Saturday, March 13, 2010

Our favorite School System inspires an overreaction? It's not the technology, it's the thoughtless, uncontrolled uses the technology is put to.

PA Laptop Spying Inspires FSF Crowdsourcing Effort

Posted by timothy on Saturday March 13, @08:37AM

holmesfsf writes

"Creeped out by the Lower Merion School District's remote monitoring of students? Check out the Free Software Foundation's response to the laptop spying scandal and help build a wiki listing of school districts that provide students with laptops, so that the FSF can campaign against mandatory, proprietary laptops."

[From the article:

The case of administrators in the Lower Merion School District (LMSD) spying on students through mandatory, school-provided laptops struck a chord with bloggers (Boing Boing, Gizmodo) and traditional news outlets (NPR, Reuters). The most in-depth source on this so far has been Stryde's investigation. We have two reactions (one emotional and one more circumspect) and a plan to fight this trend, for which we'll need your help.

… Our second reaction--the more circumspect one--is that the real scandal here is the mandatory imposition of computers that students don't control. This may not be as lurid a violation of freedom as a remote-activated webcam in a teenager's bedroom, but it is the most central. Once people use computers they don't completely control, that provides both a technical basis and a social/political slippery slope for sleazy sysadmins leering at your kids--or any other violation you can imagine.

How Security is (mis-)managed by the UK's version of the NSA. Note how familiar these “Worst Practices” are...

UK Intel Agency's Missing Laptops Might Contain Sensitive Data

Posted by timothy on Saturday March 13, @06:49AM

superapecommando writes

"GCHQ lost 35 laptops in one year, potentially containing highly sensitive data. The UK's electronic spy centre was today lambasted by MPs for having a 'cavalier' attitude to data security. The centre is responsible for tracking the electronic communications of terrorists. In a new report, the Commons Intelligence and Security Committee expressed concern that GCHQ appeared to be entirely unaware whether or not the computers, lost in 2008, contained top secret information on people posing an imminent security threat to the country."

[From the article:

The MPs said GCHQ’s “haphazard” monitoring system was the cause of its lack of awareness on what data was on the machines. GCHQ acknowledged “the state of the records” to the Guardian newspaper, but said there was so far no evidence the material had ended up in the wrong hands. [“...and we've been carefully examining the Times' classified ads because we're sure the terrorists will brag about this.” Bob]

With the move to put Health Records “in the Cloud,” we can expect this type of breach from anywhere in the world. Let's form NASCAL (National Association of Serious Class Action Lawyers)before someone else thinks of it! “Gentlemen, start your lawsuits!”

Security breach at Atlanta VA hospital under investigation

By Dissent, March 12, 2010 9:36 pm

Craig Schneider has some more information on the breach at the Atlanta VA Medical Center:

The U.S. Veterans Affairs Office of Inspector General has launched a criminal investigation into a security breach of veterans’ medical information at the Atlanta Veterans Administration Medical Center, according to an internal document obtained by The Atlanta Journal-Constitution.


In late December, the physician assistant revealed to a VA nurse scientist that she had been recording clinical data from patient encounters on her personal laptop, the document said. The worker asked the nurse if she could use the data for “research purposes” not related to the VA.

The nurse replied that such work was not permitted and asked the worker to destroy the data.

“After multiple follow-up conversations and receiving no confirmation from the (physician’s assistant) that she had destroyed the data, the nurse scientist notified the … compliance officer of the issue on 2/8/10,” the document said.

The physician assistant, hired in October of 2009, resigned effective Feb. 28.

Read more in the Atlanta Journal-Constitution.

[From the article:

The document said there are reportedly two sets of patient information involved -- one that includes more than 18 years of data, and another that includes up to three years of data.

Fuel for conspiracy theorists? My concern is that reaction is building quietly but steadily, like pressure on a fault zone, and at some point we'll have a Major Quake...

Where’s The Outrage Over The Gov’t Brushing Mass Privacy Violations Under The Rug?

March 13, 2010 by Dissent

Mike Masnick comments:

I have to admit that I’ve been a bit in shock over Congress’s decision to simply renew the Patriot Act, recently, without a single safeguard to protect against abuse. That’s because just before all this happened, we wrote about how a report from the government found (not for the first time) that the FBI regularly abused its authority to get phone records it had no right to. This went well beyond earlier reports of abusing National Security Letters. In this case, the FBI didn’t even bother with NSLs. Instead, sometimes it would just use a post-it note. On top of that, reports came out noting that just weeks before this report was released, the Obama administration issued a ruling with a blanket absolution for the FBI’s activities — basically saying that if the President said it was okay, it was fine.

This is not how our government is supposed to work.

Julian Sanchez has a fantastic article that should be a must read, detailing how Obama went from being a candidate who insisted there would be “no more National Security Letters to spy on citizens who are not suspected of a crime” because “that is not who we are, and it is not what is necessary to defeat the terrorists,” to one who appears to have no problem regularly spying on citizens and covering it up. President Bush was really bad with warrantless wiretapping and retroactive immunity for telcos — and most people figured Obama would at least be marginally better on that issue. But it’s really scary how the entirety of the federal government doesn’t seem to care much about these blatant privacy abuses — and the public and the press has shrugged them off as well.

Read more on TechDirt.

Attention Finance Majors! Learn how the Big Boys do it!

March 12, 2010

Court Appointed Examiner Issues Extensive Report on Lehman Brothers Collapse

New York Times: "It is the Wall Street equivalent of a coroner’s report — a 2,200-page document that lays out, in new and startling detail, how Lehman Brothers used accounting sleight of hand to conceal the bad investments that led to its undoing. The report [divided into 9 volumes], compiled by an examiner for the bank, now bankrupt, hit Wall Street with a thud late Thursday. The 158-year-old company, it concluded, died from multiple causes. Among them were bad mortgage holdings and, less directly, demands by rivals like JPMorgan Chase and Citigroup, that the foundering bank post collateral against loans it desperately needed. But the examiner, Anton R. Valukas, also for the first time, laid out what the report characterized as “materially misleading” accounting gimmicks that Lehman used to mask the perilous state of its finances. The bank’s bankruptcy, the largest in American history, shook the financial world. Fears that other banks might topple in a cascade of failures eventually led Washington to arrange a sweeping rescue for the nation’s financial system."

For my website students and for grabbing videos on the topics I teach...

YouTube Guide: Best YouTube Tips, Hacks & Resources

(Related) Short slide show listing free stuff for teachers (Lists of Free stuff? I'm there!)

Best of the Ed Tech Freebies AMATYC 2009

For my Advanced website students, and a few talented beginners...

An Ecosystem Is Born: Animoto Opens Up API

by Leena Rao on Mar 13, 2010

We’re big fans of Animoto, a website that lets you easily create photo and video slideshows matched to music. The site is constantly innovating its nifty product, most recently adding an iPhone app and the ability to incorporate video. For those not familiar with Animoto, the startup basically allows you to take your images, video and your music and mash them together to create cool videos. What makes the videos cool is the company’s technology that renders the pictures so they’re in-step with the music you’ve chosen, adding nice transition effects. This morning, Animoto is opening up its API, allowing partners to now incorporate Animoto’s compelling technologies into independent sites

Cue the background music! Light the fuse! (Note the SIMPLE message encryption tool.) - Send Secure Messages

Fans of the classic TV show “Mission: Impossible” will be able to relive one of its most-enduring pop culture elements through this service. Named “This Message Will Self Destruct”, this site will empower you to send out an e-mail message that will be deleted upon being delivered and read just once by the recipient.

For my Hackers and my Computer Security students (even if that sounds repetitious and redundant)

The dark side of the web

Posted on 13 Mar 2010 at 14:22

Google sees only a fraction of the content that appears on the internet. Stuart Andrews finds out what's lurking in the deep web

Friday, March 12, 2010

A prudent response? It could be a breach at their site, or the card processor's system or something completely unrelated. But “making sure” is both wise and unusual. Shuttered After Fraud Complaints

March 11, 2010 by admin

Brian Krebs reports:

Audio visual cabling giant shut down its Web site – possibly for the next couple of weeks – while it investigates the possible compromise of its customer credit and debit card information.

Vincent Lim,’s operations manager, said the company took the site offline around midnight on Friday, Mar. 5, after it received e-mails and phone calls from several customers complaining about fraudulent charges on their cards that they had used on


[From the article:

To date, he said, investigators have found no evidence that card information has been stolen from Monoprice’s computer network. The site is now allowing customers to browse products, but Monoprice won’t be taking any new orders until the investigation is completed, Lim said.

Judge Rules DOJ Unlawfully Recorded Renzi’s Calls

March 12, 2010 by Dissent

Mike Scarcella writes:

The Justice Department unlawfully recorded privileged phone calls between former Rep. Rick Renzi (R-Ariz.) and his lawyers during an insurance fraud investigation, a federal magistrate judge in Arizona ruled Thursday in recommending the recordings be suppressed.

Magistrate Judge Bernardo Velasco found that prosecutors made false statements to the supervising judge regarding the status of one of the lawyers Renzi was talking with and regarding the government’s effort to minimize the intercept and recording of calls with other attorneys.

Still, Velasco is recommending that Renzi’s motion to dismiss the indictment be denied.

“While this court has concerns over the government’s conduct in this case, it does not rise to the level of outrageousness,” Velasco wrote in his 24-page ruling. U.S. District Judge David Bury will have a chance to review the magistrate’s report and recommendation. Velasco’s ruling is here.

Read more on the Blog of Legal Times.

[From the article:

No information from the calls appears in witness interviews or grand jury sessions, Velasco noted. [None? Bob]

High probability that this was not run by the Chief Privacy Officer...

Privacy flags raise concern for graduate students

March 12, 2010 by Dissent

Kate Perkowski reports:

Undergraduate students are not the only ones concerned with personal information available through UK’s [University of Kentucky's] online people search — now, graduate students are voicing their concern, too.

Members of UK’s graduate school have recently voiced concern about their information like home address and home telephone number being available on the UK Web site without their knowledge, said English teaching assistant Jesslyn Collins-Frohlich.

“We’ve been talking in my office because there are at least two or three people who’ve had students … call them late at night,” Collins-Frohlich said. “As a TA and as a student instructor, you just don’t really want that relationship and that access to you.”


T. Lynn Williamson, senior associate in legal services, said …. if a student got a privacy flag, UK would not be able to confirm them as a student because of the law, and that student would find his or her name missing at commencement ceremonies as well.

Williamson said creating a system that allows students to choose what information is made available is possible, but not at UK. Williamson said it would take thousands of dollars to let students choose what information they wanted available. [But the solution would work for ALL students, so it's not “thousands of dollars” each. Bob]

“Is it possible at the University of Kentucky with the technologies, the computer systems that we have? No, it’s not possible,” he said.

Read more on Kentucky Kernel.

So what is UK saying? That student privacy and safety not worth thousands of dollars? I hope UK takes a harder look at the issue and resolves to figure out a way to address the students’ concerns.

...because we're too curious to allow people to remain anonymous? - Mapping People On ChatRoulette

What is the obvious reaction to a site like ChatRoulette - a service that gives exhibitionists and people who know that they can do whatever they fancy and get away with it? The answer is something like this new website. Entitled Chatroulette Map, it will let you pinpoint the location of users of the increasingly popular face-to-face chatroom. In that way, the “get away with it” bit disappears altogether, and people would think twice before posting any old thing.

Hoist on our own petard? Nope. When we say “everybody” we don't include countries we like.

A Sad Day For the New Zealand Internet

Posted by timothy on Friday March 12, @03:36AM

An anonymous reader writes

"Another one bites the dust, as New Zealand's Internet filter stealthily goes live with two smaller ISPs, and three of the largest already rumoured to have signed up to do the same. However, US Secretary of State Hillary Clinton is apparently 'committed to helping people to circumvent government internet filtering,' so perhaps the USA will launch an invasion to free the poor downtrodden Kiwis from their own evil government?"

Clever of one of the acquiescing ISPs to have named itself "Watchdog."

How to control your image? Your best asset is a loyal customer base.

SeaWorld uses social media to react quickly to a major crisis

March 06, 2010|Seth Liss

The recent killer whale attack at SeaWorld could have been the end of the theme park. It was that bad.

… SeaWorld's social media reaction started quickly with a tweet and a Facebook post acknowledging the attack and the tragic loss of its trainer. A few hours later, SeaWorld Orlando CEO Jim Atchison announced an investigation on the park's blog and left the post open for comments. The next morning, the company sensibly suspended its playful " Shamu" Twitter account, redirecting visitors to the park's main Twitter account, which included updates on its investigation and plans. It also responded to some of their supportive fans. Videos about the loss of Brancheau, referred to as a member of their family, were posted to YouTube and a press conference with Atchison was streamed live on the park's blog.

The most interesting conversation was taking place on their Facebook fan page, where people left comments such as, "Stop making money off of exploiting animals!! Free the whales!!." SeaWorld wasn't answering most of the questions and comments, but some of their 100,000 plus Facebook fans did. Those fans showed a deep loyalty to the park and were able to answer questions — and defend SeaWorld. It's exactly the best of what a company can expect from social media: building customer relationships and earning brand loyalty.

For us non-lawyers...

10 ways you might be breaking the law with your computer

I wonder if this will encourage other artists to force the music labels to serve them? Perhaps there is a business opportunity here for a mere facilitator?

Pink Floyd Wins Court Battle With EMI Label

Rock band Pink Floyd on Thursday won a court battle with EMI in a ruling that prevents the record company from selling single downloads on the Internet from the group's concept albums.

The outcome of the other element of the legal tussle in London's High Court -- concerning the level of royalties paid to the band by the label -- was unclear, as that part of the judgement was held in secret, the Press Association reported.

The ruling is the latest blow to EMI, the smallest of the four major record companies which is seeking new funds to avoid breaching debt covenants.

(Related) Apparently it will. For these guys, it's not just music.

OK Go Ditches Label Over YouTube Embedding Rights

BY Dan Nosowitz

How many times does a band have to take the music video world by storm before its record label gets that its members might know a little something about music videos? We may never find out, because OK Go, the band in question, has just ditched EMI, the record label in question, largely due to that very problem.

OK Go rocketed up through the indie rock world in large measure due to the band's brilliant, lo-fi music videos, which have spread like wildfire on YouTube. But EMI, in a misguided attempt to wring every penny out of the band's success, decided to block embedding on the YouTube videos--meaning the videos were unable to disseminate out through music and pop culture blogs, news sites, and personal blogs the way they did before the restriction. And that's not a minor detail: the band saw a 90% drop in views when that restriction went into effect. As in, 100,000 views one day, 10,000 views the next.

[Watch their video:

'cause everyone needs multiple operating systems, right?

VirtualBox’s Seamless Mode: Combine Two Operating Systems Into One Desktop

By Justin Pot on Mar. 11th, 2010

Installing two operating systems at the same time isn’t just possible; it can also be downright slick. Whether you’re a Mac user looking to occasionally use a given Windows application or someone looking for a risk-free way to try out different Linux versions, VirtualBox is the go-to freeware platform for virtualization. This program allows you to run any operating system in a contained, emulated environment.

Could make for some interesting class projects...

Thursday, March 11, 2010

Nine Tools for Collaboratively Creating Mind Maps

I'm sure this tells us something (insightful?), but I have no idea what that might be...

Perseids, John Hughes, And G.I. Joe Are Trending Topics On Wikipedia

by Erick Schonfeld on Mar 11, 2010

Google has Google Trends, Twitter has trending topics, and now so does Wikipedia. Pete Skomoroch, a Senior Research Scientist at LinkedIn and blogger at Data Wrangling, built a trending topics page for Wikipedia. The homepage ranks the top-25 Wikipedia articles with the most pageviews over the past 30 days, as well as the fastest rising articles in the past 24 hours.

You can search for any topic, and the you will get a chart showing pageview trends, along with the actual article placed in an iFrame below the chart.

Thursday, March 11, 2010

“You were serious about dat?” Joe Pesci, “My Cousin Vinny”

Wickenburg Unified School District struggles to secure sensitive student data

March 10, 2010 by admin

Pat Kossan reports that data security in the Wickenburg Unified School District was found seriously lacking in a state audit:

Wickenburg Unified School District has not secured its computer system containing sensitive student data, including student addresses, birth dates and Social Security numbers, state auditors found.

Staffers from the Arizona Office of the Auditor General originally went to Wickenburg to determine why its 2008 administrative costs were 10 percent higher than similar districts.

But the most unnerving part of their report, released last Friday, has less to do with the district’s money problems and more to do with potential problems with student privacy. Among the issues auditors noted:

  • The district’s network was accessible to unauthorized users, putting the data in jeopardy of being stolen, changed or deleted.

  • Employees who didn’t need access had it anyway, including a custodian and a groundskeeper.

  • Backup servers with student data were kept in an unlocked room with an unlocked window.

Read more in the Arizona Republic.

Again, guessing how many records were taken/exposed makes you look (even more) incompetent. Would any bank be this uncertain about the amount of your loan?

(update) HSBC: Data theft incident broader than first thought

March 11, 2010 by admin

Two reports out yesterday indicate that the theft of HSBC client data was bigger than initially reported, but the reports differ as to how big it really was.

Jeremy Kirk reports:

HSBC said Thursday about 15,000 accounts of its Swiss private banking unit were compromised after an employee allegedly stole data, some of which ended up in the hands of French tax authorities.

The latest figure is sharply higher than the one the bank gave in December, when HSBC said the number of account records taken was less than 10. HSBC said it does not think the records could be used to access an account.

The data was allegedly stolen by a former IT employee about three years ago, HSBC said. The employee left Switzerland, and French authorities ended up with the files, which were then passed to the Swiss Federal Prosecutor. French authorities had been investigating up to 3,000 people thought to be avoiding taxes.

Read more on Computerworld.

Meanwhile, Frank Jordans of the Associated Press reports that HSBC said it was 24,000 clients whose data were stolen.

Not all hacks are to steal Identities. I wonder if the logs show who he deleted (or failed to add)

Former TSA Analyst Charged With Computer Tampering

Posted by samzenpus on Wednesday March 10, @10:19PM

angry tapir writes

"A Transportation Security Administration analyst has been indicted with tampering with databases used by the TSA to identify possible terrorists who may be trying to fly in the US. If convicted, he faces 10 years in prison."

[From the article:

He was expected to make his initial appearance in federal court in Denver Wednesday.

1) Low tech governments can buy most of this stuff on the Internet. 2) It's not just governments (see next article) NOTE: Their criteria is interesting, if a bit conservative.

Hi-tech governments growing keener on snooping, says report

March 10, 2010 by Dissent

Today’s theme seems to be surveillance. From

Western industrial countries are becoming more willing [We can, therefore we must! Bob] to spy on their citizens, according to an analysis of snooping that says that the UK is sixth in a world ranking for electronic state surveillance.

Privacy technology company CryptoHippie has produced its second annual report on surveillance trends and says in it that countries that previously showed restraint in their monitoring of individuals have lost some of that self-control.

“When we produced our first Electronic Police State report, the top ten nations were of two types: those that had the will to spy on every citizen, but lacked ability [and] those who had the ability, but were restrained in will,” it said in its 2010 report. “This is changing: the able have become willing and their traditional restraints have failed.”


Related: The Electronic Police State: 2010 National Rankings

(Related) Tools & Techniques.

New Phone Allows Bosses To Snoop On Staff

Posted by samzenpus on Thursday March 11, @12:21AM

tad001 writes

"The Japanese phone giant KDDI has developed a way to track users movements in fine detail. It works by analyzing the movement of accelerometers, found in many handsets. Activities such as walking, climbing stairs, or even cleaning can be identified, the researchers say. The company plans to sell the service to clients such as managers, foremen, and employment agencies."

[From the article:

For example, the KDDI mobile phone strapped to a cleaning worker's waist can tell the difference between actions performed such as scrubbing, sweeping, walking an even emptying a rubbish bin.

The aim of the new system, according to KDDI, is to enable employees to work more efficiently [They'll have to explain that one to me. Bob] and managers to easily evaluate their employees' performance while away from the office.

"It's part of our research into a total ubiquitous technology society, [Translation: ubiquitous surveillance society. Bob] and activity recognition is an important part of that," said Hiroyuki Yokoyama, head of web data research at KKDI's research labs in Tokyo.

(Related) More data sucked into the Cloud for all to see?

Privacy Protection Needed As Smart Grid Arrives

March 11, 2010 by Dissent

Privacy advocates are warning that “smart meters” intended to precisely measure and control [as in, someone (not just my Hacking 101 students) could shut off my gas and electric? Bob] home electrical consumption could erode the privacy of daily life unless regulators limit data collection and disclosure. In a joint filing this week, the Center for Democracy & Technology (CDT) and the Electronic Frontier Foundation (EFF) urged the California Public Utilities Commission (PUC) to adopt rules to protect the privacy and security of consumers’ energy-usage information. The Samuelson Law, Technology & Public Policy Clinic at UC Berkeley School of Law drafted the comments for CDT.

Smart meters being installed now in California will collect 750 to 3,000 data points a month per household. This detailed energy usage data can indicate whether someone is at home or out, entertaining guests, or using particular appliances. Marketers and others may seek such data. To head off misuse of the information, CDT and EFF urged the California PUC to adopt comprehensive privacy standards for the collection, retention, use and disclosure of consumers’ household energy data.

“In the absence of clear rules, this potentially beneficial smart grid technology could mean yet another intrusion on private life,” said Jim Dempsey, San Francisco-based Vice President of CDT. “The PUC should act now, before our privacy is eroded.”

CDT and EFF argue that utilities collecting detailed information about energy use in the home must specify in advance how they are going to use that data [Very difficult until they can see what the data is telling them. Bob] and must confine their collection to legitimate purposes. Disclosure to marketers or government agencies should be restricted. In addition, utility companies should ensure that consumers have access to their own data, so they can take advantage of innovative energy efficiency services.

“The Smart Grid offers great promise for fighting climate change and improving energy policy, but it can also amass vast amounts of data that reveals intimate details of consumers’ lives,” said Jennifer Lynch, an attorney with the Samuelson Clinic. “Building privacy protections into the Grid from the beginning protects both the environment and consumers from harm.”

The California PUC is conducting a rulemaking proceeding to consider setting policies, standards, and protocols to guide the development of the smart grid system. The stimulus law signed by President Obama in February 2009 included $4.5 billion to modernize the electric grid. The electric utilities’ ongoing smart meter projects are one aspect of this initiative. However, increases in efficiency and economy promised by the Smart Grid need to be measured against the potential privacy risks.

The data points gathered by advanced energy metering projects will allow the reconstruction of your life: when you wake up, when get home, when you go on vacation. It’s not hard to imagine a divorce lawyer subpoenaing this information, or an insurance company interpreting the data in a way that allows it to penalize customers, or criminals intercepting the information to plan a burglary,” said EFF Senior Staff Attorney Lee Tien. “We must have meaningful rules to protect this extremely sensitive information.”

For the full comments to the California PUC:

For more on California’s smart grid initiative:

For this release:

Lee Tien also blogs about this issue on EFF’s site, here.

When should public events be private? If tourists had videotaped this event, it would already be on YouTube. Hard to believe no one had a camera going...

The SeaWorld Killer Whale Death Video and the Right to Privacy

March 10, 2010 by Dissent

Yesterday, I reported on a lawsuit filed by the family of the SeaWorld trainer who was tragically killed during a show. The family does not want video taken of the incident released to the public, but Florida’s open records law would seem to require that they be made available.

Today, Dan Solove blogs about the case over on Concurring Opinions. He seems to think the family has a good case. I’m not sure that I understand how the family even has standing to assert informational privacy claims over someone who is dead and who died publicly, but I think that SeaWorld has a good case to block dissemination. Keep in mind that the video in question is the property of SeaWorld and was taken by their own surveillance cameras. The video was reportedly provided to the state as materials to assist in their investigation (just as a news organization might cooperate by providing tape to investigators), so it’s not the same thing as autopsy photos where the photos (records) were created by the state itself. If news tapes provided to assist the state are generally exempt from the obligation to make copies under public records law, I would think the SeaWorld tape should be treated similarly. But then, I am not a lawyer. Dan is. Go read his analysis, here.

Good thing this guy wasn't a rapist... I wonder where you draw the line?

Customer “Upskirted” at Store Loses Privacy Lawsuit

March 11, 2010 by Dissent

Matthew Heller writes:

A customer at a T.J. Maxx store in upstate New York has lost her lawsuit against the retailer for allowing a man to take photos up her skirt by using her as “human bait” in a sting operation.

Security workers did not warn customers that they were surreptitiously videotaping the man as he visited the store in Watertown, N.Y. Svetlana Van Buren, who sued the parent company of T.J. Maxx for premises liability and invasion of privacy, alleged she “unwittingly became a sex crime victim” by walking into the trap they had set for him.

“TJX knew it, in bushel baskets full, that this was a bad guy who was preying on women in their store,” Van Buren’s attorney told a Jefferson County Supreme Court jury. She was seeking at least $75,000 in damages.


But after a three-day trial, the jury cleared TJX Companies of any liability.

Read more on OnPoint.

This should be amusing...

March 10, 2010

Connecticut AG Sues Credit Agencies For Tainted Ratings That Enabled Financial Meltdown

News release: "Attorney General Richard Blumenthal today sued two of the nation’s largest credit rating agencies -- Moody’s and Standard & Poor’s -- for knowingly assigning tainted credit ratings to risky investments backed by sub-prime loans. Blumenthal said Moody’s and S&P’s alleged misconduct enabled the worst economic downturn in the nation since The Great Depression. The lawsuits, unique and unlike others filed on behalf of specific investors or pension funds, are sovereign enforcement actions brought under the Connecticut Unfair Trade Practices Act."

Zillman collects lists of useful websites. Great for research if you can sift through the haystack.

March 10, 2010

New on The Web Guide for the New Economy

New on The Web Guide for the New Economy - This guide by Marcus P. Zillman showcases the latest world wide web resources for discovering new knowledge on and understanding about developments with regard to the New Economy. The rapid changes in government transparency policies have resulted in the release of large volumes of data pertinent to researchers that public, advocacy and corporate entities are publishing to the web.

This might be a fun project for my students. - Implementing A Cloud Phone System

Simply put, Phonebooth is a cloud phone system that will let freelancers and small businesses implement an advanced phone system. This will give any organization a more professional outlook, as a business phone number that comes complete with advanced call routing can be implemented at no cost to begin with. A paid version is also available in order to accommodate escalating demands, and that includes support for HD office phones, conference calling and detailed call records.

Furthermore, a version of this service which is particularly aimed at mobile phone users is available. Much like the other incarnation of the service (IE, the one for offices) this will let any individual have a separate business number that he can give out instead of his personal number. It’s like having an independent number only for business matters.

When all is said and done, this service caters for a need which every budding businessman faces daily: the projection of a more professional image. And since the service is so comprehensive, it can also be counted upon as things prosper and the company begins expanding itself.

Interesting idea. I might need a mobile device after all...

Springpad bookmarks the world

by Rafe Needleman March 10, 2010 5:06 PM PST

Springpad is a cool little utility to bookmark things you find on the Web and in the real world as well.

When you're on the Web site, it's very easy to create a new free-form note or to-do item. If you're typing in a name of a product or business (like a movie, the model name of a camera, or a restaurant), Springpad will probably identify it as you're typing and create a note with specific items info for the category it fits in. There's also a bookmarklet that makes it fast to save an item from a Web page, providing the site you're on is recognized by the app. I found that products on Amazon pages were picked up appropriately, but when I tried to save a product from CNET reviews pages they were just saved as Web bookmarks, not products.

Things you save can be flagged as "wants" or "haves" and can be shared with your buddies on the service or on your other social networks. You can also see what friends are sharing (see also: Blippy).

The product has special powers on the major recipe sites like Epicurious and the Food Network. It will analyze the text and save the ingredients in a separate field. The app is also getting integrated to some food sites themselves, like Wine Library TV, so when you want to save something there it can park it on a Springpad list (I couldn't find the integration, though).

Wednesday, March 10, 2010

WebCamGate: Apparently they had no accurate log of these “events?” Wouldn't that be sufficient evidensc?

District hires firm to probe computer camera use

By Derrick Nunnally Inquirer Staff Writer

The Lower Merion School District has hired a New York defense company as it investigates alleged surveillance using student-issued laptop computers' built-in cameras.

L-3 Communications, which specializes in surveillance and secure communications, is being asked to determine how many times the computers' cameras were turned on and what data were captured, Board President David Ebby said last night at a school board meeting at Lower Merion High School.

Axiomatic: If you don't have control of your records, you can't know what was complrimised without extensive research. This one is small, but typical. They underestimated by a mere 100%. (so far)

Update: UTMB sends more letters to possible ID theft victims

March 9, 2010 by admin

Cindy George reports that the University of Texas Medical Branch at Galveston breach reported last month was bigger than originally thought and more people have now been notified. At least 10 people have self-identified as victims of identity theft:

One month after mailing letters to 1,200 patients whose confidential information may have been stolen in 2009, the University of Texas Medical Branch at Galveston this week sent 1,200 letters to other patients whose financial data could have been breached by the same person.

Katina Rochelle Candrick, who has been charged with identity theft in unrelated cases, is suspected of accessing credit card and banking information while employed by a UTMB contractor.

In February, the medical branch mailed letters to patients whose names, addresses, Social Security numbers and insurance information are believed to have been accessed by Candrick while she was working for MedAssets, a company hired to assist with billing third-party payers.

Read more in the Houston Chronicle.

Employes, can't live with them, can't put them on the rack! But I can certainly fire them for violating company policies.

Analyst Study Shows Employees Continue to Put Data at Risk

March 10, 2010 by admin

From the press release, results of the annual “Human Factor in Laptop Encryption” study by Absolute Software and the Ponemon Institute:

This year’s expanded study was conducted in the United Kingdom, Canada, France, Germany and Sweden, in addition to the United States. The study found that 15% of German and 13% Swedish business managers have disengaged their encryption solution. In contrast, 52% of Canadian, 53% of British, and 50% of French business managers have disengaged their encryption, while U.S. business managers are the most likely to circumvent company data security policy – topping the survey at 60%.

While Germans and Swedes disengage their encryption solutions less often, they may not be encrypting all their information: 49% of Swedish IT managers said that a lost or stolen laptop resulted in a data breach and German IT managers slightly less at 46%. Similarly, 50% of Canadian IT managers reported a data breach as a result of a lost or stolen laptop. IT managers from the U.S. had the highest percentage at 72%, followed closely by the U.K at 61%. France came in at the lowest with only 28% [Why? Is it the cheese? (More likely, bad reporting.) Bob] of IT managers saying that a lost or stolen laptop resulted in data breach.

Other key findings for the U.S. in this year’s study include the following:

  • 95% of IT practitioners report that someone in their organization has had a laptop lost or stolen and 72% report that it resulted in a data breach. Only 44% report that the organization was able to prove the contents were encrypted.

  • 33% of IT practitioners believe encryption makes it unnecessary to use other security measures, whereas 58 percent of business managers believe this to be the case.

  • 62% of business managers surveyed agree that encryption stops cyber criminals from stealing data on laptops versus only 46% of IT practitioners who feel the same way.

  • 36% of business managers surveyed record their encryption password on a document such as a post-it note to jog their memory or share the key with other individuals. In contrast, virtually none of the IT practitioners record their password on a private document or share it with another person.

Copies of the study are available at:

What is worse than legalese? Obsolete furrin' legalese. Them dang furriners is crazy!

Article 29 Working Party Provides Guidance On Data Controller/Processor Concepts

March 10, 2010 by Dissent

Wim Nauwelaerts writes:

Who is in “control” of personal data and who merely processes personal data on behalf of a data “controller”? These are essential questions for purposes of compliance with EU data protection requirements, yet answering them can be quite problematic in practice. The EU Data Protection Directive defines the controller as the person or entity that determines, alone or jointly with others, the purposes and the means of the processing of personal data. The processor, on the other hand, is the person or entity that processes personal data on behalf of the controller. Applying these concepts to a practical case may have been straightforward in the early days of the Directive, but in today’s Web 3.0, RFID and cloud computing environments many are perceiving the controller and processor distinction as archaic and, most importantly, unworkable in practice. At the same time, under the current legal regime the distinction is crucial in order to determine who is responsible for compliance with EU data protection rules, what Member State laws apply, and which data protection authorities are competent to supervise data processing operations.

Read more on Hogan & Hartson’s Chronicle of Data Protection.

I read this as virtually gutting the company – LifeLock reads it as “no big deal”

LifeLock Will Pay $12 Million to Settle Charges by the FTC and 35 States That Identity Theft Prevention and Data Security Claims Were False

March 9, 2010 by Dissent

LifeLock, Inc. has agreed to pay $11 million to the Federal Trade Commission and $1 million to a group of 35 state attorneys general to settle charges that the company used false claims to promote its identity theft protection services, which it widely advertised by displaying the CEO’s Social Security number on the side of a truck.

In one of the largest FTC-state coordinated settlements on record, LifeLock and its principals will be barred from making deceptive claims and required to take more stringent measures to safeguard the personal information they collect from customers.

“While LifeLock promised consumers complete protection against all types of identity theft, in truth, the protection it actually provided left enough holes that you could drive a truck through it,” said FTC Chairman Jon Leibowitz.

… The FTC’s complaint charged that the fraud alerts that LifeLock placed on customers’ credit files protected only against certain forms of identity theft and gave them no protection against the misuse of existing accounts, the most common type of identity theft. It also allegedly provided no protection against medical identity theft or employment identity theft, in which thieves use personal information to get medical care or apply for jobs. And even for types of identity theft for which fraud alerts are most effective, they do not provide absolute protection.

… In addition to its deceptive identity theft protection claims, LifeLock allegedly made claims about its own data security that were not true.

According to the FTC, LifeLock routinely collected sensitive information from its customers, including their social security numbers and credit card numbers. The company claimed:

  • “Only authorized employees of LifeLock will have access to the data that you provide to us, and that access is granted only on a ‘need to know’ basis.”

  • All stored personal data is electronically encrypted.”

  • “LifeLock uses highly secure physical, electronic, and managerial procedures to safeguard the confidentiality and security of the data you provide to us.”

The FTC charged that LifeLock’s data was not encrypted, and sensitive consumer information was not shared only on a “need to know” basis.

… The FTC will use the $11 million it receives from the settlements to provide refunds to consumers. It will be sending letters to the current and former customers of LifeLock who may be eligible for refunds under the settlement, along with instructions for applying. Customers do not have to contact the FTC to be eligible for refunds. Up-to-date information about the redress program can be found at 202-326-3757 and at

Source: Federal Trade Commission

Note: LifeLock issued a press release, that you can read here. It says, in part:

The FTC and State Attorneys General action, which resulted from an examination of old practices and products, has no impact on LifeLock’s current services. Nothing changes because this was based on activity from over two years ago.

Will we see the same thing in the US?

Patients’ medical records go online without consent

By Dissent, March 10, 2010 7:11 am

Kate Devlin reports from the U.K.:

Patients’ confidential medical records are being placed on a controversial NHS database without their knowledge, doctors’ leaders have warned.

Those who do not wish to have their details on the £11 billion computer system are supposed to be able to opt out by informing health authorities.

But doctors have accused the Government of rushing the project through, meaning that patients have had their details uploaded to the database before they have had a chance to object.

The scheme, one of the largest of its kind in the world, will eventually hold the private records of more than 50 million patients.

But it has been dogged by accusations that the private information held on it will not be safe from hackers.

Read more in the Telegraph.

Your government likes things orderly, not necessarily logical.

Six newly revealed breaches on HHS site

By Dissent, March 10, 2010 7:34 am

It seems that using the new HHS/OCR web site will be even more difficult to use than I anticipated, as they are sorting breach reports by the date of breach, not date that the incident was added to their site, so I have to review the entire list to see what’s been added instead of just looking for what’s new at the top of the list.

In any event, here are six more breach reports that have been added to their web site, below.

Why I have a rude phrase tattooed on my bald spot.

March 09, 2010

CRS — Satellite Surveillance: Domestic Issues

Satellite Surveillance: Domestic Issues, Richard A. Best Jr. Specialist in National Defense, Jennifer K. Elsea, Legislative Attorney, February 1, 2010

  • "This report provides background on the development of intelligence satellites and identifies the roles various agencies play in their management and use. Issues surrounding the current policy and proposed changes are discussed, including the findings of an Independent Study Group (ISG) with respect to the increased sharing of satellite intelligence data. There follows a discussion of legal considerations, including whether satellite reconnaissance might constitute a “search” within the meaning of the Fourth Amendment; an overview of statutory authorities, as well as restrictions that might apply; and a brief description of executive branch authorities and Department of Defense directives that might apply. The report concludes by discussing policy issues Congress may consider as it deliberates the potential advantages and pitfalls that may be encountered in expanding the role of satellite intelligence for homeland security purposes.

Economics according to Google. The entire slideshow is available from Scribd.

Google’s Chief Economist: “Newspapers Have Never Made Much Money From News”

by Erick Schonfeld on Mar 9, 2010

Earlier today, Google chief economist Hal Varian gave a presentation to an FTC workshop on the changing economics of the newspaper industry. We all know that newspaper ad revenues have been falling off a cliff for years. Many media companies blame Google and are trying to put the genie back in the bottle with partial metered models for online news.

Google is understandably on the defensive, trotting out Varian to paint an unemotional picture with as much data as he can muster. But the picture he paints is a dour one for print media. For instance, the chart above shows the decline of overall newspaper ad revenues. Newspapers have taken huge hits in classifieds advertising (in blue) and national brand advertising (in red). The online portion (green) is still too small to make much of a difference.

The collapse in print ad revenues is coming from two places: the overall ad recession of the past couple years and the shift to online news consumption. Here are some telling stats from Varian’s presentation, which is also embedded below:

  • About 40% of internet users say read news on the Web every day.

  • Time spent on online news sites is only about 70 seconds per day, compared to 25 minutes spent reading a print edition.

  • Online news readers tend to read at work, not for leisure, so they don’t have much time to stick around and are thus worth less to advertisers.

  • Overall, less than 5 percent of newspaper ad revenues come from the online editions.

  • Search engines account for 35 to 40 percent of “traffic to major U.S. news sites,” according to comScore.

  • The cost of printing and distributing print editions, makes up about half the cost, while editorial operations only make up 15 percent.

Varian concludes: “Newspapers could save a lot of money if the primary access to news was via the internet.” It sounds like he agrees with Netscape founder and investor Marc Andreessen, who recommends that newspapers “burn the boats” carrying their dying print businesses.

“The fact of the matter is that newspapers have never made much money from news,” says Varian. They make money from “special interest sections on topics such as Automotive, Travel, Home & Garden, Food & Drink,, and so on.” The problem is that on the Web, other niche sites which cater to those categories are a click away, leaving the newspapers with sections which are harder to sell ads against, such as sports, news, and local.

This is so “let's keep doing it the old way.” We're going to send students out into a world where they will face all these “distractions” (information sources?) so why not see who can use them to excell (“A”) and who gets overwhelmed (“F”)

Professors Banning Laptops In the Lecture Hall

Posted by kdawson on Wednesday March 10, @08:14AM

Pickens writes

"The Washington Post reports that professors have banned laptops from their classrooms at George Washington University, American University, the College of William and Mary, and the University of Virginia, among many others, compelling students to take notes the way their parents did: on paper. A generation ago, academia embraced the laptop as the most welcome classroom innovation since the ballpoint pen, but during the past decade it has evolved into a powerful distraction as wireless Internet connections tempt students away from note-typing to e-mail, blogs, YouTube videos, sports scores, even online gaming. Even when used as glorified typewriters, laptops can turn students into witless stenographers, typing a lecture verbatim without listening or understanding. 'The breaking point for me was when I asked a student to comment on an issue, and he said, "Wait a minute, I want to open my computer,"' says David Goldfrank, a Georgetown history professor. 'And I told him, "I don't want to know what's in your computer. I want to know what's in your head."' Some students don't agree with the ban. A student wrote in the University of Denver's newspaper: 'The fact that some students misuse technology is no reason to ban it. After all, how many professors ban pens and notebooks after noticing students doodling in the margins?'"

Your personal library in the cloud. - A Tool For Reading Books On The Go

Is there a better time to review a tool for reading books on your computer and mobile now that the price and the release date for the iPad have finally been confirmed, and interest in the “Kindle Killer” is stronger than ever?

This particular tool goes by the name of Ibis Reader, and it will provide you with a supple user interface for the reading of books in your desktop or mobile device of choice. That can be an iPhone, and Android or a Nexus One. The way this reader works means that you can z oom the text in and out at will, and that the application (which is wholly web-based) will remember where it was that you left last time and display the relevant page when you open the book again.

Besides, your online library is kept as dynamic as possible since you can discover new titles to read based on these that you have already favorited. It is also important to mention that your titles are hosted in a cloud library, and you don’t need to sync anything in order to read them. Anywhere you can access the Internet is bound to suffice.

Read more:

What an Online Class can be... - Online Education Made Easy

Big Blue Button is a new platform that intends to make online education something that just anybody could access to and benefit from. It comes complete with all the features that one would expect to see in such a setting: chat, webcam, a list of participants and the option to have access to the desktop of the one who is imparting the class. The presenter has the option to share files such as Word docs and PDFs, whereas voice over IP is fully integrated. All that students need in order to take part of a conference is a decent pair of speakers and a microphone in case there is something that needs clarification.

The best thing might as well be that this platform is usable by just anybody, from colleges and universities to single individuals that want to teach a language or something similar. And the fact that Big Blue Button is open source is also a big plus - those with the necessary knowledge will be capable of honing it even more minutely, and make it meet specific demands - demands that the development of a tool for global consumption couldn’t warrant, but that can make things far easier on individual teachers.

For my Statistics class – they need to recognize bad statistics when they see them. The first map in the report shows where they sampled – heavily weighted to the north-east.

March 08, 2010

Report: 100 Percent of Fish in U.S. Streams Found Contaminated with Mercury

News release: "In a new study conducted by the U.S. Geological Survey (USGS), every single fish tested from 291 freshwater streams across the United States was found to be contaminated with mercury. "This study shows just how widespread mercury pollution has become in our air, watersheds and many of our fish in freshwater streams," said Interior Secretary Ken Salazar.

[From the USGS site:

Fish-Hg concentrations at 27 percent of sampled sites exceeded the U.S. Environmental Protection Agency human-health criterion of 0.3 micrograms per gram wet weight. Exceedances [Government speak for “more than our arbitrary limit” Bob] were geographically widespread, although the study design targeted specific sites and fish species and sizes, so results do not represent a true nationwide percentage of exceedances.

How to “know” you have mastered a tool.

Your Computer Really Is a Part of You

By Brandon Keim March 9, 2010 4:37 pm

An empirical test of ideas proposed by Martin Heidegger shows the great German philosopher to be correct: Everyday tools really do become part of ourselves.

… Chemero’s experiment, published March 9 in Public Library of Science, was designed to test one of Heidegger’s fundamental concepts: that people don’t notice familiar, functional tools, but instead “see through” them to a task at hand, for precisely the same reasons that one doesn’t think of one’s fingers while tying shoelaces. The tools are us.

A challenge for my students, most of whom (to my horror) have never listened to jazz!

Get Jazzed for Monster Miles Davis Giveaway

By Scott Thill March 8, 2010 6:37 pm

One of the 20th century’s most influential musicians, Miles Davis shredded the jazz envelope for decades until his passing in 1991.

You can sample most of that shredding in’s expansive, expensive giveaway featuring the Miles Davis: The Complete Columbia Album Collection box set, a Miles-branded iPod, T-shirt and USB stick, as well as a pair of Monster Miles Davis Tribute High Performance In-Ear Speakers.

The street value of the prize package is well over $1,000, but its artistic value is priceless.

… In fact, the only thing that sucks about this giveaway is that we can’t win it ourselves.

But you can, and all you have to do is tell us why you deserve to win. Post a comment below telling us why Miles could be the greatest jazz artist of all time and you’ll be entered in the random drawing. Comments must be entered by 12:01 a.m. PST March 12.