Tuesday, October 12, 2010

Darn, darn, darn!


Lower Merion district's laptop saga ends with $610,000 settlement

The Lower Merion School District will pay $610,000 to settle lawsuits over its tracking of student laptop computers, ending an eight-month saga that thrust the elite district into a global spotlight and stirred questions about technology and privacy in schools.

School board members voted unanimously Monday night to pay $185,000 to the two students who claimed the district spied on them by secretly activating the webcams on their laptops.

The bulk of the money, $175,000, will be put in trust for Blake Robbins, the Harriton High School junior whose family brought the issue to light in February. Jalil Hasan, who filed his lawsuit this summer after graduating from Lower Merion High School, will receive $10,000.

The district will also pay $425,000 in legal fees to their attorney, Mark S. Haltzman.

… School Board President David Ebby said the board decided to settle after the district's insurance company agreed to cover $1.2 million of the costs. That insurer, Graphic Arts Mutual Insurance, initially refused to pay any claims because it said privacy-invasion claims were not covered under the district's multimillion-dollar liability policy.

… "Although we would have valued the opportunity to finally share an important, untold story in the courtroom, we recognize that in this case, a lengthy, costly trial would benefit no one," he said. [Sure they would... Bob]

Still unresolved is how much the district will pay out of pocket. A team of lawyers and computer specialists it hired has submitted more than $1 million in bills. And the attorney for at least one other student has notified the district that he was contemplating a lawsuit.

[The school board's statement is here: http://www.lmsd.org/sections/news/default.php?m=0&t=today&p=lmsd_anno&id=1456



Lower Merion School District and Blake Robbins Reach a Settlement in Spycamgate

October 12, 2010 by Dissent

Over on Forbes, Kashmir Hill discusses the settlement in the Lower Merion webcam civil suits that have been discussed on this site previously. As reported last night, the two civil suits settled for $610k, with the lawyer getting the bulk of the settlement, presumably to cover all his time in court seeking an injunction, payment for forensics and consultants, etc.

The case has had a number of repercussions. First, it made other schools and parents more aware of the capability of school-issued laptops to surveill students – with or without their knowledge. Second, it served as a useful call-to-arms to protect and preserve student and youth privacy. Whether Blake Robbins, the student at the heart of the civil suit, actually has experienced any lasting psychological injury or harm as a result of his experiences is unknown to me, as people may try to make light of a traumatic experience to help reduce their anxiety. I hope that if he has suffered adverse emotional consequences, he’s able to get help and put some of this behind him. Sadly, once trust is violated, it’s very difficult to rebuild it or ever be so trusting again. Discovering that your school is taking pictures of you while you were in your bedroom would be very disturbing for most of us, I suspect, and might leave us with a sense of unease in dealing with the school.

Hill suggests one take-home message from the case:

A lesson for others from all this: One of the biggest problems for Lower Merion was that school administrators did not disclose from the beginning to students and their parents that the school could remotely activate the laptop cameras and take photos. If they had, they likely would not have gotten into so much legal trouble of the civil variety. (They were fine on the criminal front — prosecutors declined to pursue a case against the district.)

Transparency pays off. Lower Merion’s lack of transparency now means it has to pay off.

While I agree with her completely that transparency would have helped, I don’t think that makes it okay to be taking pictures of students in their home. The school district’s right and need to track possibly stolen equipment can be accomplished in other ways that do not risk invading students’ or families’ privacy in their homes. And maybe the take-home message we want people to get is that students still do have some privacy rights.

It's one of them lawyer things: Storing email electronically does not make them “electronic storage”


Emails on laptop not protected by the Stored Communications Act

October 12, 2010 by Dissent

Evan Brown comments on Thompson v. Ross, 2010 WL 3896533 (W.D. Pa. September 30, 2010):

Messages from Yahoo and AOL email accounts saved on laptop computer were not in “electronic storage” as defined by Stored Communications Act.

Plaintiff’s ex-girlfriend kept his laptop computer after the two of them broke up. The ex-girlfriend let two of her co-workers access some email messages stored on the computer. Plaintiff filed suit under the Stored Communications Act. Defendants moved to dismiss. The court granted the motion.

Read more on Internet Cases.

Is this the best indication that “you have no privacy?”


The Slow Demise of Defamation and the Privacy Torts

October 11, 2010 by Dissent

Daniel Solove writes:

The ABA Journal reports that the number of libel suits has been steadily dropping in the United States


Why is this happening? Is it because there’s much less defamation or invasion of privacy today? I strongly doubt that’s the reason. Instead, I can think of several reasons for the decline in defamation and privacy trials.

Read Dan’s commentary on Concurring Opinions. As always, he provides a lot of food for thought.

(Related) ...but maybe not in Canada.


Mirror, mirror on the web

October 12, 2010 by Dissent

donalee Moulton discusses online reputation:

… The study, Digital Footprints: Online Identity Management and Search in the Age of Transparency, also discovered that fully 60 per cent of Internet users surveyed said they are not worried about how much information is available about them online. Similarly, the majority of online adults (61 per cent) do not feel compelled to limit the amount of information that can be found about them online. Just 38 per cent said they have taken steps to limit information available about them.

Caution is required, however. And action is a viable option. “You have to be careful what is being said. There is recourse,” noted Giles Crouch, chief executive officer of MediaBadger, a social media research and consulting firm in Halifax.

Indeed, said Fraser, “you have at least a measure of control. If it’s defamation, you can take legal action.”

That action was apparent in Nova Scotia in a recent court case that highlighted the extent to which individuals — and the courts — will go to protect their reputation. In Mosher v. Coast Publishing Ltd., 2010 NSSC 153, the Supreme Court of Nova Scotia determined that information about individuals who posted online comments following a story in The Coast newspaper alleging racism in the Halifax Regional Municipality fire department and, in particular, against two senior officials, should be provided.

Read more on The Lawyers Weekly.

Behavioral Advertising


Markey and Barton release web site operators’ responses to consumer tracking inquiry

October 11, 2010 by Dissent

Related to the recent WSJ article about responses to a congressional inquiry on consumer tracking, two Representatives have now released the responses of the major web site operators. From the press release:

Representatives Edward J. Markey (D-Mass.) and Joe Barton (R-Texas), Co-Chairman of the House Bi-Partisan Privacy Caucus, today released responses to the letters they had sent to companies identified in a Wall Street Journal investigation as reportedly installing intrusive consumer-tracking technologies to track and/or target consumers visiting these company Web sites.

“The responses raise a number of concerns, including whether consumers are able to effectively shield their personal Internet habits and private information from the prying eyes of online data gatherers,” Rep. Markey said. “Consumers may be unaware that the sites they visit, coordinating with a cadre of analytics firms, advertising networks and offline data companies, may be tracking their activities around the Internet. While the responses that Rep. Barton and I received cite privacy policies and opt-out choices to enable consumers to preserve their privacy, these policies can be complicated and laborious to navigate. For example, a single website may have business relationships with a dozen or more third-party data firms that display advertisements on its site. A consumer may have to visit each of these sites, consulting its privacy policy and clicking through to opt-out, if such an option is provided. In some cases, a list of all third party affiliates is not readily accessible, keeping consumers in the dark.”

Copies of the responses are available here:

Merriam Webster
About Group

(Related) Note that there is no response from Facebook in the previous article.


Deleted” Facebook photos still not deleted: a followup

October 11, 2010 by Dissent

Jacqui Cheng reports:

Facebook may be making strides in some areas of privacy, but the company is still struggling when it comes to deleting user photos—or not deleting them, as the case may be.

We wrote a piece more than a year ago examining whether photos really disappear from social network servers when you delete them, and found that Facebook was one of the worst offenders when it came to leaving “deleted” photos online. We decided to revisit the issue recently when readers continued to point out that our deleted photos from that article were still online more than 16 months later. Indeed, this old photo of meremains on Facebook’s content delivery network servers, despite being deleted on May 21, 2009.

Read more on Ars Technica. Does Facebook really expect us to believe that it’s acceptable that it has taken them so long to figure out how to truly delete photos that users want deleted?

Where’s Rep. Joe Wilson when you really want someone to stand up and yell, “You lie!” ?



Escaping the ‘Scrapers’

October 12, 2010 by Dissent

The Internet has given rise to a dizzying array of people-search sites and data brokers that gather and compile public information and social-networking profiles. The sites gather information from public sources such as property records and telephone listings, and other information is harvested by “scraping” — or copying — websites where people post information about themselves.

Read more in the Wall Street Journal, where they also provide a guide to how to remove your information from some of the bigger data scrapers.

[Very slick infographic!!!


(Related) Dilbert neatly sums up the Behavioral Advertising marketplace.


The next contentious area of the law?


Cloud Computing Customers’ “Bill of Rights”

October 11, 2010 by Dissent

David Navetta writes:

Needless to say, due in part to our numerous writings on the legal ramifications of Cloud computing, the InfoLawGroup lawyers have been involved in much Cloud computing contract drafting and negotiations, on both the customer and service provider side. As a result, we have seen a lot in terms of negotiating tactics, difficult contract terms and parties taking a hard line on certain provisions.

During the course of our work, especially on the customer side, we have seen certain “roadblocks” consistently appear which make it very difficult for organizations to analyze and understand the legal risks associated with Cloud computing. In some instances this can result in a willing customer walking away from a deal. Talking through some of these issues, InfoLawGroup thought it would be a good idea to create a very basic “Bill of Rights” to serve as the foundation of a cloud relationship, allow for more transparency and enable a better understanding of potential legal risks associated with the cloud.

Just a pre-emptive comment: while we use the strong term “rights,” we know that cloud arrangements vary and that every transaction has its own issues and circumstances that impact the nature and scope of a negotiation. Moreover, as with the real Bill of Rights, we realize that none of these rights are absolute and may appropriately be subject to reasonable limitations in certain contexts. This document should be viewed less as a universal mandate, and more as a tool for cloud customers and providers to engage in spirited debate about the issues addressed in this Bill of Rights.

The Bill of Rights is set forth below with annotations. In addition, you can download an un-annotated version here, and we have even provided a pocket-sized version that can be easily accessed by those who are actively engaged in vetting cloud deals (however, you may need to keep a magnifying glass in your other pocket in order to read this version). [Proof that lawyers like fine print? Bob] This is a work in a progress and we invite you to submit your ideas on additional “rights” that we should include as well as any comments and criticisms on the current listing.

Read the Cloud Computing Customers’ Bill of Rights on InfoLawGroup.

You WILL be attacked. Manage it!


Most large companies seeing more hack attacks, survey shows

October 11, 2010 by admin

Ellen Messmer reports:

Is this year turning out to be even worse for getting hacked than last year?

That’s what a survey of 350 IT and network professionals would indicate, with large companies in particular reporting this to be worse than last in terms of suffering at least one network intrusion of their user machines, office network or servers.

According to the Sixth Annual Enterprise IT Security Survey released Monday, 67% of large companies with 5,000 or more employees reported one successful intrusion or more this year, as opposed to 41% in 2009. Mid-size companies of 1,000 to 4,999 employees fared better with 59% reporting an intrusion, up slightly from 57% in 2009.

Read more on Network World.

[From the article:

For the first time, the survey, sponsored by VanDyke Software and undertaken by Amplitude Research in mid-September, delved into what the survey respondents believed primarily caused the network intrusion.

Fourteen percent of those surveyed attributed their intrusion problem to "hacker/network attack," 12% cited "lack of adequate security policies/measures," 10% said "employee Web usage," 9% pointed to "virus/malware/spyware," 8% faulted other employee carelessness, negligence," 6% said "unauthorized access by current/former employees," 5% blamed "weak passwords," 5% thought it was because of "lack of software updates," and 5% simply said "software security flaw/bug."

… About half of respondents said their organizations have a formal security audit by an outside organization at least once a year, up from 35% in 2009. Some 56% felt the audits helped identity "significant security problems."

Separately, 65% this year reported undergoing an internal security audit at least once a year, down slightly from 67% in 2009. Forty-seven percent felt internal audits helped identify security problems, but 30% said the audit didn't go far enough and 40% felt the audits should occur more frequently.

(Related) AKA “Legacy Systems” and “Old stuff that still works” MBAs call this “sunk cost” and find it difficult to spend to upgrade when there is no clear need...


NSF Wants To Know How Much Software Really Costs

Posted by CmdrTaco on Monday October 11, @09:31AM

"It's no secret that the actual cost of software is very complicated. Sure, the companies that write software are spending money on it, but when that software is released, it doesn't stop costing money. You can probably think of a number of relatively tiny things that add up — especially if you're a system administrator — like the man-hours spent patching software to avoid a nasty infection spreading quickly. The bigger debt is that old piece of software you paid a bunch of money for back in 1998 that you're critically dependent on, but it has no support and hasn't been updated in years due to any number of reasons. Well, the National Science Foundation paid Gartner almost half a million dollars to find out what it truly costs to bring an organization to a fully supported environment. According to Gartner, this hidden liability or 'IT debt' is at $500 billion worldwide right now, and in five years it will be at $1 trillion. Along similar lines, a company called Cast that makes software quality tools reported that your average business application comes with a million in IT debt (PDF). And if that's not misapplied enough for you, they estimate that the debt is $2.82 per line of code in the application and also that it's on average higher in the government sector."

Surveillance tools & techniques “Here is where you park at work, and here is where you park when visiting your mistress, and here...”


French City To Use CCTV For Parking Fines

Posted by Soulskill on Tuesday October 12, @02:03AM

"The city of Nice, France is rolling out 626 CCTV cameras throughout town, giving it one of the highest levels of surveillance in the world (1.8 cameras per 1000 inhabitants). The usual rhetoric was given — that they will be used solely for reducing violent crime — but the city will now begin sending out parking tickets solely based on the CCTV video evidence."

(Related) Shades of The Conversation


High-Tech Microphone Picks Voices From a Crowd

Posted by Soulskill on Monday October 11, @03:12PM

JerryQ writes with news of an impressive audio detection system from a company called Squarehead that was demonstrated during a professional basketball game. According to Wired,

"325 microphones sit in a carbon-fiber disk above the stadium, and a wide-angle camera looks down on the scene from the center of this disk. All the operator has to do is pinpoint a spot on the court or field using the screen, and the Audioscope works out how far that spot is from each of the mics, corrects for delay and then synchronizes the audio from all 315 of them. The result is a microphone that can pick out the pop of a bubblegum bubble in the middle of a basketball game..."

(Related) If you do nothing else, grab the images that accompany the article...


Police State of Wiretapping the Web: Who Do THEY Want to Watch?

For my Ethical Hackers.


The Hackintosh Guide

Posted by CmdrTaco on Monday October 11, @10:21AM

"A 'Hackintosh' is a computer that runs Apple's OS X operating system on non-Apple hardware. This has been possible since Apple's switch from IBM's PowerPC processors to Intel processors a few years ago. Until recently, building a PC-based Mac was something done only by hard-core hackers and technophiles, but in the last few months, building a Hackintosh PC has become much easier. Benchmark Reviews looks at what it's possible to do with PC hardware and the Mac Snow Leopard OS today, and the pros and cons of building a Hackintosh computer system over purchasing a supported Apple Mac Pro."

For my Computer Security students (By the time you learn the rules, the technology is obsolete.)


Read 'Em All: Pentagon’s 193 Mind-Numbing Cybersecurity Regs

For my website students


Ten Best Web Services to Create Free Slideshows Online

No comments: