Saturday, May 08, 2010

From the Blog of Google's Global Privacy Counsel. Looks like lots of people are asking these questions.

Which privacy laws should apply on the global Internet?

May 8, 2010 by Dissent

Peter Fleischer ponders the complexities:

Given the nature of the Internet, all web services are inherently global. All companies doing business on the Internet rely on the collection, storage and analysis of information generated by users, and all of them are confronted by the lack of consistency in the applicability and content of privacy laws across jurisdictions. So, I’ve struggled with the following three questions:

What are the current rules establishing the application of privacy laws around the world?

Do the current rules work?

How could we create clearer rules, to provide greater consistency and certainty?

Read more on Peter Fleischer: Privacy…?

[From the Blog post:

Jurisdiction: Cloud computing is directly affected because the dynamic nature of this practice is at odds with the approach based on where the actual processing happens. Part of its agile functionality enables cloud computing to switch between processing data in one location to another location in order that customers are provided with an efficient, affordable and consistent service.

“We absolutely certain that something going to happen, we just don't know what or when.” Sounds like the predictions of a psychic...

Visa Warns of Fraud Attack from Criminal Group

May 8, 2010 by admin

Brian Krebs reports:

Visa is warning financial institutions that it has received reliable intelligence that an organized criminal group plans to attempt to move large amounts of fraudulent payments through a merchant account in Eastern Europe, possibly as soon as this weekend.

In an alert sent to banks, card issuers and processors this week, Visa said it “has received intelligence from a third-party entity indicating that a criminal group has plans to execute “a large batch settlement fraud scheme.”

Read the alert and more on KrebsOnSecurity.

Is this a “Mormon thing?” Law based on the morals of a specific religion rather than ethics?

Buy a drink; you’re in a government database

May 8, 2010 by Dissent

Bob Barr writes:

In the state of Utah, if you go into a club and purchase a drink, and if you appear to be “35 years old or younger,” a new state law requires the bartender or waiter to electronically scan your driver’s license in order to verify your age. Of course, scanning your license electronically provides a database of who is purchasing alcoholic beverages, where, when and it what quantities; information then available to the government. All this simply because a person decides to have a drink in a club that sells alcoholic beverages.

Read more on The Barr Code.

[From the article:

According to press accounts, some clubs that have been caught visually checking licenses to verify the age of patrons, instead of the more intrusive mandated electronic verification, are opting now to scan licenses for all patrons who “look under 60.” Failure to produce a driver’s license means a person would be refused service altogether.

Is anonymity possible in the Information Age?

The Navigator: Hotels connect the dots between guests and online reviews

May 8, 2010 by Dissent

Christopher Elliott reports:

Hotels want to know who you are. Especially if you’re reviewing them anonymously.

An increasing number of image-conscious properties have begun connecting the dots between unbylined write-ups that appear on such popular travel sites as TripAdvisor or Yelp, and your personal information, such as your loyalty program preferences.

If you write a positive review, you might expect a reward from the hotel — a gift basket or a discount on your next stay. Pan a property, and you could get a concerned e-mail from the general manager asking you to reconsider your review. Or even a black mark against you in the chain’s guest database.

John Baird, a lodging consultant in Jacksonville, Fla., says that hotels now use locations, dates and usernames that appear online to triangulate a guest’s identity. Once they find a likely match, the review is added to a hotel’s guest preference records, next to information such as frequent-guest number, newspaper choice and preferred room type.

Read more in the Washington Post.

(Related) Esoteric math proves “you have no Privacy!”

The Fundamental Limits of Privacy For Social Networks

May 8, 2010 by Dissent

Can math help us understand the limits of privacy for social network sites? From an article in Technology Review this week:

Today, Aleksandra Korolova at Stanford University with Ashwin Machanavajjhala and Atish Das Sarmait [have] worked out a fundamental limit to the level of privacy that is possible when social networks are mined for recommendations.

That’s quite a task given that there are various different approaches to making recommendations. However, Korolova, Machanavajjhala and Sarmait have come up with a general model that captures the essence of the problem.

Their approach is to consider a general graph consisting of various nodes and the links between them. This may be network in which the nodes are books, say, and a link between two nodes represents the purchase of one book by the owner of another. The team consider all these links to be private information.

Korolova, Machanavajjhala and Sarmait then consider an attacker who wants to work out the existence of a link in the graph from a particular recommendation. So given the knowledge that people who bought book x also bought book y, is it possible to determine a purchase decision made by a specific individual?

To do this, Korolova, Machanavajjhala and Sarmait define a privacy differential as the ratio of the likelihoods that the website makes such a recommendation with the using the private purchase decision in question and without it.

The question they then ask is to what extent can recommendaitons be made while preserving this privacy differential.

It turns out that there is a trade off between the accuracy of the recommendation and the privacy of the network. So a loss of privacy is inevitable for a good recommendation engine.

Read more on Technology Review.

[From the article:

Ref: On the (Im)possibility of Preserving Utility and Privacy in Personalized Social Recommendations

Extending “stress analysis.” A tool for automated Health Care – or for telemarketers?

Computer Software Decodes Emotions Over the Phone

Is there any indication that users are concerned enough about privacy to leave Facebook? I doubt it. But look at the next article to see how Facebook tries to talk you out of leaving...

Yet another Facebook privacy risk. When is enough, enough?

May 8, 2010 by Dissent

Xeni Jardin reports on BoingBoing:

….Facebook base64-encodes your IP address in every emailed event that you interact with.

Matt C. at Binary Intelligence Blog explains that Facebook’s automated email notifications (which go out when, say, a friend comments on your status or sends you a message) appear to contain the IP address of the user who caused that Facebook email to be sent:

The email headers contain a line similar to:

X-Facebook: from zuckmail ([MTAuMzAuNDcuMjAw]) Copy this line out and feed it to this page:

You will get the IP address of your friend and clicking on it will get a geolocation-based map. This will also show you if your friend used their cell phone to post and who they use as their service provider.

This information is great when a fugitive is taunting law enforcement through their Facebook page, but not when a wife is trying to hide from an abusive husband and assumes Facebook is the best form of communication.

Thanks to the reader who sent in this link..

Elsewhere, the New York Times invites readers to submit privacy questions for Facebook which they will submit to Facebook and then publish Facebook’s response.

And Ryan Singel of Wired declares that Facebook has gone rogue, and calls for an open alternative to Facebook.

The FTC is reportedly taking a complaint filed by 14 privacy groups against Facebook seriously. Because this site is published pseudoanonymously, was not a signatory to the complaint, but this site also calls on the FTC to take firm action against Facebook for its deceptive practices and for unilaterally changing users’ privacy controls without allowing adequate notice and time to consent or not consent to such changes. But even if the FTC does take firm action, perhaps the most effective consequence still resides with users. When enough users start deleting their profiles and stop using the service, maybe then Facebook will “get it.”

(Related) Interesting technique to keep 'customers' Can only happen if you have “friends”

What Happens When You Deactivate Your Facebook Account

Interesting that one industry has been given the Okay to change the operation of your hardware. Could this lead to control of your computer?

FCC lets movie industry selectively break your TV

Software only, not other “goods” What implications for the Cloud?

In AU, Court Rules Downloaded Software Is Not "Goods"

Posted by Soulskill on Friday May 07, @03:24PM

bennyboy64 writes

"A court decision ruling that the supply of software through a digital download mechanism is not a supply of 'goods' has been upheld in the Supreme Court of New South Wales in Australia, setting a precedent that software downloaded via the Internet is not protected by the Sale of Goods Act, reports ZDNet. It's a court decision that lawyer Patrick Gunning said attorneys had been waiting to have clarified for some time. What this meant was that 'people who purchase software will have more legal rights if they buy over the counter rather than downloading,' Gunning said."

[From the article:

He [The judge Bob] added that draft legislation amendments to the consumer protection provisions of the Trade Practices Act to the definition of "goods" would soon specifically include computer software, but said that this wouldn't apply to businesses, only consumers.

For a more detailed legal explanation read Gunning's blog about the case.

(Related) Understanding Facebook seems to be an advantage in certain jobs...

Ca: New privacy boss went after Facebook

May 7, 2010 by Dissent

Rob Shaw and Lindsay Kines report that British Columbia has a new Information and Privacy Commissioner:

Canada’s assistant privacy commissioner, whose investigation into Facebook forced the social networking site to improve its privacy policies, has been selected as B.C.’s new privacy watchdog.

Elizabeth Denham was appointed Information and Privacy Commissioner yesterday, after a vote by provincial politicians in the legislature.

Read more in the Times Colonist.


Law Professors Developing Patent License For FOSS

Posted by Soulskill on Friday May 07, @04:49PM

Julie188 writes with this quote from a Networkworld article:

"Two law professors from UC Berkeley have come up with a novel idea to protect open source developers from patent bullies. They call it the Defensive Patent License. They hope the DPL can address the objections FOSS developers have with patents the way the GPL addressed them for copyright. The DPL is similar to the concept of a defensive patent pool, but is not the same. The DPL is a bit more radical. It requires a bigger commitment from its members than the typical toe-in-the-water kind of pool, says Jason Schultz, former staff attorney at the Electronic Frontier Foundation. 'The perception is that bigger companies only commit their least-effective, least-important patents to a patent pool,' he says. Schultz isn't pointing fingers at any particular pool. However critics of IBM's open source patent pledge often said it didn't cover the patents most relevant to the FOSS community."

For my Computer Security students (Okay, the hackers too) Two minute Video

Force your browser to always start in private mode

Geeky stuff. This might fit into my model for leasing computers to the technologically impaired. It would allow better maintenance and control of the operating system.

Diskless Booting For the Modern Age

Posted by timothy on Saturday May 08, @05:08AM

An anonymous reader writes

"Ever wonder what happened to PXE? Intel's popular standard for diskless booting hasn't been updated since 1999, and has missed out on such revolutions as wireless Ethernet, cloud computing, and iSCSI. An open source project called Etherboot has been trying to drag PXE into the 21st century. One of their programmers explains how to set up diskless booting for your cloud, using copy-on-write to save space."

In keeping with the 3D craze Avatar started, I've decided to use this site to convert all my lecture notes...


ZooBurst is a digital storytelling tool that is designed to let anyone easily create their own customized 3D pop-up books.

There's a joke in here somewhere...

In 20 Years

This site will let you upload a picture of your face and have it processed into what it will look like in either 20 or 30 years. And the results are too accurate to be comfortable.

For my website class

jQuery Image Galleries & Sliders – Best Of

Cheap is good, free is better!

Top 5 Resources To Get A Discounted Windows 7 Download

Friday, May 07, 2010

Someone needs to make a “Movie of the Week” about this and win the Oscar for Best Comedy. Has anyone suggested that the school administration might be as bad at educating students as it is at administering the technology?

L. Merion won't block feds in Web-cam case

Lawyers for the district, some Lower Merion parents, and the Harriton High School sophomore whose lawsuit spotlighted the school system's use of Web-camera monitoring said Wednesday that they wouldn't try to block federal agents from poring over thousands of images secretly captured from students' computers. [“They've got guns!” Bob]

The development came as a federal judge prepared to permanently bar the district from using Web-cam monitoring and as Superintendent Christopher McGinley announced plans to meet with students, overhaul technology policies, and take other steps to repair the district's tattered image.

… The 69-page report [ … ] said investigators had found no proof of intentional spying. [Just 56,000 accidental images... Bob]

… Mark Haltzman, the lawyer for Robbins and his parents, said they had no objection because they didn't believe the photos of Robbins were incriminating. But Haltzman's letter said he was worried about other students.

"Since the government has not agreed to immunize all students and their parents from prosecution for criminality that could possibly be depicted in the data . . . there is concern that the government will target or, worse, prosecute students and parents based on the illegally obtained evidence," his letter said. [So the school has deliberately been covering up the criminal activity they didn't intentionally obtain? Bob]


Heartland Breach: Consumer Settlement Proposed

May 6, 2010 by admin

Linda McGlasson reports:

A proposed settlement of the consumer class action suit brought against payments processor Heartland Payments System got preliminary approval from a U.S. District Court judge in late April. The proposed settlement would create a $4 million pool to pay consumers and settle the case.


In a “fairness hearing” on April 27, U.S. District Court Judge Lee Rosenthal heard from both sides of the class action suit. Several class action suits brought by consumers from around the country were collected into one case in September 2009. The case was heard in the Southern District U.S. Court in Houston, TX.

Read more on The article also provides an update on other Heartland-related litigation:

The financial institutions’ class action case against Heartland gained two more defendants, Heartland’s acquiring banks Key Bank and Heartland Bank. The suit brought against the two banks was consolidated into the class action suit brought against Heartland.

Can we learn something from these guys? Isn't this the equivalent of having your fingerprints on file? (or is it a hint that the DNA is used for more than identification?)

AU: Forensic police who refused to supply DNA sent back to general duties

May 7, 2010 by Dissent

Robyn Ironside reports:

Five police forensics officers have been booted out of their roles for refusing to supply DNA samples to their employer.

The Queensland Police Service had given the officers until March 1 to provide a “voluntary” sample for the purpose of eliminating their DNA from crime scenes.

As many as 50 per cent of officers are believed to have objected to the requirement but only a handful stood their ground out of concern about the lack of safeguards for their genetic blueprint.

Read more in The Courier-Mail.

Introducing the “Double Secret” Library of Congress?

Library of Congress Responds To Privacy Gripes By Making Twitter Archive Less Useful

May 7, 2010 by Dissent

Karl Bode writes:

We recently noted how the Library Of Congress and Twitter made a big deal of the fact that the LOC would now be archiving Twitter conversations. The idea is that researchers may find a mountain of largely-incoherent blathering about the Twilight films useful in providing context as they try to piece together events of the twenty-first century. Late last week a little more detail of the archiving process leaked out, the LOC saying that in response to privacy complaints they wouldn’t store deleted tweets, and they’d also be placing all tweets under embargo for a period of six months (for whatever that’s supposed to accomplish). For good measure, they’re also apparently locking down the Twitter archive to “qualified researchers” and considering further restrictions:

Read more on TechDirt.

(Related) I imagine the employee was surprised too. Are employees subject to a “Caesar's wife” standard?

Surprised Employer Fires Sex Blogger

A St. Louis-area nonprofit has fired a 37-year-old office worker – after discovering that in her own time, the woman blogs about her polyamorous escapades.

TBK, as she's known, refers to what happened to her as a Twitter "glitch." But her webmaster clarified to Inc. that her downfall was really "in the failure of how third party search/archiving sites work." [I don't think that makes any sense... Bob]

According to TBK, her boss – at the suggestion of top management – searched the web for information about employees, and discovered the sex blog. When she arrived at work April 27, she was fired on the spot.

Per an account TBK posted on another website, Aagablog, her boss was furious. “I need to let you go," the woman said, according to TBK. "Corporate office suggested I Google employees. I typed in your name and it took me two seconds to find your website. How COULD you put that stuff out there? What were you thinking?! I feel like I’m talking to a 14 year old! We’re DONE.”

This will work fine until you have a heart attack and need to call an ambulance...

Future iPhones could identify users by heartbeat

A newly-published Apple patent application proposes identifying iPhone users by their heartbeat, rather than by more conventional means like a passcode.

This is the Information Age equivalent of Toyota telling their dealers to replace a part without notifying their customers that it will keep their brakes from failing.

Security Firm Reveals Microsoft's "Silent" Patches

Posted by timothy on Thursday May 06, @03:23PM

CWmike writes

"Microsoft silently patched three vulnerabilities last month, two of them affecting enterprise mission-critical Exchange mail servers, without calling out the bugs in the accompanying advisories, a security expert said on Thursday. Two of the three unannounced vulnerabilities, and the most serious of the trio, were packaged with MS10-024, an update to Exchange and Windows SMTP Service that Microsoft issued April 13 and tagged as 'important,' its second-highest threat ranking. Ivan Arce, CTO of Core Security Technologies, said Microsoft patched the bugs, but failed to disclose that it had done so — which could pose a problem. 'They're more important than the [two vulnerabilities] that Microsoft did disclose,' said Arce. 'That means [system] administrators may end up making the wrong decisions about applying the update. They need that information to assess the risk.'"

"Secret patches are neither new or rare. 'This has been going on for many years and the action in and of itself is not a huge conspiracy," said Andrew Storms, director of security operations at nCircle Security. What is unusual is that Core took Microsoft's silent updates public. Saying that Microsoft 'misrepresented' and 'underestimated' the criticality of MS10-024 because it didn't reveal the two bugs, Core urged company administrators to 'consider re-assessing patch deployment priorities.' Microsoft confirmed this instance and defends the practice, noting that updates can "be destructive to customer environments." But Storms echoed Arce's concern about possible misuse of the practice, which could result in a false sense of security among users."

I doubt we'll ever hear the details if this is true. Imagine a system this vulnerable with this much influence on the economy and you have a near perfect target for terrorists (or cyber warriors) Apparently the “automatic limits” that suspend trading in a stock didn't kick in – perhaps a one time sale is exempt?

Stock Market Sell-Off Might Stem From Trader's Fat Finger

Posted by timothy on Thursday May 06, @05:36PM

s122604 points out a CNBC story according to which

"the catalyst for today's extraordinary price swing (at one point the Dow lost almost 9 percent in less than an hour) may have been because a trader entered a 'B' for billions instead of an 'M' for millions on a trade of Procter and Gamble: 'According to multiple sources, a trader entered a "b" for billion instead of an "m" for million in a trade possibly involving Procter & Gamble, a component in the Dow. (CNBC's Jim Cramer noted suspicious price movement in P&G stock on air during the height of the market selloff).' Unbelievable there are no safeguards to protect against this."

Interesting formula. Suggests it might be cheaper for a small business to pay for multiple accounts and divide its downloads across several to say in the “sweet spot' Think of a small law firm that need to move the results of a small e-discovery project (1-20 terabytes) from a client to a consulting firm for analysis, then to opposing council... OR is this change for home users only? Comments suggest this is a 70% price increase for customers that hit 80GB (but stay under 300GB) with no change in service. Perhaps they anticipate that more customers will start watching TV over the Internet?

CRTC Approves Usage Based Billing In Canada

Posted by timothy on Thursday May 06, @11:02PM

qvatch writes with this from CBC News: "The CRTC has approved Bell Canada's request to bill Internet customers, both retail and wholesale, based on how much they download each month. The plan, known as usage-based billing, will apply to people who buy their Internet connection from Bell, or from smaller service providers that rent lines from the company, such as Teksavvy or Acanac. ... Customers using the fastest connections of five megabits per second, for example, will have a monthly allotment of 60 gigabytes, beyond which Bell will charge $1.12 per GB to a maximum of $22.50. If a customer uses more than 300 GB a month, Bell will also be able to implement an additional charge of 75 cents per gigabyte."


FAQ: The FCC's plan to reclassify broadband

by Marguerite Reardon May 6, 2010 5:19 PM PDT

The Federal Communications Commission released detailed plans Thursday to ensure that it has authority to craft new rules to keep the Internet open.

Figuring out exactly what the FCC is proposing and how it will affect the industry and consumers is confusing. The procedure the FCC has chosen to shore up its authority is complicated and requires some legal gymnastics. To get the skinny on what's being proposed check out this FAQ below:

If the FCC is reclassifying broadband as a Title II service will all the rules under this classification apply to broadband?

The short answer is no. Under this plan, the FCC will reclassify broadband as a regulated service under Title II. But broadband services will be exempt from most of the old rules written for a monopolistic, 100-year-old telephone infrastructure.

Statistics (graphic)

Mobile Phones Worldwide – By the Numbers

Statistics (graphic) US is 30th behind places you couldn't find on a map.

Top Countries Ranked by Speed

Statistics (article) Probably not a complete list

Top 10 Largest Databases in the World

Tool for extracting slides from PDFs

PDF to PowerPoint in Two Steps

Oh what a wicked web we weave when first we practice to deceive Mother Nature.” “Fix” one problem, cause two?

Whatever Happened to the Hole in the Ozone Layer?

First, the good news: Since the 1989 Montreal Protocol banned the use of ozone-depleting chemicals worldwide, the ozone hole has stopped growing.

… Now the bad news: The ozone layer has also thinned over the North Pole. This thinning is predicted to continue for the next 15 years due to weather-related phenomena that scientists still cannot fully explain, according to the same UN report.

… Scientists now understand that the size of the ozone hole varies dramatically from year to year, which complicates attempts to accurately predict the hole's future size.

Interestingly, recent studies have shown that the size of the ozone hole affects the global temperature. Closing the ozone hole actually speeds up the melting of the polar ice caps, according to a 2009 study from Scientific Committee on Antarctic Research.

Thursday, May 06, 2010

Oops, they've done it again...

Video: Major Facebook security hole lets you view your friends’ live chats (Update 1)

May 5, 2010 by Dissent

Steve O’Hear writes:

You’ve got to hand it to Facebook. They certainly know how to do security — not.

Today I was tipped off that there is a major security flaw in the social networking site that, with just a few mouse clicks, enables any user to view the live chats of their ‘friends’. Using what sounds like a simple trick, a user can also access their friends’ latest pending friend-requests and which friends they share in common. That’s a lot of potentially sensitive information.


The irony is that the exploit is enabled by they way that Facebook lets you preview your own privacy settings. In other words, a privacy feature contains a flaw that lets others view private information if they are aware of the exploit.

Read more on TechCrunch, where Steve posted the following video showing the exploit in action:

[The video on Youtube:

Hat-tip, Rick Forno, who notes that FB chat has been unavailable all morning..

Update: Steve got a response from Facebook hours later that said, in part:

For a limited period of time, a bug permitted some users’ chat messages and pending friend requests to be made visible to their friends by manipulating the ‘preview my profile’ feature of Facebook privacy settings,” Facebook said in a statement.

How limited was the period of time, Facebook? And maybe, as the journalists’ group in the UK asked, you might do a better job of testing things before you release them?

(Related) Even The Atlantic finds this noteworthy.

Facebook Suffers Yet Another Privacy Glitch

Dilbert on: Reading employee email.

Privacy statistics

Users are Their Own Worst Enemy for Online Privacy

Here are some of the key findings of the Consumer Reports survey:

A projected 1.7 million online households had experienced online identity theft in the past year.

An estimated 5.4 million online consumers submitted personal information to e-mail (phishing) scammers during the past two years.

Among adult social network users, 38 percent had posted their full birth date, including year. Forty-five percent of those with children had posted their children's photos. And 8% had posted their own street address.

An estimated 5.1 million online households had experienced some type of abuse on a social network in the past year, including malware infections, scams, and harassment.

Include the draft bill.

Draft Of Privacy Bill Introduced... And Pretty Much Everyone Hates It

...and I have the right to laugh at them.

Teenager's trouser ban 'breaches human rights'

The government will have to get into this business with a lower cost option. “You can hide your identity online as long as we know who you are offline.”

Hot Sales In China For Wi-Fi Key-Cracking Kits

Posted by timothy on Wednesday May 05, @06:19PM

alphadogg writes

"Dodgy salesmen in China are making money from long-known weaknesses in a Wi-Fi encryption standard, by selling network key-cracking kits for the average user. Wi-Fi USB adapters bundled with a Linux operating system, key-breaking software, and a detailed instruction book are being sold online and at China's bustling electronics bazaars. The kits, pitched as a way for users to surf the Web for free, have drawn enough buyers and attention that one Chinese auction site,, had to ban their sale last year. With one of the 'network-scrounging cards,' or 'ceng wang ka' in Chinese, a user with little technical knowledge can easily steal passwords to get online via Wi-Fi networks owned by other people. The kits are also cheap. A merchant in a Beijing bazaar sold one for 165 yuan ($24), a price that included setup help from a man at the other end of the sprawling, multistory building."

For many of my Security classes...

Google Releases a Web-App Case Study For Hackers

Posted by timothy on Wednesday May 05, @04:49PM

Hugh Pickens writes

"The San Francisco Chronicle reports that Google has released Jarlsberg, a 'small, cheesy' web application specifically designed to be full of bugs and security flaws as a security tutorial for coders, and encourages programmers to try their hands at exploiting weaknesses in Jarlsberg as a way of teaching them how to avoid similar vulnerabilities in their own code. Jarlsberg has multiple security bugs ranging from cross-site scripting and cross-site request forgery, to information disclosure, denial of service, and remote code execution. The codelab is organized by types of vulnerabilities."

"In black box hacking, users try to find security bugs by experimenting with the application and manipulating input fields and URL parameters, trying to cause application errors, and looking at the HTTP requests and responses to guess server behavior while in white-box hacking, users have access to the source code and can use automated or manual analysis to identify bugs. The tutorial notes that accessing or attacking a computer system without authorization is illegal in many jurisdictions but while doing this codelab, users are specifically granted authorization to attack the Jarlsberg application as directed."

On my summer reading list..

The Age Of Facebook: Excerpts From The New Book By David Kirkpatrick

Tools for ebook users

Convert eBook formats at Zamzar – free and online

Wednesday, May 05, 2010

Forgive the rant, but this school district seems out of control. This is a rather poorly written report that creates more questions than it answers... Their process is completely illogical. The laptop was not stolen, they knew who had it but never asked for its return.

Former IT chief’s lawyer attacks Web cam report

May 4, 2010 by Dissent

John P. Martin reports the latest installment in the ongoing dispute over webcam surveillance by the Lower Merion School District:

The lawyer for the former top technology administrator in the Lower Merion School District today attacked a report that broadly blamed his client for the furor over the district’s secret laptop tracking program.

Lawyer Nicholas Centrella, who represents Virginia DiMedio, said he didn’t dispute the facts in the 69-page document, issued at a school board meeting Monday night. But Centrella challenged some of the conclusions, starting with the cover page that described it as an “independent” probe into when and why district tech employees activated Webcams on student-issued laptops.


His point is well-taken. I did not see that as any kind of “independent” investigation. And like Centrella, I read the report as pretty much trying to deflect most of the blame from the board and district to DiMedio. It will be interesting to see what she has to say when she is eventually deposed or under oath.

[I looked at the report on Scribd: Here are a few points...

On October 20, 2009, Blake J. Robbins brought his One-to-One laptop to the HHS Help Desk with a broken screen and was issued a loaner laptop. Later that morning, Building-Level Technician Kyle O’Brien, Desktop Technician Chuck Ginter, and Rhonda Keefer, the teacher liaison to the One-to-One program, conferred and agreed that Mr. Robbins should not have been issued a loaner laptop in light of outstanding insurance fees. [No indication if the broken laptop had been uninsured but was never flagged for retrieval, or if a “loaner” required extra/separate insurance. Bob]

Mr. O’Brien testified at his deposition in the Robbins lawsuit that Ms. Matsko instructed him to have TheftTrack activated; Ms. Matsko testified at her deposition that she did not authorize tracking.

Mr. O’Brien e-mailed Mr. Perbix and directed him to activate TheftTrack on Mr. Robbins’s loaner laptop.119 At 3:55 p.m., Mr. Perbix advised Mr. O’Brien by e-mail that the laptop was “[n]ow currently online at home.”120 [Why didn't they just call the Robbins and ask for the laptop or insurance payment? Bob]

Mr. O’Brien told us that he believed that he needed authorization from Ms. Matsko, which he never requested or received, to terminate tracking. Consequently, the loaner laptop was tracked from October 20, 2009 to November 4, 2009, [Suggests the laptop could have been recovered at any time... Bob] resulting in the capture of 210 webcam photographs and 218 screenshots that were recovered in the investigation. [Apparently there were no policies, procedures or guidelines that covered this... Bob]

On or about October 26, 2009, Mr. Perbix observed a screenshot from the loaner laptop. The screenshot included an on-line chat that concerned him.

On November 2 or 3, 2009, Ms. Matsko and Mr. Kline, in a meeting also attended by HHS Assistant Principal Lauren Marcuson, discussed certain images [I think they mean “screen capture” when they say “image” and use “photo” to refer to images captured by the camera. But they are not consistent. Elsewhere they call them “screenshots” Probably indicates the report had several authors and no consistent editing. Bob] captured from Blake Robbins’s loaner laptop. According to Ms. Matsko, Mr. Kline advised her that unless there was additional evidence that gave them a contextual basis for doing so, school officials should not discuss the images with the student or his parents because they involved off-campus activities. Ms. Matsko ultimately decided, about one week later, that it was appropriate to discuss certain seemingly troubling images with Mr. Robbins and/or his parents. [“Yes, I was told not to do it, but I did it anyway?” And they cite a screen image rather than the photograph Robbins claimed... Bob]

It's for the children!” Actually, now I don't need to pay any attention to the students. I don't need to learn their names or take attendance – I can ignore them like I've always wanted to. Next we should RFID the textbooks to make sure students bring them to class. And we should jam cell phones... And... And... And...

RFID Checks Student Attendance in Arizona

Posted by kdawson on Tuesday May 04, @03:40PM

The student newspaper at UW-Madison is running a piece about the use of RFID to check lecture attendance at Northern Arizona University. One poster to an email discussion list suggested that getting around this system would be simple if "all one has to do is walk into a classroom with 10 RFID-enabled cards in their pocket."

"The new system will use sensors to detect students' university identification cards when they enter classrooms, according to NAU spokesperson Tom Bauer. The data will be recorded and available for professors to examine. [We don't care! Bob] … [The spokesman] added the sensors, paid for by federal stimulus money, initially would only be installed in large freshmen and sophomore classes with more than 50 students. NAU Student Body President Kathleen Templin said most students seem to be against the new system. She added students have started Facebook groups and petitions against the sensor system. ... One of the most popular Facebook groups ... has more than 1,400 members."

What are the odds that the use of tracking RFID will expand over time on that campus?

Cops are government employees, should we treat them like elected officials? Where does your congressman live?

Judge Strikes Down Florida’s Police Privacy Law

May 5, 2010 by Dissent

Julie Montanaro reports that a case involving publication of home addresses of police officers (previously covered on here) has been decided:

A federal judge has struck down a Florida law as unconstitutional and word is spreading quickly among law enforcement officers today.

That law prohibited anyone from publishing an officer’s home address and phone number, but a judge ruled that law violates a Tallahassee man’s right to free speech.


A Tallahassee man filed suit, with the ACLU’s help, after he posted comments about a Tallahassee Police officer on the web site along with her home address, phone number, email address and the fact that she had 7 children.

Robert Brayshaw was arrested for it – twice – but never convicted and now a federal court judge has awarded him 25-thousand dollars in damages after declaring the law invalid.

Read more on WCTV.

Stifling competition by fiat? Implications for Cloud Computing?

EFF fights Facebook’s attempt to criminalize use of other aggregators

May 4, 2010 by Dissent

From EFF:

The Electronic Frontier Foundation (EFF) is urging a federal judge to dismiss Facebook’s claims that criminal law is violated when its users opt for an add-on service that helps them aggregate their information from a variety of social networking sites.

Power Ventures makes a web-based tool that users can set up to log into their multiple social networking accounts and aggregate messages, friend lists, and other data so they can see all the information in one place. In a lawsuit against Power Ventures, Facebook claims that Power’s tool violates criminal law because Facebook’s terms of service ban users from accessing their information through “automatic means.” By using Power’s tool, Facebook argues that its users are accessing Facebook “without permission” under the California penal code. EFF argues in an amicus brief filed Monday that users have the right to choose how they access their data, and turning any violation of terms of use into a criminal law violation would leave millions of Facebook users unwittingly vulnerable to prosecution.

For the full amicus brief:

To read the entire press release:

Correct, but not optimal.” Does that mean they have the direction (warming) correct but the magnitude (0.00001 vs. 6.8 degrees) is suspect? Is this “good enough for government (grant) work?” And I'd still like to see the data.

Second Inquiry Exonerates Climatic Research Unit

Posted by kdawson on Wednesday May 05, @01:53AM

mvdwege writes

"After being cleared of charges of misconduct by a parliamentary committee, now the CRU has the results of the inquiry (PDF) by a panel of scientists into their scientific methods. Here is the CRU press release. Criticisms: The statistical methods used, though arriving at correct results, are not optimal, and it is recommended futures studies involve professional statisticians if possible; and the CRU scientists are lacking somewhat in organization. A very far cry from the widespread allegations of fraud. It seems 'Climategate' is ending with a whimper."

Research tools

3 Online OCR Services That Let You Intelligently Scan Documents

[See also:

Geek stuff...

Tuesday, May 4, 2010

Free eBook - Getting Started with Ubuntu

Getting Started with Ubuntu is a free 165 page ebook produced by a team of writers and editors. The manual covers everything an end-user would need to know about how to use Ubuntu. You can download the ebook for free or order it as a bound book from Lulu.

Tuesday, May 04, 2010

The Geeks did it! Still not sure where the images in question came form, I'll have to re-read all 72 pages more carefully I guess...

Lower Merion releases webcam investigation report

May 4, 2010 by Dissent

Richard Ilgenfritz reports:

An internal investigation into the Lower Merion School District’s use of the computer tracking software confirms that tens of thousands of images were found and investigators are putting a lot of the blame on the district’s tech staff.

According to the findings of the investigation that was released to the public Monday night, the district’s Information Services employees withheld information about the capabilities and the use of the TheftTrack system from the board, the administrators and students.

Read more on Mainland Media News.

The entire report can be found on scribd.

What a fascinating idea!

May 03, 2010

Study: Economic Impact of Privacy on Online Behavioral Advertising

BusinessWire: "A new study of 90 organizations actively engaged in online marketing concludes that in spite of an acknowledged return on investment, hundreds of millions of dollars are being held back from online behavioral advertising (OBA) over concerns that a lack of consumer trust in the practice could damage brand reputation. The study, Economic Impact of Privacy on Online Behavioral Advertising, conducted independently by the Ponemon Institute, found that although 70 percent of companies agreed that behaviorally targeted advertising substantially increases marketing and sales performance, and in spite of an overall favorable return, most companies surveyed have limited their online advertising budgets over privacy concerns. In fact, extrapolated results suggest that budgets would be as much as four times higher if not for these concerns. Among the study’s noteworthy results:

  • 98 percent of companies surveyed said they have restricted OBA because of privacy concerns;

  • 63 percent of companies surveyed rated OBA as their most effective form of marketing; and,

  • Overall, companies surveyed reported under-spending on OBA budgets by 75 percent due to privacy concerns.

  • For the 90 companies benchmarked, the total amount not spent on OBA was $604.9 million."

(Related) Interesting viewpoint. Perhaps she should consider how the public would react if “private industry” could send customers to Guantanamo or sic the IRS on them.

Former Head of CIA Think Tank Talks Privacy, Technology

Posted by Soulskill on Monday May 03, @02:59PM

blackbearnh writes

"Carmen Medina, until recently, helped run the analysis side of the house at the CIA. She also ran the agency's think tank, the Center for the Study of Intelligence. A self-proclaimed heretic, she has a number of controversial views about how we gather intelligence and how technology is changing the game. She talked to O'Reilly Radar about this and other topics, including the possible ways that intelligence analysis could be crowdsourced, why government technology procurement is so broken, and how the public may need to readjust its views on what things such as privacy mean. Medina said, 'Government is viewed as inefficient and wasteful by American citizens. I would argue that one of the reasons why that view has grown is that they're comparing the inefficiency of government to how they relate to their bank or to their airline. Interestingly enough, for private industry to provide that level of service, there are a lot of legacy privacy barriers that are being broken. Private industry is doing all sorts of analysis of you as a consumer to provide you better service and to let them make more profit. But the same consumer that's okay with private industry doing that is not okay, in a knee-jerk reaction, with government doing that. And yet, if government, because of this dynamic, continues not to be able to adopt modern transactional practices, then it's going to fall further behind the satisfaction curve.'"

(Related) No one quoted in the article seems surprised that Amazon can tap into their Kindles...

Amazon Starts Sharing What You’ve Highlighted on Your Kindle

May 3, 2010 by Dissent

Mathew Ingram writes:

Amazon, in a potentially controversial move, has started collecting information on what readers highlight in the e-books they’re reading on the company’s Kindle reader, and sharing it with others. The service doesn’t say which sections of which specific books a reader has highlighted, but it aggregates that information and displays it — including the most popular passage of all time, a selection from one of Malcolm Gladwell’s books. Judging by the initial reaction from Kindle users, some feel that Amazon may have crossed a line, although others seem to like the idea.

Read more on GigaOm.

New breach notification requirements in effect in Canada

May 3, 2010 by Dissent

From the Office of the Privacy Commissioner of Alberta:

Amendments to the Personal Information Protection Act (PIPA) were proclaimed in force on May 1, 2010, and added a new requirement for organizations to notify the Information and Privacy Commissioner of incidents “involving the loss of or unauthorized access to or disclosure of personal information where a reasonable person would consider that there exists a real risk of significant harm to an individual.” PIPA was also amended to give the Commissioner the power to require organizations to notify individuals to whom there is a real risk of significant harm as a result of such an incident.

Section 37.1(3) of PIPA requires the Commissioner to establish an expedited process for determining whether to require an organization to notify individuals [That could be incorporated into Privacy Policies in the US. Bob] in circumstances where the real risk of significant harm to an individual as a result of the loss or unauthorized access or disclosure is obvious and immediate. The Commissioner’s process is set out here.

The following resources are available on the OIPC website to assist organizations in complying with the new provisions, including:

Additional resources are also available on the Access and Privacy, Service Alberta website at, including Information Sheet 11: Notification of a Security Breach.

What are the odds that a government bureaucracy would voluntarily give up power? Don't we still have a “Powdered Wig Control Board?”

The FCC May Decide Not To Regulate Broadband

Posted by kdawson on Monday May 03, @07:56PM

This morning the Washington Post reported that FCC Chairman Julius Genachowski is leaning toward letting the telecomms have their way — not asserting greater authority to regulate the Internet by reclassifying broadband as a Title II service. The blogs are atwitter (HuffPo, StopTheCap) that not voting to apply Title II regulation to Internet carriers is tantamount to giving up on net neutrality — which has been a centerpiece of the Obama administration's tech policy. The Post paraphrases its sources, who are reading the chairman's mind, that Genachowski believes "the current regulatory framework would lead to constant legal challenges to the FCC's authority every time it attempted to pursue a broadband policy." The FCC will say only that the chairman has made no decision yet.

Free Guide - Making Videos on the Web

This guide was created for those teachers who would like to have their students make videos but don't have access to editing software and or video equipment. All of the resources in this guide are completely web-based.

If you thought “Elf Yourself” was fun, you're gonna love this one...

JibJab Re-Creates The Original Star Wars Trilogy, Now Starring Your Friends

The Force is strong with JibJab. The humor site, which often puts together goofy animated adventures that you can customize with photos of your friends’ faces, has really outdone itself this time: in honor of the 30th anniversary of the release of The Empire Strikes Back, the site has gotten the rights to re-create the original Star Wars Trilogy. Except instead of the familiar faces of Han, Luke, and Leia, you’ll be watching your friends take on the Empire.

Dilbert explains how to ensure your technology is upgraded...

Monday, May 03, 2010

Isn't there a clear hierarchy of law? This shouldn't have surprised the Clinic's lawyers, should it?

Hospital fulfills subpoena, gets hit with privacy suit

May 3, 2010 by Dissent

Amy Lynn Sorrel reports:

Patient privacy is no doubt paramount in any physician practice. But when a subpoena suddenly is thrust into the physician-patient relationship, doctors may find themselves caught between the law and their privacy obligations.

The Cleveland Clinic in Ohio found itself in such a predicament when it agreed to turn over a patient’s records in response to a grand jury subpoena in a criminal investigation.

The U.S. District Court for the Northern District of Ohio, in a Feb. 1 ruling, said that more stringent state privacy standards superseded the hospital’s obligations to comply with the subpoena and related disclosure requirements under the Health Insurance Portability and Accountability Act. The ruling allows a patient to sue the hospital for invading his privacy.

Read more on American Medical News. Sorrel provides the background on the case as well as a good summary of some of the legal issues of state privacy laws that extend greater protections than HIPAA.

Could this be re-titled as: “The Litigator's Guide to Privacy Policies?”

Can We Rely on Privacy Policies?

May 3, 2010 by Dissent

Dan Solove introduces an invited article on Concurring Opinions:

With the recent case of Saffold v. Plain Dealer Publishing Co., involving a newspaper website that outed an anonymous commenter who was a judge, we invited Woodrow Hartzog to write a post about these issues. Woodrow is the author of a terrific article about the enforceability of the privacy policies (via promissory estoppel) of online communities and social network websites, forthcoming in Temple Law Review. — DJS

From the article on Concurring Opinions by Hartzog, the introduction:

Virtually every website you visit has a privacy policy. These policies are often incorporated into a website’s terms of use. This attachment of contractual obligation to privacy policies has significant implications. Like many standard-form contracts, these policies are often vague or practically unreadable, leaving most users with only a general sense of how their personal information will be treated. Yet, privacy policies often begin with promissory language along the lines of “we are committed to protecting your privacy and handling any personal information we obtain from you with care and respect.” Thus, the language in privacy policies raises a number of questions. Are website promises to protect anonymity binding? Can these promises create a reasonable expectation of privacy?

Read more on Concurring Opinions.

Is Comcast smarter than the FCC?

The Far-Reaching Effects of Comcast v FCC

Posted by kdawson on Sunday May 02, @04:11PM

eldavojohn writes

"We've had a lot of discussion about what the overturning of FCC v Comcast means for net neutrality, but CommLawBlog argues that net-neut is just the tip of the iceberg as far as the effects of this ruling. In the National Broadband Plan, Local TV broadcasters might be forced to give up their spectrum 'voluntarily' to be repurposed for broadband; this decision diminishes the FCC's authority to cut such deals. Another issue at stake is how this will affect the FCC's approval of Comcast's acquisition of NBC."

Seems that the iPad was used to check deposition and images during cross examination. Couldn't any computer do this? (Perhaps not while balanced on a podium.)

iPad helps lawyer win trial

For my Computer Security students. A tool for locating sensitive data. Now “it costs too much” is even harder to argue...

OpenDLP Aims To Stem Data Loss

Posted by kdawson on Sunday May 02, @03:05PM

rollcall writes

"A new free and open source tool, OpenDLP, has been released that will help organizations fight data loss caused by stolen laptops, missing HDDs, or compromised systems. OpenDLP is managed from a centralized Web application and it can simultaneously send and control thousands non-intrusive agents to Microsoft Windows systems over NetBIOS that look for user-defined regular expressions in data at rest. When sensitive data is found, the agents 'phone home' to the Web app with their results. While organizations have continued to lose sensitive data even though many commercial products are available to help prevent this, perhaps the introduction of a free alternative will finally spur organizations to locate their sensitive data proactively before it is lost." [Want to bet? Bob]

Another “buggy whip” industry?

13 Percent Of International Calls Now Go Via Skype

… In 2008, skype was at 8 percent of the total international traffic, that is around 33 billion call minutes. Becker further said,

“Skype is now the largest provider of cross border communications in the world, by far,” Beckert said. “The proliferation of alternatives to telephone calls—including Skype for mobile devices, and Google’s gradual entry into the voice market—will present ever greater challenges to international carriers.”

According to Skype’s data analyst, Skype served over one Billion call minutes in 2009 with one third being video. Those minutes were generated by 520 million users from 250 different countries which means the VOIP network is pretty much spread in all territories around the globe.

It amazes me how often my students let their home computer “remember” their passwords for them. When they need to logon at school, they can't remember their passwords! This is better than writing them down. (3 of 5 are available free)

Five Best Password Managers

You can't afford to use the same password for everything, nor do many of us have the recall skills to keep dozens and dozens of complex alphanumeric passwords stored in perfect order in our memories. A password manager is the compromise between using a few you can remember and risking forgetting some if you use too many complex passwords. The following five tools will help you build a strong password set and securely store it so you're never stuck using the same old password for fear of forgetting it.

Multiple pages are irritating...

AutoPagerize: Browser Extension For Auto-Loading Paginated Web Pages

If you read articles on online versions of top magazines like Wired and PC World then you will know what paginated web pages are and how frustrating it is to read them. Clicking on the numbers and going from one page to another isn’t always fun. AutoPagerize is a nifty tool that helps you get rid of that.

It comes as a Firefox and Chrome add-on, and as a greasemonkey script for Firefox.