next in the list, with 21 percent saying they've bought them online. Other common items were digital games, magazine and newspaper stories, videos, and ringtones.

Lower on the list were cheat codes for video games and access to specific Web sites, such as online dating services. And only 2 percent admitted to buying adult content online.

How much are people willing to spend? On average, the people polled spend around $10 per month on online content. The majority (43 percent) spent amounts ranging from $1 to $10, while 25 percent said they spend between $11 and $30. And 7 percent said they spend around $100 a month.

Most (23 percent) of those surveyed said they pay for subscription services as opposed to the 16 percent who download individual files and the 8 percent who access streaming content.

Some surveys have found that many people won't pay for online content, at least not for specific types of content, such as newspaper subscriptions. But the rise in broadband is making it increasingly easier and faster for people to download and pay for the content they want, such as software, movies, music, e-books, and even news articles, according to Pew.

Record retention. Something for all my IT students. There are some very specific suggestions in the article.

Future-proof your data archive

It's easier than ever to make sure copies of your most important records, documents, photos, videos, and other personal data will be readable/viewable/playable long after the hardware and software used to create the files have bitten the dust.

The four keys to safe data archiving are to choose file formats that won't become obsolete, use storage media that won't deteriorate or become inaccessible, make multiple copies stored apart, and check your archived data regularly to ensure it's still readable.

Replacing those Bar Review courses?

BarMax, The $1,000 App (That’s Actually Worth It), Hits The iPad

It was just about a year ago that we first wrote about BarMax, an iPhone application meant to help law student pass the Bar exam.

Thursday, December 30, 2010

Just a quick heads-up!

Data Privacy Day 2011 is January 28th – Mark Your Calendars!

December 29, 2010 by Dissent

Whether you call it Data Privacy Day in the U.S., or European Privacy & Data Protection Day, mark your calendars for January 28, 2011!

Here are some privacy-related events going on that week. Most are free; but a $ symbol indicates that there’s a registration fee.

[Here's the one we can walk to...

The Privacy Foundation (Sturm College of Law, U. of Denver): World Privacy Lunch

Details to be Announced

Another case of “We make it so convenient, anyone can get your money!” After all, how can you prove it wasn't you?

ID thieves zero in on home equity lines of credit

December 29, 2010 by admin

Dan Browning reports:

Burnsville resident Mike Calcutt says he was stunned last March when he learned that someone had run up nearly $90,000 in unauthorized charges on his home equity line of credit account at Affinity Plus Federal Credit Union.

His shock turned to anger when the credit union informed him that he’d have to repay the money.


Turns out, Affinity Plus let someone set up telephonic banking privileges on his account, Calcutt said. Then someone executed a series of nine transfers — each just below $10,000 — from his credit line to his savings account. And finally, someone got the credit union to wire the money to a drop account in Boston, from which it has disappeared.

Read more in the Star Tribune, where Browning also reports on other similar cases.

Related: Complaint in Calcutt v. Affinity Plus

For my Ethical Hackers...

At what point do companies (and governments) go beyond ignorance?

Unsmart Investments in Smartcards

Let this be a lesson for companies implementing smartcard systems: If you don’t want people creating money from nothing, pay attention to the security research before investing.

… Taipei’s EasyCard system has been in place since 2001, largely as a means of paying for the subway, bus, taxis and parking. It has also been widely known to use a smartcard system called MIFARE Classic, produced by NXP Semiconductors, the security of which was publicly demonstrated to be broken by CCC members at their annual congress three years ago.

This break is no secret. It was publicized at the time, is noted on Wikipedia, and the issue was noted by NXP itself on its Web site, which today says the MIFARE Classic offers “basic levels of data security.”

… Welte knew the MIFARE system was weak. That isn’t necessarily a problem — if, say, someone tries to hack a $50 dollar card to read $500, but there’s a backend server verification check that says this card is only supposed to have $50, the problem is more or less solved.

… The city government and EasyCard know about the problem, he said. Taiwanese researchers have tried to warn them, and the research is publicly available online. The problem is companies trying to rely on “security through obscurity” — using proprietary but unsafe encryption — and trying to save money by not investing in solid security.

Wednesday, December 29, 2010

All kinds of interesting questions arise. Do corporations have a right to privacy? Is any of this covered by whistle-blower laws? Is this a “security breach” that must be reported? Perhaps corporations will finally realize how important it is to know what data they have and who accesses it!

December 28, 2010

Forbes: WikiLeaks And The New Corporate Disclosure Crisis

WikiLeaks And The New Corporate Disclosure Crisis - Stephanie Nora White and Rebecca Theim: "If the scandals that have plagued corporate America in the past two years haven't gotten you thinking about your own company's vulnerabilities, then the latest revelations out of WikiLeaks certainly should. In an interview with Forbes' Andy Greenberg, WikiLeaks founder Julian Assange declared that half the documents that have been fed to the organization are from corporations, and that sometime early next year his organization plans what presumably will be the first of many corporate disclosures. It will begin with information about one of the nation's leading banks. The target is rumored to be Bank of America, and the bank's stock tumbled 3% shortly after the rumors were publicized. Got your attention now? WikiLeaks is promising to give a voice to the disenfranchised, disgusted and disillusioned within Corporate America, those who have knowledge of company behavior ranging from distasteful to criminal. "Companies turn people into leakers by their failure to listen, look and respond," says business consultant and author Margaret Heffernan, whose forthcoming book, Willful Blindness: Why We Ignore the Obvious at Our Peril, will tackle the issue. In other words, it will no longer be a company's general counsel who will decide if and when something is disclosed to the public. Now, it's any insider with a flash drive who's troubled or disgruntled by an organization's conduct. And the types of information WikiLeaks is disclosing can be more damaging--and memorable--than a traditional corporate crisis."


The SEC Investigation Into Private Stock Sales Is All About The Glaring Lack Of Disclosure

The Securities and Exchange Commission is asking questions about private stock markets like SecondMarket and SharesPost. The SEC has sent “information requests to several participants in the buying and selling of stock” to a number of companies, reports the New York Times (although private market SecondMarket says they have received no request from the SEC). [Corrected: An earlier version of this story indicated that the private markets themselves received the information requests from the SEC, but the New York Times does not specify which firms were contacted].

Over the past year, trading in shares of still-private companies such as Facebook, Zynga, and LinkedIn has skyrocketed, allowing employees and early investors to sell their shares even without an IPO. About $400 million worth of shares will pass hands this year on SecondMarket, which is the largest of the private exchanges, up from about $100 million in 2009. The lack of liquidity because of the general postponement of IPOs among many Internet startups is fueling this growth. Only qualified institutions and high net-worth individual investors are allowed to participate in these markets, but as more and more shares trade hands the SEC’s 500-shareholder rule could be triggered which would require the companies to report audited financial results just like a publicly-traded company.

… Facebook shares are the ones most in demand on these markets. They recently traded at an implied valuation of above $50 billion on SecondMarket, and $42.4 billion on SharesPost. A couple years ago, Facebook won an exemption from the SEC’s 500-shareholder rule by arguing that the shares were mostly held by employees, and it also changed the way it issued restricted stock.

...because if you shop at Harrods or subscribe to the Financial Times, you might be a terrorist!”

EFF: Government plans to pry into your privacy if you send any money overseas

Money laundering and terrorist financing are serious problems, but there are several troubling aspects in the new rules proposed by the Financial Crimes Enforcement Network (FinCEN). FinCEN, a bureau of the Department of Treasury, proposed that the government should be told your name, address, bank account number, taxpayer ID, and other sensitive financial information if you electronically transfer any amount of money out of or into the country. Depending upon the type of transfer, these reports could also include passport numbers or alien ID numbers, the amount and currency of the funds transferred, and the name and address of the recipient.

We have the technology so we have to use it. It's for the children!”

UK: CCTV ‘used to monitor schoolchildren in toilets and changing rooms’

December 28, 2010 by Dissent

Graeme Paton reports:

Schools are using CCTV cameras to spy on pupils in toilets and monitor teachers’ performance in the classroom, according to an official report.

The use of video surveillance has evolved in recent years from a security measure to a tool to keep checks on children and staff, it was disclosed.

A report by the Information Commissioner’s Office warned that many schools were flouting guidance on CCTV which insists cameras should only be used to monitor behaviour in exceptional circumstances.


The latest study, which features contributions from a series of academics, said: “The use of CCTV has migrated from perimeter security and access control to monitoring pupil behaviour in public areas such as in corridors and playgrounds, and to more private realms such as changing rooms and toilets.”

Read more in the Telegraph.

Related: Information Commissioner’s report to Parliament on the state of surveillance , November 2010.

(Related) “We don't need no stinking 'due process!'”

MO: Cheerleaders Sue School to Get Back on Team

December 29, 2010 by Dissent

Anyone who knows me will know that I never aspired to be a cheerleader while in high school. While some of my peers were practicing kicks, flips, and waving their pom poms around, I was out organizing political protests and engaged in activities related to civil rights. How ironic, then, that over 40 years later, I would be writing about a case involving cheerleaders in support of their civil rights.

Joe Harris reports:

Two cheerleaders sued a southwest Missouri school district after being kicked off the squad for allegations of cyber-bullying. The cheerleaders say the Seneca school district violated their constitutional rights by booting them off the squad.

No charges were filed against the girls by the Newton County Sheriff’s Department after an investigation into the cyber-bullying allegations, according to the federal complaint.

The girls, identified only as P.A. and K.E., say they have suffered alienation from fellow students and cheerleaders since they were kicked off the cheerleading squad in June this year. They say they “were punished for conduct alleged, but yet not proven in any administrative hearing or court of law, to have occurred off campus and not on school time.”

Read more on Courthouse News.

This issue of whether schools can discipline students for behavior that occurs off-campus has been coming up more and more in the past two years. These cases raise issues about student privacy, the scope of a school’s authority, and issues of whether some conduct is protected speech. In this case:

The district’s attorney, Tom Mickes, told The Joplin Globe that several court rulings have found that extracurricular activities are not protected under the Constitution.

That may be true, but that doesn’t grant public entities such as school districts the ability to deprive children of public education or any benefits thereof based on any “policies” under color of state flag. Is this an “over-reach” of a school district’s authority?

Apart from the due process issues raised in the complaint in this case, what if a school district had a policy that said that students who engage in neo-Nazi groups outside of school are barred from school or participating in after-school clubs because it would create a “hostile” school environment for black or Jewish students? We’d all recognize the First Amendment issue.

Where is the line, if there is one, in determining what extra-curricular activity or speech can be used to deny a child of the full range of opportunities provided by taxpayer dollars-funded public education? Can public education be made contingent on compliance with a school’s “code of conduct” or “policies” applied to extra-curricular behavior if the behavior is not a violation of law? The complaint does not specify what behavior or “cyber-bullying” the plaintiffs allegedly engaged in outside of school, but if there has been no due process and no criminal charges ever filed, as alleged, on what basis does a district punish a student?

Sooner or later, this issue will get to the Supreme Court. For now, this is one of the cases I will be watching.

How good are Microsoft's lobbyists?

France Planning Non-Windows Tablet Tax?

"Lots of countries around the world have private copying 'levies,' which are effectively taxes on products that store data, which is put into a pool to be handed out to copyright holders, as a sort of payment for the 'copying' that individuals do. This was quite popular with blank CDRs, for example, but has been expanded in certain countries to cover hard drives, iPods and other such devices. Over in France, they're looking to expand the levy to tablet computers, but apparently if that tablet computer is running Microsoft Windows, it will be exempted from the tax. iPads and Android-powered tablets will have the tax. Why? Well, the argument is that if a tablet is running Windows, it's really a 'computer.' But if it's running one of those 'mobile' operating systems, suddenly it's a brand new category. Not surprisingly, makers of Android tablets — including the French company Archos — are not at all happy about this."

For my Ethical Hackers

Breaking GSM With a $15 Phone … Plus Smarts

Speaking at the Chaos Computer Club (CCC) Congress here Tuesday, a pair of researchers demonstrated a start-to-finish means of eavesdropping on encrypted GSM cellphone calls and text messages, using only four sub-$15 telephones as network “sniffers,” a laptop computer and a variety of open source software.

A true time saving technology! For everyone who expects lame Christmas gifts?

Amazon tech helps return gifts before you get them

Amazon might have a simple solution in store for those who get disappointed every holiday season by undesirable gifts.

The company has been awarded a patent that allows gift recipients to automatically exchange items before they receive them. The solution would offer those ungrateful recipients the opportunity to choose something else or get a gift card without necessarily indicating to the sender that it wasn't accepted.

Automating and off-shoring. I don't worry about this, I'm already egg shaped...

Korean schools welcome more robot teachers

If you thought your English teacher was a robotic bore, spare a thought for kids in South Korea. They're being taught by real robots.

The city of Daegu introduced 29 robot teachers in 19 elementary schools as part of a large-scale project to robotize teaching. The ambitious effort envisioned robots in all 8,400 kindergartens in Korea by 2013.

Kids at Hakjung Elementary School seemed thrilled to interact with robots like the globular Engkey (above and in the vid below). It's about 3.2 feet tall and rolls around the classroom on wheels, asking questions in English and dancing to music.

Developed by the Korea Institute of Science and Technology (KIST) at a cost of some $1.39 million, Engkey is a telepresence bot, controlled by teachers in the Philippines.

A resource for my students.

Sixty Symbols

...a collection of videos featuring scientists at the University of Nottingham giving short, sometimes humorous, explanations of the symbols of physics and astronomy. [Including Einstein's favorite, the Vuvuzela Bob]

Tuesday, December 28, 2010

Like many breaches, this one continues to grow as the client organizations notify their customers and we are able to link it back to the company responsible for the failure.

American Honda Motor Co – Customer Info Exposed

December 27, 2010 by admin

Rafal Los writes:

Alright, so Honda’s web sites didn’t actually get hacked, but like McDonalds they are on the receiving end of a lump of coal in their stocking for Christmas.

A post on Honda’s “” website for Honda Pilot owners hints at a data breach at a vendor maintaining a mailing list for customer of My Acura and Honda’s Owner Link websites. From the forums post, it would appear as though SilverPop, the same company that was behind the breach of email addresses and information, also included Honda [likely this is fallout from the SilverPop hack].

Read more of this Following the White Rabbit post on Infosec Island.

Unlike other entities reporting a breach involving an email marketing vendor, Honda says no passwords were acquired or at risk:

American Honda Motor Co., Inc. recently became aware of unauthorized access to an email list used by a vendor to create a welcome email to customers who have an Owner Link or My Acura vehicle account. The data that was obtained included your email address, your name, Vehicle Identification Number (VIN) and User ID. Your password was not included and no other sensitive information was contained in that list.

SilverPop has not publicly named entities affected by the breach, nor have they issued any additional updates since their Dec. 15th statement on their blog.

One more anti-Behavioral Advertising lawsuit

Apple Apps Give Information to Advertisers, Suit Says

December 27, 2010 by Dissent

Joel Rosenblatt reports:

Apple Inc. was sued over claims that applications for the company’s iPhone and iPad transmit users’ personal information to advertising networks without customers’ consent.

The complaint, which seeks class action, or group, status, was filed on Dec. 23 in federal court in San Jose, California. The suit claims Cupertino, California-based Apple’s iPhones and iPads are encoded with identifying devices that allow advertising networks to track what applications users download, how frequently they’re used and for how long.

Read more on Bloomberg Businessweek.

Governments often acknowledge Audits, then ignore them.

Auditors Question TSA's Tech Spending, Security Solutions

"Government auditors have faulted the TSA and its parent agency, the Department of Homeland Security, for failing to properly test and evaluate technology before spending money on it. The TSA spent about $36 million on devices that puffed air on travelers to 'sniff' them out for explosives residue. All 207 of those machines ended up in warehouses, abandoned as unable to perform as advertised, deployed in many airports before the TSA had fully tested them. Since it was founded in 2001, the TSA has spent roughly $14 billion in more than 20,900 transactions with dozens of contractors, including $8 billion for the famous new body scanners that have recently come under scrutiny for being unable to perform the task for which they are advertised. 'TSA has an obsession of finding a single box that will solve all its problems. They've spent and wasted money looking for that one box, and there is no such solution,' said John Huey, an airport security expert."

So that's one crime solved for every 2000 or so cameras? How many additional police officers would that pay for? They at least have the potential to prevent crime...

London Police Credit CCTV Cameras With Six Solved Crimes Per Day

"CCTV cameras across London help solve almost six crimes a day, the Metropolitan Police has said. According to the article, 'the number of suspects who were identified using the cameras went up from 1,970 in 2009 to 2,512 this year. The rise in the number of criminals caught also raises public confidence and counters bad publicity for CCTV.'"


There are up to 4.2m CCTV cameras in Britain - about one for every 14 people.

(Related) We're talking toy drones here. Fortunately, they don't come with toy missiles. Imagine how the government might react when (not if) someone uses these toys for “terrorist acts”

German politicians see camera drones as data protection risk

December 27, 2010 by Dissent

Flying drones that take pictures of foreign subjects may sound like part of a military arsenal, but they’re also available to consumers now. Consumer Affairs Minister Aigner has called the new devices a privacy threat.

… some German politicians are concerned about privacy issues relating to the toys priced at 299 euros ($393) and steered by devices like the iPhone and iPad.

“Even just by using the small, helicopter-like hobby models, people can quickly go beyond the limits of the law,” said Ilse Aigner, Germany’s consumer affairs minister, in an interview with the Deutsche Presse Agentur.

For example, if hobbyists or children fly the AR.Drone onto neighbors’ property and capture images of them in their home without their permission, the photographs could already stand in violation of data privacy laws.

Read more on Deutsche Welle.

First a Barbie with a built-in cam and now these toy drones? Will we need regulation of toys for privacy risks? What next?

Is this one of those commie ideas?

Putin Orders Russian Move To GNU/Linux

"Vladimir Putin has signed an order calling for Russian federal authorities to move to GNU/Linux, and for the creation of 'a single repository of free software used in the federal bodies of executive power.' There have been a number of Russian projects to roll out free software, notably in the educational sector, but none so far has really taken off. With the backing of Putin, could this be the breakthrough free software has been waiting for?"

I can see the advertising pitch now: “School Districts! Why pay for a gym and sports teams? Replace all that with video games!”

Microsoft Kinect With World of Warcraft

"Researchers at the University of Southern California Institute for Creative Technologies have developed software that enables control of PC video games using the Microsoft Kinect sensor. Their toolkit, known as the Flexible Action and Articulated Skeleton Toolkit (FAAST), emulates custom-configured keyboard controls triggered by body posture and specific gestures. This video shows a user playing the online game World of Warcraft using the Kinect. Potential applications of this technology include video games for motor rehabilitation after stroke and reducing childhood obesity through healthy gaming."

Could this be a budget saving idea in the US?

Portugal's Decriminalization of Drug Use Pays Off; U.S. Eyes Lessons

Drugs in Portugal are still illegal. But here's what Portugal did: It changed the law so that users are sent to counseling and sometimes treatment instead of criminal courts and prison. The switch from drugs as a criminal issue to a public health one was aimed at preventing users from going underground.

Here's what happened between 2000 and 2008:

-- There were small increases in illicit drug use among adults, but decreases for adolescents and problem users, such as drug addicts and prisoners.

-- Drug-related court cases dropped 66 percent.

-- Drug-related HIV cases dropped 75 percent. In 2002, 49 percent of people with AIDS were addicts; by 2008 that number fell to 28 percent.

(Related) Additional criminalization?

MA: New drug law will track more prescriptions

By Dissent, December 27, 2010

Sarah Favot and Caroline Hailey report on prescription monitoring in Massachusetts:

Massachusetts residents face a new routine when they pick up certain prescription drugs at the pharmacy on Jan. 1.

Under a law passed last summer, they will have to show a driver’s license or another approved ID before the druggist can give them prescriptions ranging from addictive opiates to certain medicines for diarrhea. Their purchases will be recorded in a massive database that will include their names, addresses and the kinds and amount of pills they take.

The goal of the law is to combat the growing problem of prescription drug abuse, particularly among teens and young adults. According to one federal survey, Massachusetts ranked 8th among those 18-to-25 who have used drugs not prescribed to them.

The law is similar to legislation passed in 33 states and being initiated in another 10 states. Studies suggest the programs can help combat prescription drug abuse, but the law has other consequences that play against the national debate about the size and reach of government.

Read more on MetroWest Daily News

Monday, December 27, 2010


McDonald’s, CBS, Mazda & Microsoft Mine Data from Web Ads, Class Says

December 27, 2010 by Dissent

McDonald’s, CBS, Mazda and Microsoft use their Internet ads as a cover for data-mining, to identify the websites people visit, invading people’s privacy, misappropriating their personal information and interfering with the operations of their computers, a class action claims in Federal Court. “Defendants acted in concert with [nonparty] Interclick, mining consumers’ web browser histories for entries of particular relevance to defendants’ respective, customized advertising campaigns,” the complaint states.

Lead plaintiff Sonal Bose, of New York, N.Y., included Does 1-50 as defendants.

She claims McDonald’s committed its offenses, including violations of computer privacy laws, through its online World Cup-theme game in the summer of 2010.

CBS did it in an online ad campaign for its “online fantasy sports platform” before the 2010 Major League Baseball season began; Mazda did it in ads for its summer sales and 2010 models, and Microsoft did it during a 7-month ad campaign for its Windows Smartphone, according to the complaint.

Read more on Courthouse News.

(Related) and also inevitable. Why do you think he went to Law School?

Man quits job, makes living suing e-mail spammers

Eight years ago, Balsam was working as a marketer when he received one too many e-mail pitches to enlarge his breasts.

Enraged, he launched a Web site called, quit a career in marketing to go to law school [Law School recruiters take note! Bob] and is making a decent living suing companies who flood his e-mail inboxes with offers of cheap drugs, free sex and unbelievable vacations.

And while we're at it, let's go after those Behavioral Advertising types too...

Privacy groups ask FTC to probe drug companies’ online practices

By Dissent, December 27, 2010

Pamela Lewis Dolan reports:

Four privacy advocacy groups have filed a complaint with the Federal Trade Commission, asking it to investigate the online marketing practices of pharmaceutical companies.

The Center for Digital Democracy, Consumer Watchdog, the U.S. Public Interest Research Groups and the World Privacy Forum filed a 144-page complaint in late November alleging that certain websites allow pharmaceutical companies to collect patient information and information on physicians’ prescribing and treatment patterns to market health-related services or drugs directly to the consumers or physicians.

Among the sites the complaint targeted are Google, Yahoo and Microsoft, which operate data and advertising exchanges. The complaint also mentions by name Sermo, the social media site for physicians that has a partnership with Pfizer,, Everyday Health, Health Central, QualityHealth and WebMD, among others.

Read more on American Medical News.

So, cops can use technology to enhance what the “Mark I eyeball” can do.

Pennsylvania appeals court allows evidence obtained with GPS technology

December 26, 2010 by Dissent

Eryn Correa reports:

A Pennsylvania appeals court on Saturday overturned the Chester County Court of Common Pleas decision banning the use of evidence obtained with global positioning systems (GPS) technology. The three judge panel of the appeals court ruled to allow the admission [Daily Local News report] of evidence that could bring four more alleged burglaries to light. In 2008, GPS tracking devices had been placed in SUVs thought to be used in the commission of several burglaries around Philadelphia. The GPS devices later showed the SUVs at or near the scene of further crimes. Chester County Judge Thomas Gavin originally upheld the movement to suppress the evidence obtained by GPS citing a lack of case history and unease with the invasion of privacy such technology allowed.

Read more on JURIST.

Perhaps we could move trials “into the Cloud?”

December 26, 2010

New on Juror Behavior in the Information Age

Via - Juror Behavior in the Information Age: Ken Strutin focuses on the impact of social media on jurors who increasingly try to stay connected to work and home while performing their civic duty, and the resulting impact of the power of individual jurors to virtualize a trial by going online. His article collects recent and notable examples of juror online misbehavior and highlights scholarship and practice resources concerning its implications for voir dire, trial management and the administration of justice.

Sunday, December 26, 2010

Interesting bit about the “government in waiting” requirement. I was concerned this would become a “least common denominator” with demands for government subsidized “happy meals”

The Wrong Way To Weaponize Social Media

"NYU's Clay Shirky, in the new issue of Foreign Affairs, calls the U.S. government's approach to social media 'dangerous' and 'almost certainly wrong,' as in its favoring Haystack over Freegate. The Political Power of Social Media claims that the freedom of online assembly — via texting, photo sharing, Facebook, Twitter, humble email — is more important even than access to information via an uncensored Internet. Countering Malcolm Gladwell in the New Yorker, Shirky looks at recent uprisings in the Philippines, Moldova, and Spain to make his point that, instead of emphasizing anti-censorship tools, the US should be fighting Egypt's recent mandatory licensing of group-oriented text-messaging services."

Only part of Shirky's piece is available for non-subscribers, but Gladwell's New Yorker piece is all online.

[Download Shirky's article here:

(Related) ...and now we can create an automated rabble rouser!

How To Be Popular On Facebook, Quantified

"Network World reports that Facebook has just released an analysis of the word usage for about one million status updates from its US English speakers with the words in updates organized into 68 different word categories based on the Linguistic Inquiry and Word Count (LIWC)--a text analysis software program that calculates the degree to which people use different categories of words across a wide array of texts. The results? To be popular on Facebook all you have to do is write longer status updates, talk about music and sports, don't be overly emotional, don't talk about your family, don't refer to time and use the word 'you' a lot. Facebook's study also confirms something that bloggers and Fox News have known for years: negative comments produce more online activity. Sure, Facebook users might click the like button more often on updates expressing positive emotion. But Facebook found you can't beat negativity for user engagement, as dismal status updates garnered more comments than positive ones."

For my Ethical Hackers – Why Cambridge is a Great University...

UK Banks Attempt To Censor Academic Publication

"Representatives of the UK banking industry have sent a take-down notice (PDF link) to Cambridge University, demanding that they censor a student's webpage as well as his masters thesis (PDF). The banks' objection is that the information contained in the report might be used to exploit a vulnerability in the Chip and PIN system, used throughout Europe and Canada for credit and debit card payments. The system was revealed to be fundamentally flawed earlier this year, as it allowed criminals to use a stolen card with any PIN. Cambridge University has resisted the demands and has sent a response to the bankers explaining why they will keep the page online."

[From the response...

you seem to think that we might censor a student’s thesis, which is lawful and already in the public domain, simply because a powerful interest finds it inconvenient. This shows a deep misconception of what universities are and how we work. Cambridge is the University of Erasmus, of Newton, and of Darwin; censoring writings that offend the powerful is offensive to our deepest values. Thus even though the decision to put the thesis online was Omar’s, we have no choice but to back him. That would hold even if we did not agree with the material! Accordingly I have authorised the thesis to be issued as a Computer Laboratory Technical Report. This will make it easier for people to find and to cite, and will ensure that its presence on our web site is permanent.

Background music? Many of my website students link to their favorite artists...

UWall.Tv Turns YouTube Into Your Own MTV

Frustrated with how difficult it is to search YouTube for music videos, Argentinian web developer and co-founder Sebastian Vaggi has created allows you to search YouTube by artist, song or by music category like Vevo, with the added benefit of creating a custom music video playlist based on your search.

Saturday, December 25, 2010

Automating Congress?

December 24, 2010

Proposed U.S. House Rules Pave the Way for iPads and BlackBerrys?

Proposed U.S. House Rules Welcome (Quiet) Mobile Devices to the Floor: "In this last Congress, the 111th, the House operated under a rule that dictated that no one shall "smoke or use a wireless telephone or personal computer on the floor of the House." But, according to copy of the proposed rules just posted to the website of the Committee on Rules, that section has been tweaked for the 112th congress to give the Speaker of the House wide discretion in dictating what sort of mobile technologies members and staffers can bring to and use on the floor of the House.


December 24, 2010

Pew Study: Politics goes mobile

Politics goes mobile, by Aaron Smith, Lee Rainie, Dec 23, 2010: "More than a quarter of American adults – 26% – used their cell phones to learn about or participate in the 2010 mid-term election campaign. In a post-election nationwide survey of adults, the Pew Research Center’s Internet & American Life Project found that 82% of adults have cell phones. Of those cell owners, 71% use their phone for texting and 39% use the phone for accessing the internet. With that as context, the Pew Internet survey found that:

  • 14% of all American adults used their cell phones to tell others that they had voted.

  • 12% of adults used their cell phones to keep up with news about the election or politics.

  • 10% of adults sent text messages relating to the election to friends, family members and others.

  • 6% of adults used their cells to let others know about conditions at their local voting stations on election day, including insights about delays, long lines, low turnout, or other issues.

  • 4% of adults used their phones to monitor results of the election as they occurred.

  • 3% of adults used their cells to shoot and share photos or videos related to the election..."

For my Ethical Hackers

Analyze and Plot Local Wi-Fi Networks With inSSIDer

Here at MUO, we’ve offered a number of good tools to analyze Wi-Fi networks. Jack wrote up a good description of HeatMapper, an app that shows you the Wi-Fi strength in different areas of your home. Guy showed you how to use Xirrus to troubleshoot network issues.

These are both valuable tools, but I recently discovered another amazing Wi-Fi analysis tool that just blew me away and I knew I had to share it with MUO readers. The tool has been reviewed at a number of other tech blogs, so many of you might have heard of it. For those of you that haven’t, I’d like to introduce you to inSSIDer 2.0.

… you get the Mac address of the device, the network name of the router, the signal strength, channel, the router manufacturer and privacy settings (if any). Beyond that, it’ll also show you the latest network activity, and even the GPS coordinates of the router if you’ve configured a GPS device on your PC.

Profits at the interface? How to become a billionaire (and you can reward me with pre-ipo stock...)

Take The Red Pill: The Rise Of The Hybrid Startup

Several years ago, before Gilt, One King’s Lane and Zulily, I argued that some of the most valuable, disruptive tech startups would be in commerce, not advertising, cutting out the middle man rather than adding another one. It’s fair to say that 2010′s fastest-growing technology companies have largely been examples of this trend.

Now there’s a second trend emerging in 2011 that seems at least as important: the hybrid business, with one foot in the virtual world and one foot in the real world. This isn’t the old “clicks-and-mortar” concept from the 1990s, which put web glitter on an old-school business, building for Walmart. A hybrid business is built entirely from scratch, to be innovative in its online technology and its real-world operations.

… We’re in increasingly good company. In the past month, I’ve talked to half a dozen other companies with hybrid business models. These can work on a tiny scale: the developers of an iPhone app for tracking local specials use a Filipino call-center for contacting bars and restaurants across the country. Or hybrids can hit it big: Redfin’s newest board member ran a $7 billion chain of used-car lots based on the idea that a computer-driven system could value a trade-in more precisely than a person.

Friday, December 24, 2010

A small but typical breach. There was no security beyond a password, no security training, and no record of what information had been loaded on the laptop.

Computer with information on 3,100 Mankato Clinic patients stolen

A laptop computer with personal and medical information on more than 3,000 Mankato Clinic patients was stolen nearly two months ago. Randy Farrow, CEO of the Mankato Clinic, said Thursday that while they take the security breach very seriously, it is unlikely that anyone has accessed the password-protected information. [Unless they wanted to... Bob]

And Farrow said patients do not have to take any measures to protect themselves because no financial information, Social Security numbers or home addresses of patients were on the laptop data.

… The laptop contained a spreadsheet which included personal health information of 3,159 patients. The patient information includes: patient¹s full name, date of birth, medical record number, healthcare provider¹s name, encounter date, and diagnosis information.

… He said it took nearly two months to notify the public and patients about the theft as the clinic did it¹s own internal investigation and pieced together what was on the laptop and which and how many patients were affected. [Because they didn't know... Bob]

Farrow said nurses often travel between clinic locations and brings their laptops with them. [I must assume this means the laptops thay have been issued. They couldn't mean the nurses personal computer, could they? Bob]

The breach has prompted the clinic to institute more safeguards, including mandatory security training of all staff, using encryption software on all mobile computers and establishing a more stringent policy on mobile computer devices.

Local It's one thing to be “tough on illegal immigration” but quite another to fish for possible illegals by rummaging through tax records. (Shouldn't they be looking for illegals who DON'T pay their taxes?)

Judge issues permanent injunction against DA, Weld sheriff in Operation Number Games

December 23, 2010 by Dissent

Nate A. Miller reports:

A Larimer District Court judge has put a formal end to efforts on the part of Weld District Attorney Ken Buck and Weld County Sheriff John Cooke to crack down on illegal immigration and identity theft using records from a Greeley tax preparer.

In a decision Tuesday, District Judge Stephen Schapanski made permanent a temporary injunction issued against Buck and Cooke in April. The ruling directs the Weld County court clerk to destroy all copies of information obtained from the search and seizure of tax files from Amalia’s Translation & Tax Service in Greeley in 2008. Weld authorities also are forbidden from using any information learned from the contents of those files.

Read more in the Greeley Tribune. The ACLU’s press release can be found on the Colorado ACLU site.

There must be more to this, right? How did this make air travel safer?

Woman arrested at ABIA after refusing enhanced pat down

… Claire Hirschkind, 56, who says she is a rape victim and who has a pacemaker-type device implanted in her chest, says her constitutional rights were violated. She says she never broke any laws. But the Transportation Security Administration disagrees.

… Hirschkind said because of the device in her body, she was led to a female TSA employee and three Austin police officers. She says she was told she was going to be patted down.

"I turned to the police officer and said, 'I have given no due cause to give up my constitutional rights. You can wand me,'" and they said, 'No, you have to do this,'" she said.

Hirschkind agreed to the pat down, but on one condition.

"I told them, 'No, I'm not going to have my breasts felt,' and she said, 'Yes, you are,'" said Hirschkind.

When Hirschkind refused, she says that "the police actually pushed me to the floor, (and) handcuffed me. I was crying by then. They drug me 25 yards across the floor in front of the whole security."

An ABIA spokesman says it is TSA policy that anyone activating a security alarm has two options. One is to opt out and not fly, and the other option is to subject themselves to an enhanced pat down. Hirschkind refused both and was arrested. [How exactly do you “refuse” to “not fly” if they won't let you past security? Bob]

… The TSA did release a statement Wednesday that said in part, "Our officers are trained to treat all passengers with dignity and respect. Security is not optional." [Apparently it is. If you can refuse to fly... Bob]

(Related) Security Theater...

TSA Investigates Pilot Who Exposed Security Flaws

"The TSA is investigating a TSA deputized pilot who posted videos to YouTube pointing out security flaws. Flaws exposed include ground crew clearing security with just a card swipe while pilots have to go through metal detectors, and a 'medieval-looking rescue ax' being available on the flight deck. Three days after posting the video, 6 government officials arrived at his door to question him and confiscated his federal firearm (and his concealed weapon permit)."

For my Ethical Hackers

Two privacy-related bills signed into law this week

December 23, 2010 by Dissent

This week, President Obama signed several bills into law that have privacy implications. In addition to repealing Don’t Ask Don’t Tell, he signed The Social Security Number Protection Act of 2010 and The Truth in Caller ID Act.

The former bill is intended to help reduce identity theft by restricting the use of full Social Security Numbers on government-issued checks and by preventing prisoners from having access to Social Security Numbers. A number of media stories in the past few years had revealed how government agencies were contracting with prisons, who, in turn, had prisoners doing work that gave them access to SSN.

The second bill prohibits any person within the United States from knowingly transmitting misleading or inaccurate caller identification information “with the intent to defraud, cause harm, or wrongfully obtain anything of value.” Exemptions to the prohibition include law enforcement. People who violate the law may face forfeiture or criminal fines.


U.S. Commerce Department Unveils Online Privacy Framework

December 23, 2010 by Dissent

Richard L. Santalesa writes:

Though overshadowed by the December 1st release of the FTC’s Privacy Framework (see our coverage here, here, here and the report itself here), we wanted to at least give a nod before the year runs out to the Department of Commerce’s own report, entitled Commercial Data Privacy and Innovation in the Internet Economy: A Dynamic Policy Framework, and less formally known as the Internet Policy Task Force Privacy Green Paper (the “Report”), available here.

Read more on InformationLawGroup.

Think of this as a “personal drone” No doubt this will result in laws banning model aircraft in cities (or over Area 51?) but it does show the potential for “Google Drone”

Breath-Taking Aerial Video Footage from New York City – Taken by a RC Plane!

Expert remote control pilot Raphael “Trappy” Pirker recently took his 54 inch Zephyr model plane on a harrowing tour of Manhattan and the surrounding area. The best part: his RC vehicle was fitted with a camera that wirelessly transmitted an amazing recording of everything it saw – Pirker was piloting his craft with this visual feed. As you can see in the video below, the results were spectacular. The plane looks to be flying within a few feet of buildings and whizzing past bridges with ease. You have to check out around 2:01 when he starts to buzz the Statute of Liberty. Phenomenal! First person view (FPV) flying is a growing part of the RC community and watching footage like this I can certainly see why. Could the new era of personal video recording be spreading to the sky?

… Pirker has tested his RC and video electronics to a distance of 27 miles. According to calculations, the maximum range would be 120 miles!

… It’s the extreme nature of Pirker’s flight that has garnered him praise and condemnation. The Academy of Model Aeronautics issued a statement declaring his flight “posed a significant threat to people and property.” In an interview with FliteTest, Pirker explained that he didn’t violate FAA airspace (the Zephyr was a model craft), and that he and his team took precautions to make sure that the plane wouldn’t fall on innocent people in the case of failure.

For my Statistics students

Scientifically, You Are Likely In the Slowest Line

"As you wait in the checkout line for the holidays, your observation is most likely correct. That other line is moving faster than yours. That's what Bill Hammack (the Engineer Guy), from the Department of Chemical and Biomolecular Engineering at the University of Illinois — Urbana proves in this video. Ironically, the most efficient set-up is to have one line feed into several cashiers. This is because if any one line slows because of an issue, the entry queue continues to have customers reach check-out optimally. However, this is also perceived by customers as the least efficient, psychologically."

For the Swiss Army folder...

FreeFileConverter: Various File Format Conversion Tool

There are different online tools that can be used to convert files between formats of certain file types. This means you need to bookmark a separate conversion site for video, audio, and document files. Fortunately “FreeFileConverter” merges all of those conversion tools and presents them on a single dashboard.

The file can be of any type: audio, video, or a document. Using the site is very easy: you select a file from your computer or enter its URL, then select the desired output format, and click on the “Convert” button. The output format options are provided according to the type of file you select.

When the file is converted the output can be downloaded in the desired format or as a ZIP archive; sizes of both download types are provided with the download link. The output file is stored on the site’s servers for 12 hours.

Similar tools: Fileminx, Hamster Video Converter and YouConvertIt.

Also read related articles:

5 Easy-to-use Freeware Video Converters

Top Online File Converters (Video, Audio, Images …).