Saturday, October 30, 2010

“It's for the children!” How else can they be trained to be submissive little sheep?

School Buses Tracking Kids With Fingerprint and Card Scanners

October 29, 2010 by Dissent

Caleb Johnson writes:

To ensure that kids don’t get off at the wrong stops, some school districts have started using fingerprint and card scanners to track students who ride school buses. The Desert Sands Unified School District, located just north of San Diego, began testing a Biometric Observation Security System (BOSS) on its buses earlier this month, according to USA Today. Students simply touch their fingers to a tiny screen when they get on and off the bus; if a child tries to get off at the wrong stop, BOSS sounds an alarm to notify the driver. About 30 school districts across the country, including ones in Missouri and Illinois, have begun using a similar system called Zpass. Instead of a fingerprint, the system uses an electronic card that’s tethered to a child’s backpack. [Forget your backpack and you can't “get poor Charlie of the MTA!” Bob]

I guess no one can go home with a friend any more without sirens and alarms going off, huh?

This is creepy/spooky. A high resolution photo of the World Series, that allows you to tag anyone with their Facebook profile. Think of it as a sample “facial recognition” application. (and why is the Second Baseman holding his glove that way?)

MLB’s TagOramic Lets You Stare Into The Face Of Each And Every Fan At The World Series

Were you lucky enough to attend one of the MLB playoff games this month? Then you’ll want to check out TagOramic, a nifty feature on that was built to celebrate the Fall Classic. Over the course of the playoffs, MLB has taken some absolutely massive panoramic photos of each stadium — and they’ve taken them at high enough resolution that you can zoom in and see each and every fan.

The site has also integrated support for Facebook Connect, so even if you didn’t get to attend one of the playoff games, you can sign in and see if any of your friends have been tagged in the photo. It sounds silly, but it’s surprisingly fun to see a shot of your friend mid-hot dog, surrounded by a sea of other fans.

We have the technology, so we can do anything we want with it...

Brazilians will be forced to use RFID chips and GPS trackers in their cars

October 29, 2010 by Dissent

Brazil‘s government, behind the facade of open democracy, continues to advance its way as one of the most autoritarian police states in the world.

Brazilian population will be forced very soon to have in their cars identification chips (RFID), besides GPS locators and blockers.

According to several news , the brazilian government hurries to show until november of 2010 the GPS tracker that will be legally required to be in all new cars from February of 2011.

Read more on New World Order in Brazil.

Isn't that a bit over broad? Is there an alternative to providing an IP address (at minimum) to you ISP?

Utah statute requiring sex offenders to register Internet identifiers violates neither First nor Fourth Amendments nor ex post facto clause

October 29, 2010 by Dissent


A Utah statute that required that sex offenders register their Internet identifiers with the state violates neither the First nor the Fourth Amendment. As to the Fourth Amendment, there is no high privacy interest in the identifiers that a person uses on the Internet because it is voluntarily provided to third parties. It also does not violate the ex post facto clause. Doe v. Shurtleff, 2010 U.S. App. LEXIS 21988 (10th Cir. October 26, 2010).*

(Related Isn't it?)

Police Blotter: Husband accused of tapping wife's PC

Larry Bagley was sued in June by his wife Rhea Bagley, who accused him of surreptitiously placing audio recording devices in their house as well as a software keystroke logger. The Bagleys are in the process of divorcing.

The complaint in this civil case says that during the divorce proceedings, the husband revealed the existence of the surveillance tech and acknowledged that the "software recorded screenshots of activity on this computer." The husband replied in court documents that "in all conversations, the defendants' children were present and defendant was able to consent to recordation by way of vicarious consent."

U.S. District Judge Lee Rosenthal ruled on October 18 in favor of the husband, saying that the court was required to follow a Fifth Circuit decision saying that the federal wiretap law known as Title III does not apply to marital relationships.

In the current Texas case, the judge's opinion was relatively narrow. Because there are other plaintiffs in the case (besides the wife) alleging that the surveillance was illegal, the case will continue. Their lawsuit also accuses Larry Bagley of violations of Texas' wiretap law, a claim that Rosenthal allowed to proceed.

I wonder if some candidate for a PhD in psychology would like to study this. We (the Security community) have been pointing to user ambivalence for years. Now there are plenty of tools available to quantify that ambivalence and perhaps identify how hard we need to slap someone to wake them up...

Herding Firesheep In NYC — Do Users Care?

Posted by timothy on Friday October 29, @07:14PM

"Following the Firesheep uproar, I spent some time telling people who don't read Slashdot about the vulnerability that open WiFi networks create in what seemed like the most effective way possible: by sidejacking their accounts and sending them messages about how it happened. The results were surprising — would users really rather leave their accounts open to intruders rather than stay off Facebook at Starbucks? The link recounts the experience, and also lists some rough numbers of how many accounts could be compromised at a popular NY Starbucks location."

(Related) I wonder if the White House offers free WiFi?

White House Press Secretary Fields ‘First Question’ From Twitter

(Related) Useful security article...

5 Ways Your Facebook Log-In Password Can Get Stolen

You need to be responsible for the security of your account.

Mahendra offered some awesome tips for safeguarding your Facebook security, and Tim offered some useful privacy tips when you choose to use Facebook Places. Today, I’d to enlighten you with a few more tools in your arsenal against Facebook account hijackers with 5 ways that those hackers commonly obtain Facebook passwords.

So few signs of intelligent life in the universe... or in Congress.

Annual US Intelligence Bill Tops $80 Billion

Posted by Soulskill on Friday October 29, @01:35PM

"The LA Times reports that the US government has disclosed its annual intel budget for the first time in more than a decade: $80.1 billion on intelligence gathering, representing about 12% of the nation's $664-billion defense budget. The government revealed the total intelligence budget twice before, in 1997 and 1998, in response to a lawsuit. It was $26.6 billion and $26.7 billion, respectively, meaning the budget has tripled in 12 years. 'It is clear that the overall spending on intelligence has blossomed to an unacceptable level in the past decade,' says Dianne Feinstein, who chairs the Senate Intelligence Committee. Dana Priest reported that more than 1,200 government agencies or offices and almost 2,000 outside contractors are involved in counter-terrorism activities, producing about 50,000 intelligence reports each year, far more than the government can effectively digest. The US is running so many secret programs that James R. Clapper Jr., director of national intelligence, said during his confirmation hearings that 'only one entity in the entire universe' knows what they're all doing, and 'that's God.'"

For my website students - Create Presentations & Embed Them

True to its name, this website will let you create a booklet (IE a small presentation) in an easy way, and have it embedded on your site or blog for all to see. These booklets can include not only text and images [and video Bob] but also HTML content, and they will be useful in just any context in which specific information has to be transmitted.

Friday, October 29, 2010

How many other Universities “assume” their faculty web sites are secure? How did the Liberty Coalition access a “faculty” web site? (Why are all these security issues obvious only in retrospect?)

UH West O’ahu security breach affects Mānoa students

October 28, 2010 by admin

The University of Hawaii has just posted a breach notice concerning the incident described in an earlier blog entry:

The University of Hawai`i – West O`ahu (UHWO) is notifying approximately 40,000 individuals that their personal information may have been compromised.

The exposure occurred when a faculty member inadvertently uploaded files containing data including names, social security numbers, addresses, birth dates and educational information to an unencrypted faculty web server. Individuals potentially affected are students who attended the University of Hawai`i at Mānoa from 1990 – 1998 and during 2001. In addition, students who attended UHWO during Fall of 1994 or graduated from 1988 – 1993 may also be affected.

The faculty member, who is now retired from UHWO, was conducting a longitudinal study of UH students. The faculty member obtained the files from the University of Hawai`i System Institutional Research Office and placed the files containing the information onto the faculty web server in December 2009.

UHWO promptly removed the unintentionally exposed files and disconnected the affected server from the network, after Liberty Coalition, a non-profit group based in Washington D.C., notified University officials about the exposure on October 18. Different files had different information on some of the individuals, but it is believed that the aggregation of the exposed files could allow matching to create the potential for identity theft, which is highly unlikely to occur.

The FBI and Honolulu Police Department have been notified. At this time, UHWO has no evidence that anyone’s personal information was accessed for malicious intent. UHWO is also working with UH System to adopt more proactive security measures to ensure better privacy protection.

Notice what’s missing from the above? No mention that they didn’t discover the breach at all and it had to be pointed out to them.

Their full statement also includes reference to an FAQ on the incident, but it’s not available on the site at the time of this posting.

Interesting, but less that a single Computer Security lecture would provide...

Separating Cyber-Warfare Fact From Fantasy

Posted by timothy on Friday October 29, @08:04AM

"This week's New Yorker magazine has an investigative essay by Seymour Hersh about the US and its part in cyber-warfare that makes for interesting reading. Hersh talks about the financial incentives behind many of the people currently pushing for increased US spending on supposed solutions to network vulnerabilities and the fine and largely ignored distinction between espionage and warfare. Two quotes in particular stood out: one interviewee said, 'Current Chinese officials have told me that [they're] not going to attack Wall street, because [they] basically own it,' and Whitfield Diffie, on encryption, 'I'm not convinced that lack of encryption is the primary problem [of vulnerability to network attack]. The problem with the Internet is that it's meant for communication among non-friends.' The article also has some interesting details on the Chinese disassembly and reverse-engineering of a Lockheed P-3 Orion filled with espionage and eavesdropping hardware that was forced to land in China after a midair collision."

Another Facebook “Privacy invasion” tool?

Facebook launches quirky 'friendship pages'

Facebook today launched a feature called "Friendship Pages," which lets users load up the interactions between themselves and individual friends, or between any two friends, on the social network. You'll see their posts on one another's walls, events to which both RSVP'd, photos in which both are tagged, and other interactions that you would otherwise be able to access on either friend's profile (i.e. nothing that wouldn't otherwise be public)

This is the brainchild of a single Facebook engineer, Wayne Kao, who built the feature at one of the company's all-night "hackathons" along with a designer. "One of my favorite Facebook moments is browsing photos from friends in the News Feed after they've begun a new relationship, gotten engaged or gotten married," Kao wrote in a blog post. "It gives me a fun and meaningful glimpse of the friendship between two people I know. I realized that a similarly magical experience was possible if all of the photos and posts between two friends were brought together."


Facebook’s Dominance Leaves President No Choice

In an effort to increase voter turnout for next Tuesday’s Congressional Election, President Barack Obama has put out a call on Twitter for constituents to install a Facebook application called the “Commit to Vote Challenge.” Like a more noble version of Fast Company’s Influence Project, the Commit to Vote Challenge takes advantage of the “network effect” by using Facebook to spam your friends about voting. Facebook’s population is currently greater than that of the United States. [Which, to a Chicago politician is even more attractive than registering dead voters! Bob]

(Related) What do you do with 500 million users who have no privacy? Behavioral Advertising! (Or, “Your friends were dumb enough to buy this, so you probably will too!”

Facebook applies for ad-targeting patent

This is interesting: Earlier this month, Facebook filed for a patent to further hone its ad-targeting technology so that ads can be based on what a user's friends interests may be. The reason for this, it appears, is so that Facebook can better serve ads toward users who have not filled out their profiles with enough information for traditional ad targeting.

Facebook calls this second-degree targeting "inferential."

Continuing the theme of “Our security must be working, we haven't been attacked by a single Klingon since we started!” If you don't have a 'reasonable suspicion,' semantically isn't that the same as having an “unreasonable suspicion?”

UK: Over 100,000 stops-and-searches: zero terrorists

October 28, 2010 by Dissent

Jane Fae Ozimek reports:

When it comes to wasting police time, the biggest offenders appear to be…the police. That, at least, appears to be the conclusion of the Home Office. Its official statistics, published today, show that while police stopped over 100,000 individuals last year to “prevent acts of terrorism”, there was not a single arrest for a terror offence as a result of these stops.

This perhaps is the final nail in the coffin for the widely criticised section 44 of the Terrorism Act 2000, which gives police forces powers to stop and search individuals – in so-called “designated areas” – to prevent acts of terrorism without the need for reasonable grounds of suspicion. According to today’s report: “In 2009/10, 101,248 stops-and-searches were made under this power.

Read more in The Register.

(Related) Certainly not supported by the annual “Wiretapping Report” to congress...

October 28, 2010

EFF: Government Withholds Records on Need for Expanded Surveillance Law

News release: "The Electronic Frontier Foundation (EFF) filed suit against three agencies of the Department of Justice (DOJ) today, demanding records about problems or limitations that hamper electronic surveillance and potentially justify or undermine the Administration's new calls for expanded surveillance powers. The issue has been in the headlines for more than a month, kicked off by a New York Times report that the government was seeking to require "back doors" in all communications systems -- from email and webmail to Skype, Facebook and even Xboxes -- to ease its ability to spy on Americans. The head of the FBI publicly claimed that these "back doors" are needed because advances in technology are eroding agents' ability to intercept information. EFF filed a Freedom of Information Act (FOIA) request with the Federal Bureau of Investigation (FBI), the Drug Enforcement Agency (DEA), and the DOJ Criminal Division to see if that claim is backed up by specific incidents where these agencies encountered obstacles in conducting electronic surveillance."

Where does anonymity stop?

Sperm donors’ privacy rights should trump rights of offspring, Vancouver court told

By Dissent, October 28, 2010

Neal Hall reports:

The privacy rights of anonymous sperm donors should outweigh the constitutional rights of donor offspring, a government lawyer argued today.

Leah Greathead, the lawyer representing B.C.’S attorney general, told a B.C. Supreme Court judge that Olivia Pratten has a very sympathetic claim — she wants to know details of her genetic history from her biological father, a sperm donor.

“It is important to know your genetic history,” the lawyer conceded…]But, she added, “There is no right for everyone to know their genetic heritage.”


Pratten has filed a lawsuit — believed to be the first of its kind in North America — that seeks to strike down the B.C Adoption Act on the grounds that it is discriminatory and unconstitutional.

Read more in the Vancouver Sun

Replacing those bracelets with bar codes? How do they ensure that the person claiming to be Mr. Insured really is? If I arrive at the Emergency Room after an Identity Thief has used my information, how is my care impacted? (Am I presumed “innocent” or “indigent?”)

Wisconsin hospital adds hand scans to ID patients

Hospitals in New York and San Diego are using hand scans to identify patients. Now a Wisconsin hospital is too.

Patients with the same name even the same birthday are rare but it's one of things that a new system at UW Hospital and Clinics in Madison is designed to sort out. It's starting a database of hand scans to identify people through the vein patterns in their palms.

UW Health's chief information officer, Mike Sauk, says the $70,000 system links patients to their electronic health records. [So did (should) the bracelets. Bob] It could be used when a person is unconscious or to verify that the patient and their insurance match up. [No pay, no cure! Bob] Sauk says the system is to protect against instances where somebody steals a health insurance card or ID, and is able to use the victim’s insurance for their care.

… Some people have refused to have their palms scanned.

This looks like Boston is “doing something” without thinking through the outcomes. Is the goal to improve education, or identify potential excuses for their failure to educate? (Failing students didn't use the library” “Students who use public transportation are often late to class” “Students who don't eat a healthy lunch do poorly in Math”)

New student card: Big benefit or Big Brother?

City officials plan to launch a pilot program today to make it easier for some public school students to use city services by providing them with one card they can use to ride the MBTA, withdraw books from city libraries, play sports, attend after-school programs at community centers, and access meal programs at their schools.

The so-called BostONEcard will also be used to take attendance and may eventually serve as a debit card, among other potential uses.

… “This card will help make the assets of our city more accessible and remind each student every day that there are community centers and libraries for them to explore.’’ [Perhaps they will add a small speaker, allowing the card to 'nag' the students. Bob]

This program is starting at the Josiah Quincy Upper School in Chinatown, where all 530 students in grades 6 through 12 are being provided a card, which has multiple barcodes, a radio frequency device to use on the T, and their photos.

… Chris Osgood, cochair of the mayor’s office of New Urban Mechanics, said he hoped the information generated by the cards would allow city officials to develop a single picture of whether students use libraries, community centers, and other programs.

“We want to be able to use this data to look at the impact of, say, a homework or literacy program and how it affects student achievement,’’ Osgood said. “It will also help schools make sure attendance is up.’’ [Wishful thinking. It could be used to take attendance, but only if the students brings it with them. Bob]

… She questioned whether the information could be subpoenaed by law enforcement agencies or whether it could be surreptitiously slipped to marketing companies.

“There would need to be stringent privacy protections so that the librarian doesn’t have access to where a student took the T; the school police officer doesn’t know what books the student is reading; and a school principal doesn’t know how much lunch money students in have in their accounts,’’ she said. “The question is who has access to this database, which when combined reveals a treasure trove of personal information about our children, including what they read, what they eat, where they go, and how much money they have. That information is highly confidential.’’

City officials said they are developing the system and that it would take time before all the information is linked to any central database. [So, they have no way to use or validate the data they are collecting? I doubt that, but vast ideas with half-vast implementation is not uncommon. Bob] They said the cards are being donated by the MBTA and that the costs for now are minuscule. Completing the system and expanding it to the district’s 57,000 students would increase costs substantially.

In the past two years, the city has introduced a system of barcode readers that can track students when they swipe their cards at the Boston Public Library’s 28 branches and the Boston Centers for Youth & Families’ 38 community centers. They are installing card readers at schools citywide.

… At the Josiah Quincy Upper School, which volunteered to launch the program after 30 students last year had attendance rates below 80 percent, headmaster Bak Fun Wong called the cards “very smart.’’ He hopes they promote attendance and encourage students to use the library and after-school programs.

“When Spy-Apps are outlawed, only my Ethical Hackers will have Spy-Apps” Readers who believe this solves the problem are advised to visit to “” t

SMS Spying App Pulled from Android Market

October 28, 2010 by Dissent

Lucian Constantin writes:

A controversial application, which allows users to forward copies of all incoming SMS messages to a different phone, has been removed from the Android Marketplace for violating the service’s content policy.

The app, called the “Secret SMS Replicator,” was created by DLP Mobile, a software developer cattering for various platforms, including iOS, Android and BlackBerry OS.

In a blog post, the company describes the new application as “a tremendously useful and potentially insidious tool” and makes no effort to hide its intended purpose.

One potential use of this app might be the following: Grab your boyfriend’s phone while he is in the shower.

Download our app onto his Android phone and the app runs secretly, unable to be detected, BCC’ing you with all his incoming texts.

Find out salacious details and he’ll have no idea you’re on to him. Perfect. Perfectly cruel,” the company says.

Read more on Softpedia.

Who do they think they are, Republicans? Just shows how easily big donors/lobbyists can manipulate congress, no matter who is in the majority. (and like Animal House taught us, “double secret probation” is the way to go.)

Scholars Say International Property Accord Needs Senate Approval

More than 70 academics, mostly legal scholars, are urging President Barack Obama to open a proposed international intellectual-property agreement to public review before signing it.

The likely route for that is bringing the ACTA agreement to the Senate for ratification.

The deal, known as the Anti-Counterfeiting Trade Agreement (.pdf), according to many critics, favors big media at the expense of the general public. And the intellectual property accord, which Obama could sign by year’s end, has pretty much been hammered out in secret between the European Union, Japan, the United States and a few other international players, including Canada and Australia. Noticeably absent is China.

Geeky stuff

Set Up Multiple Monitors

Having two or three displays side-by-side doesn't just look cool, it can actually boost your productivity. … It's like having a larger digital desk.

Gee, they must be the best teachers ever!

High salaries cast doubt on Foothill-De Anza colleges' parcel tax

A photography teacher earns $208,169 a year. A computer instructor takes home $222,791 - more than his colleagues and even the college president. And a maintenance worker's annual paycheck is $93,706.

… But some voters wonder if the district is justified in holding out the hat while paying such high wages.

"It sounds like maybe they need to do a better job of controlling their payroll before going out and asking for a new tax," said Douglas McNea, president of the Silicon Valley Taxpayers Association and author of the No on E ballot argument.

At the same time, experts in college compensation - including a traditional critic of excess spending - say Foothill-De Anza's high wages may actually represent a cost savings

Another reason to use PowerPoint?

Thursday, October 28, 2010

Add Some Oomph to PowerPoint Slides

oomfo (yes, they spell it in all lowercase letters) is a free add-on to Microsoft PowerPoint. The purpose of oomfo is to enable users to insert animated charts and graphs into their PowerPoint slides. Using oomfo users can import data from spreadsheets to create their charts and graphs. Users can also export the charts they've created for reuse in other presentations. Watch the video below to see oomfo in action.

Thursday, October 28, 2010

Keeping it “small.” Now that the unknown “Henry Ford of skimmers” has commoditized (by mass producing) the card skimming tools, this fraud seems to offer a steady income with low risk.

Credit card ‘flash attack’ steals up to $500,000 a month

October 28, 2010 by admin

Dan Goodin reports:

Credit card fraudsters may have pocketed as much as $500,000 over the past month by pursuing a new type of attack that exploits a major blind spot in payment processors’ defenses, an analyst said.

The “flash attacks” recruit hundreds of money mules who go to ATMs throughout the US and almost simultaneously withdraw relatively small sums of money from a single compromised account, according to Avivah Litan, vice president at market research firm Gartner, who follows the credit card industry. They then move on to a new account. At the end of the month, the heists can fetch as much as $500,000.

“The resulting cash transactions fly under the radar of existing fraud detection systems — they are typically small amounts that don’t raise any alarms,” Litan blogged on Tuesday.

Read more in The Register.

[From the Gertner blog:

The only successful fraud mitigation strategy I’ve seen that works in practice today, is that once the first round of fraud is discovered, an acquiring processor or a payment network tries to figure out the point-of-compromise for these cards. If that is determined, then all cards that were used at that point of compromise (i.e. breached entity site) are put on a blacklist and are rejected for future use at a point-of-sale or ATM machine. This is obviously a costly measure, since new cards and accounts generally have to be reissued to the customers – plus it can jeopardize customer relationships – but the alternative is far less attractive, i.e. risk having the customer account drained.

Another organization with security managed by “Sargent Schultz.” (I know nothing!) Apparently they don't bother to log activity, which matches nicely with their lack of access security.

Hacker may have accessed database of Louisiana EMTs

October 28, 2010 by admin

Marsha Shuler reports:

Some 56,000 emergency medical technicians were advised this week that a hacker may have gained access to personal information about them contained in a state licensing database.

The state Department of Health and Hospitals sent letters to the emergency medical technicians, notifying them of the incident that occurred Sept. 17.


Department of Health and Hospitals spokeswoman Lisa Faust said Bureau of Emergency Medical Services personnel discovered the database breach. The unauthorized entry gave the hacker access to an individual’s name and personal information, including Social Security numbers.

What we don’t know is whether the hacker was able to access any information,” Faust said.

A computer screen displayed the message “You have been hacked,” Faust said. “Since we don’t know one way or the other we sent notices out to 56,000 people that there’s a potential that the information was compromised.”

Although we have no indication that information was actually released, we know that it was accessed,” Tony Keck, DHH’s deputy secretary, said Wednesday.

Both the East Baton Rouge Parish Sheriff’s Office and the Louisiana Attorney General’s Office are investigating, Keck said.

Read more in 2theAdvocate. I’m a tad confused by what seem to be their conflicting statements as to whether the database was actually accessed.

On an unusual note, the state said notification to EMTs was delayed because the agency had to find the money to cover the cost of printing the letters and stamps.

I guess it pays to be an Obama backer...

FTC to Google re Wi-Fi data capture: case closed

October 27, 2010 by Dissent

The FTC has closed its investigation into the Google Street View wi-fi mess without levying any fines or penalties. A copy of the FTC’s letter to Google can be found here. It apparently helped Google that they announced a new Privacy Director and other changes in response to other countries’ investigation into the situation.

(Related) You know you have big legal problems when...

A Google Map of Google Maps' Legal Troubles

Italian officials today launched a probe into Google, which has been accused of collecting mounds of personal information through unsecured Wi-Fi networks with its Street View cars.

This is just the latest in a long line of governments looking into the matter, from Australia to Germany to South Korea. We've found it increasingly difficult to keep track of all Google's privacy snafus. So here's a handy way to track international investigations into Google Maps: A Google Map mashup. Click on the pins for news about investigations or allegations in each location.

You have no right to be drunk, therefore you have no other rights either?

Refuse breath test? Not in Lafourche

October 28, 2010 by Dissent

Raymond Legendre reports:

Lafourche has become the second Louisiana parish to enforce a DWI “no-refusal” policy at all times.

Sheriff Craig Webre announced the action Tuesday.

The Sheriff’s Office experimented with the program three times this year in its ongoing effort to reduce drunk-driving deaths and remove drunk drivers from the parish’s roadways.

Starting yesterday, suspected drunk drivers in Lafourche no longer have the right to refuse a Breathalyzer test. Previously, drivers could refuse taking such a test but would be charged with DWI and have their licenses suspended for a year.


“Where in the Fourth Amendment does it say you can stop people and take their blood?” said Marjorie Esman, executive director of the Louisiana-branch of the American Civil Liberties Union. She raised questions about how long and where the blood would be kept.


[From the article:

Previously, drivers could refuse taking such a test but would be charged with DWI and have their licenses suspended for a year. [How did that work? Were they convicted of “looking really drunk” or “refusing to be tested?” Bob]

… Under the no-refusal program, deputies can use probable cause to receive a signed search warrant from a district judge, forcing drivers who refuse a Breathalyzer test to submit to a breath, blood or urine test. Those drivers, who submit after initially refusing test, are still subject to the same penalties as people who refused the test. [Even if they test “sober?” Bob]

Gosh, his thinking evolved? Who'd a thunk it?

Article: The Puzzle of Brandeis, Privacy, and Speech

October 28, 2010 by Dissent

Neil Richards has an article, “The Puzzle of Brandeis, Privacy, and Speech” in the Vanderbilt Law Review (2010). Here’s the abstract:

Most courts and scholarship assume that privacy and free speech are always in conflict, even though each of these traditions can be traced back to writings by Louis D. Brandeis—his 1890 Harvard Law Review article The Right to Privacy and his 1927 concurrence in Whitney v. California. How can modern notions of privacy and speech be so fundamentally opposed if Brandeis played a major role in crafting both? And how, if at all, did Brandeis recognize or address these tensions? These questions have been neglected by scholars of First Amendment law, privacy, and Brandeis. In this Article, I argue that the puzzle of Brandeis’s views on privacy and speech can be resolved in a surprising and useful way.

My basic claim is that Brandeis’s mature views on privacy and its relationships to free speech were more complex and interesting than the simplistic tort theory of privacy he expounded in The Right to Privacy. As a young lawyer, Brandeis envisioned privacy as a tort action remedying emotional injury caused by the revelation of embarrassing private facts by the press. But Brandeis’s ideas evolved over his life. He soon came to believe strongly in a contrary idea he called “the duty of publicity.” This is the notion that disclosure of most kinds of fraud and wrongdoing are in the public interest; that as he famously put it, “sunlight is the best disinfectant.” When Brandeis came to think through First Amendment issues after the First World War, tort privacy could no longer consistently fit into his influential theories of civil liberty.

But while Brandeis changed his mind about tort privacy, what he replaced it with is even more interesting. In his Olmstead dissent and free speech writings, Brandeis identified a second conception of privacy that I call “intellectual privacy.” Brandeis reminds us that the generation of new ideas requires a certain measure of privacy to succeed, and that in this way intellectual privacy and free speech are mutually supportive. I conclude by suggesting some modern implications of Brandeis’s ambivalence about tort privacy and his linkage of intellectual privacy with free speech.

You can download the full article here (pdf). Hat-tip, Concurring Opinions

Is using the RIAA model the way to save the newspaper industry? New term: “pay-wall by threat

Pay Or Else, News Site Threatens

Posted by samzenpus on Wednesday October 27, @06:47PM

"The North Country Gazette, a news blog, says users who read beyond a single page of an article must pay up or they will be tracked down. They don't have a pay wall. If you go beyond page 1, you owe them. From the article: 'A subscription is required at North Country Gazette. We allow only one free read per visitor. We are currently gathering IPs and computer info on persistent intruders who refuse to buy subscription and are engaging in a theft of services. We have engaged an attorney who will be doing a bulk subpoena demand on each ISP involved, particularly Verizon Droids, Frontier and Road Runner, and will then pursue individual legal actions.'"

Push-back was inevitable.

British Airways Chief Slams US Security Requests

Posted by samzenpus on Wednesday October 27, @09:56PM

"Reflecting a growing frustration among airport and airline owners with the steady build-up of rules covering everything from footwear to liquids, Martin Broughton, chairman of British Airways, has launched a scathing attack on the 'completely redundant' airport checks requested by the TSA and urged the UK to stop 'kowtowing' to American demands for ever more security. Speaking at the annual conference of the UK Airport Operators Association, Broughton lambasted the TSA for demanding that foreign airports increase checks on U.S.-bound planes, while not applying those regulations to their own domestic services. 'America does not do internally a lot of the things they demand that we do,' says Broughton. 'We shouldn't stand for that. We should say, "We'll only do things which we consider to be essential and that you Americans also consider essential.''' For example, Broughton noted that cutting-edge technology recently installed at airports can scan laptops inside hand luggage for explosives but despite this breakthrough the British government still demands computers be examined separately. 'It's just completely ridiculous,' says Broughton."

(Related) Might be interesting to see if they can produce any data on the “effectiveness” of all this security in detecting terrorists. (i.e. is it more effective at deterring terrorists than it is at keeping monsters at bay?)

Memphis pilot files lawsuit over airport body-scans

October 27, 2010 by Dissent

Michael Roberts, the pilot who refused to go through a full body scanner, is suing the TSA. Jamel Major reports:

A Mid-South pilot who refused a full-body scan at Memphis International Airport is suing the TSA. Michael Roberts and attorneys at the Rutherford Institute are suing the federal government over air passenger screening procedures.

“We’re basically challenging the constitutionality of the new policies under the 4th Amendment,” Roberts said Tuesday.

A pilot with ExpressJet Airlines, Roberts was in full uniform and trying to commute to his job in Houston when he refused to submit to a full body scan and pat down at Memphis International Airport.

Read more on WMCTV.

For my Ethical Hackers. Another case of children bypassing “security?” Probably not. This is speculation by the reporters, although it is based on long established techniques.

Aussie Kids Foil Finger Scanner With Gummi Bears

Posted by samzenpus on Thursday October 28, @02:10AM

"An Australian high school has installed "secure" fingerprint scanners for roll call for senior students, which savvy kids may be able to circumvent with sweets from their lunch box. The system replaces the school's traditional sign-in system with biometric readers that require senior students to have their fingerprints read to verify attendance. The school principal says the system is better than swipe cards because it stops truant kids getting their mates to sign-in for them. But using the Gummi Bear attack, students can make replicas of their own fingerprints from gelatine, the ingredient in Gummi Bears, to forge a replica finger. The attack worked against a bunch of scanners that detect electrical charges within the human body, since gelatine has virtually the same capacitance as a finger's skin."

[From the ABC article:

Deputy principal Bob Cox says the school is hoping it will simplify the attendance system, but that students will still have the choice to opt out if parents take issue with it. “We can save money by implementing two systems rather than one!” Bob]

"The machine, which is unique to the school, [Bad reporting or a case of being the first to try a new system? Bob] plots three lines from those points and works out the angles and the length of the lines and assigns that particular logarithm to one student," he said.

“We're not sure what Cloud Computing means, but we are going to manage it.”

Intel, Technology Buyers Talk of Freedom in the Cloud

It’s hard to find a technology vendor who isn’t vociferously supporting the craze known as cloud computing. But some customers seem to be worried about the pace of progress, judging by comments from Intel and a large group of technology buyers.

The Open Data Center Alliance, whose formation was announced at a news conference Wednesday in San Francisco, seems partly inspired by the fear known as vendor lock-in.

… Skaugen estimated that $100 billion of potential IT spending is stalled because of customer concerns about vendor lock-in and other issues.

The Open Data Center Alliance says it plans to define technical requirements and recommendations to head off a logjam. Besides Terremark, members include Lockheed Martin, BMW, China Life, Deutsche Bank, JPMorgan Chase, Marriott International, Inc., National Australia Bank and Shell.

Implications for business in the Cloud?

Google Now Second-Largest ISP

Posted by samzenpus on Wednesday October 27, @07:35PM

"Google is now the second-largest carrier of Internet traffic, accounting for 6.4% of all web traffic, according to data released this week by Arbor Networks. But should IT execs care? Yes, says Craig Labovitz, Arbor's chief scientist, who argues that IT managers need to understand how macro Internet traffic trends will affect the design and management of their own network backbones. 'This will affect how enterprises plan their services... whether they host their own services or whether they use cloud vendors,' Labovitz says. ' The enterprise needs to shift its thinking in terms of [service level agreements] and the way it measures, monitors and secures its networks. That all used to be focused on connectivity, but now it needs to be focused on content.'"

[From the article:

Increasingly, whether you’re a consumer or an enterprise, you care not about reaching thousands of different Web sites. You care about the 20 social networking, cloud vendor and partner sites that you do business with.”

The Arbor Networks’ data points to a future where Internet traffic consolidates on the networks of a handful of carriers and content providers – what Arbor calls “hyper giants.”

… The Arbor data shows that overall Internet volumes are increasing at a rate of 40% to 45% per year, and that Google is growing faster than that. Most of Google’s data is video from its popular YouTube site.

(Related) How content drives traffic? I wonder if she has made Google more money than her record label? Perhaps the RIAA should sue?

How Lady Gaga's One Billion YouTube Views Changes the Music Industry

metric more fully captures Lady Gaga's global superstardom: the 15 million albums she's sold to date, or the one billion views she reached this week on YouTube?

Though CDs are rapidly becoming a thing of the past, replaced by digital music, physical album sales still remain the gold standard for the industry. Isn't it time that metric is updated to include the wealth of ubiquitous digital platforms? "The notion of tracking sales and correlating that to success is a bit antiquated," says Vevo CEO Rio Caraeff. "There's no single indicator you can look at now--you must look at everything."

Perhaps we should ban them from political office until we find a cure? Or is that why they've been funding DNA databases?

Researchers Find a 'Liberal Gene'

Posted by samzenpus on Thursday October 28, @07:57AM

"Liberals may owe their political outlook partly to their genetic make-up, according to new research from the University of California, San Diego, and Harvard University. Ideology is affected not just by social factors, but also by a dopamine receptor gene called DRD4. The study's authors say this is the first research to identify a specific gene that predisposes people to certain political views."

Wednesday, October 27, 2010

This could be nothing. At least, they are not sure it is something. The servers were down over the weekend for “maintenance,” so this could be a problem introduced by those changes.

TX: HISD investigating how its computers were hacked

October 27, 2010 by admin

Erika Mellon reports:

Houston school district officials suspect their computer system was hacked over the weekend, leaving employees and students without access to the Internet, online classes and e-mail for two days.

The electronic blackout ended late Tuesday afternoon, but the district’s police department was continuing to work with the FBI to investigate the suspected cyber-attack. HISD officials said they had found no evidence so far that hackers had tampered with personal information, such as payroll data or students’ grades.

As one of the largest employers in Houston, the school district has loads of electronic data on its 30,000 workers and 202,000 students that could have been compromised.

Read more in the Houston Chronicle.


FBI Investigates Alert of Possible Hacking Attempt into HISD

When the district was alerted to the possible hacking attempt, [They did not detect it themselves? Bob] the IT team shut down the computer system, according to a statement from HISD. Police and administrative staff were notified early Monday morning.

Interesting question. If they had not informed the victims, how would they learn of the breach? Should the laws be modified to allow the police to “fight fire with fire?”

Did Dutch Police Break the Law Taking Down a Botnet?

October 26, 2010 by admin

Interesting article by Jeremy Kirk about how Dutch police may have broken the law in an attempt to get control of a botnet and to warn innocent users that their systems were infected:

Dutch police took unprecedented action in taking down a botnet on Monday: They uploaded their own program to infected computers around the world, a move that likely violated computer crime laws.

The program causes a computer’s Web browser to redirect to a special site set up by the Netherlands Police Agency, where users are informed their computer is infected with Bredolab, a password-stealing malicious software program.

Dutch police did that by taking command of 143 Web servers used to control computers infected with Bredolab. The servers belong to LeaseWeb, one of the top hosting providers in Europe, which was informed in August of the problem by police and other computer security experts, said Alex de Joode, LeaseWeb’s security officer.

Read more on PCWorld.

[From the ComputerWorld article:

The Armenian man had constructed a massive botnet, at one point infecting up to 29 million computers in countries including Italy, Spain, South Africa, the US and the UK.

"We wanted to take down the botnet," Prins said. "What we also wanted to do was make sure the botnet wouldn't switch over to other infrastructure under his control."

The Dutch police decided to use a tactic they have apparently used before, taking over the computers infected with Bredolab and directing them to servers not under the control of the Armenian. Fox IT helped with that by uploading a "good" bot developed by police [Are US computer cops also doing this? Bob] to those PCs, Prins said.

… So far, at least 100,000 computers have displayed the Web page, which also has a link where people can file a complaint about Bredolab. So far, 55 people have filled out the complaint form, according to the Dutch National Prosecutor's Office.

[From the PC World article:

The action by the Dutch police is likely a breach of the Computer Misuse Act, said Struan Robertson, a technology lawyer with Pinsent Masons. Since the territorial scope of the legislation is wide, in theory it could be used against somebody in the Netherlands hacking into a U.K. computer, he said.

"There is no defense in the Computer Misuse Act for unauthorized access to another computer being for noble purposes," Robertson said. " That said, I think it is important to note it is unthinkable that anyone would prosecute for this," Robertson said. "They were making the best of a bad situation."

But in an era where fake Web pages are rampant, it begs the question of whether people will believe that the warning is legitimate. Fraudsters could also simply copy the Web page, set up a new domain and create a site that actually infects people's computers with Bredolab or other malware.

(Related) The next botnet won't be as easily defeated.

The Rise of the Small Botnet

In September, law enforcement agencies in the US and Europe announced that they had cracked a major ZeuS botnet operation allegedly responsible for the theft of over $70 million.

Reports of such law enforcement crackdowns are increasingly common, but they represent merely the tip of the iceberg in addressing the real underlying problem. Botnets controlled by criminal enterprises all over the world continue to multiply at a steep rate, and it is now arguably the smaller, harder-to-trace operations that organizations should be the most worried about. Not only are smaller botnets cheaper and easier to build out and operate, but criminals have already realized that large-scale botnet activity attracts unwanted attention, and not just of law enforcement.

I vote “Hell Yes!”

Should HHS fine entities who experience repeated avoidable security failures?

By Dissent, October 26, 2010

I’m working on a breach post for later today but started mulling over the question of whether HHS needs to start fining covered entities who have repeat breaches where the entity did not seem to adequately harden their security after the first breach or to really learn from experience.

This is 2010. The excuse “we were in the process of encrypting” or “now we’re going to encrypt” seems inadequate. HIPAA went into effect in 1996. Why are some of these easily avoidable breaches still occurring? HHS has adopted an educative and corrective approach, but how many times do some entities need to be educated before the government starts hitting them with fines in addition to the other costs of a breach?

Do you think that it would help if HHS started handing out fines to repeat offenders? If so, what scenarios would you think should lead to fines? I’d nominate inadequately secured PHI on a device stolen off-premises as my first nomination. As a close second, repeated theft of devices from hospital premises where the data at rest were not adequately protected.

Your thoughts?

(Related) Should this also go beyond lip service?

Consent and privacy in HIT, redux

By Dissent, October 26, 2010

Julie Chang reported on a recent Texas Tribune interview with David Blumenthal, the national coordinator of Health Information Technology. Here’s the section dealing with privacy issues, and it follows on the heels of some great reporting by the Austin Bulldog, covered previously on this blog, that revealed how a lot of patient data is being sold for “research” purposes:

TT: The issue of privacy has been a hotbed of concern. There have been reports, even here in Texas, of patient electronic records being sold to research companies. How do you respond to concerns that electronic records will only increase the risk of violating patient privacy?

Blumenthal: Well, they shouldn’t be sold if people don’t give consent. We’re committed to having patients control the uses of their health data. Their consent is going to be vital.

Okay, stop right there. Isn’t that what some of us have been saying should be the requirement — consent — and not just “consent” but “informed consent?” And for our advocacy, we’ve been called privacy alarmists or just viewed as the enemy of progress.

TT: Whose responsibility is it to ensure that patient privacy is protected?

Blumenthal: It’s a collective responsibility. We, in the federal government, give our best judgment about what the preferred approach is to getting patient consent. I think we also need to enforce the existing laws that penalize people who don’t carefully guard patient information, and there are substantial penalties available. States have a responsibility because they have a lot of freedom to set local laws to make sure that they involve the public in creating those statutes and those regulations. Doctors and hospitals have to understand what patients want and need from them in the way of privacy in the electronic world.

Privacy is not his first strategic objective, but “Do no evil” is...

5 comments from Google's CEO on privacy

On Monday, for instance, Schmidt raised the latest privacy hubbub by saying that if people don't like having their homes photographed for Google Street View for the world to see, they can "just move."

… The comment wasn't the first controversial remark Schmidt has made regarding privacy. Here are others:

  • "If you have something that you don't want anyone to know, maybe you shouldn't be doing it in the first place," Schmidt said during an interview on CNBC in December 2009.

  • "We know where you are... with your permission. We know where you've been with your permission. We can more or less guess what you're thinking about," he said earlier this month, speaking at the Washington Ideas Forum and cited by The Atlantic.

  • "There is what I call the creepy line. The Google policy on a lot of things is to get right up to the creepy line and not cross it," Schmidt is quoted as saying by The Hill Web site last month during an event at the Newseum in Washington.

  • "I actually think most people don't want Google to answer their questions," he said. "They want Google to tell them what they should be doing next," he said, adding that at some point young adults will change their names so they can hide from youthful hijinks stored on social networks. He made the comments during an August interview with the Wall Street Journal.

  • "In a world of asynchronous threats, it is too dangerous for there not to be some way to identify you. We need a [verified] name service for people. Governments will demand it," Schmidt said at the Techonomy conference in April, according to a ReadWriteWeb blog by Marshall Kirkpatrick.

(Related) Tip number one: ignore the boss?

FamilySafetyCenter: Tips & resources on safe internet use for kids & family

FamilySafetyCenter is a portal put together by Google that contains lots of tips, answers, videos and articles to help provide a safe internet use for kids and family. In addition to a list of safety tools that are embedded in various Google services, the site has a detailed FAQ section on how Google handles various related issues.

Humor A Venn diagram of Privacy and the Internet...

It's almost Halloween – think of this as sneaking up on your employees and yelling, “Boo!” (Assuming your employees have serious heart conditions...) Perhaps they learned about changing policies without notice from their favorite Internet sites?

Drug Testing Poses Quandary for Employers

October 27, 2010 by Dissent

Katie Zezima and Abby Goodnough report:

The news, delivered in a phone call, left Sue Bates aghast: she was losing her job of 22 years after testing positive for a legally prescribed drug.

Her employer, Dura Automotive Systems, had changed the policy at its sprawling plant here to test for certain prescription drugs as well as illicit ones. The medication that Mrs. Bates was taking for back pain — hydrocodone, a narcotic prescribed by her doctor — was among many that the company, which makes car parts, had suddenly deemed unsafe.

Read more in the New York Times. Hat-tip, Privacy Lives.

The future of Copyright Law? When do we implement ACTA? Would any US ISP resist government “recommendations?”

Korea Kicking People Offline With One Strike

Posted by CmdrTaco on Tuesday October 26, @04:15PM

"While there's lots of talk of 'three strikes' laws in places like France, it may be worth looking over at South Korea, which put in place a strict new copyright law, required by a 'free trade' agreement with the US (which was the basis for ACTA). It went into effect in the middle of 2009, and now there's some data about how the program is going. What's most troubling is that the Copyright Commission appears to be using its powers to 'recommend' ISPs suspend user accounts based on just one strike, with no notice and no warning. The system lets the Commission make recommendations, but in well over 99% of the cases, the ISPs follow the recommendations, and they've never refused to suspend a user's account."

Gee, it must be election time again. We always see reports of election machine flaws before the election and whoever win quickly suppresses any investigation that might reveal how he won...

Voting Machines Selecting Default Candidates

Posted by CmdrTaco on Tuesday October 26, @10:47AM

"Some voters in Las Vegas have noticed that Democrat Harry Reid's name is checked by default on their electronic voting machines. By way of explanation, the Clark County Registrar says that when voters choose English instead of Spanish, Reid's Republican opponent, Sharron Angle, has her name checked by default."

Cable must move to the Internet or be replaced by Google?

Comcast Gives ‘TV Anywhere’ Another Nudge in Right Direction has programs from about 90 content partners, and Comcast customers also get access to the premium digital channels they pay. The array of programming is a smallish subset of 225 sources already available from Hulu, the web-based video service whose backers include NBC Universal, News Corp. (Fox) and Walt Disney (ABC), even though Hulu serves up much of the programming on Fancast. But unlike Hulu, Fancast includes programming from CBS.

Is this the business model that saves the publishing industry? Somehow, I doubt it.

Free E-Books, With a Catch — Advertising

Posted by timothy on Tuesday October 26, @10:48PM

"Barnes & Noble may kick off a fresh price war today for digital book readers, with its new Nook news. But the real news in digital publishing is a novel approach to the e-books themselves: Free books — with advertising. The basic idea is to offer publishers another way to reach readers and to give readers the chance to try more books — books that perhaps they wouldn't normally peruse if they had to pay more for them. Initially, Wowio specialized in offering digital versions of comic books and graphic novels, usually formatted as Adobe PDFs. So it was a natural step for the company to offer graphic ads that are inserted in e-books. 'We think we're creating a broader audience for some of these titles,' Wowio's CEO Brian Altounian told me. 'I think folks are going to download more books because they're saving the costs' of having to drive to the store or pay more for them. Would ads stop you from reading?"

The new color Nook goes for $249, and comes with a browser, games, Quickoffice, streaming music via Pandora, and an SDK; reader itwbennett links to an analysis of how well it stacks up as a tablet.

Interesting. Nothing in the article to explain why a second device is required.

Some Aussie High Schools Moving To Two Devices Per Child

Posted by timothy on Wednesday October 27, @01:55AM

"One laptop per child is so last year. Private secondary schools in New South Wales, Australia are in discussions to upgrade their wireless networks so they can handle the strain of supporting a two-to-one ratio — a laptop and tablet for every student."