Saturday, September 04, 2010

Working for a University doesn't make you smart. Even “not for profits” must be run like a business – and security must be managed to AT LEAST Best Practice levels.

College Data Breaches Underscore Higher Ed Security Challenges

September 3, 2010 by admin

Brian Prince reports:

Reports surfaced this week that the University of Virginia fell victim to a cyber-attack that stole nearly $1 million. Unfortunately for administrators at colleges and universities, their institutions are just as vulnerable to data breach woes as enterprises.

According to reports, attackers used malware to steal online banking credentials for accounts belonging to the University of Virginia’s College at Wise and transferred $996,000 overseas. In addition, there were reports last month that student data from six colleges in Florida was inadvertently exposed after a software upgrade.

According to a new report from Application Security, these incidents underscore problems that are all too familiar for higher education institutions. Between 2008 and Aug. 1, 2010, there were some 160 higher educational data breaches. Many of these, the firm said, were caused by problems such as improper access controls, inadequate data security measures and a lack of common sense and best practices for database security.

Read more on eWeek.

Just speculate for a moment. What would make them want to do this?

September 03, 2010

Google says it is simplifying and updating privacy policies

Official Google Blog: "Long, complicated and lawyerly [That's repetitious and redundant. Bob] — that's what most people think about privacy policies, and for good reason. Even taking into account that they’re legal documents, most privacy policies are still too hard to understand. So we’re simplifying and updating Google’s privacy policies. To be clear, we aren’t changing any of our privacy practices; we want to make our policies more transparent and understandable. [I wonder if any law school ever tasked its students with a similar exercise? “Write it like you're explaining it to a jury?” Bob] As a first step, we’re making two types of improvements:

  1. Most of our products and services are covered by our main Google Privacy Policy. Some, however, also have their own supplementary individual policies. Since there is a lot of repetition, we are deleting 12 of these product-specific policies. These changes are also in line with the way information is used between certain products—for example, since contacts are shared between services like Gmail, Talk, Calendar and Docs, it makes sense for those services to be governed by one privacy policy as well.

  2. We’re also simplifying our main Google Privacy Policy to make it more user-friendly by cutting down the parts that are redundant and rewriting the more legalistic bits so people can understand them more easily. For example, we’re deleting a sentence that reads, “The affiliated sites through which our services are offered may have different privacy practices and we encourage you to read their privacy policies,” since it seems obvious that sites not owned by Google might have their own privacy policies..."


Google settles Buzz privacy lawsuit (update 1)

September 3, 2010 by Dissent

Google Inc has settled a lawsuit alleging privacy violations in connection with its Buzz social networking service, according to a court document filed on Friday.


To settle the proposed class action brought by a Gmail user, Google will set aside $8.5 million for attorneys fees and donations to organizations focused on Internet privacy, [They do want a law school to help re-writing their policy. Bob] the court filing said. In addition, “the settlement requires that Google undertake wider public education about the privacy aspects of Buzz,” the document said.

Read more on Reuters.

Update 1: AFP provides some of the financial details on the settlement, here. Google reportedly paid $8.5 million.

Lawyers that filed the class-action suit staked out 30 percent of the settlement money and the seven named plaintiffs were to get no more than 2,500 dollars each, according to court documents.

The rest of the money, which Google is to deposit in a fund, was earmarked for organizations devoted to Internet privacy policy or education.

Cherchez la cash?

Major Battle Brewing Between French Gov't and ISPs

Posted by Soulskill on Friday September 03, @10:36AM

"Drew Wilson has been following HADOPI (France's three strikes law) a lot lately, and the latest developments are that the French ISPs and the French government are edging closer to a full-on war over compensation. The French government apparently requested that ISPs send an invoice of the bills after a certain period of time, but the French ISPs don't feel this is good enough — probably because of worries that the compensation the government will ultimately provide won't be enough. The ISPs are demanding adequate compensation, and if the government doesn't give it to them, they simply will not hand over evidence required to enforce HADOPI law. While HADOPI demands that ISPs cooperate, speculation suggests that if the government takes ISPs to court, the ISPs will simply rely on constitutional jurisprudence to shield them from liability (translation)."


Is Digital Eavesdropping Evil? Depends Which Country Is Doing It (TCTV)

In this week’s episode of Why Is This News, we talk to Harvard Law professor Jon Zittrain, who explains the differences between governments who obey the rule of law, and those who don’t – and why Sarah’s right to criticize the government by email is totally protected, unless she should happen to email it to Paul.

Building law based on the way the market actually functions?

Brazil Considering Legalizing File Sharing

Posted by timothy on Friday September 03, @06:56PM

"It looks like Brazil may be the country to watch if you're interested in much more consumer-friendly copyright laws (assuming US diplomatic pressure doesn't interfere). As that country goes through a copyright reform process, among the proposals is one that would create fines not just for infringing, but also for hindering fair use and the public domain. Also, there is a big push underway, with widespread support — even from some artists groups — to legalize file sharing in exchange for a small levy (~$1.74/month) on your broadband connection. Of course, one reason why Brazil may be doing it this way is because of the massive success the Brazilian musical genre technobrega has had by embracing file sharing as a way to promote new works, and making money (often lots of it) through other avenues, like live shows." [Hear that RIAA? Bob]

What's in a name? That which we call a rose by any other name would smell as sweet. Juliet

Now we have to look under the “Pimps & Ho's Section”

Craigslist Removes Its Controversial Adult Section

Posted by timothy on Saturday September 04, @02:37AM

"The online classified website Craigslist has removed its controversial Adult Services portion of its website. Technology blog TechCrunch was the first to report the section had been blacked out with the word 'Censored.'"

(Related) It's not the porn that concerns them, its the inability to identify the porn consumer?

VISA Pulls Plug On ePassporte, Porn Webmasters

Posted by Soulskill on Friday September 03, @04:40PM

"Credit card giant VISA International has suspended its business with ePassporte, an Internet payment system widely used to pay adult Webmasters and a raft of other affiliate programs. A number of adult Webmaster forums are up in arms over the move because many of their funds are now stranded. Visa has been silent on the issue so far, but points to an e-mail from ePassporte founder Christopher Mallick saying the unexpected move by Visa wouldn't strand customers indefinitely. Mallick co-directed Middle Men, a Paramount film released in August that tells the story of his experience building one of the world's first porn site payment processing firms, as well as the Russian mobsters, porn stars and FBI agents he ran into along the way. Interestingly, the speculation so far is that Visa cut ties with ePassporte due to new anti-money laundering restrictions in the Credit Card Act of 2009, which affects prepaid cards and other payment card instruments that can be reloaded with funds at places other than financial institutions."

Apparently an amicable agreement that will allow the Aussies to keep selling wine in Europe, but what are the new names? We need a wine label to English translator!

Australia Adopts EU's Geographical Indicator System For Wine

Posted by timothy on Saturday September 04, @05:30AM

onreserve writes with an excerpt from a site dedicated to laws affecting wine:

"[L]ast week, Australia signed an agreement with the European Union to comply with the geographical indicator (GI) system of the EU. The new agreement replaces an agreement signed in 1994 between the two wine powers and protects eleven of the EU drink labels and 112 of the Australian GI's. Specifically, this means that many of the wine products produced in Australia that were previously labeled according to European names, such as sherry and tokay, will no longer be labeled under these names. Wine producers in Australia will have three years to 'phase out' the use of such names on labels. Australian labels that will be discontinued include amontillado, Auslese, burgundy, chablis, champagne, claret, marsala, moselle, port, and sherry."

I have always wondered why governments seem to fall back to the oldest technology available. Trains date back to the 1830s and these will look almost (functionally) exactly like them, and bring all the same problems.

Fast Trains to Connect US Cities, Alleviate Highway Congestion

The Obama administration back in January promised $8 billion in funding for cities and states to build high-speed, intercity rail projects.

This week, the Department of Transporation issued its specifications for the manufacture of new fast trains, namely double-decker coach, dining, baggage, and business class passenger rail cars that can travel between 79 MPH and up to 220 MPH.

This is interesting. You can even train it to automatically download embeded podcasts!

How RSS Bandit Can Feed You Everything You Need Online

While most RSS readers are awesome tools for organizing all of the sites that you like to visit online, there are very few that can also incorporate new information or posts from your favorite social networking sites like Twitter or Facebook. RSS Bandit has now added the ability to directly poll your Facebook account for new updates – turning it from a simple RSS Reader into an online life aggregator. So delete all of those other applications you’ve got running in the background, open up RSS Bandit, and let’s roll.

Friday, September 03, 2010

Not a 'skimmer' attached to an unattended card reader. Did someone hack in and if so, are there hundreds of parking lots that are vulnerable?

NZ: Card security breached in Qtown

September 2, 2010 by admin

Grant Bryant reports:

A spate of credit card scams has hit Queenstown.

The biggest scam was centred at the Man St parking building, but it was not the only scam to breach cardholder security in the resort this week.

People who had used their credit cards for payments were then later phoned by their card companies and notified that fraudulent transactions had taken place later in the day.

The Bank of New Zealand has now blocked credit card transactions outside New Zealand and Australia for customers who used credit cards at the parking building.

Kiwi Bank has put a hold on credit card accounts for about 17 of its customers who used the carpark.

BNZ external relations manager Erica Lloyd yesterday said the bank had hired a specialist fraud company to do a forensic audit of the carpark. [Isn't that the 'car park' owners responsibility? Bob]

Full audit results would be known soon, but “skimming,” was ruled out because no device was attached to the machines.

“The audit results will offer a clear picture, but looks like the carpark had their data collection process compromised,” she said.

Read more on Stuff.

“We can, therefore we must!” Tools & Techniques for my Ethical Hackers

Murdoch Reporters’ Phone-Hacking Was Endemic, Victimized Hundreds

A phone-hacking scheme involving British royals and reporters working for one of Rupert Murdoch’s tabloid newspapers went far beyond what was previously disclosed and prosecuted, according to The New York Times.

Andy Coulson, currently media advisor to British Prime Minister David Cameron, is accused of having encouraged the hacking during his tenure as editor of Murdoch’s News of the World paper.

According to the N.Y. Times, reporters working under Coulson targeted hundreds of victims — from Princes Harry and William to government and police officials and numerous celebrities, including soccer star David Beckham and his wife.

Most of the victims are only now learning that their phone voicemail accounts may have been accessed by reporters, four years after the investigation first launched.

… Scotland Yard is being accused of violating the rights of victims by failing to inform them earlier that they were targeted and of purposely narrowing the investigation to a single reporter and private investigator in order to preserve a special information-sharing relationship law enforcement agents had with the tabloid.

… Access to private voicemail messages occurred in two ways. In some cases, victims had simply neglected to change a default password phone carriers established for every new account. Anyone who knew the default four-digit code for a particular carrier — such as 1111 or 4444 — could access the accounts if they knew the victim’s phone number.

Where victims did change the password, the paper’s private investigators found another way to trick phone carriers into revealing the code. The N.Y. Times story does not detail the second method. In the United States, phone hackers have been known to use caller I.D. spoofing to access a victim’s voicemail. The hacker calls the target’s cellphone after setting their caller I.D. to the same number, which on some wireless carriers will drop the call right into the voicemail retrieval menu.

For my Ethical Hackers Might rise to the level of a class project if the Dean ever buys a new car...

Could Connectivity And Smartphones Open Your Car Up To Hackers?

Is it time for firewalls and malware protection for your car? Almost, but not quite yet, say experts, in a top-notch report from CNET.

Earlier this year we reported on research from the University of Washington and the University of California, San Diego, that showed how researchers were able to break into vehicle networks or change features—in some cases, while the vehicle was in motion.

That report is now available, and includes some eye-opening examples of what could be done remotely with some determination.

Safety-critical systems (such as stability control or engine control) actually haven't been isolated from non-safety-critical systems (such as entertainment systems), the report reveals, and systems such as GM's OnStar services, which allow remote access already, might make them especially vulnerable.

… Yet another report, from researchers at the University of South Carolina and Rutgers found tire-pressure monitoring systems easy to break into—suggesting that it would be easy to spoof a warning and cause a driver to pull over and inspect the vehicle, making them vulnerable to theft.

Should we connect Israeli “access to data” with “forged passports?”

Israel Data Access Stopped After Irish Objection

September 2, 2010 by Dissent

Objections levied by Irish European officials have put a stop to Israel gaining recognition for its data protection and access to sensitive information.

The European Commission has announced it has halted a proposal to allow Israel access to potentially sensitive data on European Union citizens following concerns expressed by the Irish representatives.

The unexpected move saw the Commission withdraw the application to effectively recognise Israel’s data protection standards as being on a par with those enjoyed in the EU, thereby limiting the state’s access to EU citizen’s information.


The Irish objections were raised after it emerged Israeli agents had used forged Irish passports in the murder of a Hamas operative. The events eventually led to the expulsion of an Israeli Diplomat, and a breakdown in Irish/Israeli relations.


Them Brits is crazy!

Opinion: “Privacy, Parliament and the Courts” – Mark Thomson

September 2, 2010 by Dissent

A constant theme of the recent press discussion of “sportsman’s privacy injunctions” has been the suggestion that judges have created a privacy law by stealth and that this raises serious questions about democratic accountability. I have already commented on some of the issues arising from this coverage but it is worth looking at the background to the development of the modern law of privacy in order properly to evaluate the charge of “development by stealth”. This involves considering the development of the law of confidence by the common and the approach of successive Governments towards privacy, including during the passage of the Human Rights Act.

Read more on Inform’s Blog.

If India can do it, why not the rest of the world?

UN Telecom Chief Urges Blackberry Data Sharing

Posted by timothy on Thursday September 02, @03:26PM

"The top man in telecommunications at the United Nations is weighing in on the Blackberry battle ... and he says share the data. The UN's telecom chief says governments have legitimate security concerns, and Research in Motion should give them access to its customer data. In an interview with the Associated Press, Hamadoun Toure said 'There is a need for cooperation between governments and the private sector on security issues.'"

For my Ethical Hackers. Apparently the government provides everyone with a hacking tool to go with the new “secure ID”

New German Government ID Hacked By CCC

Posted by timothy on Thursday September 02, @01:53PM

"Public broadcaster ARD's show 'Plusminus' teamed up with the known hacker organization 'Chaos Computer Club' (CCC) to find out how secure the controversial new radio-frequency (RFID) chips were. The report shows how they used the basic new home scanners that will go along with the cards (for use with home computers to process the personal data for official government business) to demonstrate that scammers would have few problems extracting personal information. This includes two fingerprint scans and a new six-digit PIN meant to be used as a digital signature for official government business and beyond."

That was quick. Earlier this year, CCC hackers demonstrated vulnerabilities in German airport IDs, too.

[From the article:

The home scanners will be necessary for use with home computers to process the personal data for official business and possibly even online shopping.

If this court becomes more “open” will we need another layer of “secret?”

FISA Court Proposes New Court Rules

September 2, 2010 by Dissent

Steven Aftergood writes:

The Foreign Intelligence Surveillance Court has proposed new rules to comply with the provisions of the FISA Amendments Act of 2008. The Court reviews government applications for intelligence surveillance and physical search under the Foreign Intelligence Surveillance Act (FISA).

The proposed FISA Court rules (pdf) provide new procedures by which telecommunications companies can petition the Court to modify or dismiss a court order or a directive from the Attorney General or the DNI requiring them to assist in electronic surveillance, to provide “any tangible thing,” or to adhere to a nondisclosure requirement concerning intelligence surveillance. Meanwhile, other procedures would permit the government to petition the Court to compel cooperation by a non-compliant telecommunications provider. A new section in the proposed FISA Court rules accordingly addresses the conduct of “adversarial proceedings,” a term that does not appear in the current rules (last modified in 2006).


The FISA Court has provided an opportunity for public comment on the new rules. Comments are due by October 4, 2010.

Read more on Secrecy News.

Go Judge! I can't get my students to write a coherent page about a current article. I hope he holds this juror to higher standards!

Facebook Post Juror Gets Fined, Removed, Assigned Homework

Posted by CmdrTaco on Thursday September 02, @11:23AM

"A Michigan judge removed a juror after a Facebook comment and also fined her $250 and required her to write a five-page paper about the constitutional right to a fair trial. The juror was 'very sorry' and the judge chastised her, saying, 'You violated your oath. You had decided she was already guilty without hearing the other side.'"

(Related) Learning when to seek legal advice the hard way!

Woman Wins Libel Suit By Suing Wrong Website

Posted by samzenpus on Thursday September 02, @09:38AM

"It appears that Cincinnati Bengals cheerleader Sarah Jones and her lawyer were so upset by a comment on the site that they missed the 'y' at the end of the name. Instead, they sued the owner of, whose owner didn't respond to the lawsuit. The end result was a judge awarding $11 million, in part because of the failure to respond. Now, both the owners of and are complaining that they're being wrongfully written about in the press — one for not having had any content about Sarah Jones but being told it needs to pay $11 million, and the other for having the content and having the press say it lost a lawsuit, even though no lawsuit was ever actually filed against it."

I've mentioned this one before, but sometimes I need to remind my students that the T in CTU stands for Technical...

Thursday, September 2, 2010

Think Tutorial - Free Web Apps & Software Tutorials

Think Tutorial is a site providing free, easy to follow tutorials on a variety of web services and software. On Think Tutorial you will find tutorials for taking advantage of the many features of popular email services like Gmail, Apple Mail, Hotmail, and Yahoo mail. You will also find tutorials for using iWork and Word. Want to learn how to use LinkedIn, Twitter, or Facebook? Think Tutorial has you covered there too. Need to know how to alter settings in your favorite web browser? Think Tutorial has tutorials for that too.

Thursday, September 02, 2010

Only two years? Fast, if not exactly cheap.

Heartland Payment Systems, Discover Agree To $5 Mln Intrusion Settlement

September 1, 2010 by admin

Heartland Payment Systems said it reached a settlement agreement with Discover Financial Services (DFS) related to the 2008 criminal intrusion of Heartland’s payment system environment. Under the agreement, Heartland would pay Discover $5 million, resolving all issues related to the 2008 intrusion.

“This settlement marks our final agreement with a card brand related to the intrusion.” said Bob Carr, Heartland’s chairman and chief executive officer.

Source: RTT News.

Wheedle words. “Our failure to secure our computers is not our fault?”

(Follow-up) Secret Service: Computer virus to blame for Jason’s Deli thefts

September 1, 2010 by admin

Janice Broach reports:

Investigators believe credit and debit card thefts at the Jason’s Deli on Ridgeway in Memphis are linked to a virus that infected computers at the restaurant.

“The computers received a virus that was unknown before this event,” Special Agent Rick Harlow of the U.S. Secret Service said Tuesday. “It was a new variation of an older virus. No virus program that we ran against it found it.”

Dozens of customers have reported in recent weeks that their credit or debit card numbers were stolen after being used at the restaurant.

Since word of the thefts began to spread, business has dropped by nearly 50 percent, according to store owner Kent Holt.

At a press conference held outside the restaurant, Harlow said investigators are still not sure how the virus infected computers there.

It was not Jason’s Deli’s fault that this occurred,” he said.

Read more on WMC-TV

We know where you surf!” and hey, everybody does it...

Twitter plans to record all links clicked

By the end of the year, Twitter expects to be recording and analyzing every link users click on when using its Web site or any of the thousands of third-party microblogging apps.

An e-mail announcement Wednesday night said "all users" will soon be switched over to Twitter's link-shortening service and, once that happens, "all links shared on or third-party apps" will use it. In addition, the company said, when anyone clicks "on these links from or a Twitter application, Twitter will log that click."

Wednesday's news was soon met with a smattering of privacy concerns, with some Twitter users dubbing it a "disgusting data landgrab" and others wondering if there will be an "opt-out policy" for those who prefer not to have their clicks recorded. Another concern: a centralized link-redirector means a centralized point of failure in a service known for being frequently overloaded.

Oh, what a wicked web we weave...”

Newspapers Cut Wikileaks Out of Shield Law

Posted by CmdrTaco on Wednesday September 01, @03:50PM

"The US press has been pushing for a (much needed) federal shield law, that would allow reporters to protect their sources. It's been something of a political struggle for a few years now, and things were getting close when Wikileaks suddenly got a bunch of attention for leaking all those Afghan war documents. Suddenly, the politicians involved started working on an amendment that would specifically carve out an exception for Wikileaks so that it would not be covered by such a shield law. And, now, The First Amendment Center is condemning the newspaper industry for throwing Wikileaks under the bus, as many in the industry are supporting this new amendment, and saying that Wikileaks doesn't deserve source protection because 'it's not journalism.'"

I've been looking for a way to “invest” in lawsuits. Shouldn't be too difficult to scan the Patent database and find victims evil doers.

A New Species of Patent Troll

Posted by samzenpus on Wednesday September 01, @10:18PM

"According to the Wall Street Journal, there's a new species of patent troll out there. These new trolls sue companies that sell products with an expired patent number on them. That's right, it's against the law to sell a product that's marked with an expired patent number. The potential fine? $500. Per violation - and some of the companies have patent numbers on old plastic molds that have made literally billions of copies. Using whistle-blower laws, 'anyone can file a claim on behalf of the government, and plaintiffs must split any fine award evenly with it.' You've been warned."

Somewhat surprising, but I suspect it's more of a slap down of the EULA

Lineage II Addiction Lawsuit Makes It Past the EULA

Posted by Soulskill on Thursday September 02, @03:29AM

We recently discussed a man who sued NCsoft for making Lineage II "too addictive" after he spent 20,000 hours over five years playing it. Now, several readers have pointed out that the lawsuit has progressed past its first major hurdle: the EULA. Quoting:

"NC Interactive has responded the way most software companies and online services have for more than a decade: it argued that the claims are barred by its end-user license agreement, which in this case capped the company's liability to the amount Smallwood paid in fees over six months prior to his filing his complaint (or thereabout.) One portion of the EULA specifically stated that lawsuits could only be brought in Texas state court in Travis County, where NC Interactive is located. ... But the judge in this case, US District Judge Alan C. Kay, noted that both Texas and Hawaii law bar contract provisions that waive in advance the ability to make gross-negligence claims. He also declined to dismiss Smallwood's claims for negligence, defamation, and negligent infliction of emotional distress."

For my Computer Security/Rapper students.

Snoop Dogg Joins the War On Cybercrime

Posted by samzenpus on Wednesday September 01, @06:22PM

"Think you can bust out some silly fresh rhymes on the subjects of hacking, identity theft and computer viruses? In a somewhat untraditional partnership, Snoop Dogg and Symantec's Norton want you to show off your their lyrical skills on the subject of cybercrime and enter the 'Hack is Wack' cybercrime rap contest. If you have the skills and bust out the phattest rap, you'll receive round trip airfare for two to Los Angeles along with two days and two nights' hotel stay to meet with Snoop's management, learn more about his business. You'll also get two tickets to a Snoop Dogg concert and a new laptop pimped out with Norton Internet Security 2011."

If I can't resell them, do I own them?

For 99 cents, Amazon sells shows, Apple rents them

Here's what Amazon says of the rights that come with videos sold on its site, including the 99-cent TV shows.

"When you buy a video, your viewing rights do not expire (except as provided in our Terms of Use)," Amazon states. "You can watch a video you own online and download it to 2 locations (TiVo, DVRs, and Windows PCs). You can also transfer a video you own to 2 portable devices. Note: Some new release movies will become unavailable for viewing or downloading for an unspecified period of time due to licensing restrictions. You will be notified about this before we process your order."

Wednesday, September 01, 2010

The education of the Lower Merion School Board continues...

Lower Merion must pay $260k to student’s lawyer in webcam case

August 31, 2010 by Dissent

John P. Martin reports:

A federal judge Monday ordered the Lower Merion School District to pay about $260,000 now – and potentially much more later – to the lawyer who brought the lawsuit over the district’s webcam monitoring.

In a 14-page opinion, Senior U.S. District Judge Jan E. DuBois said Mark S. Haltzman deserved to be paid for work that led to a preliminary injunction against the district in May. And he said Haltzman could submit the rest of his bills when the case ended.


It’s not clear to me whether the district will actually be stuck with the bill because back in April, the district’s insurance carrier, Graphic Arts Mutual, had sued in federal court for injunctive relief, claiming that it was not responsible for any costs involved in defending the district in this matter. That matter has not yet been decided by the court.

If you’d like to read the court’s 14-page memorandum, I’ve uploaded it here (pdf). The corresponding 2-page order can be found here (pdf).

This sounds like an ill-informed overreaction. Why limit access to voice? (Would they recognize encrypted voice or simply consider it some kind of document?)

India Threatens Ban On Google, Skype

August 31, 2010 by Dissent

Paul McDougall reports:

Having given RIM a 60-day reprieve from a ban on Blackberry messaging traffic, Indian authorities have now set their sites on Google and Skype.

As they did with RIM, authorities in the country are demanding access to data that flows across Google’s and Skype’s servers.

“The notices to these entities will be issued beginning Tuesday and all of them will be asked to comply with the directive or else they will have to close down their networks,” a senior government official said, according to The Times of India.

Read more on InformationWeek.

[From the article:

A new voice feature just added to Gmail is what put Google in the Indian government's crosshairs, the newspaper said.

Indian officials insist they need the ability to intercept mobile data in cases where they suspect the devices are being used to plot terror attacks or other crimes.

Is this practicing law without a license or is it merely providing a “Best Practices” checklist? - Generating Privacy Policies

If you collect information of any kind from users on your site, then having a clear privacy policy is not just something advisable - it is something absolutely necessary. If you don’t have one, your business is completely exposed. You have to inform those who use it exactly how their data is going to be stored and managed to ensure that nobody will feel like his privacy has not been respected later on.

And there is not such a thing as a “universal” privacy policy that could be just applied to just any site on the Internet. Policies will always vary, to a lesser or bigger degree. But they are always going to be different from one another because the processes in which data is collected and the uses it is put to is never the same.

Which brings us to the Generate Privacy Policy website. The two preceding paragraphs and the name of the site already give you a clear idea of what it does, and why it is something important. The one and only thing that must be added is that you won’t be charged anything for your policy to be generated. The site is absolutely free to use.

For the Network Security class

Misconfigured Networks Main Cause of Breaches

Posted by CmdrTaco on Tuesday August 31, @05:54PM

"Responses to a survey from attendees of the DEFCON 18 conference revealed that 73% came across a misconfigured network more than three quarters of the time – which, according to 76% of the sample, was the easiest IT resource to exploit. Results revealed that 18% of professionals believe misconfigured networks are the result of insufficient time or money for audits. 14% felt that compliance audits that don't always capture security best practices are a factor and 11% felt that threat vectors that change faster than they can be addressed play a key role."

For my Geeks...

Top 5 Free Computer Maintenance Tools You Should Know About

A hot new business area?

Textbook Rentals Go Into Hypergrowth: Bookrenter Says Revenues Are Growing 725 Percent

Tuesday, August 31, 2010

Yes, you can have my personal information, but here's a looong list of things you can't do with it. (The short version is: Anything you originally promised not to do.)

Article: Pervasive Surveillance and the Future of the Fourth Amendment

August 30, 2010 by Dissent

Russell D. Covey of the Georgia State University College of Law has an article in the Mississippi Law Journal. Here’s the abstract:

We are in a period of intense technological change. The continued explosive growth in technology has two major effects on the scope and application of the Fourth Amendment. First, the diffusion of powerful new technologies like DNA synthesis and high-powered computing makes it far easier than ever before for ill-meaning groups or individuals to obtain powerful and destructive weapons. Regardless of who is perceived to desire such weapons, the very existence and potential use of such weapons poses a permanent and growing threat to national security. Second, with the development of new technologies, governments are finding it increasingly cheap and easy to conduct intrusive surveillance on their populations and to obtain data and information about individuals in quantities and in detail never before imagined. For both of these reasons, states are increasingly likely to adopt strategies of pervasive surveillance.

Fourth Amendment doctrine has failed to respond adequately to these trends. First, Fourth Amendment law – mainly, the so-called “third party doctrine” – fails to adequately protect privacy in light of new technology. Second, the few limits that have been placed on government use of technology threaten the ability of the state to conduct the type of surveillance necessary to effectively combat the risks posed by terrorism. The solution suggested is to shift the focus of the Fourth Amendment from its longstanding concern with acquisition of information to its use. Current practices already suggest that people generally are less concerned about revealing private information to others under appropriate circumstances than they are in ensuring that these limited disclosures are not misused by their recipients. In a future world where dangerous technologies are cheap and easily obtained, the critical problem will be to safeguard the population through carefully targeted surveillance, while ensuring that such surveillance cannot be used for pretextual or politically oppressive purposes.

You can download the full article here.

Covey, Russell D., Pervasive Surveillance and the Future of the Fourth Amendment (August 25, 2010). Mississippi Law Journal, Vol. 80, No. 4, 2010; Georgia State University College of Law, Legal Studies Research Paper No. 2010-14.


(Related) We've been using radio locators to find back-country skiers who are lost or buried under an avalanche. This one seems to be for bragging rights and social networking...

Vail Resorts unveils ski slope geolocation system

… A skier can turn off RF functionality entirely if he or she so chooses, the company explained. [Opt Out Bob]

Coherent and comprehensive? I can't wait. More accurately, I don't think I'll live that long.

Article: Fourth Amendment Pragmatism

August 30, 2010 by Dissent

Dan Solove has a new article out, “Fourth Amendment Pragmatism,” in the Boston College Law Review. Here’s the abstract of the article, which will undoubtedly generate a lot of discussion:

In this essay, Professor Solove argues that the Fourth Amendment reasonable expectation of privacy test should be abandoned. Instead of engaging in a fruitless game of determining whether privacy is invaded, the United States Supreme Court should adopt a more pragmatic approach to the Fourth Amendment and directly face the issue of how to regulate government information gathering. There are two central questions in Fourth Amendment analysis: (1) The Coverage Question – Does the Fourth Amendment provide protection against a particular form of government information gathering? and (2) The Procedure Question – How should the Fourth Amendment regulate this form of government information gathering? The Coverage Question should be easy to answer: The Fourth Amendment should regulate whenever government information gathering creates problems of reasonable significance. Such a scope of coverage would be broad, and the attention wasted on the Coverage Question would be shifted to the Procedure Question. This pragmatic approach to the Fourth Amendment is consistent with its text and will make Fourth Amendment law coherent and comprehensive.

You can download the full article here.

Solove, Daniel J., Fourth Amendment Pragmatism (August 27, 2010). Boston College Law Review, Vol. 51, p. 1, 2010; GWU Law School Public Law Research Paper. Available at SSRN:

Gee, does that mean the Constitution still rules?

EDNY: SCA won’t cut it: historical cell data requires warrant

August 30, 2010 by Dissent

Chris Soghoian has uploaded a federal magistrate’s decision in Eastern District New York denying the federal government’s request for an order requiring Sprint Nextel to produce cell records, including tower and sector information for a subscriber’s phone. According to court documents, the Sprint subscriber was Edwin Espinosa, but the phone was allegedly being used by the target of a criminal investigation, Tyshawn Augustus.

The government asserted that the request was relevant to a criminal investigation and that it believed it had sufficient grounds for obtaining a warrant under the probable cause standard. But the government did not apply for, nor obtain a warrant, preferring, it said, to proceed under the Stored Communications Act (SCA). It has been the government’s position that the SCA permits them to obtain records without a warrant.

Magistrate James Orenstein disagreed and denied the requested order, holding that the Fourth Amendment requires a warrant to obtain these types of records and that the government’s assertion that they had sufficient evidence to reach the probable cause standard was not sufficient. The judge wrote:

Even assuming that the facts proffered in the revised Application sufficed to establish probable cause, those facts could not simply be proffered but would instead have to be established by means of an affidavit or affirmation.

There’s much more to the opinion, but if the government hoped to get a ruling to support its approach that it does not need a warrant to search historical cell phone records with location data, it met its match in Judge Orenstein.

Update: Mariko Hirose of the ACLU blogs about the decision, here.

It's going to happen. Google and Microsoft and many others saw this coming and probably saw how profitable it could be.

Article: Waiving Your Privacy Goodbye: Privacy Waivers and the HITECH Act’s Regulated Price for Sale of Health Data to Researchers

By Dissent, August 30, 2010

Barbara J. Evans of the University of Houston Law Center has uploaded a working paper to SSRN, “Waiving Your Privacy Goodbye: Privacy Waivers and the HITECH Act’s Regulated Price for Sale of Health Data to Researchers.” The abstract is:

How much should an insurer or healthcare provider be able to charge when selling people’s personal health data without their permission to a researcher? This question is being addressed now in proceedings to amend the HIPAA Privacy Rule. The Health Information Technology for Economic and Clinical Health (HITECH) Act of 2009 allows such sales but limits pricing to a cost-based fee for data preparation and transmission. The requirement that individuals authorize the release of their data can be waived under existing provisions of the HIPAA Privacy Rule.

This article explains why supplying data to researchers is set to become a profitable line of business for entities that hold large stores of health data in electronic form. Health information systems are a form of infrastructure, and Congress’s cost-based fee for data preparation and transmission echoes pricing schemes traditionally used in other infrastructure industries such as railroads, electric power transmission, and telecommunications. Cost-based fees for infrastructure services, of constitutional necessity, must allow recovery of operating and capital costs including a return on invested capital – in other words, a profit margin.

This fee structure is being launched in an emerging 21st-century research landscape where biomedical discovery will depend more than it has in the past on studies that harness existing stores of data – such as insurance claims and healthcare data – that were created for purposes other than the research itself. This article explores why, in this environment, the new fee structure has the potential to destabilize already-fragile public trust and invite state-law responses that could override key provisions of federal privacy regulations, with devastating consequences for researchers’ future access to data. To avoid this outcome, the cost-based fee must be thoughtfully implemented and accompanied by reform of the HIPAA waiver provision now used to approve nonconsensual use of people’s health data in research. This article identifies specific defects of the existing framework for approving nonconsensual uses of data with the aim of eliciting a wider debate about what the reforms ought to be.

You can download the entire article from SSRN

Evans, Barbara J., Waiving Your Privacy Goodbye: Privacy Waivers and the HITECH Act’s Regulated Price for Sale of Health Data to Researchers (August 23, 2010). Univ. of Houston Public Law and Legal Theory Working Paper No. 2010-A-22. Available at SSRN:

(Related) How about disclosure to the media?

Triplets’ Parents Sue Hospital & Media

By Dissent, August 31, 2010

Dan McCue reports on a case in Illinois:

Surrogate parents of newborn triplets claim a hospital and major media outlets violated medical privacy laws and subjected them to “humiliation, embarrassment and emotional distress” by publishing photos and stories about their newborns. The parents say they never gave Advocate Christ Medical Center permission to release personal information about them or their babies, nor did they agree that the Sun Times, Tribune Co. or WLS-TV could photograph and publish the babies’ pictures.

Read more about the lawsuit on Courthouse News, where you can also read a copy of the complaint. I e-mailed the plaintiff’s lawyer yesterday to inquire as to whether a HIPAA complaint had also been filed, but I have not received any response as yet.

[From the Courthouse article:

About three days after the Lindgren triplets were born, Cynthia Lindgren says, she got a call from a nurse who said that news outlets were coming to the hospital to do a story on the four sets of triplets.

The nurse asked for permission to have the Lindgren children filmed, but Cynthia Lindgren said she demurred, saying she would have to speak with her husband.

But the hospital let the TV and newspapers go ahead anyway, the Lindgrens say.

WLS broadcast footage of one of the Lindgren children and disclosed their medical condition; the print articles also revealed where the family lives and how the children were conceived, the parents say.

(Related) Maybe agreeing on a policy isn't that simple?

Article: An End to Privacy Theater: Exposing and Discouraging Corporate Disclosure of User Data to the Government

August 30, 2010 by Dissent

Christopher Soghoian’s article, “An End to Privacy Theater: Exposing and Discouraging Corporate Disclosure of User Data to the Government,” will be published in an upcoming issue of the Minnesota Journal of Law, Science & Technology, but you can read it now via free download from SSRN. Here’s how the article begins:

Today, when consumers evaluate potential telecommunications, Internet service or application providers – they are likely to consider several differentiating factors: The cost of service, the features offered as well as the providers’ reputation for network quality and customer service. The firms’ divergent approaches to privacy, and in particular, their policies regarding law enforcement and intelligence agencies’ access to their customers’ private data are not considered by consumers during the purchasing process – perhaps because it is practically impossible for anyone to discover this information.

A naive reader might simply assume that the law gives companies very little wiggle room – when they are required to provide data, they must do so. This is true. However, companies have a huge amount of flexibility in the way they design their networks, in the amount of data they retain by default, the exigent circumstances in which they share data without a court order, and the degree to which they fight unreasonable requests. As such, there are substantial differences in the privacy practices of the major players in the telecommunications and Internet applications market: Some firms retain identifying data for years, while others retain no data at all; some voluntarily provide government agencies access to user data – one carrier even argued in court that its 1st amendment free speech rights guarantee it the right to do so, while other companies refuse to voluntarily disclose data without a court order; some companies charge government agencies when they request user data, while others disclose it for free. As such, a consumer’s decision to use a particular carrier or provider can significantly impact their privacy, and in some cases, their freedom.

Soghoian, Christopher, An End to Privacy Theater: Exposing and Discouraging Corporate Disclosure of User Data to the Government (August 10, 2010). Minnesota Journal of Law, Science & Technology, Forthcoming. Available at SSRN:

(Related) Medical data is getting broader and more detailed.

Sensors and In-Home Collection of Health Data: A Privacy by Design Approach

By Dissent, August 31, 2010

From the Information and Privacy Commissioner of Ontario’s web site:

In-home health care monitoring devices are gaining in prominence. Technological improvements in networking, wireless communications, and the miniaturization of electronics have resulted in a suite of emerging technologies that rely on the collection of information from within the home, from an individual’s body, or both. This new technology brings with it significant potential benefits for both society as a whole and individual citizens, such as reducing strain on health care systems through a more preventative (rather than reactive) approach to potential health care problems, which generally improves an individual’s clinical outcomes and/or independence. In order to create these benefits, however, significant and continuous data collection about the individual is required. Until now, these data have not been accessible, as technologies were not sufficiently advanced to collect necessary information accurately, reliably, and securely. It is important to recognise that these data tend to be of a highly sensitive nature, as they are collected either directly about the individual or about actions taken within his or her home (traditionally the most privacy protected location in one’s daily life). As such, people’s privacy must be at the forefront of these new technologies and be strongly protected. In this white paper, we describe a general technology that is commonly used to collect data for in-home health care monitoring systems – sensors and sensor networks. We then identify the points of interest within such a system with regard to privacy, and describe some of the considerations that might be made when determining appropriate privacy protections. To demonstrate this approach, we will describe examples of devices being developed by the University of Toronto’s Intelligent Assistive Technology and Systems Lab (IATSL).

You can access the full paper here. In explaining the need for privacy by design, the writers note:

The application of remote sensors to the provision of health care – particularly as sensors and data collection enter the home – brings additional factors to the already complex issue of health information privacy Kotz et al. (2009), for instance, identify three particular features of remote home health care that have implications for privacy. Applied to sensor technologies, these features are as follows:

  1. More medical data may be collected about a patient, as sensors allow continual monitoring of health characteristics over an extended period;

  2. Broader health data may be collected about the patient; in addition to physiological data, information about an individual’s lifestyle and activities may be recorded.

  3. A broader range of applications may be enabled by the range of data made available through the use of sensor technologies.

The ability to maintain the privacy and security of patient information will be a key determinant of the success of remote home health care systems (see, for instance, the findings of Mihailidis et al., 2008). Of course, in ensuring privacy, the ability of these systems to aid in the provision of care cannot be compromised. What then, is the best manner of achieving these dual goals? The answer lies with Privacy by Design and the positive-sum paradigm.


Department of Homeland Security Sued Over Secret Traveller Files

August 30, 2010 by Dissent

Matt Smith reports:

San Francisco travel writer Edward Hasbrouck has sued the U.S. Department of Homeland Security over what he says is the agency’s refusal to give a complete accounting of secret files detailing his numerous border crossings around the world.

“This is not something I’m doing lightly, or that I’m doing every day, or that I like doing,” said Hasbrouck, who has long been the U.S. media’s go-to guy on the subject of traveling travails. But “I think it’s important for people to know about this surveillance program, and to understand what kind of dossiers are being kept, and how that information is being used.”

Read more on SF Weekly.

Hasbrouk blogged about his reasons for suing on his web site last week:

Today the First Amendment Project is filing a lawsuit on my behalf against U.S. Customs and Border Protection (one of the divisions of the Department of Homeland Security) for violating the Privacy Act and the Freedom Of Information Act (FOIA) by refusing to disclose their records of my travels, what they did with my requests for my records, and how they index, search for, and retrieve these travel surveillance records.

According to the complaint in Hasbrouck v. CBP filed today with the U.S District Court in San Francisco:

This complaint concerns the failure to disclose records regarding the warrantless, suspicionless dragnet collection and maintenance of Federal government records of the travel, activities, and other personal information concerning U.S. citizens not accused of any crime….

Not so much a wave of “Me too” companies, rather these are “We don't do that” Fodder for my “Small Business Development” entrepreneurs.

The Rise of the Anti-Facebooks

Facebook is dominating social media in almost every country where it hasn't been banned, and the six-year old site shows no signs of slowing down. It's creeping across generations, replacing things like the phone book and introducing tools the masses had no idea they needed. It's also indoctrinating the world into adopting the Mark Zuckerberg Values of "openness," "sharing" and "living your whole life on the Internet."

Those values have lead to a cultural movement. But here comes the resistance: a wave of social networking sites that define themselves in opposition to Facebook.

Privacy Fiends

The most prominent example is Diaspora, the distributed, open-source social network all about privacy and control of your data. Diaspora doesn't cite Facebook by name on its Kickstarter page, where its four founders raised 20 times more money than they asked for. But its founders do refer to "large corporate networks who want to tell you that sharing and privacy are mutually exclusive."

… Another site,, launched in January with a similarly lofty view of privacy: "Your details will never become fodder for targeted advertising campaigns and there are no third party apps to phish your data."

CollegeOnly founder Josh Weinstein remembers how he and his friends were just as anxious to join Facebook as they were for freshman orientation. CollegeOnly launched a social network for "connecting student bodies" last week. When you graduate, you're out. In the promo video, Weinstein turns to the camera and asks, "Don't you wish your social network were college only?" Yet-to-launch mobile startup Scoop has a similar idea.

… Maybe age or school-affiliation isn't important, but exclusiveness still is. ASMALLWORLD is an invitation-only social network for "sophisticated" and "influential" people

Hibe is a yet-to-launch social network based around controlling which personality you project to whom, a concept its creator calls "Social Web 3.0."

Anyone can screw up research. No doubt this will show up in college research classes as THE bad example.

Prosecutor Loses Case For Citing Wikipedia

Posted by CmdrTaco on Monday August 30, @11:19AM

"The Philippine Daily Inquirer reports on a recent case where the Office of the Solicitor General (OSG) lost an appeal after seeking to impeach the testimony of a defendant's expert witness by citing an article from Wikipedia. In her brief, the defendant said 'the authority, alluded to by oppositor-appellant, the "Diagnostic and Statistical Manual of Mental Health Disorders DSM-IV-TR," was taken from an Internet website commonly known as Wikipedia,' and argued that Wikipedia itself contains a disclaimer saying it 'makes no guarantee of validity.' The court in finding for the defendant said in its decision that it found 'incredible ... if not a haphazard attempt, on the part of the (OSG) to impeach an expert witness, with, as pointed out by (the defendant) unreliable information. This is certainly unacceptable evidence, nothing short of a mere allegation totally unsupported by authority.'"

Does the government believe that its citizens are so innumerate they can't determine that 25 MPG is not as good as 35 MPG? I doubt they will grade on a standard curve...

EPA Proposes Grading System For Car Fuel Economy

Posted by Soulskill on Monday August 30, @10:05PM

"The EPA and Department of Transportation on Monday proposed a fuel economy label overhaul to reflect how electric and alternative fuel vehicles stack up against gasoline passenger vehicles. ... The changed label, mandated by the 2007 energy law, includes the same information on city and highway miles per gallon and estimated driving costs based on 15,000 miles a year now available. But the new labels add more comparative information, rating cars on mileage, greenhouse gas contribution, and other air pollutants from tailpipe emissions. That means that consumers can look at a label to see how one vehicle compares to all available vehicles, rather than only cars in a specific class. One label proposes grades, ranging from an A-plus to a D. There are no failing grades, since vehicles need to comply with the Clean Air Act."

For all my students?

Monday, August 30, 2010

Developing Critical Thinking Through Web Research

As we know, the Internet is a great place to find information on anything that sparks your curiosity. Likewise, the web is a great resource for students, but they need to know how to evaluate what they find and discern the good from the bad. That's where we come in as teachers. And to help us help our students, Microsoft offers us a free 37 page ebook titled Developing Critical Thinking Through Web Research Skills. The ebook presents strategies for teaching Internet search skills and strategies for evaluating information. The ebook also links to many additional resources for teaching web search strategies. There are strategies and resources appropriate for students from in early elementary grades through high school included in the ebook. As you might expect, the ebook is heavy on references to Bing and other Microsoft products, but overall it is a good resource worth your time to download and read.

For my website students

Tuesday, August 31, 2010

7 Places & Ways to Find Copyright-friendly Images


ShrinkTheWeb: Improved Thumbnail Screenshot Generator


7 Video Editing Tasks VirtualDub Handles With Ease [Windows]